Exhibit 4A.7
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
CONTRACT
for the Outsourcing of Computer Services
“BSS Data Processing Service”
by and between
PRODUBAN, Servicios Informáticos Generales, S.L.
and
BANCO SANTANDER – CHILE
Santiago de Chile and Madrid, December 3, 2007
Ref.: BSS_GENV0_ACMR00_20070715
[Ink stamp appears on bottom of every page:
“Produban Servicios Informáticos Generales S.L.]
Page 1 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | |
In Madrid, Spain and Santiago, Chile, on December 3, 2007,
BY AND BETWEEN
PRODUBAN SERVICIOS INFORMÁTICOS GENERALES, S.L. (hereinafter PRODUBAN, the Vendor or the Lessee), Tax I.D. No. B-82077751 and with corporate address in Madrid, at Boadilla del Monte, Avda. de Cantabria, s/n, represented in these proceedings by Francisco Javier del Valle Garrido, holder of I.D. No. 694509R, in his capacity as Sole Administrator and in exercise of the authority granted by the power of attorney issued to him on April 8, 2005, before Madrid Civil Law Notary Antonio Fernández-Golfín, with notary circle number 917, for the party of the first part
and
BANCO SANTANDER - CHILE, a sociedad anónima bancaria [Chilean banking corporation], Taxpayer I.D. No. 97,036,000-K, hereinafter the Bank or the Customer, with corporate address at Calle Bandera No. 140, municipality and city of Santiago, represented in these proceedings by its Manager of Operations and Administration, Juan Fernández Fernández, National I.D. document No. 5,473,633-9, and by its Manager of Administration César Naranjo Ramirez, National I.D. document No. 9,830,559-9, in their capacity as attorneys-in-fact and in exercise of the authority granted to them by the power of attorney issued to them, by means of public instrument index number 5648-2005, dated June 14, 2005, issued in the city of Santiago, Chile, before Civil Law Notary Public Nancy de la Fuente Hernández, the party of the second part.
Both parties, in their respective capacities, mutually acknowledge the legal standing necessary to enter into this Contract, for which purpose,
THEY HAVE REPRESENTED
I. That the Customer is interested in the Vendor providing it with the services specified in Appendix II “Catalog of Service” of this Contract (hereinafter the “Services”), and the Vendor is also interested in providing the referenced Services to the Customer.
II. That the Customer’s interest in the Services is based on its need for data processing and the use and operation of centralized systems, with defined and approved safety standards, auditable contingency plans, high quality standards and levels of service (SLA), at low market costs that the Vendor has offered.
III. That, as a result, both parties have agreed to enter into this contract (hereinafter the “Contract”), in order to establish and govern their relationship for the aforementioned purposes, which shall become effective subject to the following
Page 2 of 20Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
CLAUSES:
FIRST: Purpose of the Contract
1. The purpose of this Contract is the uninterrupted provision by the Vendor to the Customer of all and every one of the computer services specified in the Catalog of Service that, for all purposes, is a part of the same and is subscribed by the parties.
2. “Services” shall be understood to mean all and every one of the actions, activities and components that is specified in the aforementioned Catalog of Service.
3. The Vendor, in these same proceedings, represents that it has all the equipment and material and human resources (hereinafter the “Equipment") necessary for the provision of the Services.
4. The provision of the Services by the Vendor shall be carried out per the terms and conditions specified in the Contract and the Appendices thereto.
SECOND: Customization and modifications to Services and Incorporation of New Technologies
| 1. | The Vendor agrees to undertake, assigning to the Customer the corresponding costs, the customization of the Services required by the Customer, in order to accommodate any possible changes in standards, official regulations or technological innovations, provided that it is so established in the technical appendices specific to the service and based on the conditions of cost, schedule and procedures established therein, as applicable. |
| 2. | In the event that the Customer decides, during the term of this Contract, to interconnect or add new changes, improvements or technologies, in order to make them part of the Service or other data processing services, the Customer may acquire them from the Vendor or from third parties. Nevertheless, in the latter case, the Customer must inform the Vendor in advance, so that it may take the measures necessary in order to customize the Services as required by the Customer. |
| 3. | Furthermore, in the event that the Customer acquires the changes and improvements, either through the Vendor or third parties, the Vendor must supply all the facilities necessary for the Customer to be able to interconnect or add them. As a result, this Contract shall not grant any right of exclusivity to the Vendor when the Customer needs to incorporate changes and improvements or technologies for all the purposes of the contracted Services. |
THIRD: Warranty on the Services
The Vendor ensures and guarantees the Customer that the Services covered y this Contract shall be suitable for the corresponding purposes and that it will provide the same with the proper quality and diligence.
In the event that malfunctions, interruptions or any interference occurs in the Services, the Vendor agrees to give an adequate response to the needs of the Customer, resolving any issue within the shortest possible term.
Page 3 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
FOURTH: Liability of the Vendor for Data Security
The Vendor represents that it is familiar with and accepts the files called “General Data Security Policy” (Operations Risk Management MN020) and “Policies and Standards for Data Protection and Classification” (Operational Risk Management MN118) and that are part of Appendix IV, which the parties are familiar with and is understood to be an integral part of this contract. Said policies are of Banco Santander Chile. These files may change from time to time and will be available on the Customer’s intranet. As of the date of publication of any amendments and/or new files on the Customer's intranet, it shall be understood that the Vendor has become aware of the same.
For the provision of the Services the Vendor agrees to perform the same by taking into consideration and using the policies indicated in the foregoing paragraph.
Any information that comes form the Vendor for the provision of the Services shall be considered to be confidential per the file “Policies and Standards for Data Protection and Classification.”
