Master Agreement between Cicero, Inc. and UBS AG

2.1.  

The overall structure of this UBS Master Agreement and its Exhibits, the Schedules and their Annexes, and the Supply Orders and their Attachments is reflected in the diagram below.

2.2.  

The documents attached to this UBS Master Agreement are referred to as “Exhibits“. The documents attached to any Schedule are referred to as “Annexes“. The documents attached to any Supply Order are referred to as “Attachments“. This UBS Master Agreement together with any Exhibits form the “UMA”. The UMA together with any Schedule(s) form the “Master Agreement”. A Supply Order together with the UMA and the Schedule(s) listed in said Supply Order form an “Agreement”.

2.3.  

The UMA specifies the terms and conditions under which Supplier shall supply Services and/or Products to UBS and any UBS Affiliate worldwide as further specified in the relevant Schedules and Supply Orders. The terms and conditions relating to a Supply Order shall incorporate all of the provisions of the UMA and its relevant Schedule(s) together with any Special Terms contained in a Supply Order. Each executed Agreement will be a separate and divisible contract. If a Supply Order is executed by a UBS Affiliate, any reference to UBS in the Master Agreement shall - for the scope of the applicable Agreement - refer to the contracting UBS Affiliate and likewise if a Supply Order is executed by a Supplier Affiliate, any reference to Supplier in the Master Agreement shall - for the scope of the applicable Agreement - refer to the contracting Supplier Affiliate (and both UBS Affiliate and Supplier Affiliate accordingly as “Party“ or “Parties“).

2.4.  

To be valid, the UMA, any Schedule(s), and any Supply Order(s) must be signed by two UBS Authorized Personnel, where at least one is signed (or authorized) by SDM, and an authorized representative of Supplier.

3.1.  

Interpretation

(a)  

In the UMA, its Schedules and Supply Orders unless the context otherwise requires:

 

In the Master Agreement and/or any Agreement, a reference to a statute or statutory provision includes:

any subordinate legislation made under it; and

any statute or statutory provision which modifies, consolidates, re-enacts or supersedes it.

A reference in the Master Agreement and/or any Agreement to:

the singular includes the plural and vice versa and words in one gender include both genders;

any Party includes its successors in title and permitted assignees; and

an “entity” includes any individual, firm, body corporate, association or partnership, government or state (whether or not having a separate legal personality).

To the extent of any conflict, the various parts of the Master Agreement and Agreement shall prevail over each other as follows:

the provisions of the UMA shall take precedence over the provisions of the Schedules and the Supply Orders unless, and to the extent that:

1.  

a Schedule expressly states the contrary intention by explicit cross reference to the affected provision(s) of the UMA (and in any case, the provisions specific to the type of Products or Services governed by the respective Schedule shall not be deemed to be conflicting solely due to the omission of such specifics in the UMA); or

2.  

a Supply Order expressly sets forth the terms which are intended to prevail over those in the UMA, in the Special Terms section of such Supply Order, and such Supply Order is duly signed by both Parties; and

the provisions of a Schedule shall take precedence over the provisions of a Supply Order unless, and to the extent that a Supply Order expressly sets forth the terms which are intended to prevail over those in the Schedule, in the Special Terms section of such Supply Order, and such Supply Order is duly signed by both Parties.

the provisions of any Supply Order shall prevail over any Attachments.

The Master Agreement and/or any Agreement overrides and takes the place of any other terms or conditions emanating from or referred to by Supplier or UBS in relation to the subject matter of the Master Agreement and/or any Agreement, including any terms and conditions printed on Supplier’s invoices and/or on UBS’s purchase orders. Additionally, any documents referenced by Supplier in a Supply Order or an Attachment (e.g. reference to any web page) are only valid if duly signed by UBS and attached to the Supply Order or Attachment.

In the Master Agreement and the Supply Orders the use of the term “include” or its derivatives means “including without limitation”.

3.2.  

Severability

 

3.3.  

Governing Law and Jurisdiction

 

3.4.  

Entire Agreement

(a)  

The Master Agreement and/or any Agreements set out the entire agreement and understanding between the Parties with respect to its subject matter and supersede:

all previous agreements, promises, proposals, representations, understandings and negotiations, whether written or oral, between such Parties pertaining to such subject matter, and

all terms of any “shrink-wrap“, “click-wrap“ or “web-wrap” agreements, terms of service or terms of use or different or additional terms and/or conditions presented with, online, or incorporated into any Products, Services, Work Product(s) or  invoices, whether (i) and (ii) above are with a UBS Affiliate and/or Supplier Affiliate. However, unless expressly stated to the contrary, the Master Agreement and/or Agreement are not to supersede, or otherwise change, the Parties respective rights and duties under any previously executed written agreement between them or their Affiliates relating to any transactions outside of the scope of the subject matter set forth in the Agreement. 

(b)  

Each Party acknowledges that it has entered into the Master Agreement and any Agreement in reliance only upon the representations, warranties and promises specifically contained or incorporated in the UMA, the relevant Schedule(s) and Supply Order and, except as expressly set out or referred to herein or in the relevant Agreement, each Party shall have no liability in respect of any other prior representation, warranty or promise unless it was made fraudulently.

3.5.  

Relationship of the Parties

(a)  

The Parties acknowledge that they are independent contractors. Nothing in the Master Agreement and/or any Agreement shall render any member of the Staff an employee, agent or partner of UBS or any UBS Affiliate and no member of Staff shall hold themselves out as such. Both Parties declare that they have no intention, for any purpose whatsoever, to form a corporate, corporate-like or other partnership. UBS shall not be liable for any of the acts or omissions of Supplier and/or the Staff.

(b)  

Supplier shall be solely responsible for the payment of compensation of its Staff, and for any worker’s compensation, disability benefits, unemployment insurance, withholding or employment-related taxes and visa costs for Staff. Supplier shall inform its Staff that they are not entitled to the provision of any UBS employee benefits.

(c)  

In the event that the Master Agreement and/or any Agreement authorizes Staff to interact with third parties, whether orally or in writing, on behalf of UBS, Supplier shall ensure that the Staff shall present themselves as acting on behalf of UBS (or such other manner of presentation as UBS may specify in the Master Agreement and/or any Agreement, including in any applicable UBS Policy, or as notified by UBS from time to time) and not as employees of UBS.

3.6.  

Third Party Rights

(a)  

Any UBS Affiliate that receives, directly or indirectly, Products or Services under an Agreement, whether or not named in that Agreement, may enforce the terms of that Agreement.

(b)  

Supplier or any Supplier Affiliate's sole right of action under a Supply Order against UBS (including for the avoidance of doubt its Affiliates) shall be against the UBS entity that entered into such Supply Order.

(c)  

Except for UBS Affiliates, no third party may enforce the terms of the Master Agreement and/or any Agreement. The Master Agreement and/or any Agreement may nevertheless be varied by the relevant Parties without the consent of any third party.

 

4.1.  

Ordering

(a)  

With respect to each country or group of countries, if applicable, the Parties may at any time request a Supply Order to be executed (and therefore an Agreement to be entered into) by

the appropriate Supplier Affiliate(s), (provided that such Affiliate is a Wholly Owned Affiliate) to provide and/or

the appropriate UBS Affiliate(s) to receive

(b)  

To be valid, any Supply Order must be assigned a Supply Order Number (and signed by two UBS Authorized Personnel, where at least one is signed (or authorized) by SDM, and an authorized representative of Supplier, as set forth in clause 2.4). Each Supply Order (including any Special Terms) so executed will, together with the UMA and the relevant Schedule(s), form an Agreement which shall be effective no later than upon the commencement of the delivery of Products or the provision of Services. UBS shall not be liable to pay any Charges for Services or Products provided by Supplier under an improperly authorized Supply Order. In the event that Supplier has any doubt as to whether a Supply Order has been authorized properly, Supplier shall discuss the matter with UBS’s manager prior to commencing the Services or providing the required Products in respect of the relevant Supply Order. If Supplier proceeds with performing the Services or providing the Products and has not clarified the validity of a Supply Order, then the performance thereunder shall be at Supplier’s sole expense until such Supply Order has been validated. UBS may issue system-generated, electronic purchase orders for the supply of Services or Products. The details with regard thereto shall be specified in the applicable Schedule(s) and/or Supply Orders.

(c)  

UBS may propose changes within the general scope of the Master Agreement and/or any Agreement at any time or as necessary to reflect the specific legal requirements and business practices from time to time applicable in the relevant jurisdiction in order to produce the legal and business result intended by the Parties. If any such change causes an increase in the cost of performance to Supplier or time required for such performance, the Parties shall negotiate reasonably and in good faith for an equitable adjustment to the Charges and timeframes, in line with any specific procedure or process which may be set out in the relevant Schedule and/or Supply Order. Upon receiving a notice or request from UBS, Supplier shall (at no additional cost to UBS) promptly submit to UBS a change in scope proposal which shall outline in detail the required changes to the scope of the Services and associated impact on the Charges. Any such changes must be agreed by both Parties in writing in accordance with clause 12.7.

4.2.  

Location

(a)  

If Services are performed at UBS Sites, Supplier confirms that it will inspect them without delay and:

notify UBS if such UBS Sites are not adequate to allow Supplier to perform the Services in accordance with the terms of the applicable Agreement; or

promptly raise and discuss with UBS any additional accommodation and/or facilities that it reasonably requires to perform the Services in accordance with the terms of the applicable Agreement.

(b)  

To the extent required for the provision of Services, UBS shall allow the Staff to enter the UBS Sites during each day that such sites are open during reasonable business hours for the purposes of providing the Services and at other times on reasonable notice and with UBS’s prior written consent. UBS may revoke or suspend such permission in part or in whole including in respect of certain UBS Sites only and/or in respect of certain individuals or classes of individuals only. Supplier agrees that its use of any UBS Site is permitted solely on the basis that it has no right in the form of a lease, continuing license or tenancy and that it does not have any right of sole use or possession of any UBS Site or any part thereof. Other than for UBS Sites, Supplier shall secure, as applicable, all Location leases, licenses, authorizations and permits and will work with the building management company, at Supplier's sole cost and expense, to secure and maintain the same for the Term of the relevant Agreement.

(c)  

Supplier shall, whenever the Staff are present on the UBS Sites, require such Staff to adhere to the reasonable instructions of representatives of UBS and to observe any conditions, policies or procedures applicable to them from time to time, as communicated to Supplier or any Supplier Affiliate or the affected Staff. For the avoidance of doubt, without limitation to the generality of the foregoing, any conditions, policies or procedures communicated to Supplier shall be deemed communicated to all Supplier Affiliates and Subcontractors and all Staff under any Agreement. Upon reasonable request of UBS, Supplier shall arrange for all or any specific individual or class of Staff, whether on or off UBS Sites, to sign any related acknowledgements as are set forth by UBS indicating that such Staff will comply with such conditions, policies or procedures.

