Legal Proceedings
EXHIBIT 10.40
CONFIDENTIAL TREATMENT REQUESTED
ADDENDUM FOR CORE TAX FORMS
This fourth addendum (the “Fourth Addendum”) is made and entered into as of June 2, 2003 (“Fourth Addendum Effective Date”) by and between Intuit Inc. (“Intuit”) and the John H. Harland Company (“Harland”).
RECITALS
A. Intuit and Harland are parties to a Supply Agreement made and entered into as of January 1, 2000 (“Supply Agreement”).
B. As of July 1, 2000, the parties entered into an Addendum for Semi-Custom Products and Custom Logos.
C. As of September 6, 2001, the parties entered into an “Addendum for Fulfillment Products and Services for FSG and P-TAP Non-Imprintable Products” (“Fulfillment Addendum”).
D. As of November 11, 2001, the parties entered into the “Addendum for USBP and Omware Imprintable Products.”
E. The parties are now entering into this Fourth Addendum to the Supply Agreement for the addition of Core Tax Form products to the Supply Agreement.
NOW THEREFORE, the parties hereby amend the Supply Agreement as follows:
1. INTUIT PRODUCT. The products and services listed in Exhibit A (Core Tax Form Products), (collectively, the “Fourth Addendum Product”) are deemed additional “Intuit Product” for all purposes of the Supply Agreement. Intuit must approve of (in writing) any vendor acting as Harland’s agent supplying Fourth Addendum Product. The definition of the “Fourth Addendum Product” is custom created tax forms kits that contain the products listed in Exhibit A. The specifications of the products are listed in Exhibit A1.
2. NON-EXCLUSIVE PRODUCT. Notwithstanding the definition of “Exclusive Intuit Product” in Appendix 1 of the Supply Agreement, the Fourth Addendum Product are not to be treated as “Exclusive Intuit Product”.
3. NO RIGHT OF FIRST NEGOTIATION. Harland will have no rights under Section 4(c) (Other Products) of the Supply Agreement with respect to any Fourth Addendum Product.
4. TERM. The term of the Fourth Addendum will be from the Fourth Addendum Effective Date until June 1, 2005. Any termination of the Supply Agreement shall terminate this Fourth Addendum. In addition to the grounds for termination mentioned in Section 45 (Termination) of the Supply Agreement, Intuit shall have the right to review and terminate without penalty the provisions of this Fourth
* We have requested confidential treatment for certain portions of this document pursuant to an application for confidential treatment sent to the SEC. We omitted such portions from this filing and filed them separately with the SEC.
Addendum at any time following a sixty (60) day notification and cure period should the product selection, quality, and/or service provided by Harland for the Fourth Addendum Product not meet the specifications that were mutually agreed to by Harland and Intuit. Termination of the provisions of this Fourth Addendum would not terminate the other provisions of the Supply Agreement or Addendum thereto. Applicable provisions of Section 45 (Termination) of the Supply Agreement shall apply to any termination of this Fourth Addendum.
5. LAUNCH DATE. Harland shall be ready to receive, fulfill and ship Orders on or before June 1, 2003 in accordance with Exhibit B (Implementation Plan) attached hereto.
6. INVENTORY PURCHASE. If any circumstance occurs that prevents Harland or any third party supplier from effectively filling and shipping customer Orders in accordance with Intuit’s specified quality requirements and turnaround times, including but not limited to termination of this Fourth Addendum or the Supply Agreement, financial issues, or any disasters, Intuit shall have the right to immediately purchase all Fourth Addendum Product in the possession or control of Harland or third party suppliers, or immediately take possession of Intuit-owned products in the possession or control of Harland or third-party suppliers. Subject to this Section, in the event that this Fourth Addendum is terminated by Intuit pursuant to Section 16 (Pricing and Costs) of this Fourth Addendum prior to June 1, 2005, Intuit shall reimburse Harland its cost basis for any unused inventory of such Intuit Custom Products. Within five (5) days following termination of this Fourth Addendum by Intuit pursuant to Section 16 (Pricing and Costs), Harland shall provide Intuit with a report containing the details regarding the type and quantity of unused inventory of Intuit Custom Product (“Intuit Custom Product Report”). Within fifteen (15) days following Intuit’s receipt of the Intuit Custom Product Report, Intuit shall request, at its sole option, that Harland either (1) return all unused Intuit Custom Product inventory to an address specified by Intuit at Intuit’s expense; or (2) destroy all unused Intuit Custom Product inventory in Harland’s or its third party supplier’s possession at Intuit’s expense and provide Intuit with certification of such destruction (“Intuit’s Instructions”). Following Harland’s receipt of Intuit’s Instructions, Harland shall provide an invoice to Intuit for its cost basis of the unused inventory of such Intuit Custom Products, and Intuit shall pay such invoice within thirty (30) days following Intuit’s receipt of such. “Intuit Custom Products” shall mean the thank you letter or packaging containing the Intuit Logo, created specifically by Harland or it’s third-party vendor for Intuit. Harland shall obtain Intuit’s written approval prior to creating or ordering any Intuit Custom Products.
7. SYSTEMS. Harland will fund the development, enhancements and ongoing support of connections to Intuit’s order entry and billing systems, and any changes needed to meet new businesses and services in connection with this Fourth Addendum that are mutually agreed upon. Harland is responsible for the funding and implementation of development, enhancement, and ongoing support of Harland’s systems, and for the systems of any supplier responsible for providing Fourth Addendum Product. The level of support will be prorated above the levels specified in the Supply Agreement based on the additional volumes resulting from additional products.
8. PERFORMANCE SCORECARD. Harland will measure and report its performance against the performance scorecard set forth in Exhibit C, and will use their best efforts to meet, exceed and improve performance. Following the end of each calendar quarter, designated team members from both parties will meet and review performance during the past quarter. In connection with these quarterly meetings, the parties will gather the data and rate Harland’s performance in accordance with the performance scorecard set forth in Exhibit C. Harland and Intuit will mutually agree upon any changes to the performance scorecard.
* We have requested confidential treatment for certain portions of this document pursuant to an application for confidential treatment sent to the SEC. We omitted such portions from this filing and filed them separately with the SEC.
9. ORDER PROCESS. Intuit shall forward Orders to Harland in accordance with the current Order transmission process. Orders shall be processed in accordance with the Supply Agreement. Harland shall provide ship confirmation to Intuit. Harland shall establish an order transmission connection to its third-party supplier prior to May 1, 2003.
10. ORDER QUANTITY AND ADDITIONAL CHARGES. To ensure proper order quantity of sheets in all Orders, Harland shall include one extra tax form per each item per Order for all 10-quantity kits (as specified on Exhibit A). At least 99% of all Orders shall be shipped with the correct number of sheets specified in the Order. If more than 1% of the total number of packages shipped within any calendar week contains less then the ordered number of sheets, the incorrect number of items, or the incorrect items, Harland shall automatically deduct [ * ] of the total invoice amount from Intuit’s invoice for the week.
11. TURN AROUND TIME AND ADDITIONAL CHARGES. In lieu of the requirements of Section 18(a) of the Supply Agreement, if Harland receives a Fourth Addendum Product Order prior to 12 noon Pacific Time, Harland shall process and ship such Order on the same day of receipt of the Order by Harland. Otherwise, Harland shall process and ship all other Orders within 24 hours following receipt of the Order by Harland. If the total number of Orders not shipped on time pursuant to this Section 11 during any calendar week is (a) between [ * ] of the total Orders received by Harland for such calendar week, Harland shall automatically deduct [ * ] of the total invoice amount from Intuit’s invoice for such week; or (b) more than [ * ] of the total Orders received by Harland for such calendar week, then Harland shall automatically deduct [ * ] of the total invoice amount from Intuit’s invoice for such week. In addition, Section 22, Service Failures, of the Supply Agreement applies. For avoidance for doubt, the terms of this Section 11 are in addition to the terms of Sections 18(b), 18(c), and 19 through and including 23 of the Supply Agreement.