FIFTH: Customer’s Liability
Without prejudice to the Services rendered by the Vendor in accordance with the provisions of this Contract, the Customer shall continue to be the sole party liable vis-à-vis its customers, the officials and competent public entities and, as applicable, any third parties, for each and every one of the obligations and liabilities imposed by current legislation, and specifically, in regards to the protection of personal data.
SIXTH: Remuneration, Method of Payment, Consequences of Non-payment. Other Expenses.
In consideration for the Services covered by the Contract, the Customer shall pay to the Vendor the amount in Euros (EUR) and United States Dollars that the Vendor and the Customer agree to in the Financial Terms that are attached to this Contract (Appendix V). The method and terms for the payment of this amount shall also be set forth in the aforementioned Financial Terms (Appendix V).
Every year, the Vendor may communicate to the Customer, at least thirty (30) calendar days in advance of the starting date of the new annual period, the new amount to be invoiced. In such a case, the Customer shall have a term of thirty (30) calendar days to notify the Vendor whether it agrees to said amount. The failure to provide notification during the specified term shall be considered acceptance of the amount. If the Customer does not agree to the new remuneration amount communicated by the Vendor, it may terminate the Contract, with no penalty, subject to notification delivered to the Vendor at least six (6) calendar months in advance of the date on which it wishes to terminate the contract. During said six-month period, the Customer shall pay the monthly amount or prorated amount for the corresponding six-month period that was paid during the immediately prior payment period.
Page 4 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
Until the parties agree on a new remuneration amount, the remuneration amount corresponding to the previous period shall remain in force.
The aforementioned payments shall be made by the Customer to the Vendor every month in arrears. The Vendor shall submit invoices to the Customer for payment within the first ten (10) calendar days of the month following the end of the period. The invoice must comply with all legal requirements, in particular those related to fiscal matters.
SEVENTH: Limitations regarding Use
| 1. | The Services shall be provided by the Vendor for the sole benefit of the Customer, which agrees, vis-à-vis the Vendor, to make appropriate use of the means placed at its disposal for the provision of the Services by the Vendor, always through those areas, departments, units or supervisors previously designated by the Customer to make use of the same, and whose relationship model is established in the Appendix “Relationship Model for the Service” corresponding to this Contract and in any others that in the future may replace them, subject to notification made to the Vendor. |
| 2. | Except for subsidiaries of the Customer, under no circumstances may the resources placed at its disposal for the provision of the Services by the Vendor be the subject of transfer or conveyance by the Customer to third parties, nor may they be installed on other platforms or equipment, without the prior, express authorization of the Vendor. |
| 3. | Without prejudice to the foregoing, the Customer may use at its sole discretion the information and documentation obtained in virtue of the Services rendered by the Vendor, either on printed media or on editable electronic media. The Customer may manipulate and make use of all information and documentation received from the Vendor, within the limitations established in Clauses Nine and Sixteen. |
| | EIGHTH: Provision of Data by the Customer |
| 1. | The quality standard for the Services assumed by the Vendor in this Contract shall be in function of the information provided by the Customer. |
| 2. | The Customer shall provide the Vendor with all the periodic or random information that it may reasonably request and shall provide the appropriate collaboration to allow the Vendor to carry out its contractual obligations without interruption. |
| 3. | The Customer shall release the Vendor and hold it harmless from any liability for any damages that may occur, to the Customer as well as to third parties, as the result of inaccurate and insufficient information provided by the Customer. |
| | NINTH: Intellectual and Industrial Property |
| 1. | During the provision of the Services, the Vendor may use or periodically refer to names or products or other names and trademarks owned by third parties, such as programs, equipment, markets |
Page 5 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | indexes, etc. The Customer is aware of this and agrees to provide proper respect for them. |
| 2. | All intellectual property rights for the Services, Computer Programs and Equipment used by the vendor for the provision of the Service shall be and shall remain the absolute property of the Vendor. Likewise, the Customer acknowledges that any computer applications that the Vendor may research and design, as applicable, for the account of the Customer, shall be the property of the Vendor, unless expressly agreed otherwise by the parties, but in any case they must be conveyed to the Customer, at no cost, in the event of the termination of the Contract. |
| 1. | When the Vendor deems it appropriate to guarantee the best performance of its obligations, it may subcontract third parties to carry out, in whole or in part, the services covered by the Contract. In all cases, the Vendor must have prior, written approval of the customer, who must issue a decision within a term of 10 calendar days following receipt of the request. Denial by the Customer shall be duly justified, stating the corresponding grounds. Furthermore, the Customer shall have the authority to request that the Vendor remove or replace any subcontracted companies, duly justified by stating the grounds for the request, in virtue of the research carried out by the Customer of the list of subcontracts that the Vendor shall make available to the Customer, per the terms set forth in Item No. 4 of this clause. |
| 2. | If work is subcontracted, the Vendor shall be liable vis-à-vis the Customer and/or any third party for the actions of the subcontracted company. IT shall at all times warrant the correct performance, by said subcontracted company, of the provisions of all the clauses of this Contract, including any matter related to the disclosure of information or confidentiality, with the understanding that the Vendor and the Customer agree that any party to which the Vendor subcontracts work must expressly assume obligations of confidentiality vis-à-vis the Customer that are substantially in accordance with the conditions set forth by Clause Sixteen of the Contract, and that the absence of said clause or failure to comply with its terms shall be grounds for immediate termination of the subcontract in question, regardless of any other actions which may be applicable. |
| 3. | If the tasks entrusted to the subcontracted company involved or are related to the processing of personal data referenced by this document, the Vendor agrees to inform said company of the obligations assumed in virtue of this Contract, in particular those relative to the protection of personal data. |
| 4. | Within ten (10) calendar days following the date on which the Customer so requests in writing of the Vendor, the Vendor shall make available to the Customer and deliver to the same, the list of subcontracts that the Vendor has entered into under this Clause, that are in force at the time of the request, and as applicable the terms of such Contracts that document said subcontracting, provided that the measures or resolutions necessary are adopted so that no obligation regarding confidentiality assumed by the parties is violated. |
Page 6 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
ELEVENTH: Responsibilities and Indemnification
1. Based on the reserved and confidential nature of the information that the Vendor will process, the Vendor shall be liable for the most minor breach of contract. Furthermore, with respect to other duties that are the subject of this contract, other than the duty of confidentiality, the Vendor shall be liable for the ordinary negligence.