(d)  

Insofar as the Services are performed at Non-UBS Sites:

 

(i)

where a Non-UBS Site proposed by Supplier is, in the reasonable opinion of UBS, unsuitable for the provision of the Services, UBS shall promptly notify Supplier; or

 

(ii)

where a Non-UBS Site proposed by UBS is, in the reasonable opinion of Supplier, unsuitable for the provision of the Services, Supplier shall promptly notify UBS,

(e)  

Supplier shall

obtain UBS's prior written approval of any relocation of a Supplier Location set forth in the relevant Supply Order (“Supplier Location“);

bear all of its costs of relocation of any Supplier Location; and.

reimburse UBS for the costs it incurs in connection with any such Supplier Location relocation, including any security audit thereof.

4.3.  

Notification

UBS on becoming aware that Supplier, a Supplier Affiliate or a member of Staff or its Subcontractor is in breach of any obligations under the Master Agreement and/or any Agreement, including any failure to comply with any Applicable Requirements or UBS Policies; and

UBS on becoming aware of any management issues, security problems, system failures and other developments which have or may have a material impact on Supplier’s ability to provide the Services or supply the Products and comply with its obligations in the Master Agreement and/or any Agreement;

any UBS Affiliate of the existence of the Master Agreement (with a copy to UBS) if Supplier is, during the term of the Master Agreement, discussing the provision to the respective UBS Affiliate of products and/or services similar to those provided under the Master Agreement.

4.4.  

Subcontracting

(a)  

Supplier may use Subcontractors (including Supplier Affiliates), provided that UBS’s written consent is first obtained, whether or not the Subcontractor is already in place at the Effective Date. No subcontracting shall in any way relieve Supplier from its obligations to provide the Services and Supplier shall at all times remain liable for any Subcontractor’s performance of Services under the Master Agreement and/or any Agreement in accordance with its terms as if such Subcontractor were Supplier.

(b)  

UBS is not responsible for the selection, instructions to and control of the Subcontractors by Supplier.

(c)  

Any permitted subcontract shall include:

a representation that all Subcontractor personnel are employees of such Subcontractor for tax and employment law purposes;

the right for Supplier to terminate such subcontract with respect to the Services upon request by UBS if any deficiency in such Subcontractor’s performance is not corrected to the reasonable satisfaction of UBS within 30 days of notice thereof;

a provision requiring such Subcontractor to protect Confidential Information in accordance with the requirements of the Master Agreement and/or any Agreement, for the benefit of UBS and its Affiliates;

a representation that the Subcontractor has all necessary Intellectual Property Rights to supply the Services to UBS in accordance with the requirements of the Master Agreement and/or any Agreement;

assignment of all rights to UBS (in accordance with clause 7.2) in any Work Product, deliverables, software, documentation, or other materials provided by such Subcontractor, in accordance with the Master Agreement and/or any Agreement;

a provision preventing the Subcontractor from subcontracting any of the Services subcontracted to it without the prior written consent of UBS; and

an obligation to maintain insurance to the levels required of Supplier as set out in clause 12.5; and

any other terms reasonably specified by UBS.

(d)  

UBS and its Affiliates shall be specified as a third party beneficiary of any such subcontract and such subcontract shall contain the right for UBS (at its option), to directly enforce any obligations contained in such subcontract that deal with the protection of Confidential Information or the assignment of Intellectual Property Rights. Supplier shall take all actions to ensure that where its Subcontractors are responsible for any obligations dealing with the protection of UBS’s Confidential Information or the assignment of Intellectual Property rights, such Subcontractors shall execute directly with UBS, such confidentiality and/or rights assignment agreements as UBS deems appropriate to establish direct privity of contract with such Subcontractors, permitting UBS and it Affiliates to assert in its/their own name and for its/their own benefit, any claims alleging an improper disclosure of UBS Confidential Information or violation of UBS Intellectual Property rights by such Subcontractor. Until Supplier has complied with this provision, UBS may reject the affected Subcontractors even in case of prior approval by UBS.

(e)  

Supplier shall be solely responsible for ensuring its Subcontractors’ full compliance with all relevant terms and conditions of the Master Agreement and any relevant Agreement applicable to Staff. Supplier shall be solely responsible for all payments to its Subcontractors including any applicable taxes. A Subcontractor may not claim performance of any obligation, any taxes, compensations, expenses and similar directly from UBS; vice versa UBS may not claim performance directly from the Subcontractor (except as set out in clause 4.4(d)), however UBS may be entitled to place Service requests and give instructions to a local Subcontractor as agreed in the relevant Supply Order and for the avoidance of doubt Supplier shall remain responsible for the performance of the relevant Agreement.

4.5.  

Supplier Staff Confidentiality / Data Protection

(a)  

Supplier must ensure that the Staff are made aware of the confidential nature of Confidential Information and that they are reminded of their duties of confidentiality pursuant to their contracts of employment or their contracts for services, as the case may be. Supplier shall ensure that, if requested by UBS, any Staff accessing Confidential Information shall sign the Declaration of staff member regarding data protection / privacy and client confidentiality / bank secrecy obligations as attached as Exhibit 2. UBS shall have the right to request written proof of these documents at any time for retention in UBS’s files.

(b)  

Without prejudice to the generality of Clause 4.5(a), UBS shall be entitled to require that Supplier procures that a member of Staff executes the Declaration of staff member regarding data protection / privacy and client confidentiality / bank secrecy obligations in the language of the Location in which the relevant member of Staff is located for the purposes of providing the Services, in the form provided to Supplier from time to time or as provided to the relevant member of Staff. In these circumstances, the Declaration of staff member regarding data protection / privacy and client confidentiality / bank secrecy obligations in the respective local version shall prevail over the version attached as Exhibit 2.

5.1.  

Payment

(a)  

Unless expressly stated otherwise in the respective Supply Order or the applicable Schedule, all sums due to Supplier under any Agreement shall be payable by UBS (or the UBS Affiliate specified in the respective Supply Order) by check or by electronic bank transfer within 45 days of receipt of a correct and properly due invoice. Any invoice shall state the following information together with all other information specified in the affected Supply Order:

the title, contract number and Effective Date of the relevant Supply Order;

an invoice number, and invoice issue date;

the name and address of the respective UBS manager;

a description sufficient to identify of the relevant Products and/or Services;

Supply Order Number (where applicable);

the period to which the invoice relates;

Supplier’s bank account for payment;

Charges and any applicable taxes and rates of tax;

Location where the Products were delivered and/or the Services were performed;

Supplier's address from which the supply was made;

Data Universal Numbering System (DUNS) Number;

Ultimate DUNS Number; and

Tax Identification Number.

(b)  

All invoices shall be sent to the address specified in the relevant Supply Order or as may otherwise be notified to Supplier by UBS in writing.

(c)  

All invoices received may be processed worldwide by UBS, its Affiliates and/or third parties. By virtue of accessing and processing the invoices abroad, UBS will have to disclose the data provided on the invoices, including the banking relationship with UBS (if any) and the account number to the UBS Affiliates and/or third parties involved in the invoice processing (including auditing). As a consequence, the data provided on the invoices will be subject to the laws and regulations of the jurisdictions where the processing will take place. Foreign laws and regulations may oblige UBS to provide access to this data to relevant authorities.

(d)  

In the event that UBS has a bona fide dispute in relation to all or any portion of an invoice submitted by Supplier, UBS may withhold payment of the amount subject to the dispute, provided that:

UBS will notify Supplier in writing within thirty (30) days of receipt of invoice of such dispute.

UBS shall continue to pay the undisputed amount when it becomes due and payable in accordance with the terms of the Master Agreement and/or the affected Supply Order; and

Supplier shall continue to perform its obligations under the Master Agreement and the affected Supply Order.

(e)  

The Parties shall resolve the dispute in accordance with the procedures set out in clause 12.3. It shall not be a breach of the Master Agreement and/or any Agreement for UBS to withhold charges which are the subject of a dispute.

5.2.  

Expenses

5.3.  

Taxes

(a)  

Taxes in the Master Agreement and/or any Agreement include all sales, import or other taxes or duties, any value added taxes or other similar taxes and the like, which may be chargeable by the Supplier to UBS as a result of the Master Agreement and/or any Agreement.

(b)  

All prices mentioned in connection with the Master Agreement and/or any Agreement are exclusive of any taxes (if any).

(c)  

UBS shall pay all applicable taxes to Supplier, except where they are only due because of a formal or material fault by Supplier. Supplier shall be fully responsible for collecting and, subsequently remitting all VAT, sales, use, import, withholding or other taxes or duties that Supplier is legally obligated to collect and remit to applicable taxing jurisdictions.

(d)  

If un

der any Applicable Requirements UBS is required to make any payment under the Master Agreement and/or any Agreement subject to a tax deduction or withholding tax, then UBS shall be entitled to deduct such amount from the amount payable to Supplier. Unless Supplier delivers a certificate from the relevant authority evidencing an entitlement to an exemption from such taxes, UBS shall withhold from payments to Supplier and pay to the relevant authority withholding tax as required by law. The withholding and payment of such tax will accordingly reduce the amount otherwise payable under the invoices submitted by Supplier to UBS.

(e)  

Supplier shall be liable for any applicable interest or penalties which may now or hereafter be imposed by reason of Supplier's failure to collect or remit taxes. In no event will UBS be liable for the payment of any penalties or interest due on any taxes and Supplier expressly indemnifies UBS against any such penalties and/or interest.

(f)  

Where applicable, Supplier shall ensure that its invoices to UBS meet the requirements for deduction/claim of input VAT by UBS. If UBS should pay any tax to Supplier and if it is later held that such tax was not due, Supplier will refund the amount hereof to UBS, together with any interest relating thereto.

(g)  

UBS will cooperate with Supplier in applying for any tax reduction or deduction permitted under any such foreign government law. Supplier will, when requested by UBS, assist and co-operate with UBS in challenging the validity of a tax provided that UBS shall bear Supplier's reasonable costs and expenses in connection with any such challenge.

Except to the extent expressly set forth above, UBS shall not be responsible for the payment of any duties or taxes of Supplier or its Subcontractors.

5.4.  

Indemnification for Taxes

 

5.5.  

Set Off

 

6.1.  