12. SHIPPING METHODS.
| (a) | Harland will be responsible for shipping each completed Order to the Customer’s specified address. Unless otherwise indicated on the Order or otherwise specified by Intuit, shipping shall be via ground, or comparable service where ground is not available. Harland will ensure that all suppliers that provide Fourth Addendum Product can support shipping methods, including Ground, Next Day and Second Day at competitive costs. When the rates are not competitive at a third-party supplier, and it is commercially reasonable, Harland will allow the third-party supplier of Fourth Addendum Product to utilize Harland’s freight rates. | |
| (b) | Harland will be responsible for the proactive management of carriers to negotiate and manage competitive freight costs, file and credit to Intuit refunds for lost or damaged shipments, and track and ensure the compliance of on-time and quality performance. Harland will report these performance measures monthly in the Performance Scorecard, Exhibit C, and work with their carriers to meet, exceed and improve performance. | |
| (c) | Harland will be responsible for the management of all carriers for Fourth Addendum Product to ensure that the carrier meets 97% on time performance. Harland will credit Intuit for reimbursements made by the carrier to Harland for service failures, including failures to meet on- |
* We have requested confidential treatment for certain portions of this document pursuant to an application for confidential treatment sent to the SEC. We omitted such portions from this filing and filed them separately with the SEC.
| time shipping guarantees lost, damaged or misrouted shipments. Harland will use its best efforts in working with Intuit to recover these credits in a mutually agreeable and commercially reasonable manner and provide Intuit with a monthly accounting of such credits. Harland will pay to Intuit any credits pursuant to this Section 12 within 10 business days of receipt of such credits by Harland from carrier. |
13. QUALITY. Harland warrants and guarantees to FSG the quality of all Fourth Addendum Product and packaging in line with Intuit’s product or packaging specifications. Harland is responsible for replacing any defective product(s) at Harland’s costs, including any and all services and shipping costs; provided that Harland shall not be responsible for damage to products where Harland proves that the damage to products was solely and directly caused by insufficient Intuit-supplied packaging. If Harland reasonably suspects that any Intuit-supplied packaging is the direct and sole cause of damage to Fourth Addendum Product during shipment, Harland shall promptly notify Intuit, and the parties shall use reasonable efforts to investigate such, and discuss possible changes to such Intuit-supplied packaging. Any modifications to Intuit’s product or packaging specifications can only be made by Intuit, in Intuit’s sole discretion.
14. ERROR CORRECTION. For the Fourth Addendum Product, the terms and conditions of this Section 14 are in lieu of Section 20(a) of the Supply Agreement. Any Orders that have errors that are not the Customer’s or Intuit’s fault (“Harland Errors”) shall be corrected, reprinted and reshipped by Harland within twenty-four (24) hours after Harland receives notice of the error and the correct information by phone, electronic mail, electronic transmission, first class, certified or registered U.S. mail, or facsimile notice, and the corrected Order shall be shipped via overnight delivery, via commercial overnight carrier. Such Harland Errors may include, but not be limited to inaccurate Order fulfillment, or delivery carrier’s loss or destruction of the package. Harland shall bear all printing and shipping costs of correcting, reprinting, and reshipping such corrected Order. Notwithstanding the foregoing, Intuit shall bear all the costs of replacement, including delivery costs, where Harland proves that damage to products was solely and directly caused by insufficient Intuit-supplied packaging. In addition, Intuit shall bear costs for correcting and reprinting Orders in the event that Intuit transmits incorrect information to Harland.
15. PERSONNEL. Harland will identify qualified primary contacts at Harland who will be available to work directly with Intuit as needed. In addition, Harland will identify at least one qualified and dedicated contact at any third-party supplier of Fourth Addendum Product who Intuit will contact in coordination with Harland, with prior notification if practical, on an as needed basis.
16. PRICING AND COSTS. For each Fourth Addendum Product and service provided pursuant to this Fourth Addendum, Harland will charge Intuit the pricing in accordance with Exhibit A (Core Tax Form Pricing – Tax Year 2003). These mutually agreed upon prices should be competitive in the market, and in compliance with applicable laws, and will remain in effect for the Term of this Fourth Addendum, subject to this Section 16 and Section 38 (Future Cost Savings) of the Supply Agreement. In lieu of Section 40(a) (Changes in Paper Costs) of the Supply Agreement, if after the 2003 tax season, Harland experiences an increase of more than [ * ] in its direct material costs for paper (based on a publicly available paper price index agreed to by the parties), Intuit and Harland shall renegotiate the pricing. Notwithstanding the foregoing, upon Intuit’s request, Harland and Intuit shall renegotiate pricing for the 2004 Tax year (approximately Jan 2004), to accommodate volume changes or other factors that may reduce costs or pricing. If, during any renegotiation pursuant to this Section 16, the parties do not reach agreement within
* We have requested confidential treatment for certain portions of this document pursuant to an application for confidential treatment sent to the SEC. We omitted such portions from this filing and filed them separately with the SEC.
30 days following the day that the first price proposal was delivered by Harland to Intuit, Intuit may terminate this Fourth Addendum without further cost (subject to Section 6 (Inventory Purchase) of this Fourth Addendum), upon 30 days written notice to Harland. Notwithstanding Section 42 (Payment Terms) of the Supply Agreement, Intuit will not be eligible for a two percent (2%) discount for early payment.
17. REPORTING. On a weekly basis, Harland will provide weekly on-time delivery and Order quality reports. Harland will provide an agreed upon inventory report on an as needed basis.
18. PRIVACY AND SECURITY STANDARDS. Harland’s performance under this Fourth Addendum will be subject to Intuit’s then-current privacy and security standards, and Intuit’s suspicious mail handling procedures, the current versions of which are contained in Exhibit D (Comprehensive Security Requirements for Confidential Customer Data and Corporate Information), Exhibit E (Intuit Service Provider Privacy Attachment), and Exhibit F, (Intuit Suspicious Mail Handling Procedures), as well as any specific recommendations that Intuit provides to Harland.
19. CUSTOMER DATA. The terms and conditions contained in this Section 19 (Customer Data) of the Fourth Addendum are in addition to the all the terms and conditions contained in the Supply Agreement. Harland will ensure that its third-party supplier will destroy Order data or Customer data within 90 days of termination or expiration of this Fourth Addendum. Harland shall require that its third-party supplier agrees in writing to use, and uses Customer data, Order data or other information solely for the purpose of performing its obligations under this Fourth Addendum and except for such limited purpose such Customer data, Order data or other information shall not be used for Harland’s third-party’s supplier’s benefit or be disclosed to any other party whatsoever. Harland shall ensure that its third-party supplier only disclose Customer data, Order data or other information to Harland’s third-party supplier’s employees and other representatives that have a direct “need to know” in furtherance of the execution of this Fourth Addendum. Harland shall ensure that its third-party supplier notify all of its authorized employees or representatives of the confidential nature and restrictions on disclosures and use of such Customer data, Order data or other information, and shall be responsible for ensuring that all such authorized employees or representatives comply with this Fourth Addendum.
