To GENERAL AGREEMENT #20001130.2.C BETWEEN AVICI SYSTEMS INC. ANDAT&T CORP.
CONFIDENTIAL
Exhibit 10.5
[CONFIDENTIAL TREATMENT REQUESTED] /*/ INDICATES MATERIAL THAT HAS BEEN OMITTED AND FOR WHICH CONFIDENTIAL TREATMENT HAS BEEN REQUESTED. ALL SUCH OMITTED MATERIAL HAS BEEN FILED WITH THE SECURITIES AND EXCHANGE COMMISSION PURSUANT TO RULE 24B-2 PROMULGATED UNDER THE SECURITIES EXCHANGE ACT OF 1934, AS AMENDED.
AMENDMENT 4
To GENERAL AGREEMENT #20001130.2.C
BETWEEN
AVICI SYSTEMS INC. AND AT&T CORP.
This Amendment Number 4 (Amendment or Contract No. 20001130.2.A.4) is made effective on the 22nd day of September 2004 (the Effective Date) by and between Avici Systems Inc. (Supplier), a Delaware corporation, having a place of business at 101 Billerica Avenue, North Billerica, MA ###-###-#### and AT&T Corp., (Company), a New York corporation, having a place of business at One AT&T Way, Bedminster, NJ 07921 to amend General Agreement #20001130.2.C dated December 21, 2000, as previously amended, (Agreement) between Company and Supplier.
NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, Company and Supplier agree as follows:
1. Replace Exhibit F Hardware, Software and Services, Pricing and Discounts.
Exhibit F Hardware, Software and Services, Pricing and Discounts is hereby deleted and replaced in its entirety with the new Exhibit F Hardware, Software and Services, Pricing and Discounts, which is attached hereto and made a part hereof.
2. Amend Date in Section 1.4 Duration.
The date December 31, 2003 in Section 1.4 Duration is hereby deleted and replaced with the new date December 31, 2009.
3. Amend Contact Information in Section 1.5 Notices.
The contact information following the word Attention under both Company and Supplier in Section 1.5 is hereby deleted and replaced with General Counsel under Supplier and Scott Allan under Company. The street address for Company is also hereby deleted and replaced with One AT&T Way.
4. Amend DPM Numbers in Section 5.4 Liquidated Damages/Late Delivery/Cancellations
The first sentence in Section 5.4(a) is hereby deleted in its entirety and replaced with the following sentence:
Supplier acknowledges that a Major Network Outage [CONFIDENTIAL TREATMENT REQUESTED] /*/will cause damage to Company in an amount impossible to ascertain at the time of this Agreement.
5. Delete Exhibit H, and replace with New Exhibit H1 Release Planning Process and Exhibit H2 Company Certification Process.
Exhibit H New Product Milestones is hereby deleted and replaced in its entirety with the new Exhibit H1 Release Planning Process, and Exhibit H2 Company Certification Process which is attached hereto and made a part hereof.
6. Amend 5.8.1 New Product/Feature Delivery Requirements and 5.8.1 (a) Value of New Product and Limitation of Liability
Sections 5.8.1 and 5.8.1(a) are hereby deleted in their entirety and replaced with the following two paragraphs:
5.8.1 Supplier shall meet the new product / feature delivery milestones as may be agreed in accordance with the Release Commitment Letter (RCL) process set forth in Exhibits, H1 Release Planning Process and H2 Company Certification Process, each attached hereto (Milestones) concerning the additions of new products, features or capabilities as defined in the RCLs (New Products). The Parties agree that no more than [CONFIDENTIAL TREATMENT REQUESTED] /*/committed New Products may be outstanding under such RCLs in any [CONFIDENTIAL TREATMENT REQUESTED] /*/and further agree that for purposes of this Article the value (Value) of each New Product is deemed to be [CONFIDENTIAL TREATMENT REQUESTED] /*/per New Product. This section or the RCL are not intended to be a commitment by Company to purchase any New Product.