Power to Contract

(a)  

UBS and Supplier hereby warrant and represent to each other that they each have:

all requisite corporate power and authority to enter into the Master Agreement and each subsequent Agreement, and to carry out the transactions contemplated hereby; and

obtained and will maintain throughout the Term all consents, permissions and licenses necessary to enable them to perform their obligations hereunder.

(b)  

Supplier warrants that all representations and statements, whether written or oral, that it has made prior to any Effective Date are accurate (for the avoidance of doubt, including representations made in any responses that were given by Supplier or any Supplier Affiliate to an initial request for information (RFI) or request for proposal (RFP) received from UBS or any UBS Affiliate in respect of any particular Products, Services or Supply Orders, and any proposal documents and any written clarifications to those documents, unless such representation directly conflicts with the respective Supply Order).

6.2.  

Performance of Obligations

 

(a)  

it will perform its obligations hereunder using the skill and care of a diligent supplier in a professional and timely manner, with an adequate number of competent personnel who have the necessary technical skills, qualifications, experience, certifications and training to perform and complete the Services in accordance with best standards and practices observed by suppliers in the upper quartile of the industry providing similar services to those required by the Master Agreement and the respective Supply Order;

(b)  

it will perform its obligations hereunder in compliance with the UBS Policies provided to Supplier in writing and in a safe manner which, as a minimum, complies with all relevant health and safety and environmental legislation and regulations applicable to the performance of the obligations under this Agreement in all relevant jurisdictions;

(c)  

it will perform its obligations hereunder in compliance with any Applicable Requirements and so as to enable UBS and UBS Affiliates to comply with their obligations thereunder;

(d)  

it will perform its obligations hereunder in such a manner to ensure that it does not, and that any Products or Work Products do not, introduce, malware including any software viruses, trojan horses, worms, time bombs, logic bombs, trap doors, back doors, cancelbots, spyware, botnet nodes, keyloggers, rootkits or any other computer code, files or programs designed to disrupt, interrupt, disable, damage, destroy or limit the functionality of any device, software, system or telecommunications equipment (“Malware”) whether owned by or licensed to UBS, a UBS Affiliate or otherwise or obtain any unauthorized pecuniary advantage for any person.  Notwithstanding the foregoing, UBS agrees that it shall be responsible for running virus scans on such software.

(e)  

all Products and/or Work Products provided to UBS or UBS Affiliates hereunder shall:

handle data input, processing and output accurately and without interruption and function accurately and without interruption recognizing and treating any date at its true calendar date and any time span correctly; and

be fully interoperable with any other UBS software or system which provides the functions listed in sub-clause (i) of this clause 6.2(e);

(f)  

it will perform its obligations hereunder without undue disruption to UBS’s or UBS Affiliates’ business;

(g)  

to the extent that it processes Personal Data as a Data Processor on behalf of UBS and the UBS Affiliates, it shall comply with the provisions of clause 11.1 and Exhibit 3 (Data Protection Exhibit) and shall indemnify and hold harmless UBS and the UBS Affiliates against all losses, claims, costs (including reasonable legal fees), damages and proceedings that result from a breach of this clause 6.2(g);  and

(h)  

any Documentation provided by Supplier will be reasonably sufficient for the subsequent use of the Products or any related Work Products by UBS.

6.3.  

Intellectual Property

(a)  

Supplier warrants and represents to UBS and UBS Affiliates that to the best of Supplier’s knowledge as of the date of delivery:

use or possession by UBS or the UBS Affiliates of any Products, Services and/or Work Products or Supplier’s Pre-Existing Intellectual Property shall not subject UBS or the UBS Affiliates to any claim for infringement of any Intellectual Property Rights of any third party; and

the Work Products, excluding UBS Pre-Existing Intellectual Property will be either (A) original works of authorship of Supplier or those acting on its behalf; or (B) licensed to Supplier with full right and authority to sub-license in accordance with the provisions of the Master Agreement and/or any Agreement.

(b)  

UBS represents and warrants that the use or possession by Supplier of UBS Software, UBS Systems or UBS Pre-Existing Intellectual Property as per the terms of the Master Agreement and/or any Agreement shall not subject Supplier to any claim for infringement of any Intellectual Property Rights of any third party.

6.4.  

Security

 

the use of Products or provision of the Services shall not permit any unauthorized access to or cause any loss or damage to UBS Systems, UBS Pre-Existing Intellectual Property, any Work Products (where such Work Products are owned by UBS in accordance with the Master Agreement or the applicable Agreement) or Confidential Information belonging to UBS; and

it shall comply with any security obligations set out in: the UMA, the applicable Schedule(s), Supply Orders and/or UBS Policies provided to Supplier in writing or communicated to Supplier.; and

Supplier will institute above industry standard safeguards to guard against the unauthorized access, alteration, destruction or loss of UBS Data and/or UBS Confidential Information. Supplier will propose security changes it deems to be appropriate, subject to UBS’s acceptance via the applicable change control process agreed between the Parties, which shall include a detailed risk assessment and sign-off by the relevant UBS risk control functions. If the safeguards specified in this clause 6.4 conflict with the UBS Policies in these areas, the UBS Policies provided to Supplier in writing and/or communicated to Supplier shall prevail. Supplier will, in any event, notify UBS if it considers the UBS Policies are deficient.

6.5.  

CID and UBS Price Sensitive Information

(a)  

In processing CID and UBS Price Sensitive Information Supplier shall establish and maintain adequate technical and/or procedural measures, the purpose of which is to restrict and control access by Staff to such information, in order to comply with relevant UBS Policies.

(b)  

Supplier warrants and represents to UBS and UBS Affiliates that:

it will protect and clearly identify CID and UBS Price Sensitive Information and ensure that such information is processed separately from information that may be processed for any other customer of Supplier; and

it will put and keep in place, all technical, personnel and organizational measures necessary to maintain the security and confidentiality of such CID and UBS Price Sensitive Information.

6.6.  

Additional Warranties

(a)  

In regards to the Products, Services and Work Products, the warranty provisions of the applicable Schedule shall apply to the respective Product, Service or Work Product in addition to the warranties contained in this clause 6.

(b)  

Supplier hereby undertakes to be jointly and severally liable for all obligations and liabilities accepted or incurred by its Affiliates under each Agreement.

(c)  

Supplier will execute such form of guarantee as UBS may require to guarantee the performance of Supplier’s Affiliates under any Agreement.

7.1.  

Pre-Existing Intellectual Property

(a)  

Each Party shall retain ownership of its Pre-Existing Intellectual Property.

(b)  

Subject to the terms of the Master Agreement and/or any Agreement, Supplier grants UBS and the UBS Affiliates a perpetual, world-wide, royalty-free, non-exclusive, transferable and non-revocable license to use, copy, and sublicense and to permit the clients, potential clients, outsourcing companies and contractors of UBS and UBS Affiliates to use Supplier’s Pre-Existing Intellectual Property as is necessary for UBS to use the Work Products incorporating Supplier’s Pre-Existing Intellectual Property or as is necessary to gain the benefit of the Services, for the purposes for which such Work Products were designed and intended. UBS agrees that it will not sublicense, sell, use or transfer such Supplier’s Pre-Existing Intellectual Property on a stand-alone basis.

(c)  

In the case that any Supplier Pre-Existing Intellectual Property licensed from a third party is incorporated or provided in conjunction with in any Work Product, Supplier warrants that it will have obtained any necessary authority, permission or license from the relevant third party to grant a license in the same terms as set out in clause 7.1(b) above. To the extent set out in a Supply Order, UBS will be responsible for procuring any third party software which is necessary to enable it to receive the benefit of the Services and which has been specifically detailed in the relevant Supply Order. In the event that Supplier is to grant UBS a license to any third party software, any additional license terms to those set out above will be set out expressly in the relevant Supply Order.

(d)  

UBS grants Supplier a royalty free, non-exclusive license to use the UBS Pre-Existing Intellectual Property to the extent necessary to enable it to provide the Services, and for no other purpose.

7.2.  

Intellectual Property in Work Products

(a)  

UBS shall upon the creation thereof, exclusively own all Intellectual Property Rights in all Work Products. All original works of authorship created, developed or modified by Supplier or its Staff during the course of the provision of any Services provided to UBS are “works made for hire” under the applicable copyright laws and shall become and remain the sole and exclusive property of UBS. To the extent that all right, title, and interest in Intellectual Property Rights in and to Work Product may not, by operation of law or equity, vest in UBS, Supplier hereby irrevocably assigns (including by way of future assignment) any and all right, title and interest in Intellectual Property Rights in and to the Work Product to UBS, together with all causes of action for infringement, misappropriation, or otherwise relating to any Intellectual Property Rights in the Work Product and further, agrees to assist UBS and to execute, acknowledge and deliver to UBS any requested affidavits and/or documents of assignment and conveyance or perform any other act deemed reasonably necessary or desirable to carry out the intended purposes of this clause 7.2, including but not limited to assisting UBS in obtaining, procuring, registering, maintaining, protecting, assigning, and enforcing Intellectual Property Rights in Work Products. To the extent that any moral rights or rights equivalent or analogous to moral rights do not vest in UBS as works made for hire or for any reason do not, by operation of law or equity or by assignment, vest in UBS (or are not considered to be assignable), Supplier hereby agrees to waive irrevocably or procure the irrevocable waiver of any rights constituting or equivalent or analogous to moral rights, for all uses including internal or external products, marketing, and/or promotional materials that UBS or any UBS Affiliate may use, distribute, or otherwise exploit.  Unless otherwise specified in the relevant Supply order, UBS grants Supplier a limited, non-sub-licensable, non-dealable, royalty free, non-exclusive license to use, the Work Products solely to the extent and for as long as necessary for the purpose of performing the Services.

(b)  

Supplier shall promptly disclose in writing to UBS all copyright works or designs originated, conceived, written or made by it alone or with others in the performance of the Services and shall (to the extent that they do not automatically vest in UBS by operation of law or pursuant to the Master Agreement and/or any Agreement) hold them in trust for UBS until such rights shall be fully and absolutely vested in UBS.

(c)  

Supplier shall (at the reasonable expense of UBS which shall be agreed by the Parties in advance) execute such further documents and promptly provide such assistance as UBS may reasonably request in order to:

(i)  

register UBS in any country as proprietor of any Intellectual Property Rights subsisting in the Work Products; and

(ii)  

perfect the title of UBS to any Intellectual Property Rights subsisting in the Work Products.