20. BUSINESS CONTINUITY.
| (a) Harland shall: (i) be responsible for business continuity of operations as to the products and services to be provided under this Fourth Addendum; (ii) within ninety (90) days after the Fourth Addendum Effective Date, submit to Intuit for approval a mutually agreed upon and reasonable business continuity plan (“Business Continuity Plan”) that mitigates and minimizes Intuit service interruptions; and (iii) update the Business Continuity Plan, subject to Intuit’s approval, to reflect changes in technology and industry standards on an annual basis. | ||
| (b) Harland shall immediately provide Intuit with written notice of any service failure relating to this Fourth Addendum due to any of the events specified in the second paragraph of Section 22 (Service Failures) of the Supply Agreement or any other event beyond Harland’s reasonable control (each a “Force Majeure”) and shall use its best efforts to immediately implement the Business Continuity Plan with regard to such failure. | ||
| (c) In the event of a Force Majeure, Harland or any third-party supplier shall not charge Intuit any fees in excess of the fees set forth in this Fourth Addendum. | ||
| (d) Whenever a Force Majeure requires that Harland allocate limited resources between or among |
| its customers, Intuit shall receive no less priority in respect to such allocation than any of Harland’s other customers. |
21. RECORDS/AUDIT. Pursuant to Section 40 (d)(Right to Audit) of the Supply Agreement, Intuit shall have the full right to audit any and all documents, records or other paperwork of Harland’s that they deem necessary or appropriate in order to validate Intuit charges or verify basis for cost savings sharing. This includes, but is not limited to, Harland’s costs from suppliers and materials costs, and will be utilized to determine cost savings and cost sharing information. Harland will maintain accurate records with respect to the information underlying any reports, payments required, and costs under the Supply Agreement and under this Fourth Addendum. Intuit may, upon no less than thirty (30) days prior written notice to Harland, request an audit by an independent Certified Public Accountant mutually agreed to by both parties, of relevant records of Harland’s upon which such reports are based during normal business hours. Harland shall remit payments or credits to Intuit for the full amount of any disclosed shortfalls. The audit rights set forth herein shall continue for two (2) years following the termination of the Supply Agreement for any reason, or for such period as Harland continues to make revenue sharing payments to Intuit, whichever is longer. No such audit may occur more than once a year during the Term.
22. APPLICABILITY OF SUPPLY AGREEMENT. The following Sections of the Supply Agreement will not be applicable to the Fourth Addendum Product: 4 (Exclusivity and Negotiation Rights); 15 (Bank File Maintenance); 16 (MICR Quality); 18(a); 18(c); 20(a) (Error Corrections); 28 (Liquidated Damages); 30(a) (Customer Logos); 32 (Rights in Check Designs); 34 (Manufacturing Charges); 35 (Incentive Allowance); 36 (Marketing Allowance); 37 (Pricing Incentive Provisions); 40(a) (Change in Paper Costs); and 44 (Inventory Buyback). Subject to Section 16 (Pricing and Costs) of this Fourth Addendum, Section 42 (Payment Terms) will be applicable to the Fourth Addendum Product.
23. This Fourth Addendum constitutes the complete and exclusive agreement and understanding between the parties with respect to the subject matter hereof and shall supersede and replace any and all prior agreements, communications and understandings regarding such subject matter. Except as specified in this Fourth Addendum, the Supply Agreement remains in full force and effect.
24. In the event of any conflict between this Fourth Addendum and the Agreement, the terms of this Fourth Addendum shall control with respect to the subject matter hereof.
IN WITNESS WHEREOF, Intuit and Harland have executed and entered into this Fourth Addendum by their duly authorized representatives, effective as of the Fourth Addendum Effective Date.
JOHN H. HARLAND COMPANY INTUIT INC. By: /s/ MARTIN E. KERNER By: /s/ LAURENCE E. WOOD
Printed Name/Date: Martin E. Kerner Printed Name/Date: Laurence E. Wood
Title: VP, General Manager Title: Director, Procurement
Date: June 9, 2003 Date: June 12, 2003
Exhibit A
PRICING CORE TAX FORMS 2003
| PRODUCT_ID | DESCRIPTION | QUANTITY | COGS | |||||||||
122-00010** | Laser 1099 Tax Forms 3-Part | [ * ] | [ * ] | |||||||||
122-00025 | Laser 1099 Tax Forms 3-Part | [ * ] | [ * ] | |||||||||
122-00050 | Laser 1099 Tax Forms 3-Part | [ * ] | [ * ] | |||||||||
122-00100 | Laser 1099 Tax Forms 3-Part | [ * ] | [ * ] | |||||||||
134-00010** | Laser W-3 Tax Form 1-Part | [ * ] | [ * ] | |||||||||
178-00010** | Laser 1096 Tax Forms 1-Part | [ * ] | [ * ] | |||||||||
202-00010** | Laser W-2 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
202-00025 | Laser W-2 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
202-00050 | Laser W-2 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
202-00100 | Laser W-2 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
202-00200 | Laser W-2 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
275-00010** | Laser W-2 Blank Perforated Paper & Envelopes | [ * ] | [ * ] | |||||||||
275-00025 | Laser W-2 Blank Perforated Paper & Envelopes | [ * ] | [ * ] | |||||||||
275-00050 | Laser W-2 Blank Perforated Paper & Envelopes | [ * ] | [ * ] | |||||||||
275-00100 | Laser W-2 Blank Perforated Paper & Envelopes | [ * ] | [ * ] | |||||||||
275-00200 | Laser W-2 Blank Perforated Paper & Envelopes | [ * ] | [ * ] | |||||||||
293-00010** | Continuous 1099 Tax Forms 5-Part | [ * ] | [ * ] | |||||||||
293-00025 | Continuous 1099 Tax Forms 5-Part | [ * ] | [ * ] | |||||||||
293-00050 | Continuous 1099 Tax Forms 5-Part | [ * ] | [ * ] | |||||||||
293-00100 | Continuous 1099 Tax Forms 5-Part | [ * ] | [ * ] | |||||||||
418-00010** | Continuous 1099 Tax Forms 3-Part | [ * ] | [ * ] | |||||||||
418-00025 | Continuous 1099 Tax Forms 3-Part | [ * ] | [ * ] | |||||||||
418-00050 | Continuous 1099 Tax Forms 3-Part | [ * ] | [ * ] | |||||||||
418-00100 | Continuous 1099 Tax Forms 3-Part | [ * ] | [ * ] | |||||||||
426-00010** | Laser W-2 Tax Forms 8-Part | [ * ] | [ * ] | |||||||||
426-00025 | Laser W-2 Tax Forms 8-Part | [ * ] | [ * ] | |||||||||
426-00050 | Laser W-2 Tax Forms 8-Part | [ * ] | [ * ] | |||||||||
426-00100 | Laser W-2 Tax Forms 8-Part | [ * ] | [ * ] | |||||||||
426-00200 | Laser W-2 Tax Forms 8-Part | [ * ] | [ * ] | |||||||||
537-00010** | Laser 1099 Tax Forms 5-Part | [ * ] | [ * ] | |||||||||
537-00025 | Laser 1099 Tax Forms 5-Part | [ * ] | [ * ] | |||||||||
537-00050 | Laser 1099 Tax Forms 5-Part | [ * ] | [ * ] | |||||||||
537-00100 | Laser 1099 Tax Forms 5-Part | [ * ] | [ * ] | |||||||||
540-00010** | Continuous W-2 Tax Forms 8-Part Twin Set | [ * ] | [ * ] | |||||||||
* We have requested confidential treatment for certain portions of this document pursuant to an application for confidential treatment sent to the SEC. We omitted such portions from this filing and filed them separately with the SEC.