In the event Supplier fails to deliver applicable New Products by such Milestones, or within [CONFIDENTIAL TREATMENT REQUESTED] /*/thereafter (Cure Period), substantially in conformance, as subsequently verified by Company, with the functionality set out in the applicable specifications identified in the applicable RCL, Company may invoke the following remedy as its remedy for such failure to deliver:
(a) | If Supplier has not delivered the substantially conforming New Product(s), as subsequently verified by Company, for each [CONFIDENTIAL TREATMENT REQUESTED] /*/such delivery of New Product is delayed after the close of the Cure Period, Supplier will pay to [CONFIDENTIAL TREATMENT REQUESTED] /*/of the Value of the affected New Product(s) not being delivered, [CONFIDENTIAL TREATMENT REQUESTED] /*/, not to exceed [CONFIDENTIAL TREATMENT REQUESTED] /*/for up to a [CONFIDENTIAL TREATMENT REQUESTED] /*/which has been mutually agreed to, provided that the total aggregate cap on such late delivery remedy shall be [CONFIDENTIAL TREATMENT REQUESTED] /*/ in any calendar year without regard to number of New Products committed. It is agreed that such sum shall be deemed to represent, without further proof, damages actually sustained by Company by reason of such delay, and not a penalty. |
7. Amend Number of Training Days in Section 6.2 Training.
The number [CONFIDENTIAL TREATMENT REQUESTED] /*/in Section 6.2 Training is hereby deleted and replaced with [CONFIDENTIAL TREATMENT REQUESTED] /*/.
8. Add New Clause 1.7 entitled eProcurement Credit
If Company places an order of [CONFIDENTIAL TREATMENT REQUESTED] /*/ net of all discounts, during the period commencing on or after July 1, 2004 but no later than December 31, 2004, then Supplier shall provide [CONFIDENTIAL TREATMENT REQUESTED] /*/.
9. Add New Exhibit I entitled Network Security Clauses
Is hereby added as Exhibit I.
- 2 -
IN WITNESS WHEREOF, the Supplier and Company have caused this Amendment to be executed by their duly authorized representatives identified below.
AVICI SYSTEMS INC. | AT&T CORP. | |
/s/ Steven B. Kaufman (Signature) | /s/ Stephen M. Brazzell (Signature) | |
Steven B. Kaufman (Name Print) | Stephen M. Brazzell (Name Print) | |
President, CEO (Title) | VP-Corporate Services (Title) | |
September 22, 2004 (Date) | September 22, 2004 (Date) |
- 3 -
EXHIBIT F
HARDWARE, SOFTWARE AND SERVICES, PRICING AND DISCOUNTS
Product Discount:
[CONFIDENTIAL TREATMENT REQUESTED] /*/.
- 4 -
EXHIBIT H1
RELEASE PLANNING PROCESS
Supplier and Company agree to follow the Release Planning and Feature Request Process (the Process) as outlined in this Exhibit XX for the purpose of Supplier delivery and Company testing of all Deliverables. The implementation of this Process will benefit both parties through continued communication, timely delivery of Deliverables, and solid focus on quality improvements. This Exhibit H1 provides a general framework for the Process that may be later customized by the parties. Upon execution of the Agreement, Supplier and Company will designate appropriate representatives to support this Process.
Release Planning is [CONFIDENTIAL TREATMENT REQUESTED] /*/.
- 5 -
EXHIBIT H2
COMPANY CERTIFICATION PROCESS
This Exhibit, Company Certification Process, is hereby attached to and made a part of this Agreement and shall document the process used by Company (and supported by Supplier) to test and certify Suppliers Deliverable.
[CONFIDENTIAL TREATMENT REQUESTED] /*/
- 6 -
EXHIBIT I
ADDITIONAL INFORMATION SECURITY REQUIREMENTS
In addition to the clause(s) listed in General Agreement Number 20001130.2.C, dated December 21, 2000 and its corresponding Amendments, set forth below are the minimum information security requirements that Supplier, at its sole cost and expense, shall implement to protect the confidentiality, integrity, and availability of AT&T Information under this Agreement.
AT&T may, at its sole discretion, from time to time supplement these security requirements with additional security requirements.