(d)  

Supplier shall procure that its Staff irrevocably and unconditionally waive in favor of UBS any rights (including moral rights or rights equivalent or analogous to moral rights), title or interests in and/or to the Work Products immediately on creation and shall ensure that it appoints all Subcontractors on terms which give effect to the provisions of this clause 7.2 in favor of UBS.

(e)  

If under the relevant Supply Order UBS owns such Work Product, Supplier shall, as soon as reasonably practicable following creation thereof, deliver to UBS the Products and Source Code to the Work Product and all documentation and information as UBS may consider necessary to enable a person skilled in such software to operate and maintain such Software.

(f)  

Unless otherwise requested by UBS, upon completion of the Services to be performed under each Agreement or upon the earlier termination of such Agreement, Supplier shall immediately turn over to UBS all Work Products developed pursuant to such Agreement. All Work Products reduced to tangible form shall bear UBS’s copyright and trade secret notices, or such other proprietary notice as UBS may specify.

(g)  

Supplier shall ensure that all Staff shall be bound by undertakings in substantially the same terms as this clause 7.2.

7.3.  

Use of Know-how

 

(a)  

Should a third party claim that its Intellectual Property Rights are infringed and initiate proceedings against UBS, UBS shall notify Supplier of this fact in writing as soon as reasonably practicable (but the failure to do so shall not relieve Supplier of any liability hereunder except to the extent Supplier has been materially prejudiced therefrom). Supplier shall have sole control over the defense and settlement of such claims at its own expense but shall not, without UBS's prior written consent (not to be unreasonably withheld), consent to entry of any judgment or enter into any settlement which (A) does not include, as an unconditional term, the grant by the claimant to UBS of a release of all liabilities in respect of such claims or (B) otherwise adversely affects the rights of UBS. Supplier shall likewise be obligated to provide full support to UBS in order to successfully defend such third party claims, by providing among other things all necessary information and documents. Notwithstanding the foregoing, UBS may participate in the defense and settlement of the claim at its own expense

(b)  

Supplier shall indemnify, defend, and hold harmless UBS, UBS Affiliates, and UBS Persons for all damages awarded and/or costs imposed as a result of a judgment or settlement, provided these costs were not caused by gross negligence of UBS. However, before UBS makes concessions and/or concludes a settlement, it shall request Supplier to provide its comments; otherwise any claim for reimbursement shall be reduced by the amount increased as a result of this omission. In any case, UBS shall hereby be indemnified and held harmless by Supplier for its own related expenses and lawyer's fees.

(c)  

In the event that any copyright and/or other Intellectual Property Rights of third parties are infringed or an infringement is credibly claimed creating a risk that UBS is legally enjoined from using the Product, Services or Work Products either in whole or in part, UBS shall have the option to:

arrange that Supplier provide UBS with the right in dispute; or

have developed, at the expense of Supplier, a modified and technically equivalent Product, Service or Work Product which does not infringe rights of third parties

 

(d)  

The indemnity in this clause 8 shall not apply to any infringement to the extent that it is exclusively and necessarily due to Supplier having followed a design or instruction furnished or given by UBS in circumstances where Supplier could not reasonably have been expected to avoid such infringement, or UBS combines the Products with such products which Supplier has clearly stated in the relevant Supply Order would cause such an infringement.

(e)  

If at any time any allegation of infringement of third party and/or proprietary rights is made in respect of the UBS Pre-Existing Intellectual Property, UBS Software or UBS Systems, Supplier shall notify UBS of this fact in writing within thirty (30) calendar days (but the failure to do so shall not relieve UBS of any liability hereunder except to the extent UBS has been materially prejudiced therefrom), and UBS may, at its expense, modify or replace the same so as to avoid the infringement and Supplier will ensure that UBS is provided with all reasonable assistance required to exercise such right. In the event of any third party claim being made against Supplier by virtue of its use of any UBS Pre-Existing Intellectual Property, UBS Software or UBS Systems in accordance with the provisions of the Master Agreement and/or any Agreement (and which does not itself arise as a result of any Services provided by Supplier), UBS shall have the option to (A) compensate Supplier for all reasonable losses and expenses it incurs in connection with such claim, or (B) defend such claims at its own expense.

9.1.  

Neither Party excludes or limits its liability to the other for fraud or for death or personal injury resulting from its negligence, or for any breach of any warranties as to title.

9.2.  

Subject to clause 9.1 above and clause 9.3 below but otherwise notwithstanding anything to the contrary contained elsewhere in the Master Agreement and/or any Agreement, the aggregate liability of each Party in each Contract Year for claims made by the other in that Contract Year in respect of loss or damage arising out of or in connection with any breach of that Party’s obligations under each Agreement whether arising for breach of contract, tort, or negligence shall not exceed the greater of:

the cumulative amount of Charges invoiced by Supplier to UBS under the relevant Agreement;

four times the amount of Charges invoiced by Supplier to UBS under the relevant Agreement during the quarter preceding the claim; or

$20 million

9.3.  

Exceptions from Limitation of Liability

 

9.4.  

Remedies Cumulative

 

10.1.  

Term

(a)  

The Master Agreement, shall commence on March 2, 2012, and shall have an initial term of five (5) years, after which it shall automatically renew for additional one year terms, unless and until terminated by either Party with ninety (90) days written notice to the end of the respective term.

(b)  

In the Master Agreement, the terms and conditions of a Schedule shall commence on the date specified therein and shall end or renew corresponding to clause 10.1(a), unless otherwise agreed in the respective Schedule.

(c)  

An Agreement shall commence on its Effective Date and shall continue in force for the duration specified therein, notwithstanding the termination or expiry of the Master Agreement.

10.2.  

Termination by either Party

(a)  

Without prejudice to any right or remedy either Party may have against the other for breach or non-performance of the Master Agreement and/or any Agreement, either Party shall have the right by notice in writing to the other Party to terminate with immediate effect all or any part of the Master Agreement and/or any Agreement on or at any time after the happening of any of the following events:

the other Party is unable to pay its debts as they fall due or admits inability to pay its debts or if the value of the other Party’s assets falls below the amount of its liabilities, taking into account contingent and prospective liabilities; or

the passing by the other Party of a resolution for its winding-up (except in connection with a bona fide solvent business re-organization) or the making by a court of competent jurisdiction of an order for the winding-up of the other Party or the dissolution of the other Party; or

the filing of a petition or other appropriate filing by a creditor or by the Party itself requesting the opening of bankruptcy or winding up proceedings, opening of bankruptcy or winding up proceedings against the other Party, the making of a bankruptcy order or an administration order in relation to the other Party; or

the appointment of an administrator, receiver or an administrative receiver over any of the other Party’s assets (or a person becoming entitled to do so); or

the taking possession, sale by an encumbrance of or attachment or the levy of any distress, execution, sequestration or other such process  on any of the other Party’s assets and which is not discharged within 14 days; or

the granting of an adjournment on the opening of bankruptcy or winding-up proceedings against the other Party; or

the approval of a provisional or definitive moratorium of debt enforcement (composition proceedings) of one Party or opening of similar proceedings against the other Party; or

the lack of or improper appointment of any corporate body of the legal entity of the other Party, where the corporate bodies are required under the applicable law of said legal entity; or

the other Party makes or commences negotiations in respect of an arrangement or composition with its creditors generally or making an application to a court of competent jurisdiction for protection from its creditors generally (or any class of them), except in connection with a bona fide solvent business re-organization; or

if the other Party’s performance during a Force Majeure Event is not resumed within ninety (90) days (or such other period as may be specified in a Supply Order) of its suspension under the provisions of clause 12.4 (Force Majeure).

10.3.  

Termination by UBS

(a)  

UBS shall have the right by notice in writing to Supplier to terminate with immediate effect all or any part of the Master Agreement and/or any Agreement on or at any time after the happening of any of the following events:

if Supplier commits a material or persistent breach of any of the terms and conditions set out in the Master Agreement and/or any Agreement provided that where such breach is capable of remedy Supplier has been notified in writing of the breach and has not cured it within thirty (30) days of receipt of such notice. For the avoidance of doubt, any breach by Supplier of its obligations of confidentiality regarding UBS or any UBS Affiliate’s Confidential Information will automatically be deemed to be a material breach. For the purposes of this clause a breach shall be considered capable of remedy if time is not of the essence in performance of the obligation and if Supplier can comply with the obligation within the thirty (30) day notice period;

on either UBS or Supplier ceasing to carry on a material part of its business at any time or disposing of all its assets or a substantial part of its assets;

on a change of control of either Supplier or any Wholly Owned Affiliate not otherwise notified to UBS by Supplier in advance and approved by UBS in writing; in this clause “control” means the ability to direct the affairs of Supplier whether by virtue of contract, ownership of shares or otherwise;

if either UBS’s or Supplier’s ability to carry out its obligations under the Master Agreement and/or any Agreement is prevented or substantially interfered with by any regulation, law, decree or any act of state or other governmental action or either UBS or Supplier is refused or has revoked any official or regulatory license, authorization or permission necessary for the performance of its obligations hereunder;

if Supplier is, at any time, the subject of an enforcement action by any Regulator which prevents Supplier from lawfully performing its obligations under the Master Agreement and/or any Agreement;

if Supplier breaches clauses 6.4, 6.5 and 11;

if any of the events referred to in this clause 10.3 occurs in respect of any of Supplier’s Subcontractors;

Supplier is indicted on allegations of material fraud or corruption (or if a principal officer admits to either of the foregoing); or

if Supplier persistently and repeatedly breaches its obligations under the Master Agreement and/or any Agreement, irrespective of whether or not Supplier subsequently remedies such breaches; or

if Supplier’s performance under the Master Agreement and/or any Agreement is reasonably determined by UBS to be contrary to any UBS Policy;

if Supplier breaches any Applicable Requirements; or

if any act or omission of any Subcontractor would, if such act or omission had been committed by Supplier itself, allow UBS to terminate the Master Agreement.

(b)  

Such termination shall take effect thirty (30) days after receipt of notice that the other party intends to terminate and does not cure such condition within the notice period either immediately or at such date as UBS shall specify in such notice and the Parties agree that any termination by UBS under any of the provisions listed above shall not result in the payment of any termination Charges to Supplier.

10.4.  

Termination by Supplier

(a)

Other than as specified in clause 10.2, Supplier may terminate the applicable Agreement by not less than one hundred and eighty (180) days prior written notice to UBS, if UBS commits a material intentional infringement or misappropriation of Supplier's proprietary rights and fails to cure such misappropriation of rights within forty five (45) days after receipt of written notice specifying such breach and Supplier's intention to terminate the Supply Order. (For purposes of this clause “intentional“ shall mean infringement or misappropriation undertaken at the direction of or with express approval from, or the actual knowledge of, UBS's responsible management).