Page 8 of 25 INTUIT CONFIDENTIAL
540-00025 | Continuous W-2 Tax Forms 8-Part Twin Set | [ * ] | [ * ] | |||||||||
540-00050 | Continuous W-2 Tax Forms 8-Part Twin Set | [ * ] | [ * ] | |||||||||
540-00100 | Continuous W-2 Tax Forms 8-Part Twin Set | [ * ] | [ * ] | |||||||||
540-00200 | Continuous W-2 Tax Forms 8-Part Twin Set | [ * ] | [ * ] | |||||||||
713-00010** | Continuous W-2 Tax Forms 6-Part Twin Set | [ * ] | [ * ] | |||||||||
713-00025 | Continuous W-2 Tax Forms 6-Part Twin Set | [ * ] | [ * ] | |||||||||
713-00050 | Continuous W-2 Tax Forms 6-Part Twin Set | [ * ] | [ * ] | |||||||||
713-00100 | Continuous W-2 Tax Forms 6-Part Twin Set | [ * ] | [ * ] | |||||||||
713-00200 | Continuous W-2 Tax Forms 6-Part Twin Set | [ * ] | [ * ] | |||||||||
844-00010** | Laser W-2 Tax Forms 6-Part | [ * ] | [ * ] | |||||||||
844-00025 | Laser W-2 Tax Forms 6-Part | [ * ] | [ * ] | |||||||||
844-00050 | Laser W-2 Tax Forms 6-Part | [ * ] | [ * ] | |||||||||
844-00100 | Laser W-2 Tax Forms 6-Part | [ * ] | [ * ] | |||||||||
844-00200 | Laser W-2 Tax Forms 6-Part | [ * ] | [ * ] | |||||||||
849-00010** | Laser 1099 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
849-00025 | Laser 1099 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
849-00050 | Laser 1099 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
849-00100 | Laser 1099 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
941-00010** | Continuous W-2 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
941-00025 | Continuous W-2 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
941-00050 | Continuous W-2 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
941-00100 | Continuous W-2 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
941-00200 | Continuous W-2 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
982-00010** | Continuous 1099 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
982-00025 | Continuous 1099 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
982-00050 | Continuous 1099 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
982-00100 | Continuous 1099 Tax Forms 4-Part | [ * ] | [ * ] | |||||||||
** = 10 quantity kit
* We have requested confidential treatment for certain portions of this document pursuant to an application for confidential treatment sent to the SEC. We omitted such portions from this filing and filed them separately with the SEC.
Page 9 of 25 INTUIT CONFIDENTIAL
Exhibit B
Implementation Plan
ID Name Duration Start Finish Predecessors Outline
Level Notes 1 15.d 03/31/20038:00 04/18/200317:00 1 2 10.d 04/07/20038:00 04/18/200317:00 1 3 20.d 04/07/20038:00 05/02/200317:00 1 4 20.d 04/07/20038:00 05/02/200317:00 1 5 20.d 03/31/20038:00 04/25/200317:00 1 6 10.d 04/14/20038:00 04/25/200317:00 2 7 20.d 03/31/20038:00 04/25/200317:00 2 8 20.d 03/31/20038:00 04/25/200317:00 2 9 20.d 03/31/20038:00 04/25/200317:00 3 10 20.d 03/31/20038:00 04/25/200317:00 3 11 20.d 03/31/20038:00 04/25/200317:00 3 12 5.d 04/14/20038:00 04/18/200317:00 3 13 1.d 04/04/20038:00 04/04/200317:00 2 14 25.d 04/28/20038:00 05/30/200317:00 5 1 15 5.d 04/28/20038:00 05/02/200317:00 2 16 5.d 04/28/20038:00 05/02/200317:00 3 17 5.d 04/28/20038:00 05/02/200317:00 3 18 5.d 05/05/20038:00 05/09/200317:00 2 19 5.d 05/05/20038:00 05/09/200317:00 3 20 5.d 05/05/20038:00 05/09/200317:00 3 21 5.d 04/28/20038:00 05/02/200317:00 2 22 5.d 04/28/20038:00 05/02/200317:00 3 23 5.d 04/28/20038:00 05/02/200317:00 3 24 1.d 05/30/20038:00 05/30/200317:00 2 25 10.d 04/21/20038:00 05/02/200317:00 1 26 10.d 04/21/20038:00 05/02/200317:00 2 27 10.d 04/21/20038:00 05/02/200317:00 2 28 10.d 04/21/20038:00 05/02/200317:00 3 29 10.d 04/21/20038:00 05/02/200317:00 3 30 10.d 04/21/20038:00 05/02/200317:00 2 31 5.d 04/21/20038:00 04/25/200317:00 2 32 10.d 04/21/20038:00 05/02/200317:00 2 33 1.d 04/21/20038:00 04/21/200317:00 3 34 10.d 04/21/20038:00 05/02/200317:00 3 35 15.d 05/12/20038:00 05/30/200317:00 25 1 36 10.d 05/12/20038:00 05/23/200317:00 2 37 5.d 05/19/20038:00 05/23/200317:00 2 38 5.d 05/19/20038:00 05/23/200317:00 3 39 1.d 05/19/20038:00 05/19/200317:00 3 40 5.d 05/19/20038:00 05/23/200317:00 2 41 5.d 05/26/20038:00 05/30/200317:00 2 42 5.d 05/26/20038:00 05/30/200317:00 3 43 5.d 05/26/20038:00 05/30/200317:00 3
Page 10 of 25 INTUIT CONFIDENTIAL
ID Name Duration Start Finish Predecessors Outline
Level Notes 44 10.d 05/19/20038:00 05/30/200317:00 1 45 5.d 05/26/20038:00 05/30/200317:00 1 46 35.d 03/31/20038:00 05/16/200317:00 1 47 35.d 03/31/20038:00 05/16/200317:00 2 48 15.d 03/31/20038:00 04/18/200317:00 3 49 20.d 04/21/20038:00 05/16/200317:00 48 3 50 5.d 05/12/20038:00 05/16/200317:00 3 51 .d 05/16/20038:00 05/16/20038:00 3 52 5.d 05/16/20038:00 05/22/200317:00 51 1 53 5.d 05/26/20038:00 05/30/200317:00 1 54 .d 05/30/20038:00 05/30/20038:00 1 55 1.d 06/06/20038:00 06/06/200317:00 1
Page 11 of 25 INTUIT CONFIDENTIAL
Exhibit C
Performance Scorecard
Monthly Performance Scorecard
Harland / Intuit
Category: Service Category Weight [ * ] Category Total Score Metric Performance Scale Weight Factor Result Score Doesn't Meet Meets Exceeds 0 1 2 100 [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ]
Category: Operations Category Weight [ * ] Category Total Score Metric Performance Scale Weight Factor Result Score Doesn't Meet Meets Exceeds 0 1 2 100 [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ]
* We have requested confidential treatment for certain portions of this document pursuant to an application for confidential treatment sent to the SEC. We omitted such portions from this filing and filed them separately with the SEC.
Page 12 of 25 INTUIT CONFIDENTIAL
Category: Delivery Category Weight [ * ] Category Total Score Metric Performance Scale Weight Factor Result Score Doesn't Meet Meets Exceeds 0 1 2 100 [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ]
Category: Systems Effectiveness Category Weight [ * ] Category Total Score Metric Performance Scale Weight Factor Result Score Doesn't Meet Meets Exceeds 0 1 2 100 [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ] [ * ]
Category: Fulfillment Category Weight [ * ] Category Total Score Metric Performance Scale Weight Factor Result Score Doesn’t Meet Meets Exceeds 0 1 2 100 [ * ] [ * ] [ * ] 100 Possible Score: 0 % 50 % 100 % Overall Score:
* We have requested confidential treatment for certain portions of this document pursuant to an application for confidential treatment sent to the SEC. We omitted such portions from this filing and filed them separately with the SEC.