Supplier shall:
A. Establish, implement, and document security policies, processes, and procedures (Security Policies and Procedures) in accordance with commercial industry standards. Supplier shall provide copies of such Security Policies and Procedures to AT&T upon AT&Ts request. AT&T may review and recommend reasonable changes, and Supplier shall amend its Security Policies and Procedures in accordance with such recommendations. Neither such review, nor any such recommendations, shall constitute an AT&T validation or endorsement of Suppliers Security Policies and Procedures, and Supplier shall bear sole responsibility for its Security Policies and Procedures.
B. Permit AT&T and/or its designated agent(s) to perform, at the expense of AT&T, up to two (2) security assessments per year that shall include, but not be limited to: the review of Security Policies and Procedures; on-site assessment of physical security arrangements; network, system, and application vulnerability scanning; and penetration testing. Such assessments will be conducted at a time mutually agreed upon between the parties. AT&T will provide Supplier with a copy of its security assessment results, and the parties agree to meet in good faith within thirty (30) days from delivery of the assessment to resolve any deficiencies identified and implement agreed upon corrections within sixty (60) days of such meeting.
C. Upon expiration or termination of the Services, Work and/or this Agreement or at any time upon request of AT&T, provide AT&T with original and all copies of (i) all AT&T Information provided by AT&T to, or maintained by, Supplier under this Agreement and (ii) all backup and archival media containing AT&T Information. Supplier shall use mutually agreed data destruction processes to eliminate all AT&T Information from the Suppliers systems and applications within 30 days of such expiration or termination or AT&T request. Supplier shall provide AT&T with written certification of the destruction of AT&T Information in accordance with such processes.
D. Upon termination of Suppliers employees or agents and/or termination or expiration of the Services, Work and/or this Agreement, or at any time upon request of AT&T, Supplier shall immediately remove all unnecessary user and system accounts and access to such accounts (e.g., Systems IDs, PINs, access codes) from each system used by Supplier to provide Services or Work under this Agreement. Additionally, Supplier shall manage an inventory of all System IDs, PINs, access codes, etc. (System IDs) issued to Suppliers employees and agents, and shall immediately delete any such System IDs when a Supplier employee or agent resigns, is terminated, or is no longer performing Services or Work for AT&T under this Agreement (notwithstanding that such employee or agent has transferred to another non-Agreement work assignment for AT&T).
E. Initiate and maintain strict building security for facilities owned, operated, or contracted by Supplier for the protection of AT&T Information while in Suppliers control, including maintaining secure facilities for all workstations, servers, network equipment, etc. used to provide Services under this Agreement, and shall limit access to operating areas, systems and information to those with a need for such access. When database/system storage is required to maintain all AT&T Information including, but not limited to, backup and archival media, Supplier shall store such AT&T Information generated or received in the performance of Services in a secure database/system environmentally controlled storage areas owned, operated, or contracted for by Supplier.
F. Maintain and update anti-virus software and malicious code detection and protection product(s) at the latest available software and signature levels and run on a real-time or daily basis to prevent potential interruptions to the production applications (e.g., workstations, servers and network equipment) used to provide Services under this
- 7 -
Agreement. Supplier shall immediately advise AT&T, either verbally or in writing (in a format approved or provided by AT&T), upon reasonable suspicion or actual knowledge that a virus or other malicious code is present in Suppliers systems and/or software which could affect the Services or damage, destroy, reveal or alter AT&Ts information in any manner.
G. In the event of a security incident, including but not limited to a computer security incident (e.g., hacker or attempted hacker activity or the introduction or attempted introduction of a virus or malicious code) involving the networks, systems, or applications used to provide Services or Work under this Agreement, Supplier shall, in addition to providing AT&T with immediate notice, provide AT&T (i) with regular status updates including but not limited to actions taken to resolve the incident at mutually agreed intervals or times for the duration of the incident, and (ii) within ten business days of the closure of the incident, a written report describing the incident, actions taken by Supplier during its response thereto, and Suppliers plans for future actions to prevent a similar incident from occurring in the future. For the purposes of sections (D) and (F) above and this section (G), all forms of the word immediate shall mean as soon as possible but in no event longer than 24 hours from, as applicable, Suppliers formation of a reasonable suspicion or having actual knowledge, or Suppliers discovery of a security incident; and
H. For each system used to provide Services or Work under this Agreement, provide to AT&T upon request the security logs and other documentation related to material security incidents, vulnerabilities and threats.
- 8 -