2. Either of the parties to this Contract shall indemnify the other vis-à-vis any claim, damage, loss, liability, prejudice or expense (Including Attorney and Prosecutor fees) which may be incurred as a result of the failure to comply with any obligations that, per the provisions of this Contract, may be attributable to the non-compliant party.
The Vendor shall fully indemnify the Customer for any damages cause due to interruptions in Service and/or non-compliance with the service levels detailed in the Appendices, and those that it may experience in virtue of any action, recourse, claim, demand or judicial proceeding initiated by the customers of the Customer in virtue of damage or prejudice caused as the result of the Services provide by the Vendor, its personnel and those of any subcontractors, including violations relative to banking confidentiality and secrecy and privileged information.
The parties shall be exempt from liability from any non-compliance that is due to chance or force majeure, considering the same to be as defined by law, and in particular, those circumstances listed below:
FOR THE CUSTOMER:
The Customer shall be exonerated from any civil, administrative or criminal liability for facts, actions or omissions that the Vendor or any of its employees, whether personnel with a subordination and employment tie or Subcontractors of the Vendor, perform or fail to perform and that incur any type of liability for the Customer and/or that may cause damage or prejudice to third parties.
Inasmuch as it is expressly agreed that the Vendor shall be liable vis-à-vis the Customer for any damage, prejudice, contingency, sanction or loss that the Customer or its personnel may experience in regards to its assets, goods, honor or dignity based on the non-compliance or the late, partial or imperfect compliance with any of the obligations assumed by the Vendor based on this contract, as well as for any equity losses that the Customer may experience as a result of claims by personnel hired under the liability of the Vendor, or any others that although they are not explicitly mentioned are understood to be an integral part of the contracted services and processes.
In the event that the Customer is the subject of a claim, sanction or fine in relation to or because of any worker of the Vendor, by any Auditing, Regulatory, Labor, Social Security or Judicial Entity, the Superintendency of Banks and Financial Institutions (SBIF) or the Superintendency of Stocks and Insurance (SVS), the Vendor must immediately pay the amount claimed and indemnify the Customer for the amount equivalent to the amount of the claim, fine or sanction, and the Customer may
Page 7 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
deduct the appropriate amounts in this regard from the amount of any of the services rendered, based on this Contract or the Appendices to the same.
No liability shall be implied for the customer in the event that due to any contingency the Vendor is prevented fro providing the service or performing the work that it is required to do by this instrument, and the Customer reserves the right to subcontract other companies to do it, and the Vendor shall be responsible for any greater cost that the Customer must assume in this regard if the Vendor had been previously informed and had approved the selection of the new service provider.
FOR THE VENDOR
a) The Vendor shall be exempt from any liability derived directly from a delay in providing the service, when said delay occurs due to any of the following causes:
• Flood
• Fire
• Earthquake
• Explosion
• Disturbances
• Coups
• Strikes
b) The inability or delay in obtaining export or import permits, for the installation or receipt of goods sold, hardware and/or software, when applicable by law, regulation or other Government standard;
c) In general, any other similar event of an extraordinary nature that could not be anticipated or that if anticipated, could not be avoided.
If one party believes that it has been affected by chance or force majeure that does not impede the complete and permanent provision of the Services, that party shall inform the other party in writing within 3 calendar days following the date on which the instance of chance or force majeure occurred, indicating the starting and anticipated ending date of said conditions, a description of the same and how it affects the performance of this Contract. Then the parties shall endeavor to determine by mutual agreement the term of the interruption or suspension of the Services that are affected, and they shall make the necessary efforts to resume the Service, in whole or in part, within the term agreed upon, either with the same components or devices or with others that are similar. As soon as the conditions that caused the instance of chance or force majeure have ceased their effects, the obligations that were affected shall be resumed.
Page 8 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
In the event that the instance of chance or force majeure prevents or delays the provision of the Services in the manner agreed upon, for more than 30 calendar days and for up to a maximum of 180 calendar days, the parties shall have the option of contracting the services from third parties based on the following:
a) The Vendor shall first have the option of contracting the affected Services from a third party, and if it calls upon this option, it must so demonstrate to the satisfaction of the Customer, within 5 calendar days following the date on which the conditions of chance or force majeure take place. Any contract with third parties shall be executed within 30 days from the aforementioned date. Such contract shall be for the sole account, charge and risk of the Vendor, and the Customer shall in any event maintain the payment of the price specified in this Contract.
b) If the Vendor cannot or does not use the option referenced above, or if it does not in a timely or satisfactory manner demonstrate to the Customer that it has perfected the contract with a third party, the Customer shall have the option of directly assuming or contracting with third parties the performance of the Services affected by the instance of chance or force majeure. In such cases, if the Customer directly assumes the performance of the affected Services, and if it contracts the services with third parties, the price or rate of this Contract must be decreased by the corresponding amount, to the level of the lesser quantity between that specified in this Contract or the price that the Customer must effectively pay to the referenced third parties, which discount may take the form of a corresponding credit notice(s).