Page 13 of 25 INTUIT CONFIDENTIAL
Exhibit D
Comprehensive Security Requirements for Confidential Customer Data and Corporate Information
Definitions
For the purposes of this Exhibit, the following definitions shall apply.
| Confidential Information: Information which (i) is proprietary to, about, or created by a specific person or company; (ii) gives the specified person or company some competitive business advantage or the opportunity of obtaining such advantage, or the disclosure of which could be detrimental to the interests of the specified person or company; (iii) is designated as Confidential Information by the specified person or company, or from all the relevant circumstances should reasonably be assumed by the receiving party to be confidential and proprietary to the specified person or company. | ||
| The following subcategories of Confidential Information are also defined: |
| Secret Information: Information that is used to protect other Confidential Information. Generally, Secret Information is not disclosed to outside parties under any circumstances. | |||
| Sensitive Information: Any information that could be misused in such a way as to jeopardize the financial or legal position of its owner, or of the person or company described by the information. | |||
| Restricted Information: Information that is not Secret or Sensitive, but whose permissible use has been restricted by its owner. |
| Confidential Information includes, but is not limited to, the following types of information and other information of a similar nature (whether or not reduced to writing or designated as Confidential): |
| a. | Personally-Identifiable Information. Information that identifies or can be used to identify, contact, or locate the person to whom such information pertains. It includes, without limitation, the following information: |
| Secret Information: Customer passwords, private encryption keys, and private signature keys. | |||
| Sensitive Information: Customer account numbers, Social Security numbers, taxpayer identification numbers, account balances, account activity, financial information, medical records, legal records, and records of customer services and other data relating to the products and services offered, received, or purchased by customers of Intuit or the Company. | |||
| Restricted Information: Customer names, customer street or e-mail addresses, customer telephone numbers. |
| b. | Confidential Corporate Information, consisting of any of the following: |
| Secret Information: Computer account IDs, passwords for computer or database systems, private encryption keys, SSL keys, computer source code relating to encryption/decryption, special access privileges, known security vulnerabilities, the results of security audits and reviews, and any information explicitly designated Secret by Intuit or by Company. | |||
| Sensitive Information: Any of the following: |
| (i) | Work Products: Work product resulting from or related to work or projects performed or to be performed for Intuit or the Company, or for customers of Intuit or the Company (including all media on which such information is contained); | ||
| (ii) | Business Operations: Internal Intuit or Company personnel and financial information, names and other information about Service Providers (including without limitation Service Provider characteristics, services and agreements), purchasing and internal cost information, internal services and operational manuals, and the manner and methods of conducting Intuit’s or the Company’s business; | ||
| (iii) | Marketing and Development Operations: Marketing and development information regarding Intuit’s or the Company’s operations (including without limitation marketing and development plans, price and cost data, price and fee amounts, pricing and billing policies, quoting procedures, marketing techniques and methods of obtaining business, forecasts and forecast assumptions and volumes, and future plans and potential strategies of Intuit or the Company which have been or are being discussed); | ||
| (iv) | Other Proprietary Data: Information relating to Intuit’s or the Company’s proprietary business information (including without limitation information pertaining to business transactions and financial performance) or proprietary rights prior to any public disclosure thereof, and |
| Page 14 of 25 | INTUIT CONFIDENTIAL |
| information regarding acquiring, protecting, enforcing and licensing proprietary rights (including without limitation patents, copyrights and trade secrets). | |||
| (v) | Designated Information: Notwithstanding the above, any information explicitly designated as Sensitive by Intuit or by Company. |
| Restricted Information: Aggregated or anonymous customer information (any customer information other than Personally Identifiable Customer Information), contractual information or obligations not designated as Sensitive, and any information explicitly designated as Restricted by Intuit or by Company. |
| A. | Controlling Access to Confidential Information |
| 1. | Access to Confidential Information stored on Company’s systems must not be granted to members of Company’s staff, subcontractors, or other agents, unless the following conditions are met: |
| a) | The staff member, subcontractor, or other agent requesting the access can be uniquely identified (e.g., by a unique User ID), with the exception of “root” password access provided by the Company to its core system administration team; | ||
| b) | The staff member, subcontractor, or other agent requesting the access has entered a correct password or other authorizing token to indicate that he/she is the authorized user of this account. If passwords are the only method used for authentication, they must satisfy certain minimal standards mutually agreeable to Intuit and Company (i.e., 8 characters minimum length, required use of special- and/or mixed-case characters, no words that could be found in a dictionary, and required to be changed every 90 days) that make them sufficiently robust to effectively resist both educated guessing and brute-force attacks. | ||
| c) | In all cases, access permissions must be established in a manner that allows only for the minimum access level(s) required for each staff member, subcontractor, or other agent to perform his or her job function. The ability to read, write, modify or delete Confidential Information must be limited to those individuals who are specifically authorized to perform those data maintenance functions. | ||
| d) | The date, time, requestor, and nature of the access (i.e., read-only or modify) has been recorded in a log file. |
| 2. | Confidential Information stored on Company’s systems must be stored behind firewalls with access to such data limited as described in the preceding requirement. | ||
| 3. | Secret Information must never be stored in clear text on Company’s systems. At a minimum, financial services industry-standard encryption techniques must be employed to safeguard Secret Information in Company’s systems from retrieval by unauthorized persons. Company should strive to adopt best industry practices where appropriate. Whenever possible, message digest algorithms such as SHA-1 or MD5 should be used to hash and verify the user’s password, and “salt” should be added to the input string prior to encoding to ensure that the same password text chosen by different users will yield different encodings. | ||
| 4. | Passwords used to control Company’s staff, subcontractors, or other agents’ access to Confidential Information must at a minimum conform to the password policies described in paragraph A.1.b above. Passwords used by Company’s Customers are not required to conform to these policies; however, Company must ensure that Customers do not have access to Confidential Information other than that which pertains to them. | ||
| 5. | Procedures must be in place to modify or revoke access permissions to Confidential Information when staff members leave the Company or when their job responsibilities change. | ||
| 6. | Printed material that contains Confidential Information must be stored in secured areas to which access is limited to those staff members who have a business need to access it. It must also be disposed of in a secure manner. At a minimum, financial services industry-standard protections must be employed to ensure the secure storage and destruction of Secret and Sensitive Information. Whenever possible, secure disposal alternatives such as on-site shredding prior to recycling or placement in publicly-accessible trash bins with subsequent off-site shredding by a licensed contractor should be implemented. |
| B. | Transmitting Confidential Information |
| 1. | Unless restricted by law, Company must not electronically transmit Secret or Sensitive Information over publicly-accessible networks without using 128-bit SSL or another mechanism that affords similar or |
| Page 15 of 25 | INTUIT CONFIDENTIAL |
| greater security and confidentiality. If legal restrictions limit the use of 128-bit SSL encryption technology, Company must use the strongest encryption technology permitted. | |||
| 2. | Confidential Information must never be passed in a URL (e.g., using a Get method) in a manner that potentially exposes the information to third parties and causes such information to appear in log files. |
| C. | Maintaining a Secure Environment |
| 1. | To protect the accuracy and integrity of Confidential Information, all such data must be backed up regularly (no less often than weekly), and the backups stored in secure, environmentally- controlled, limited-access facilities. | ||
| 2. | Company must promptly install any security-related fixes identified by its hardware or software vendors, if the security threat being addressed by the fix is one that threatens the privacy or integrity of any Confidential Information covered by this Agreement. Such upgrades must be made as soon as they can safely be installed and integrated into Company’s existing architecture and systems. | ||
| 3. | Intuit may, from time to time, advise Company of recent security threats that have come to its attention, and require Company to implement specific modifications to its software, policies, or procedures that may be necessary to counter these threats. Company must implement these modifications within a mutually-agreeable time, or must obtain written permission from Intuit to take some other course of action to ensure that the privacy and integrity of any Confidential Information is preserved. | ||
| 4. | Company must immediately notify Intuit if it knows or suspects that Confidential Information has been compromised or disclosed to unauthorized persons, or if there has been any meaningful or substantial deviation from the requirements contained in the Agreement or this Exhibit. See Section F for contact information. | ||
| 5. | Notwithstanding the minimum standards set forth in this Exhibit, Company should monitor and periodically incorporate reasonable industry-standard security safeguards. |
| D. | Electronic Mail |
| 1. | Company shall not send any Secret or Sensitive Information in an e-mail message over publicly- accessible networks unless the e-mail is encrypted using a previously-approved encryption mechanism or is otherwise made secure with an approach that has been mutually agreed upon in advance by Intuit and Company. | ||
| 2. | Company and its subcontractors and agents must not reveal the Personally-Identifiable Information of one customer to any other customer or other third party, in any e-mail or other communication, except as permitted in writing by the affected person, as deemed appropriate in light of the interests of the affected person, or as otherwise required by law. |
| E. | Reviews, Audits, and Remedies |