(b)

Supplier irrevocably waives any rights (other than those contractual rights explicitly set out in the Master Agreement and/or any Agreement) that may be available under applicable law or in equity to suspend performance or terminate the Master Agreement and/or any Agreement for any reason.

10.5.  

Termination by Third Party Supplier

 

10.6.  

Additional termination of Agreements

 

10.7.  

Termination by UBS without cause

 

10.8.  

Consequences of Termination

(a)  

Following the termination or expiration of the Master Agreement for any reason, no further Supply Orders may be executed thereunder. The termination of the Master Agreement shall not affect the validity of any Agreements constituted thereunder prior to the termination date and the Master Agreement shall continue to apply to any such Agreements even after termination of the Master Agreement.

(b)  

Following the termination of the Master Agreement or any Agreement for any reason, Supplier shall promptly deliver to UBS at Supplier's expense (on media, in formats and to such address as may be specified by UBS) or return to UBS all materials and copies thereof (whether in hard or electronic format) relating to the UBS Confidential Information as well as all UBS Data together with a written certificate of confirmation from a senior authorized representative of Supplier that it has complied with all of its obligations under the Master Agreement or the respective Supply Order. If some UBS Data (e.g. information, software etc.) cannot be returned it must be permanently deleted in accordance with ISO27001 with a written certificate of confirmation from a senior authorized representative of Supplier that it has complied with ISO27001. The costs incurred thereby shall be borne by Supplier;

(c)  

Following the termination of the Master Agreement or any Agreement for any reason, if requested by UBS, at Supplier’s then-current daily rates, Supplier is to provide such services as are reasonably required to allow the Services to continue so far as possible without interruption so as to facilitate the orderly transfer of the Services to UBS or any of its designees or a successor supplier.

(d)  

Supplier acknowledges that UBS and its Affiliates may be required by its regulators to ensure that they are able to continue to carry on their business notwithstanding the occurrence of any insolvency related event in relation to another UBS Affiliate.  Accordingly, Supplier agrees, on behalf of itself and its Affiliates, that following any termination by Supplier or any Supplier Affiliate of all or any part of the Master Agreement or any Agreement, for the happening of any of the events specified in clauses 10.2 (a)(i) to (viii) in relation to UBS or any UBS Affiliate, Supplier and its Affiliates will, if requested by UBS or any of its Affiliates, continue to provide the Products and/or Services for such period as UBS or the UBS Affiliates may reasonably require, on the same terms and conditions as such Products and/or Services were provided prior to termination, provided that the UBS entity or entities receiving such Products and/or Services continues to pay to the Supplier or its Affiliate (as the case may be) the Charges that were payable for such Products and/or Services prior to termination.

(e)  

The consequences of termination of an Agreement shall further be governed by the provisions contained in the respective Supply Order and the Schedule(s) applicable to such Agreement.

(f)  

The provisions regarding Warranties (clause 6), Intellectual Property (clause 7), Intellectual Property Rights Infringement Indemnity (clause 8) and Remedies and Liability (clause 9), Consequences of Termination (clause 10.8) and Confidentiality and Data Protection (clause 11),  and Miscellaneous (clause 12) shall survive the termination or expiration of the Master Agreement or any Agreement.

11.1.  

Data Protection

 

11.2.  

Confidentiality

(a)  

For the term of the Master Agreement and/or any Agreement and following its termination, both Parties generally undertake to treat any Confidential Information in a confidential manner, and neither to convey or disclose such data or information to third parties nor to use it for purposes other than for the performance of the Master Agreement and/or any Agreement. This shall include but not be limited to the obligation to ensure, as far as technically feasible according to state-of-the-art technology, that no unauthorized third party can access any such data or information through network and/or database online access. This obligation of confidentiality shall not apply to information that:

is disclosed by UBS to any UBS Persons  to the extent that such disclosure is reasonably necessary for the purpose of the Master Agreement and/or any Agreement or for evaluating the Master Agreement and/or any Agreement, provided that UBS shall ensure that the UBS Recipient complies with UBS’s obligations of confidentiality under the Master Agreement and/or any Agreement; or

is disclosed by Supplier, subject to clause 11.3, to any Staff or other Supplier Persons to the extent that such disclosure is reasonably necessary for the purpose of the Master Agreement and/or any Agreement, provided that Supplier shall ensure that Supplier Recipient complies with Supplier’s obligations of confidentiality under the Master Agreement and/or any Agreement; or

that can be proved by the receiving Party to have been in the public domain at the date it was disclosed to a third party; or

is lawfully or properly obtained by the receiving Party from a person who is without obligation of confidentiality; or

comes into the public domain otherwise than through the default or negligence of the receiving Party; or

the receiving Party can demonstrate was independently developed by the receiving Party without reference to the Confidential Information of the other Party; or

by virtue of the regulations of any recognized stock exchange upon which the receiving Party’s securities  (or those of its Wholly Owned Affiliate) are listed, provided that where permitted by such body the other Party is given prompt notice thereof; or

is requested in a lawful and legally binding manner to be disclosed by a competent court, regulator or a body having similar authority over the receiving Party provided that where permitted by such body the other Party is given prompt notice thereof; or

is required to be disclosed by Applicable Requirements provided that where permitted by such body the other Party is given prompt notice thereof; or

is requested to be disclosed by UBS or on its behalf to its auditors (whether internal or external) and other third parties who have the right to require that UBS supply the relevant information and, subject to the same entering into a confidentiality agreement with UBS; or

is disclosed to benchmarking companies which have entered into a confidentiality agreement with UBS to protect such information.

(b)  

Supplier shall not disclose the content of its specific activity for UBS and the findings or information of any kind received during the delivery of Products and/or Services for UBS.

(c)  

Both Parties acknowledge that breach by it of this clause 11 may cause irreparable injury to the other Party, which injury will be inadequately compensable in damages. Accordingly, each Party is entitled to the remedies of injunction, specific performance and other equitable relief in respect of any actual breach or threatened breach of the terms of the Master Agreement and/or any Agreement in addition to any other legal remedies which may be available, without the necessity of proving actual damages or posting of security or a bond.

(d)  

Neither party makes any representation or warranty, express or implied, with respect to its Confidential Information.

(e)  

Except as expressly set out in the Master Agreement and/or any Agreement, nothing contained in the Master Agreement and/or any Agreement shall be construed as granting any right or license to either Party’s Confidential Information or to any invention or discovery derived from or improvement made to such Confidential Information, whether conceived or created prior to or after the date of the Master Agreement and/or Agreement.

(f)  

Each party’s obligations to retain the confidentiality of the other party’s trade secrets shall survive any termination or expiration of the Master Agreement and/or Agreement.

(g)  

Supplier indemnifies and holds harmless UBS Persons and shareholders against all liability, claims, demands, fines, losses and expenses, including reasonable legal fees, arising out of a failure by Supplier to comply with the terms of this clause 11.

11.3.  

Restricted Countries

 

12.1.  

Access to records

 

12.2.  

Notices and Communications

(a)  

In proving service of a notice or document under the Master Agreement and/or any Agreement it shall be sufficient to prove that an envelope containing the notice or document was properly addressed and delivered by courier or posted as a prepaid, first class or airmail, recorded delivery letter:

to Supplier at the address specified in the Supply Order;

(b)  

Unless there is evidence that it was received earlier, such notice or document shall be deemed to have been served:

if delivered by courier, when left at the address referred to above;

if sent by post to an address within the country of postage, two Business Days (in the city of the recipient) after posting it; or

if sent by post to an address outside the country of postage, five Business Days (in the city of the recipient) after posting it.

(c)  

Supplier irrevocably appoints Supplier’s Chief Executive Officer at Cicero Inc., 8000 Regency Parkway, Suite 542, Cary, NC 27518 to receive on its behalf service of any action, suit or other proceedings in connection with the Master Agreement and/or any Agreement. If any person appointed as process agent ceases to act for any reason, Supplier shall notify UBS and shall promptly appoint another entity incorporated within ten (10) days to act as its process agent and shall notify UBS of the name and address of the replacement agent. Failing such appointment and notification, UBS shall be entitled by notice to Supplier to appoint a replacement agent to act on Supplier's behalf.

12.3.  

Escalation of Disputes and Complaints

 

(a)  

Any dispute arising out of or in connection with the Master Agreement and/or any Agreement shall be referred by written notice:

first to the manager appointed by each Party who shall meet and endeavour to resolve the dispute between them within five (5) Business Days of such notice; and

failing resolution of the dispute, to a senior representative of Supplier and a senior representative of UBS (together the “Senior Representatives”) who shall meet and endeavour to resolve the dispute between them within ten (10) Business Days of such notice (the “Senior Representatives’ Meeting”). The joint written decision of those Senior Representatives shall be binding on the Parties.

If the appointed managers or Senior Representatives are unable to resolve the dispute, the Parties shall, if both Parties agree, within five (5) Business Days of the Senior Representatives’ Meeting refer the dispute to mediation in accordance with the rules of the Centre for Dispute Resolution (CEDR) or such other mediation provider agreed by the Parties. The Parties agree to hold such mediation as soon as possible and in any event within one (1) month of the Senior Representatives’ Meeting.

(b)  

Any complaint from any third party arising out of or in connection with the Master Agreement and/or any Agreement shall be referred by written notice within twenty-four (24) hours of receipt to the manager appointed by UBS.

12.4.  

Force Majeure

(a)  

Neither Party shall be liable to the other for any delay or non-performance of its obligations under the Master Agreement and/or any Agreement arising from any of the following: act of God, war, fire, flood, earthquake, explosion, acts of terrorism, epidemic or pan-epidemic or civil commotion, strikes or lockouts or labor disputes,  excluding, for the avoidance of doubt, strikes of Supplier’s Staff or Malware or other items or events which should have been capable of avoidance or mitigation in the exercise of appropriate business continuity or disaster recovery measures (“Force Majeure Event”).

(b)  

Subject to the affected Party promptly notifying the other Party in writing of the cause and the likely duration of the cause, the performance of the affected Party’s obligations, to the extent affected by the cause, shall be suspended during the period that the cause persists, subject to termination by either Party in accordance with clause 10.2.

(c)  

The foregoing excuse from non-performance is conditioned upon such Party continuing to use its best efforts to recommence performance whenever and to whatever extent possible without delay, including through the use of alternate sources, workaround plans, backup or emergency power, redundant telecommunications circuits, or other means.