1. Under no circumstances, except in the case of fraud, negligence or bad faith on the part of the Vendor, shall the Vendor be liable vis-à-vis the Customer or third parties, with respect to any indirect loss or damage (including lost income, profits, business, contracts, expected savings or lost profits), related to or resulting from the use of the Services that are the subject of this Contract.
2. The Vendor shall not be liable for failures in the transmission of data, interference, interruptions or disconnections that may occur as the result of damages, line overload, etc. as well as errors in the transmitted information, that are not attributable to the Vendor.
Without prejudice to the foregoing, the Vendor must possess a contingency plan that guarantees the proper performance of the contracted services. The Contingency Plan is the one prepared for the Data Processing Centers of the Santander Group that is made available to the Customer in the Appendix to this Contract.
3. In any event, the liability of the Vendor with respect to the Customer that arises from or in connection with the Contract shall be limited and shall not exceed the amount agreed upon as remuneration for that year in accordance with the sixth clause,
Page 9 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
except in the event that there is fraud, serious negligence or bad faith on the part of the Vendor, in which case it shall not be subject to any limitation whatsoever.
TWELFTH: Labor Relations and Prohibition from Hiring Employees from the Vendor
| 1. | The Vendor shall, at all times, maintain ownership of the legal relationship with the personnel for which it is responsible, as are necessary for the correct and appropriate provision of the Services, without any transfer of the same to the Customer and without this creating any direct labor relationship whatsoever with them. |
| 2. | The Customer shall not, without the express, written consent of the Vendor, offer any employment position and shall ensure that no party of which it exercises control does so, to any employee of the Vendor involved in the Services or performing any of the obligations of the Vendor, or working for it during the Contract term or during the twelve (12) month period following the end of said term, for any reason. |
| 3. | Furthermore, without the prior, written authorization of the Customer, the Vendor may not make an offer of work to employees of the Customer working in areas that exchange information or that work for it either during the Contract term or during the twelve (12) month period following the end of said term. |
| 4. | The parties expressly acknowledge that the performance of this Contract shall not create any employment relationship whatsoever between the Customer and the workers that the Vendor or any other subcontractor may employee. As a result, the Customer shall not be liable in any way with respect to the performance of labor or other obligations that the Vendor or any other subcontracted company enters into with the referenced workers, whether they were contracted by the Vendor in Chile or abroad, therefore the Vendor shall be the sole party directly bound to pay, in full and in a timely manner, the following items: |
| | a) Remuneration, contributions and other benefits specified by law and by contracts owed to the workers employed to provide the Services; |
| | b) Any taxes and charges that are owed to the corresponding institutions; |
| | c) Any income taxes and any other tax owed that by law must be withheld from the compensation of the personnel employed to provide the services, and train them in fiscal areas; and |
| | d) Any alternate indemnification previously notified, if it is not given, based on years of service and any other factors that may correspond to the workers employed to provide the Services, as applicable. |
| 5. | It shall be a condition of the start-up of the Contract that working personnel that the Vendor or any other subcontracted company employs for the performance of Services, must be duly affiliated with a social security entity that is applicable based on the place of origin, and that the tax or social security contributions are duly covered by workplace accident and occupational illness insurance, according to the corresponding legislation. |
Page 10 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
Before paying the remuneration specified in Clause Six of this contract, the Customer may require that the Vendor present the proof issued and authorized by the corresponding office of the location where the services are rendered, showing compliance with its corporate laws, and the certificates issued by the corresponding social security institutions, including for these effects, labor inspectors, administrators of pension funds, etc., regarding the absence of claims outstanding by its personnel. The same shall be applicable in the case of the final or early termination of this contract.
The Customer shall not pay remuneration to the Vendor as long as the Vendor has not confirmed that it is current in its payments referenced above, and based on the sole fact of being jointly and severally or secondarily the subject of a claim for the payment of remuneration, compensation and social security payments. In addition, when, by trial court ruling, it is declared that it must pay any service of the Vendor or its subcontractors in favor of its workers. The Customer shall require that said party provides a guarantee on the consequences of its joint and several or secondary liability that may be applicable, or provide resources for payment to the complete satisfaction of the Customer.
Similarly, the parties expressly acknowledge that the Customer shall not have any liability whatsoever for any type of injuries, accidents or damages that may affect the personnel of the Vendor or of its subcontractors in the course of performing the tasks that are directly or indirectly related to the performance of the Services, all of which shall be the sole liability of the Vendor, all without prejudice to the corresponding health and safety provisions.
The Customer may request in writing that the Vendor, at any time and as often as is deemed necessary, present the corresponding employment contracts for its personnel or the personnel of its subcontractors, forms demonstrating the payment of compensation and social security assessments, assistance records corresponding to workers, the releases granted for the legal formalities by employees who have left their positions, verification of payment of family benefits and of withheld income taxes, etc.