| 1. | Company agrees that Intuit shall have a right to verify Company’s compliance with this Exhibit. Upon 14 days’ prior written notice to Company, Intuit (or its agent) may enter Company’s premises and inspect such of Company’s books, records, facilities and computer systems as Intuit and Company shall mutually agree is necessary to ensure that Company complies with the terms, covenants and conditions of this Exhibit. Intuit or its agent shall comply with Company’s standard policies and procedures that apply to third party companies that have access to Company’s premises, and Intuit or its agent shall access Company’s premises during normal business hours (Monday through Friday, 8:00 AM to 5:00 PM). Notwithstanding the foregoing, if Intuit in good faith believes that a threat to security exists that could affect Confidential Information, Company must provide Intuit or its agent access to its premises immediately upon request by Intuit. | ||
| 2. | Intuit may inspect or employ third parties to conduct studies of Company’s operational processes, systems and computer network security to determine Company’s compliance with this Exhibit. Intuit agrees to coordinate the scheduling of any such study with Company to minimize disruption to Company’s business. Company agrees to cooperate with Intuit to commence such a study within thirty (30) days from Company’s receipt of written notice of Intuit’s intent to conduct, or to employ a third party to conduct, such a study. At Company’s request, Intuit will require any third party it employs to conduct such a study to sign a nondisclosure agreement pursuant to which it agrees not to disclose any Confidential Information. Intuit will make the results of any such study available to Company and, depending on the seriousness of any problems found, may require |
| Page 16 of 25 | INTUIT CONFIDENTIAL |
| Company to remedy any and all such deficiencies in a timely fashion. Costs of such audits shall be borne by Intuit, unless Company is deemed, as a result of such an audit, to be in material nonconformity with the Agreement or this Exhibit. | |||
| 3. | Notwithstanding any time-to-cure provision in this Agreement to the contrary, it shall be completely within Intuit’s discretion to require correction of any demonstrated security-related problem within a shorter period of time. Intuit shall provide written notice of the problem to Company, and Company must immediately take appropriate steps to correct the problem. If Company fails to correct any demonstrated security problem within a commercially-reasonable time, factoring in the work that must be completed to address the problem, and resulting in the material disclosure or threatened disclosure of Intuit’s Confidential Information or Personally-Identifiable Information about Intuit’s customers, Intuit may instruct Company to take such interim measures as are necessary to protect such information. If Company fails or refuses to take those interim and/or permanent measures which are necessary to prevent the material disclosure of such information within a commercially-reasonable time, Intuit may terminate any and all affected agreements between Intuit and Company for cause. |
| F. | Compliance with U.S. Laws and Regulations | |
| Company shall comply with all applicable federal, state, and local laws and regulations. | ||
| G. | Changes to Requirements | |
| Intuit may, in its sole discretion, amend these requirements from time to time, as required by law or otherwise. | ||
| H. | Contact Information | |
| The primary business contact person for each party under this Agreement shall designate a primary and an alternate single point of contact for security issues for such party (a “Security SPOC”) and provide mail, email, telephone, home telephone, and pager or portable telephone contact information for such persons. Both parties agree that either the primary or alternate Security SPOC will be available at all times (“24/7/365”). Such designation and information must be given in writing to the other party within ten (10) business days after the effective date of the Agreement. Any updates to the same shall be given promptly in writing to the other party. |
| Page 17 of 25 | INTUIT CONFIDENTIAL |
Exhibit E
Intuit Service Provider Privacy Attachment
| 1. | INTRODUCTION |
| 1.1. | This Intuit Privacy Exhibit (“Exhibit”) governs the manner in which specified customer-related information may be collected, used, or disclosed by Service Provider. Intuit may impose different or additional restrictions in connection with any Intuit business conducted outside of the United States. |
| 2. | DEFINITIONS |
| 2.1. | “Affiliate Companies” shall mean any companies controlling, being controlled by, or under common control with another company. | ||
| 2.2. | “Intuit” shall mean Intuit Inc. and its Affiliate Companies. | ||
| 2.3. | “Intuit Customer Data” shall mean any data — whether Personally Identifiable Information or aggregate or anonymous information – either disclosed by Intuit to Service Provider, or to which Service Provider has otherwise obtained access by virtue of its relationship with Intuit. Such Data shall include information pertaining to both customers and prospective customers of Intuit. | ||
| 2.4. | “Intuit Suppression” shall mean the process of matching or merging marketing lists with all relevant Intuit Do Not Contact lists, including, as applicable, “Do Not Mail,” “Do Not E-mail,” and “Do Not Call” lists, for purposes of purging from such marketing lists or otherwise suppressing Intuit Customer Data of those included on such Do Not Contact lists. | ||
| 2.5. | “Opt-out” shall mean the opportunity afforded to Consumers to decline to have their Intuit Customer Data used for purposes other than as necessary to provide the product or service for which the Intuit Customer Data is collected. | ||
| 2.6. | “Service Provider” shall mean the party entering into an agreement with Intuit, into which this Exhibit has been incorporated by reference, as well as all Affiliate Companies of said Service Provider. | ||
| 2.7. | “Personally Identifiable Information” (“PII”) shall mean any information (i) that identifies or can be used to identify, contact, or locate the person to whom such information pertains, or (ii) from which identification or contact information of an individual person can be derived. PII includes, but is not limited to: name, address, phone number, fax number, email address, financial profiles, medical profile, social security number, and credit card information. Additionally, to the extent unique information, not itself PII, such as, but not necessarily limited to, a personal profile, unique identifier, biometric information, and/or IP address is associated with PII, then such unique information will also be considered PII. |
| 3. | SERVICE PROVIDER RESPONSIBILITIES – GENERAL |
| 3.1. | Service Provider shall comply with this Exhibit and all applicable laws, rules and regulations relating to the collection or use of Intuit Customer Data, and agrees to impose and enforce compliance of this Exhibit on all third party service providers with access to Intuit Customer Data. | ||
| 3.2. | Service Provider shall ensure that only those employees or authorized agents who are trained in the proper handling of Intuit Customer Data and who are subject to an obligation to maintain the confidentiality of such information shall have access to Intuit Customer Data. | ||
| 3.3. | Service Provider shall under no circumstances collect, access, use, reproduce or disclose Intuit Customer Data other than as either specifically authorized by, or clearly necessary in order to perform services pursuant to, the agreement this Exhibit is incorporated into. Specifically, Service Provider shall not use Intuit Customer Data on its own behalf. Should Service Provider become legally obligated to disclose Intuit Customer Data other than as permitted by this Exhibit, it shall, unless legally prohibited from doing so, first provide notice to Intuit. | ||
| 3.4. | The constraints imposed by this Exhibit on the collection, use or disclosure of Intuit Customer Data shall specifically apply to Social Security numbers. | ||
| 3.5. | Service Provider shall, as directed, perform an Intuit Suppression prior to engaging in any marketing activities (e.g., e-mail, telemarketing or direct mail marketing) on behalf of Intuit. In addition, Service Provider shall comply with the rules of the Direct Marketing Association’s Mail Preference Service and Telephone Preference Service in connection with all such marketing activities. Such obligations shall be in addition to performing any other legally required suppressions, including legally-mandated Do Not Mail or Do Not Call procedures. Service Provider shall employ measures as directed by Intuit to ensure that Opt-out requests received in connection with such marketing activities are provided to Intuit in a form permitting Intuit to incorporate them into suppression files or other databases. Suppression lists or files provided to Service Provider by Intuit shall |
| Page 18 of 25 | INTUIT CONFIDENTIAL |
| be used solely for purposes of performing an Intuit Suppression and shall be returned or destroyed when no longer needed for such authorized purposes. | |||
| 3.6. | Service Providers conducting telemarketing on Intuit’s behalf shall comply with Intuit’s Do-Not-Call Policy, as follows: |
| This written policy for maintaining a Do-Not-Call list of individuals who do not wish to receive telephone solicitations made by Intuit Inc. or on behalf of Intuit Inc. (by its service providers) is available upon request. |
Do-Not-Call Policy
| Intuit maintains a Do-Not-Call list of individuals, including their telephone numbers, who have requested not to receive telephone solicitations from Intuit. | |||
| Intuit’s Do-Not-Call list applies to Intuit and all its subsidiaries. | |||
| Neither Intuit nor its service providers shall make telephone solicitations to the homes of individuals on Intuit’s Do-Not-Call list. | |||
| If an individual states that he or she does not want to receive telephone solicitation calls, the individual’s name and telephone number must be added to Intuit’s Do-Not-Call list. |
| Intuit must keep a record of an individual’s Do-Not-Call request for ten (10) years from the time the customer makes the request. | |||
| 3.7. | Service Provider shall maintain such records as are necessary to demonstrate its compliance with this Exhibit and shall permit Intuit, or a third party chosen by Intuit and reasonably acceptable to Service Provider, to audit Service Provider’s records and practices relating to its obligations under this Exhibit upon reasonable notice and during regular business hours, and at Intuit’s expense, at the locations where such records and data are maintained, for purposes of verifying Service Provider’s compliance. Intuit shall be provided with a description of all data flows and use of data upon request, and all such data flows and use of data re subject to approval by Intuit. | ||
| 3.8. | Service Provider shall immediately report to Intuit any failure to treat or protect — including specifically any unauthorized use or disclosure of — Intuit Customer Data as set forth in this Exhibit or the agreement it is incorporated into, including any related complaints about Service Provider’s information and collection practices, and to consult with Intuit as to correction thereof. Service Provider agrees that Intuit shall have the right to control and direct any response and/or correction of any such breach. | ||
| 3.9. | Service Provider shall provide Intuit with a contact name and contact information for communications related to this Exhibit, including compliance with or any breaches thereof. | ||
| 3.10. | Intuit may amend this Exhibit from time to time as may be required by law or otherwise. At Intuit’s discretion, Service Providers not willing or able to change practices in accordance with such amendments may be given 30 days to terminate. |
Last Revised July 4, 2002.