(d)  

Notwithstanding the foregoing, the acts or omissions of a Party's agents, subcontractors, representatives, materialmen, suppliers or other third parties providing products or services to such Party will not constitute a Force Majeure Event (unless such acts or omissions are themselves the product of a Force Majeure Event).

(e)  

The occurrence of a Force Majeure Event does not excuse, limit or otherwise affect Supplier's obligation to provide either normal recovery procedures or any other disaster recovery services specified in the Master Agreement or in any Agreement.

(f)  

The Party whose performance is prevented, hindered or delayed by a Force Majeure Event will:

immediately notify the other Party of the occurrence of the Force Majeure Event and describe in reasonable detail the nature of the Force Majeure Event and such Party's good faith estimate of the likely duration of such Force Majeure Event;

with the cooperation of the other Party, exercise all reasonable efforts to mitigate the extent of any non-performance, hindrance or delay caused by a Force Majeure Event and any adverse consequences of such Force Majeure Event, including, in the case of Supplier, performance of required work or the provision of the Services with the use of Supplier's qualified management or other employees or Subcontractors (as permitted by the Master Agreement and/or any Agreement), and cooperating with UBS's efforts to secure necessary replacement services from third party vendors and suppliers; and

immediately notify the other Party of the cessation of such Force Majeure Event.

(g)  

The provisions of this clause may be amended by further related provisions in the applicable Schedule(s).

12.5.  

Insurance

(a)  

During the term of the Master Agreement and/or any Agreement, Supplier shall maintain insurance coverage at its own cost and expense as follows:

(b)  

The foregoing insurances are to be maintained with insurers licensed and admitted where Supplier conducts business and with a minimum rating of Moody’s A1 or S&P A+ or Fitch A.

(c)  

All policies maintained by Supplier pursuant to the Master Agreement and/or any Agreement shall be primary and non-contributing with any insurance carried by UBS and its Affiliates.

(d)  

If any of the above required insurance policies are written on a claims-made/discovered basis, such policies shall be kept in force, through either the purchase of an extended reporting period or renewal policy, for a period of not less than three (3) years following the expiration or termination of the Master Agreement and/or any Agreement.

(e)  

At the time of the execution of the Master Agreement and/or any Agreement and prior to the performance of any work thereunder, Supplier shall provide certificate(s) of insurance to UBS evidencing that the coverage required under the Master Agreement and/or any Agreement is maintained and in force. Supplier shall also provide renewal certificates to UBS at the time of each required policy renewal throughout the term of the Master Agreement and/or any Agreement. In addition, Supplier shall provide at least thirty (30) days written notice to UBS prior to cancellation, non-renewal or material change to any of the policies providing such coverage.

(f)  

The foregoing insurance requirements do not limit Supplier’s liability as set forth elsewhere in the Master Agreement and/or any Agreement.

12.6.  

Waiver

 

12.7.  

Amendments

 

12.8.  

Assignment

(a)  

The Master Agreement and any Agreement shall not be assigned by Supplier without the prior written consent of UBS, but nothing in the Master Agreement and/or any Agreement shall prevent or restrict UBS from assigning, sub-licensing, transferring or otherwise disposing of all or any of its rights or obligations hereunder to a UBS Affiliate or to any legal entity which succeeds to all or part of the business or assets of UBS or to any third party service provider engaged by UBS to manage or supervise the Services. Any attempted assignment in contravention of this clause shall be null and void.

 

The Master Agreement and any Agreement shall be binding upon any successors in interest or title of the Parties.

12.9.  

Audit

(b)  

The Supplier shall, for a period of ten (10) years from creation, keep or cause to be kept full and accurate records pertaining to the delivery of the Product, Work Product and Services.

(c)  

Without prejudice to its other obligations under this Agreement, and no more than once per calendar year, the Supplier shall permit UBS or its authorized representatives or any representative of any relevant regulatory body (in any case the "Auditor") to have access to the premises of the Supplier and any other premises under the control of the Supplier or any Subcontractor and to:

examine data and other records, documents or other relevant information relating thereto or to the provision of the Product, Work Product and/or Services; and

as for and receive explanations in respect to such matters from the Supplier,

 

to the extent necessary for the Auditor to be satisfied that the Supplier is complying with the terms and conditions of this Agreement and any contractual terms, regulations, statutory provisions and the like affecting UBS and touching on this Agreement.  Any audit shall be conducted with a minimum of disruption to Supplier's normal business operations.  All information disclosed by Supplier to UBS during the course of such audit shall be deemed Confidential Information of Supplier.

(d)  

Access shall be granted to the Auditors at any time during which the premises of the Supplier or the relevant site is ordinarily open for business provided that any authorized representative of UBS has first produced to the Supplier any necessary authorizations from UBS and agrees to comply with all reasonable requirements of the Supplier stipulated for the purpose of protecting the confidentiality of the data systems or information of other users.

(e)  

UBS agrees to the best of their ability to keep accurate business records relating to its use and deployment of the Product which will contain details reasonably sufficient to establish compliance with granted license entitlements.  Supplier may, but no more than one time per year, request a certification from an Executive Officer in writing with a minimum of thirty (30) days prior notice representing that UBS is compliant with the deployment of said Product in the applicable Schedule.  If UBS fails to submit such Certification, Supplier will provide written notice to UBS and UBS will have forty-five (45) days to provide such Certification.

12.10.  

Publicity

 

12.11.  

Responsible Supply Chain Management

(a)  

Supplier shall access the UBS Responsible Supply Chain Standard, which incorporates standards on human rights, labor rights and environmental and anti-corruption principles, on www.ubs.com/responsiblesupplychainstandard and shall comply, and cause any Subcontractor to comply, with the principles set forth therein, which are incorporated in the UMA by reference.

(b)  

Supplier shall promptly notify UBS of any circumstances affecting compliance with the UBS Responsible Supply Chain Standard.

(c)  

UBS reserves the right to evaluate Supplier's compliance with the UBS Responsible Supply Chain Standard and Supplier shall maintain written records of the agreed documentation necessary to demonstrate its compliance.

12.12.  

Changes in Applicable Requirements

 

12.13.  

Governance

 

 

 

Signed for and on behalf of UBS March  ___, 2012 by:

 

 

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

 

[Place, Date]

 

 

Signed for and on behalf of [Supplier] by:

 

 

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

March  ___, 2012

(a)  

The following Exhibits shall form an integral part of the UMA:

 

Exhibit 2:

Declaration of staff member regarding data protection / privacy and client confidentiality / bank secrecy obligations

(b)  

Exhibit 1 (List of Schedules) shall automatically be amended by any subsequent Schedules executed by the Parties under the UMA.

(1)

This document (“DP Exhibit“) specifies the data protection obligations of the Parties in relation to the Processing of Personal Data within the scope of the UBS Master Agreement concluded between UBS AG and Cicero, Inc.  dated March 2, 2012 (“UMA“), its applicable Schedules and Supply Orders.

(2)

This DP Exhibit applies to all activities in connection with the UMA, its applicable Schedules and Supply Orders in which the Staff of Supplier or a third party acting on behalf of Supplier Process Personal Data of UBS.

(3)

Each Party must appoint and notify in writing to the other Party an individual who is authorized to respond to any enquiries concerning Processing of Personal Data.

 

3.1.  

Compliance with laws and regulations: Supplier must comply with the Data Protection Laws and Regulations applicable to Supplier. Supplier shall not by any act or omission put UBS in breach of any of the Data Protection Laws and Regulations.

3.2.  

Relevant Transfers: Irrespective of whether Supplier acts as a Data Controller or as a Data Processor in the performance of the Services, it shall in any event set up and observe and ensure that its Affiliates or Subcontractors carrying out any Relevant Transfer on behalf of Supplier set up and observe Adequate Safeguards to carry out any Relevant Transfer. Each act or omission of Supplier or its Affiliates or Subcontractors in relation to the obligations set forth in the Adequate Safeguards shall be deemed to be an act or omission of Supplier for which Supplier is responsible. Supplier shall not make a Relevant Transfer before such Adequate Safeguards have been set up. In case that Supplier does not comply with this clause 3.2, UBS has the right to terminate all or any part of the Master Agreement and/or any Agreement(s).

3.3.  

Purpose of Processing: Supplier acknowledges that UBS is the Data Controller in respect of any Personal Data that Supplier processes in the course of providing the Services. It is in UBS's sole and absolute discretion to determine the purposes of Processing Personal Data, such purpose being defined in the Master Agreement and/or any Agreement(s). Supplier represents and warrants that it must carry out the Processing solely for the purposes agreed upon in the Master Agreement and/or any Agreement(s) and that it must not otherwise Process any Personal Data at any time and not keep them longer than is necessary for the performance of the Master Agreement and/or any Agreement(s).

3.4.  

Supplier's Staff and other persons acting under Supplier's supervision: Supplier must take reasonable steps to ensure the reliability of its Staff and any other person acting under its supervision who may come into contact with, or otherwise have access to and process, the Personal Data and represents and warrants that any person it authorizes to have access to the Personal Data is bound by contract or otherwise to respect the confidentiality and security of the Personal Data, that any person acting under the authority of Supplier must be made aware of and must comply with Supplier’s obligations under this DP Exhibit and that Supplier can impose effective sanctions on any such person in case of non-compliance.

3.5.  

Information requests from Data Subjects: Supplier represents and warrants that it promptly notifies UBS of any queries from a Data Subject, regulator or any other authority in relation to any Personal Data that Supplier processes as Data Processor in the course of providing the Services.

3.6.  

3.7.

Obligation to notify: Supplier must inform UBS without undue delay in case of serious interruption in operations, suspicion of breaches of data protection or other irregularities in Processing Personal Data.

3.8.

Copies of Personal Data: Supplier must not create any copies or duplicates of Personal Data without UBS's previous written consent, unless such a creation is necessary to provide and document the Services.

3.9.

Ownership and retention rights: The Personal Data, any copies or reproductions made thereof remain UBS's property. Any right of retention of Supplier in relation to the Personal Data without the express written consent of UBS is excluded. Unless set out otherwise in the Agreement, upon request by UBS or in any event, upon termination of the Agreement for any reason, Supplier must return to UBS or upon request by UBS, destroy, all Personal Data of UBS in its possession or under its control, except to the extent that such return or destruction is prohibited by the laws or regulations applicable in the country in which Supplier carries out the Processing. Where such a return or destruction is prohibited, the remaining Personal Data must be kept confidential and no longer be Processed by Supplier. Upon request by UBS, Supplier must confirm in writing that it has complied with the obligations of this sub-section.

4.1.  

UBS represents and warrants that the Personal Data provided to Supplier were processed lawfully (e.g., lawful collection, compliance with obligation to inform).