| 6. | Failure to comply with the contractual obligations referenced by this clause shall authorize the Customer to request early termination of the Contract, with the corresponding indemnification of damages. |
THIRTEENTH: Revisions to and/or Auditing of the Service
| 1. | The Customer reserves the right to periodically carry out audits, by means of independent audits, subject to scheduling with the Vendor and knowledge of the methodology and objectives in relation to the Services, in order to determine the |
Page 11 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | correct performance by the Vendor of all the obligations entered into in virtue of this Contract. Furthermore the SBIF may also conduct the audits it deems expedient in order to comply with current legislation and to identify and evaluate any risks that the transaction may involve for the customer. |
| 2. | The parties agree that the Customer or SBIF may, at any time during the term of the Contract, be authorized to carry out visits to the facilities of the Vendor in Spain, for which purpose the Vendor states its approval, with the understanding that any visit conducted by the Customer pursuant to the terms of this paragraph shall be subject to the following conditions: |
| | (i) it shall require advance, written notice sent by the Customer to the Vendor, at least 10 calendar days in advance of the date on which the visit will take place; |
| | (ii) it shall be subject to the safety standards and policies of the Vendor; and |
| | (iii) it must cover subjects related to the Services related to this Contract. |
| 3. | Any reviews may be carried out through the units that supervise the functions covered by the Service, such as the Office of the Controller, Human Resources, Technologies or others that the Customer may specify, whether they are internal to the Customer or through external companies. Any comments and/or recommendations shall be collected and performed by the Vendor, per the terms of the written agreement between the parties. |
| 4. | Any reviews may be carried out using consulting, auditing, specialized outsourcing or other companies contained on a list previously agreed upon by the parties, provided that said companies are not competitors of the Vendor and its companies related to the provision of these services. |
| 5. | The Customer reserves the right to verify that the comments and/or recommendations may be applied within the terms agreed upon by the parties. |
| 6. | For the purpose of complying with requests from competent authorities, such as the delivery of information that may be requested by SBIF at any time, and to determine the correct performance by the Vendor of its obligations assumed under this Contract, the Customer may at any time obtain, either directly or via a request, from the Vendor, any data, information and/or the data records necessary using the technological tools provided by the Service. |
Any costs incurred by the SBIF, for the supervision of data processing at another location, understanding such to be a location other than the offices of the Customer or of SBIF itself, shall be charged to the Customer.
FOURTEENTH: Term and Grounds for Rescission of the Contract
This contract shall be effective as of January 1, 2007 and shall have a term of 5 years. After said term has passed, the contract shall be tacitly, automatically and subsequently renewed for 1-year periods, unless either of the parties communicates to the other party its desire to terminate it by registered letter,
Page 12 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
sent to the address of the other party indicated in this contract, at least 180 calendar days in advance of the end of the period that was in force.
Without prejudice to the foregoing, the Customer shall have the authority to immediately and automatically terminate the Contract or any one of the Appendices hereto, without requirement of judicial, arbitration or any other type of ruling, in the following cases, without the following list being exhaustive:
| a) | Non-performance by the Vendor, in whole or in part, or inability or negligence in performing the obligations assumed in this contract or in any of the appendices hereto. |
| b) | Delay of more than thirty (30) days in the delivery term for the Services or projects contracted, without prejudice to the right of the Customer to collect the late fines specified in this instrument. |
| c) | Dissolution or termination of the Vendor company. |
d) | Declaration of insolvency or a meeting of creditors of the Vendor, or if the Vendor enters into judicial or extrajudicial agreements with its creditors. |
| e) | Lack of technical suitability on the part of the Vendor, as considered by the customer. |
| f) | If the Vendor or any of its subcontractors fails to pay its workers the corresponding wages, compensation or fees, or fails to comply with any other labor, social security or tax obligation related to them, which it is obligated to respect by law or contract provision. |
| g) | If the Customer is acquired, merges, is absorbed by a third party, is transformed or is divided, or if all or part of its assets are sold. |
| h) | If the Vendor or any of its subcontractors fails to comply with one or more of its obligations to maintain confidentiality, as described in Clause Sixteen hereof. |
| i) | If the Vendor no longer belongs to the Santander Group. |
In order to terminate the Contract or one [or] more of the Appendices hereto for any of the reasons mentioned above, the Customer shall only have to submit a registered letter to the Vendor, at its address indicated in the identification of parties above, at least 180 days in advance of the date specified as the termination date, without incurring any liability for the Customer, and without the Customer being obligated to pay any amount or indemnification for any reason.
Notwithstanding all the foregoing, with respect to the term of the contract, either of the parties shall be authorized to unilaterally terminate this contract early, at any time during its term, without being required to pay any fine, indemnification or amount in any regard whatsoever. It shall suffice for this purpose to give notice by registered letter sent to the address of the other party as indicated in this contract, at least one hundred eighty calendar days in advance of the date specified for termination of the contract.