Page 19 of 25 INTUIT CONFIDENTIAL
Exhibit F
Intuit Suspicious Mail Handling Procedures
The following Intuit Package Handling Requirements shall apply to Harland, its subsidiaries and third party vendors (hereinafter, “Company”) in connection with one or more related service agreements involving the handling of Intuit mail and packages.
The accurate, timely, and proper handling of incoming and outgoing mail and packages are absolutely essential to each party’s business. To ensure that incoming Intuit mail and packages, including, but not limited to, Intuit Customer orders/returns and Intuit/Company vendor orders (“Intuit Materials”) are properly handled, all accesses to, uses of, and processing of Intuit’s Materials must be consistent with the package handling requirements, related procedures, and guidelines which are attached below as Attachment A. Company and Intuit shall comply with the Intuit Package Handling Requirements (as amended from time to time). Upon notice of an amendment, Company shall comply with such amendments to the Intuit Package Handling Requirements as soon as reasonably possible (not to exceed 30 days) based on the importance of the amendment and the severity of the issues that are addressed by the amendment.
Company shall establish and maintain its own organization-wide information security policies, standards, guidelines and procedures, which shall meet or exceed the requirements set forth in the Intuit Package Handling Requirements.
Company shall promptly conduct investigations of any breaches of such Intuit Package Handling Requirements, and shall take steps to remedy and prevent such breaches. Company shall take such further actions as it deems necessary to ensure the proper handling of the Intuit Materials to which it has possession, access or control.
Page 20 of 25 INTUIT CONFIDENTIAL
Attachment A:
Package Handling Requirements
| A. | Controlling Access to Intuit Materials |
Authorization processes must be employed to control Company’s staff, subcontractors, or other agents’ access to Intuit Materials. These processes must at a minimum identify the staff, subcontractor or other agent and record their entry while on the Company premises, e.g., by the use of a personally identifiable time card or an electronic identification badge.
Procedures must be in place to modify or revoke access permissions to Intuit Materials when staff members leave the Company or when subcontractors, or other agents cease doing business with the Company.
A public records check to ascertain evidence of criminal background, including identity verification, e.g., by verifying social security number and date of birth, must be run on all current and future Company staff, subcontractors or other agents who have access to Intuit materials. To the extent allowed by applicable law, background check results must be taken into account so as to reasonably ensure the security and integrity of Intuit Materials.
The Company currently maintains card access security systems at those locations that would receive and handle Intuit Materials, providing a controlled environment for access to those materials. The current access systems and procedures must satisfy this requirement regarding access to materials, with the exception of the background check requirement.
| B. | Storing and Transporting Intuit Materials |
Reasonable procedures must be employed to limit access to and secure Intuit Materials when in storage. These processes must be documented and submitted to Intuit as part of the Company’s overall Security Plan.
The Company must transport Intuit Materials in a manner that is designed to prevent unauthorized access to those Materials and provide for loss or tamper awareness.
The Company’s current transportation and storage procedures for mail and package processing and delivery must satisfy the above requirements. Intuit must be promptly notified of proposed changes to the Company’s current policies and practices with regard to transportation and storage procedures for Intuit materials. In addition, Company shall ensure that Intuit is promptly notified in the following instances:
| 1. | Change in Company vendors or operating methods | ||
| 2. | Evidence of mail tampering external to Company and its vendors |
| C. | Maintaining a Secure Environment |
Access to Company facilities must be controlled, e.g., by electronic systems, security guards, receptionists or closed-circuit cameras at all entrances, visitor controls, and delivery truck/driver controls. The Company’s current card access and visitor control systems must satisfy the above requirements. Intuit must be notified of proposed changes to the Company’s current policies and practices with regard to facility access.
Page 21 of 25 INTUIT CONFIDENTIAL
All incoming supplies of goods and materials that may potentially affect Intuit Materials must be checked for compliance with production orders and shipping manifests and appropriate action taken if these supplies are not compliant.
Intuit may, from time to time, advise Company of recent security threats that have come to its attention, and require Company, at Intuit’s sole expense, to implement specific modifications to its policies or procedures that may be necessary to counter these threats. Company must implement these modifications within a mutually-agreeable time, or must obtain written permission from Intuit to take some other course of action to ensure that the security of Intuit’s materials/packages is preserved.
Notwithstanding the minimum standards set forth in this Agreement, Company must monitor and periodically incorporate reasonable direct mail industry-standard security safeguards.
No scrap, overruns, nor returned Intuit Materials can be destroyed or disposed of without the pre-approval of Intuit. The Company’s current practices for shredding and/or disposal of all scrap, overruns, and returned material are considered satisfactory for this requirement and this agreement serves as pre-approval for the use of these practices for the destruction and disposition of all Intuit materials.
The Company’s current manufacturing processes and procedures are considered sufficient to limit dust resulting from production operations in Intuit Materials.
| D. | Handling Suspicious mail/packages by Company |
Management Actions
| 1. | Process Implementation |
a. Company shall ensure that process controls are implemented to ensure that mail is secured when not being handled.
b. Company shall ensure that physical barriers are implemented, including but not limited to, secured or separate space for mail handling, the ability to isolate or shut down HVAC systems in the event of a suspected contamination, and controls to prevent the unauthorized tampering to mail and sorting systems.
c. Company shall ensure that employees are trained to recognize harmful agents, including but not limited to, chemicals, explosives, and inappropriate foreign matter.
d. Company shall ensure appropriate incident response, including but not limited to, a documented process to quickly response to and mitigate the danger, providing escalation and alternate work recovery strategies as appropriate.
| 2. | Preplanning |
Parties acknowledge that proper handling of suspicious mail/packages is necessary to the success of each parties’ businesses. Company mail and distribution management, in concert with the site corporate services manager, and corporate security should ensure the following precautions are in place:
| • | Ensure all individuals working in the mail and distribution area receive training in the below listed “Precautionary Procedures for Suspicious mail/packages”, as may be amended by Intuit from time to time. |
| Page 22 of 25 | INTUIT CONFIDENTIAL |
| • | Identify all up stream service providers and how the mail and packages are handled. This would include the location of the postal distribution center, couriers, and delivery companies. | ||
| • | Maintain a secure environment for the mail and distribution center. Access should be limited to those working in the area. | ||
| • | Maintain a clean housekeeping environment. Dust and other by-products of mail handling should be vacuumed on a daily basis. | ||
| • | Ensure containers (mail trays and other) are clean and free of foreign matter prior to use. |
| 3. | PRECAUTIONARY PROCEDURES FOR SUSPICIOUS MAIL/PACKAGES |
Company shall inform Company employees of the following procedures listed below and use best efforts to require their compliance if a suspicious or unidentified substance is found in mail/packages. There are three classes of incident.