4.2.  

UBS shall not by any act or omission put Supplier or any Subcontractor in breach of any of the Data Protection Laws and Regulations in connection with the Processing of the Personal Data. Without prejudice to the foregoing, Supplier shall not be held responsible for UBS's breach of Data Protection Laws and Regulations.

4.3.  

Unless already specified in the Master Agreement and/or any Agreement(s), UBS is obligated to instruct Supplier about the purpose of Processing Personal Data and the data recipients.

4.4.  

UBS may inspect the results of Processing of Personal Data by Supplier and will notify Supplier of any relevant errors or irregularities which are to be fixed by Supplier.

5.1.  

Each Party acting as a Data Controller under the Master Agreement and/or any Agreement(s) remains solely responsible for the adherence to the rights of the Data Subjects (including information, correction, destruction, blocking).

5.2.  

The rights of the Data Subjects are to be asserted against the responsible Data Controller. In the event of lawsuits against a Data Subject, the Data Controller has the sole right of decision.

5.3.  

If UBS has an obligation under applicable data protection law to provide information to the Data Subject about the Processing of his/her Personal Data, Supplier acting as a Data Processor must make the relevant information available to UBS and upon request by UBS provide such other assistance in order for UBS to comply with the rights of the Data Subjects.

5.4.  

Supplier acting as a Data Processor must comply with all instructions from UBS to rectify, delete and/or update any Personal Data.

6.1.  

Supplier may use a Subcontractor to carry out the Processing only with the prior written consent from UBS and after Supplier has entered into a contract with the Subcontractor which includes terms equivalent to those in this DP Exhibit and any additional terms UBS may require.

6.2.  

Supplier must ensure that each Subcontractor does not process any Personal Data or CID in contravention of this DP Exhibit and the Data Protection Laws or Regulations or other applicable laws, in particular that the Subcontractor implements Adequate Safeguards.

7.1.  

Supplier must implement such technical and organizational security measures for Processing of any Personal Data as provided in the Master Agreement and/or any Agreement(s) and must upon request from UBS provide evidence of the implementation of such measures.

7.2.  

Supplier represents and warrants that it has in place and maintains at least the following technical and organizational security measures commensurate with the risks associated with the Processing of Personal Data:

7.2.1  

Premises Access Control: Unauthorized persons must be prevented from gaining physical access to premises, buildings or rooms, where data Processing systems are located which process Personal Data; persons are unauthorized if their activity does not correspond to tasks assigned to them (examples of measures: specifying authorized individuals; using badge readers; locking of rooms; video surveillance and alarm devices with reference to access areas); exceptions may be granted for the purpose of auditing the facilities to third party auditors as long as they are supervised by Supplier and do not get access to the Personal Data itself.

7.2.2  

Electronic Data Processing (EDP) System Access Control: Data Processing systems must be prevented from being used without authorization (examples of measures: assignment of user IDs for identification and user passwords for authentication; firewalls).

7.2.3  

Data Access Control: Persons entitled to use a data Processing system must gain access only to the data to which they have a right of access, and Personal Data must not be read, copied, modified or removed without authorization in the course of Processing or use and after storage (examples of measures: restriction on access to files and programs based on a “need-to-know-basis“; prevention of use/installation of unauthorized hardware and/or software; storing data carriers in secured areas; establishing rules for the safe and permanent destruction of data carriers that are no longer required).

7.2.4  

Data Transmission Control: Except as necessary for the provision of the Services in accordance with the Master Agreement and/or any Agreement(s) Personal Data must not be read, copied, modified or removed without authorization during transfer or storage and it must be possible to establish to whom Personal Data was transferred to (examples of measures: instructions for online or offline transfer; encryption of data or transportation of data carriers in sealed containers, shipping and delivery notes).

7.2.5  

Data Entry Control: It must be possible retrospectively to examine and establish whether and by whom Personal Data have been entered into data Processing systems, modified or removed (examples of measures: logging of administration and user activities).

7.2.6  

Contractual Control: Personal Data being processed on commission must be processed solely in accordance with the Master Agreement and/or any Agreement(s) and related instructions of UBS (examples of measures: written instructions or contracts; control of the contractual performance).

7.2.7  

Availability Control: Personal Data must be protected against accidental destruction or loss (examples of measures: creating back-up copies stored in specially protected environments or building reliable redundancies; implementation of anti-virus software; creation of contingency plans or business recovery strategies in case of water damage, lightning strike, power failure, deficits of suppliers).

7.2.8  

Organizational Requirements: The internal organization of Supplier must meet the specific requirements of data protection (examples of measures: designation of Data Protection Officers; commitment of the employees to maintain confidentiality; training of Staff on data privacy and data security; realization of IT security concepts; notifications / authorizations regarding Data Protection Authorities, as far as applicable). In particular, to avoid accidental mixing of Personal Data, Supplier separates other data than that belonging to UBS by technical and organizational measures from UBS's data (examples of measures: physical or logical separation of data).

8.1.  

Upon request from UBS, for the purposes of audit or certification, or upon request from UBS's regulator in relation to the supervision of UBS, Supplier must provide relevant information on its data processing facilities, procedures, and personnel used for the provision of the Services. UBS shall pay all commercially reasonable costs of any such audit or certification.

8.2.  

UBS shall in particular be entitled, in consultation with Supplier and observing a reasonable notice period, to audit and inspect Supplier’s working premises during normal business hours and without creating a business interruption, to satisfy itself that adequate measures are being taken to meet the technical and organizational requirements of the Data Protection Laws and Regulations. UBS acknowledges that Supplier owes a duty to its other clients to maintain information relating to them confidential. Should Supplier need to limit UBS access rights as a result of Supplier’s confidentiality obligations to its clients, Supplier agrees to use all reasonable endeavors to provide such alternative evidence as is necessary to allow UBS to perform a satisfactory audit under this provision.

9.1.  

Supplier has to inform UBS without undue delay, if Supplier has to reasonably anticipate that data of UBS in Supplier's possession or under its control is threatened with seizure or confiscation (e.g. through bankruptcy or settlement proceedings or actions of a third party). Supplier must initiate all reasonable measures to protect UBS's rights and position, in particular inform all involved bodies and persons that authority over the data lies with UBS.

Changes and amendments to this DP Exhibit and all of its components, including any assurances by UBS, require written agreement and an explicit statement that they represent a change or amendment to these conditions. The same applies to the waiving of this formal requirement.

 

 

Signed for and on behalf of UBS AG by:

 

 

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

March ___, 2012

 

 

Signed for and on behalf of Cicero, Inc.  by:

 

 

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

March ___, 2012

 

 

Signed for and on behalf of UBS AG by:

 

 

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

March __, 2012

 

 

Signed for and on behalf of Cicero, Inc.  by:

 

 

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

March __, 2012

(1)

This document (“Security Exhibit“) specifies the data security obligations of Supplier in relation to the processing of UBS Data within the scope of the UBS Master Agreement concluded between UBS AG and Cicero, Inc. dated March 2, 2012, (“UMA“), its applicable Schedules and Supply Orders.

(2)

This Security Exhibit applies to all activities in connection with the UMA, its applicable Schedules and Supply Orders in which the Staff of Supplier or a third party acting on behalf of Supplier process UBS Data.

(3)

Terms and references which are not defined in this Security Exhibit shall have the same meanings as those contained in the UMA.

Obligations of Supplier. As at the commencement date of the UMA as per clause 10.1(a) thereof, Supplier shall have implemented, to UBS' written approval, and shall thereafter maintain current, a comprehensive security policy (“Security Policy“) that satisfies the requirements set forth below. Supplier shall notify UBS of any material change in its Security Policy.

Objectives. Supplier’s Security Policy shall ensure that Supplier:

(a)  

Protects the confidentiality, integrity, and availability of all UBS Data;

(b)  

Protects against accidental, unauthorized, or unlawful access, copying, use, processing, disclosure, alteration, transfer, loss or destruction of the UBS Data. Where access to UBS Data is permitted, Supplier shall not copy, download or store the UBS Data on any desktop, server or other device without UBS’s prior written approval; and

(c)  

Complies with and implements UBS’s policies dealing with security, procedures and standards notified to Supplier from time to time (the “UBS Security Policies”).

Risk Assessment. Supplier shall perform regular (and in any event no less frequently than at every twelve month intervals) risk assessments (“Risk Assessments”) that:

(a)  

Identify reasonably foreseeable threats that could result in unauthorized access, copying, use, processing, disclosure, alteration, transfer, loss or destruction of any of the UBS Data;

(b)  

Assess the likelihood of these threats occurring, and the potential damage that might result, taking into consideration the sensitivity of the relevant types or categories of UBS Data (and any special risks or issues identified by UBS);

(c)  

Assess the sufficiency of the security measures, policies, and procedures, information systems, technology, and other arrangements that Supplier has in place to control such risks; and

(d)  

Are provided in a manner and format agreed to by UBS, based on at least the same security and operational risks for new products, services, processes and technologies introduced to the UBS environment or otherwise used to deliver services to UBS.

Security measures. Based on such Risk Assessment and the requirements of the Master Agreement and/or any Supply Order, Supplier shall develop (or modify, as appropriate), implement and maintain appropriate security measures and procedures (which shall be reflected in an updated Security Policy, to be provided to UBS for UBS's written approval) so as to achieve the objectives set forth in clause 3 above and to manage and control the risks identified during the Risk Assessment, commensurate with the sensitivity of the UBS Data, as well as the complexity and scope of the activities of Supplier pursuant to the Master Agreement and/or any Supply Order. UBS reserves the right, and Supplier agrees, to perform penetration tests and/or other network or infrastructure assurance activities.

Physical security and access control –  Ensuring that all systems hosting UBS Data and/or providing services on behalf of UBS are maintained in a physically secure environment that ensures an unbroken barrier to unauthorized access, and that access restrictions at physical locations containing UBS Data, such as buildings, computer facilities, and records storage facilities, are designed and implemented to permit access only to authorized individuals, and to detect any unauthorized access that may occur, including 24 x 7 security personnel at all relevant locations (“UBS Secure Area”).

Physical security for media – Implementing and maintaining appropriate security measures and procedures to protect, and prevent the unauthorized viewing, copying, alteration or removal of any media containing UBS Data, wherever located.

Media destruction – Implementing and maintaining appropriate security measures and procedures to destroy removable media containing UBS Data that is no longer used, or alternatively (with UBS's prior written consent) to render UBS Data on such removable media unintelligible and not capable of reconstruction by any technical means before re-use of such removable media is allowed.