Page 13 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | Commitments in the event of termination of the Contract or Appendices, for any reason: |
| | The Vendor agrees to provide all the facilities necessary to ensure the continuity of the service or the project, the management of all information and to ensure the transfer of the service or the project to a third party. |
| | In addition, the Vendor shall continue to provide services to the Customer for at least 180 days, following the date of delivery of the registered letter in which the Customer communicates its intent to terminate the contract for the aforementioned reasons. This term may be less if the Customer so declares. During this time period, the contract fees shall continue in force for the services provided by the Vendor. |
| | If any circumstances arise that constitute chance or force majeure and that make it impossible to continue the services agreed upon or assumed in the Contract or its Appendices, once they have been started, the Customer agrees to pay the Vendor for the work performed, only up to such time as such facts occurred. |
| | FIFTEENTH: Practical Effects of Termination of the Contract |
| 1. | Once the Contract has been terminated for any reason, the Customer shall assist and cooperate with the Vendor in order to recover the computer equipment owned by the Vendor that is physically located at locations owned, controlled or maintained by the Customer, and the Customer shall return the computer programs and copies of the same to which it may have had access in virtue of the Contract. |
| 2. | At the request of the Customer, the Vendor shall assist and cooperate with the Customer to search for other companies that may assume the provision of the Services performed to that point by the Vendor. In any case, the Vendor shall be required to provide the Customer with any information that it may request and that has been prepared by the Vendor, based on the Contract, within six years following the termination date of the Contract. Regardless of the cause, reason or grounds for the early termination of this Contract, even if for non-performance of obligations by the Customer, the Vendor shall cooperate with the Customer for the orderly transfer to the Customer or the vendors designated by the Customer, of the Services described in this Contract. |
| 3. | Subject to written agreement by the parties, the Customer may purchase form the Vendor the computer programs and equipment used for the provision of the Services for a price that shall be agreed to by both of them in function of the financial consideration specified in this Contract and the ratio of the date initially specified for the normal termination of the Contract and the actual termination date of the same. |
| 4. | In addition to the provisions of Item 2 of this Fifteenth Clause of the Contract, the parties agree that in the event of termination of the same, the Vendor shall continue to provide the services to the Customer for a term of one hundred eighty (180) calendar days, following the termination date, regardless of the reason that resulted in said termination. |
Page 14 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
SIXTEENTH: Confidentiality
1. Confidential Information. Confidential information is defined as any information related to:
| a) | Transactions of the customers of the Customer and its subsidiaries, whether they are individuals or legal entities, involving either assets or liabilities, expressly including nay current account and credit transactions that they carry out with the Bank and its subsidiaries, its commercial and/or financial predecessors, their projects, plans or businesses and in general any background information that is not accessible to the public. |
| b) | In regards to the Customer and its subsidiaries, any information on the business and its transactions and, therefore, not limited to processes, techniques, computer programs, information or management systems, businesses, market practices, marketing, products, services, documents, contracts, customer lists, financial information, plans or projects, whether strategic or otherwise. |
2. Confidentiality, Reservation and Secrecy: (a) The Vendor acknowledges that, in relation to the services that it shall provide to the Customer, it may have access to proprietary and confidential, secret or reserved information regarding the customers of the Customer and of its subsidiaries, and of the Customer itself and its subsidiaries, in accordance with the legal standards and in particular DFL No. 707 regarding Current Bank and Checking Accounts, DFL No. 3 dated 1997 that established the amended text of the General Banking Act of Chile and Law 19,628 regarding the Protection of Private Life. (b) The Vendor may not use this information for its own benefit and agrees to maintain the confidentiality, reservation and secrecy of such information, agreeing to use it only for the purpose of processing Customer data and it shall not disclose this information to third parties. It must, furthermore, protect it with the same degree of care that it protects its own private and confidential information, and it may only be disclosed or used with the written consent of the Customer, subject to liability for the most minor breach of contract. (c) The obligation of confidentiality, reservation and secrecy established in this section shall not be extinguished upon the termination of this Contract, but rather it shall be on-going with respect to any information obtained or prepared during the term of this contract. (d) Without this being understood as a limitation, the Vendor agrees that all information that the Customer may provide it shall be the sole property of the Customer and its subsidiaries. (e) The employees of the Vendor and of any subcontractor that requires familiarity with confidential information in order to correctly perform its services, shall review and sign Appendix IV to this contract or any other document or agreement with similar or identical provisions that provides sufficient coverage of the obligations specified in this clause. In the event that the Vendor wishes to add other employees, agents or consultants with access to the confidential information, it must enter into an instrument that confirms that its employees, agents or consultants have reviewed and executed Appendix IV to this Contract or an equivalent document as described above.
The obligations described above shall not be applied or extended to (i) any information required by an authority duly authorized by law or based on a judicial proceeding, but only within the limits of said request; or (ii) that approved by its publication or disclosure in writing by the Customer. In the event that the situation described in Item (i) above, and if it is legally applicable, the Vendor agrees to immediately inform the Customer of such a circumstance, in order that it may take measures for preservation or appeal that are applicable to prevent or minimize any negative impact by such
Page 15 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
disclosure and allow filing all actions and implementing the efforts that are appropriate in order to prevent the disclosure of such confidential information.
3. Termination. In the event that a violation of the provisions of this Sixteenth Clause occurs, this Contract shall be immediately terminated. In the event of any termination of the Contract for any reason, the Vendor shall not continue to use any confidential information provided, and it must return the same and all its copies within a term of twenty (20) days following the termination. In any event the obligation regarding confidentiality, reservation and secrecy assumed by the Vendor, as noted above, shall remain in force even after and in spite of the termination of the Agreement.
4. Indemnification. The Vendor shall release, indemnify and hold the Customer harmless for any cost, loss, claim, complaint, demand or damage of any nature (including attorney’s fees) to which the Customer, its shareholders, directors, employees, agents or representatives may be subjected, and that arises as the result of any non-performance by the Vendor or its employees, agents, subcontractors or consultants with the provisions of this Contract.
5. Extension of the Confidentiality Agreement: The Vendor agrees to incorporate into any contracts, agreements and in general into its relationships with its units, departments, divisions, subsidiaries, partners, contractors, subcontractors, consultants and any other entity with which it has a relationship and which may have access to Confidential information, clauses that shall protect the confidentiality, secrecy and reservation of information delivered by the Customer, consistent with the terms of this Contract.
SEVENTEENTH: Ownership of Information
Any information resulting from the processes that the Vendor may perform pursuant to this contract shall be the property of the Customer. Similarly, if any Customer information exists in units of the Vendor, the information must be maintained by the Vendor in a safe location, and the Vendor shall be liable in the event that a loss, theft or destruction of the same occurs.