CLASS 1: Discovery of a suspicious or unidentified substance of unknown origin
CLASS 2: Release of a suspicious or unknown substance from a shipping container
CLASS 3: Release of an unknown substance by a person acting in a suspicious or threatening manner
CLASS 1 INCIDENTS
Discovery of a suspicious or unidentified substance of unknown origin
What to do:
IF YOU FIND A SUSPICIOUS OR UNKNOWN SUBSTANCE, DO NOT PANIC. Most substances found in the workplace turn out to be normal, everyday materials that someone has spilled by accident and are not dangerous.
Do not inhale; briefly examine the area to locate the possible source of the substance.
If you cannot identify the substance or its source move away from it and instruct others present to isolate the immediate area.
If the substance is clearly spreading, take action to limit its movement. Close doors and windows to confine it if possible. Turn off any fans or other devices that might cause it to spread. If there is a possibility that it might move into an air vent, turn off the Heating, Ventilation, or Air Conditioning (HVAC) system. Designate the location of the HVAC controls in the building, and the individuals authorized to shut it down. If there is a possible danger to people in other areas of the facility notify them. Have them take action to limit the unknown substance’s spread and move to a safe distance.
NOTIFY INTUIT SECURITY AT ###-###-####
At a safe distance, describe the substance to your coworkers. If they can identify it, take appropriate action to have the affected area cleaned. Notify anyone nearby that they can return to work if the known substance is not a hazardous material.
If your coworkers cannot identify the substance, instruct them to keep the area isolated. Instruct anyone who may have been exposed to the substance to remain nearby at a safe distance for further guidance. Designate an external meeting area, and not allow individuals to leave the site, or wait in their vehicles.
Prepare a list of all individuals in the facility at the time of the incident. The list should contain name, telephone number, and address.
Prepare a description of the suspect mail container and contents, if known.
Page 23 of 25 INTUIT CONFIDENTIAL
Wait at a safe distance for the emergency response personnel to arrive and follow their instructions.
CLASS 2 INCIDENTS
Release of a suspicious or unknown substance from a container
What to do:
DO NOT PANIC: You are in control and you know what to do.
Examine all containers for suspicious indicators before opening them.
If a suspicious container has not yet been opened, do not open it.
Do not transport the container around the facility or shake it.
Do not merely discard the container.
Isolate the immediate area around the suspicious unopened container. Make sure no one disturbs the container. Keep people at a safe distance. Go to step 13.
If you open a container and find that it contains or releases suspicious material, do not inhale its contents.
Do not move the container or shake it.
Do not merely discard the container.
Do not empty the container or shake it.
Isolate the immediate area around the container. Make sure no one disturbs the container. Keep people at a safe distance.
Place something over the container opening if possible to do so safely. For example, place a large sheet of plastic over the container without touching it.
Do not inhale while doing this.
Turn off any fans or other devices that might cause contamination to spread. If there is a possibility that contamination might move into an air vent, turn off the Heating, Ventilation, or Air Conditioning (HVAC) system. Designate the location of the HVAC controls in the building, and the individuals authorized to shut it down. Shut all dock doors.
Notify INTUIT SECURITY AT ###-###-#### then call your local emergency response agency at 911. Describe the container and its contents. Follow their instructions.
Wash your hands with warm soap and water for one minute.
Do not allow anyone to leave the area who may have touched the container or its contents or who was present in the immediate area when it was opened. Have everyone meet at a designated location. Prepare a list of all individuals that were in the area of the suspect package, including name, telephone number, and address. Do not allow anyone to leave, or to wait in his or her vehicles.
Wait for emergency responders to arrive and follow their instructions.
CLASS 3 INCIDENTS
Release of an unknown substance by a person acting in a suspicious or threatening manner.
What to watch for:
Anybody acting in a suspicious or threatening manner
Anybody throwing, spraying, spreading, or pouring an unidentified substance
Anybody tampering with an air vent, fan, food, or water supply
Anybody carrying an unknown substance with an unknown purpose
What to know:
Vigilance is a deterrent. If a suspicious individual is confronted before he can act, he will often decide to leave.
The chance that someone may threaten your facility is low, but needs to be considered.
Page 24 of 25 INTUIT CONFIDENTIAL
What to do:
Ask any suspicious individual what their purpose is. If they refuse to answer, ask them to remain where they are and have someone notify on-site security or a manager. If the person becomes threatening go to step 2.
Report any threatening individual to on-site security or call police.
Maintain a safe distance from any threatening individual. Warn your coworkers.
Make sure that an exit is available.
If the person releases an unknown material, evacuate the area. Sound a fire alarm if convenient to warn others to evacuate the facility.
Notify emergency responders, on-site security, and police if they have not already been called.
Maintain a safe distance from the area affected by the released substance and from the threatening individual. Do not allow anyone to leave the area. Have everyone meet at designated location. Prepare a list of all individuals that were in the area of the suspect package, including name, telephone number, and address. Do not allow anyone to leave, or to wait in his or her vehicles.
If you have been exposed to any released substance, remain nearby for assistance.
Wait for security, police, and emergency responders. Follow their instructions.
| E. | Reviews, Audits, and Remedies |
Company agrees that Intuit shall have a right to verify Company’s compliance with this Agreement and an Intuit-approved Package Handling Plan that conforms to these Requirements. Intuit (or its agent) may enter Company’s premises and inspect such of Company’s facilities as Intuit and Company shall mutually agree is necessary to ensure that Company complies with the terms, covenants and conditions of this Agreement. Intuit or its agent shall comply with Company’s standard policies and procedures that apply to third party companies that have access to Company’s premises, and Intuit or its agent shall access Company’s premises during normal business hours (Monday through Friday, 8:00 AM to 5:00 PM). Notwithstanding the foregoing, if Intuit in good faith believes that a threat to security exists that could affect Mail/packages, Company must provide Intuit or its agent access to its premises immediately upon request by Intuit.
Intuit may inspect or employ third parties to conduct studies of Company’s operational processes, to determine Company’s compliance with these Requirements and an Intuit-approved Package Handling Plan that conforms to these Requirements. Intuit agrees to coordinate the scheduling of any such study with Company to minimize disruption to Company’s business. At Company’s request, Intuit will require any third party it employs to conduct such a study to sign a nondisclosure agreement pursuant to which it agrees not to disclose any confidential information. Intuit will make the results of any such study available to Company and, depending on the seriousness of any problems found, may require Company to remedy any and all such deficiencies in a timely fashion. Costs of such audits shall be borne by Intuit.
Notwithstanding any time-to-cure provision in related service agreements between the parties that address the handling of Mail/packages to the contrary, Intuit may require correction of any demonstrated security-related problem with Company procedures and practices within a shorter period of time, to the extent necessary to protect Mail/packages from compromise and to ensure proper handling of suspicious Mail/packages. Intuit shall provide written notice of the problem to Company, and Company must immediately take appropriate steps to correct the problem.
Page 25 of 25 INTUIT CONFIDENTIAL