Shredding - Implementing and maintaining appropriate security measures and procedures to secure confidential disposal of all paper waste generated in supplying the Services by cross shredding, either by Supplier or through a reputable Subcontractor approved by UBS in accordance with clause 4.4 of the UMA.

Access controls on information systems – Implementing and maintaining appropriate security measures and procedures to ensure that access to all systems hosting UBS Data and/or being used to provide services to UBS shall be protected through the use of access control systems that uniquely identify each individual requiring access, grant access only to authorized individuals and based on the principle of least privileges, prevent unauthorized persons from gaining access to UBS Data, appropriately limit and control the scope of access granted to any authorized person, and log all relevant access events. These security measures and procedures shall include Supplier implementing and maintaining:

Access rights policies – appropriate policies and procedures regarding the granting of access rights to UBS Data, in order to ensure that only the personnel expressly authorized by UBS in writing may create, modify or cancel the rights of access of the Staff. Supplier shall maintain an accurate and up to date list of all Staff who have access to the UBS Data and shall have the facility to promptly disable access by any individual Staff.

Authorization procedures for persons entitled to access – appropriate security measures and procedures to establish and configure authorization profiles in order to ensure that personnel will only have access to the UBS Data and resources they need to know to perform their duties, and that they are only able to access the UBS Data within the scope and to the extent covered by their respective access permission. Staff working on development must not normally have access to production systems. For occasional and essential support purposes, such Staff may be granted special access for a limited period of time provided such access is managed, appropriately authorized and logged.

Authentication credentials and procedures – appropriate security measures and procedures for strong authentication of authorized Staff, including the following:

·  

All systems shall prevent access by unauthorized users;

·  

New passwords shall be communicated to users in a secure manner, with an appropriate proof of identity check of the intended users. Usernames and passwords supplied by UBS for the purpose of accessing any UBS Systems and/or UBS Data shall be for the sole use of a specific person and shall not be shared with or divulged to any other person;

·  

Passwords shall not be stored or transmitted in readable form;

·  

When privileged access (e.g. root or superuser level access) is granted to systems which handle UBS Data and/or are used to provide Services, such access shall be for a limited duration only and shall be fully logged;

·  

Systems shall not go into production until all Staff have received appropriate documentation and training, including:

o  

the handling of security breaches;

o  

the management of emergency access support for Supplier’s developers; and

o  

procedures to follow when Staff forget their password.

Access control from outside the UBS Secure Area – appropriate security measures and procedures to prevent Supplier’s information systems or UBS Data from being accessed by unauthorized persons from outside the UBS Secure Area.

Access monitoring – appropriate security measures and procedures for monitoring all access to Supplier’s information systems and UBS Data and for monitoring additions, alterations, deletions, and copying of UBS Data, including:

Making available to UBS, on request, all logs and records; and

Maintaining full records of system or applicable access attempts, both successful and failed.

Intrusion detection/prevention and Malware – appropriate security measures and procedures (i) to ensure that UBS Data, assets and/or systems being used to provide Services is protected against the risk of intrusion and the effects of Malware, and (ii) to monitor each and every instance of access to Supplier’s assets and information systems and to UBS Data to detect the same, and to promptly respond to the same.

Prohibited devices - appropriate policies and procedures to ensure that the following devices are not used on UBS Systems or any equipment used for the provision of the Services or otherwise in connection with the provision of the Services, unless approved by UBS:

·  

Network connections;

·  

Connection to the internet;

·  

Dial-in access;

·  

Equipment such as laptops or additional workstations;

·  

Wireless equipment;

·  

Software;

·  

USB memory sticks;

·  

Network sniffing devices;

·  

Data capture devices;

·  

Traffic analysis devices or network management tools;

·  

Mass storage devices;

·  

Other removable media; and

·  

Other technologies that are similar to the above or provide analogous functionality.

Unused network ports - appropriate policies and procedures to ensure that all unused network ports are disabled or disconnected.

Prohibited functionality - appropriate policies and procedures to ensure that all functionality that allows the extraction and storage of UBS Data is disabled. Examples include, but are not limited to the following:

·  

Local drive access or mapping; and

·  

Redirection of COM, LPT, and USB ports.

Data management controls – Implementing and maintaining appropriate security measures and procedures to ensure that UBS Data and UBS Systems are managed properly. These security measures and procedures shall include Supplier implementing and maintaining:

UBS Systems – appropriate policies and procedures to ensure that UBS Systems are used by Supplier only for the purposes specified in the UMA, the applicable Schedule(s) and/or any Supply Order.

UBS production data - appropriate policies and procedures to ensure that where access is given to production UBS Data, Supplier's Staff and Subcontractors shall not copy, download or store production UBS Data on any desktop, server or other device at any Location, in Supplier’s or its Staff’s possession or otherwise, unless otherwise agreed to in writing by UBS.

Data input control –appropriate security measures and procedures to ensure that it is possible to check and establish whether, when, and by whom UBS Data has been input into Supplier’s information systems, or accessed, copied, modified, or removed.

Data processing control –appropriate security measures and procedures to ensure that UBS Data may only be processed in accordance with the UMA and the applicable Schedule(s) and/or any Supply Order, and to ensure that data collected for different purposes can be processed separately, including the following:

·  

Production systems shall not depend on development infrastructure;

·  

No production data shall be used for development testing;

·  

The development of new application or system software shall be kept separate from the production environment.

Data integrity controls –appropriate security measures and procedures to protect the integrity of the UBS Data, to prevent the unauthorized recording, alteration or erasure of UBS Data, and to ensure that it is subsequently possible to determine when, by whom and which UBS Data were recorded, altered or erased.

Data encryption –appropriate security measures and procedures to ensure that UBS Data is encrypted or protected by other technical means, where appropriate, so that it cannot be read, copied, changed or deleted by unauthorized persons while in storage and while it is being transferred electronically or transferred or saved on a data medium.

Link encryption - appropriate security measures and procedures to ensure that all data and voice links between Supplier and UBS are encrypted using a method approved in writing by UBS. Encryption must be applied across the whole link between UBS and the UBS Secure Area.

Data transfer, transport, and transmission Control –appropriate security measures and procedures to ensure the verification and tracing of the locations/destinations to which the UBS Data are transferred by utilization of Supplier’s data communication equipment/devices.

Data destruction –appropriate security measures and procedures to destroy UBS Data when appropriate and in accordance with the UMA, the applicable Schedule(s) and/or any Supply Order.

Data availability control –appropriate security measures and procedures in order to ensure data availability, including procedures to ensure that UBS Data are protected from accidental destruction or loss, and against loss of data caused by a power shortage or interruptions in the power supply.

Software patching –appropriate security measures and procedures in order to ensure the regular update and patching of all computer software to eliminate vulnerabilities and remove flaws that could otherwise facilitate security breaches.

Change control procedures –appropriate security measures and procedures to protect the UBS Data in the event of changes to, movement of, or replacement of any hardware, computer component, software, or information related to the processing of UBS Data, including emergency changes. Any emergency changes which need to be made by Supplier which bypass any of the elements of the established change control process shall be controlled and logged by Supplier, and Supplier shall take commercially reasonable steps to keep such emergency changes to a minimum, to the extent possible within its reasonable control.

Infrastructure management – appropriate security measures and procedures - to demonstrate careful infrastructure management with a robust change control process.

Backup, retention, and recovery –appropriate backup and recovery security measures and procedures in order to ensure data availability in the event of loss of data or information systems from any cause.

Responsibility – Implementing and maintaining appropriate security measures and procedures to ensure assignment of responsibility for information security management to appropriate skilled and senior Staff.

Qualification of Staff – Implementing and maintaining appropriate security measures and procedures to ensure the reliability, technical expertise, and personal integrity of all Staff who have access to Supplier’s information system or UBS Data.

Obligations of Staff – Implementing and maintaining appropriate security measures and procedures in order to verify that any Staff accessing the UBS Data knows his obligations and the consequences of any security breach.

Training and education. Supplier shall institute an appropriate training and education program to ensure that the Staff are trained to, and will, implement and comply with its Security Policy, and to ensure that they are adequately aware of their responsibilities under the Security Policy.

Subcontractors. Whenever Supplier is authorized by UBS to use Subcontractors to provide the Services under the Master Agreement, Supplier shall ensure that Subcontractors comply with security measures commensurate with those described in this Security Exhibit.

Incident management/escalation. Supplier shall develop and implement (and require its Subcontractors to develop and implement) an incident response plan for dealing with any security incidents, to be approved by UBS in writing, including escalation paths to senior management based on the incident classification or severity, incident contact lists, initial responses, investigation log, system recovery, issue and eradication, reporting and review and follow up procedures, including appropriate reports to regulatory and law enforcement agencies. Supplier shall immediately report to UBS all incidents that may in any way affect the operation of UBS or the confidentiality, availability or integrity of UBS Data (including backed up data). Supplier shall immediately disclose to UBS all attempted or actual malicious access to systems or networks which provide access to the UBS Data or incidents where Supplier suspects or detects that unauthorized persons or entities have gained access to UBS Data. Supplier shall ensure that all Staff (including Subcontractors) fully understand the process and conditions under which they are required to invoke the appropriate incident response plans. Supplier acknowledges and agrees that records of system activity and of handling of UBS Data may be evidence in the event of a security breach or other inappropriate activity. Upon UBS’s reasonable request, Supplier shall deliver these records to UBS for use in any legal, investigatory or regulatory proceedings.

Review and investigations. Supplier shall promptly provide UBS with a copy of any operational audit reports which have been completed by any independent bodies, including any SAS-70 reports. Without prejudice to clause 8 (Right to audit and monitor) of the Exhibit 3 (Data Protection Exhibit), UBS reserves the right at any time (together with its external auditors or any regulatory authority) to inspect any aspect of Supplier’s security measures and procedures and to conduct its own security tests with respect to the UBS Data. Supplier shall co-operate fully with any such inspections and tests and shall implement any resulting recommendations within an agreed timeframe thereafter. Supplier shall review the Security Policy regularly, and particularly following any changes in Supplier’s information systems, in order to verify that the Security Policy and controls set out therein remain accurate, comprehensive and up to date. Where in UBS’s reasonable opinion, it is necessary to have UBS staff be present on Supplier premises, Supplier agrees to accommodate the presence of any UBS staff.

 

 

Signed for and on behalf of UBS AG by:

 

 

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

March ___, 2012

 

 

Signed for and on behalf of Cicero, Inc.  by:

 

 

 

__________________________

Signature

__________________________

[Name]

__________________________

[Function]

March __, 2012