EIGHTEENTH: Transfer of Rights and Obligations
The transfer, by any of the parties, of any of its obligations or rights arising from this Contract in favor of other persons or entities, must be agreed upon in advance and in writing by both parties. Nevertheless, this requirement shall not be applicable and therefore the transfer may be carried out, by the simple notification by the Customer to the Vendor, to any company of the Santander Group. Any company in which Banco Santander Central Hispano, S.A. or Banco Santander – Chile holds at least a 50% capital stake or in which it exercises direct or indirect control shall be considered to be a company of the Santander Group. The Vendor, however, may only transfer its rights in this Contract by maintaining its capacity as surety or joint and several co-debtor of the transferee with respect to all its obligations, charges or encumbrances assumed under this Contract.
Page 16 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
NINETEENTH: Penalties, Sanctions and Fines
PRODUBAN must comply with a minimum level of service equivalent to the amount established for the indicator of availability. In the event that the availability is below the agreed upon level, PRODUBAN shall be subject to a penalty.
Penalty shall be understood to mean the amount of the credit that the CUSTOMER shall have vis-à-vis PRODUBAN and by means of which the latter shall compensate the CUSTOMER as a fine for failing to comply with the agreed upon service levels. Any credits in favor of the CUSTOMER shall be referenced at the monthly value of the service affected by the unavailability and shall be calculated per the provisions of the following table:
Actual availability of the BSS box service | Service Bonuses in percent of the monthly invoice (total) |
| Between 99.90 and 100% | 0% of the monthly service amount |
| Between 99.60% and 99.89% | 2% of the service amount |
| Between 99.40% and 99.59% | 5% of the service amount |
| Between 99.01% and 99.39% | 10% of the service amount |
| Between 98.50% and 99.00% | 15% of the service amount |
| Between 98.01% and 98.49% | 20% of the service amount |
| Between 97.50% and 98.00% | 25% of the service amount |
| Between 0% and 97.49% | 30% of the service amount |
Availability, which is calculated on a monthly basis, is defined as the time during which the box service supported on the PRODUBAN infrastructure must be available to the CUSTOMER, i.e.:
Availability (monthly) = (Ttotal – Tnodisp / Ttotal) * 100(%)
where:
| | Ttotal = Total time of the period in question (minutes) |
| | Tnodisp = Time unavailable (total lack of communication over the PRODUBAN network) within the Ttotal period in question (minutes) |
Page 17 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
The Service by PRODUBAN shall guarantee a minimum availability defined as follows:
| Service Environment | Guaranteed Availability |
| Availability of the Box | 99.90% |
Without prejudice to the obligations set forth in this contract, the parties agree that the Vendor is required to pay a fine consisting of paying the Customer, based on the table set forth above, and in the corresponding percentages of the total amount of this contract, for each day of delay attributable to it with respect to the date and/or standards on which the provision of the services has been agreed, in accordance with the terms or schedule specified herein or in the corresponding Appendix, and that have no relation to the penalty established in the preceding paragraphs. Instances of chance, force majeure or other cause waiving liability as set forth in this contract shall provide an exemption from the fine.
The parties agree that the Vendor shall be considered in default by the sole fact of having failed to comply with the term for delivery of the services or projects set forth in the contract or the corresponding appendix, for which reason the Customer shall not, in order to assess the payment of the fine, require prior notice, judicial or otherwise, which notice the Vendor hereby expressly waives.
Furthermore, if as the result of the defective provision of the Services by the Vendor, the Customer is the subject of sanctions or fines by the Superintendency of Banks and Financial Institutions, the Vendor shall be liable for the payment of said fines and for any prejudice related to the same.
Any fines that are accrued in accordance with the provisions set for the above, they must be paid by the Vendor upon simple request by the Customer, and in particular, the Customer is authorized to discount the value of the same form outstanding invoices owed to the Vendor, and from future invoices to be issued, until the total amount of the fines has been offset, and if necessary, the Vendor shall issue a Credit Notice. The foregoing shall be without prejudice to any legal action that will allow the Customer to collect the penalties in full.
Based on the foregoing, and without prejudice to the provisions set forth above, the parties agree that any time that the Vendor delays in redoing or modifying the work that is not approved by the Customer, as specified in this contract or appendices hereto, shall be considered non-compliance with the terms of the same and shall entitle the Customer to carry out the corresponding actions and to collect the specified fines.
If the delay in compliance with the terms specified in the contract or appendices thereto is due to causes attributable to the Customer and the same reasons are not the result of a previous, justifying delay exclusively attributed to the Vendor, the parties by mutual agreement shall decide to extend the same terms.
Page 18 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
TWENTIETH: Expenses and Taxes
Any taxes that arise from this Contract shall be paid by the parties as specified by Law.
All expenses arising from this Contract shall be for the account of the Customer and shall be paid subject to authorization of the Customer and based on the policies it has in effect for that purpose.
TWENTY-FIRST: Non-exclusivity
The relationship between the Vendor and the Customer as described in this Contract shall not exclude or limit in any way the right of the Vendor to offer or provide services that are similar or identical to those set forth herein to other banks or institutions that are not Chilean, although in such a case the Vendor shall exercise diligence in complying with each and every one of the obligations set forth in the Contract and, in particular, those that relate to the confidentiality and protection of personal data.
Notwithstanding the foregoing, in virtue of the type of services covered by this Contract, the Customer agrees not to contract with third parties not expressly authorized by the Vendor, for any service related directly or indirectly to those specified in the Appendix titled “Catalog of Service” and if it does so the Vendor shall be exempt from any liability for errors or defects in the provision of the [Services] that are the subject of this contract.
TWENTY-SECOND: Method and Addresses for Communications
| 1. | Any communication related to the Contract must be made in writing delivered in person with acknowledgement of receipt, by mail with return receipt or by any other means that allows receipt and the date of the same to be verified. |
| 2. | For the purposes of this Contract, the parties expressly designate as their business addresses for communication those addresses indicated below: |
| Vendor: | Francisco del Valle Garrido |
| Address: | Parque Empresarial La Finca, Edificio 16 |
| | P° del Club Deportivo, 1, 28223 – Pozuelo de Alarcón, Madrid, Spain |
| Telephone No.: | (34) 91 289 15 87 |
| Fax No.: | (34) 91 257 1821 |
| Email: | fjdelvalle@produban.com |
| | |
| Customer: | Patricio Silva Peña |
| Address: | Bombero Ossa No. 1068, Piso 10 |
| Telephone No.: | 56 2 647 9510 |
| Fax No.: | 56 2 |
| Email: | psilvap@santandersantiago.cl |
| | |
Page 19 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| 3. | Any change to the foregoing addresses must be reported in advance to the other party in order to take effect. |
| | TWENTY-THIRD: Applicable Law and Jurisdiction |
| 1. | This Contract shall be construed and respected in its own terms and, for any matters not specified in the contract, Chilean law shall apply. This Contract is comprised of this document and all current and future Appendices hereto. The latter shall be integral and inseparable components hereof. |
| 2. | Any disagreement arising from this Contract or related hereto shall be definitively resolved in accordance with the Arbitration Regulation of the International Chamber of Commerce by one or more arbitrators appointed pursuant to that Regulation |
In witness whereof, the parties have set their hands hereto, in two original counterparts, one of which was delivered to each party and for a single purpose, in the location and on the date indicated above.
| | | | | |
/s/ Francisco del Valle Garrido | | | /s/ Juan Fernández Fernández | |
| Produban, Servicios Informáticos Generales, S.L. | | | Banco Santander – Chile | |
| By power of attorney | | | By power of attorney | |
Francisco del Valle Garrido | | | Juan Fernández Fernández | |
| | | | |
| | | | | |
| | | | /s/ César Naranjo Ramirez | |
| | | | Banco Santander – Chile | |
| | | | By power of attorney | |
| | | | César Naranjo Ramirez | |
Page 20 of 20
Banco Santander Chile – Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
Appendix I
RELATIONSHIP MODEL
for the Outsourcing of Computer Services
“BSS Data Processing Service”
by and between
PRODUBAN, Servicios Informáticos Generales, S.L.
and
BANCO SANTANDER CHILE
Santiago de Chile and Madrid, December 3, 2007
Ref.: BSS_SPDV00_MRGR03_20070604
[Ink stamp appears on bottom of all pages: “Produban Servicios Informáticos Generales S.L.]
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 1 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
TABLE OF CONTENTS
| 1. | INTRODUCTION | 3 |
| 2. | BASIC TABLE OF RESPONSIBILITIES | 3 |
| | 2.1 | Audits | 4 |
| 3. | LEVELS OF RELATIONSHIP | 4 |
| | 3.1 | Management level | 4 |
| | 3.2 | Tactical level | 5 |
| | 3.3 | Operational level | 5 |
| 4. | RELATIONSHIP ASPECTS FOR ALL LEVELS | 6 |
| | 4.1 | Safety aspect | 6 |
| | 4.2 | Quality aspect | 6 |
| | 4.2.1 | Quality Management | 6 |
| | 4.2.2 | Service Level Management | 7 |
| 5. | ROLES OF PARTICIPANTS AT EACH RELATIONSHIP LEVEL | 7 |
| | 5.1 | Vendor | 7 |
| | 5.1.1 | Account Manager | 7 |
| | 5.1.2 | Service Manager | 7 |
| | 5.1.3 | Technical Area Supervisors | 8 |
| | 5.2 | Customer | 8 |
| | 5.2.1 | Contract Manager | 8 |
| | 5.2.2 | Service Manager | 8 |
| | 5.3 | Identification of Roles and Contacts | 9 |
| 6. | FORMALIZATION OF LINES OF COMMUNICATION | 10 |
| | 6.1 | Vendor’s Reporting Obligation | 10 |
| | 6.2 | Management Level | 10 |
| | 6.3 | Tactical Level. Planning and Follow-up | 11 |
| | 6.4 | Operational Level. Service Audit | 11 |
| | 6.5 | Operational Level. Management of Incidents and Changes | 11 |
| | 6.5.1 | Definition of Types of Incidents | 12 |
| | 6.5.2 | Reporting of Incidents to External Vendors | 13 |
| | 6.5.3 | Responsibility for Following up on Incidents | 13 |
| | 6.5.4 | Responsibility for Acceptance / Implementation of Changes | 13 |
| 7. | APPLICATION SOFTWARE MAINTENANCE AGREEMENTS | 13 |
| 8. | ACCEPTANCE OF VENDOR PROCEDURES AND PROCESSES | 13 |
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 2 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
1. Introduction
This Relationship Model establishes, in general terms, the description of the participants, responsibilities and paths of communication and information necessary for the best and most effective provision of the Services covered by the Computer Services Outsourcing Contract of which this document is an inseparable Appendix.
2. Basic Table of Responsibilities
Framed within the Computer Services Outsourcing Contract between Banco Santander Chile (hereinafter the customer) and PRODUBAN S.L. (hereinafter the Vendor) the responsibilities that shall correspond to each of the parties in regards to the provision of services that are the subject of the collaboration between the parties, shall be as follows:
On the part of the Customer:
| • | The relationship with the users that receive the service for the purpose of collecting the information necessary regarding requests, requirements and policies, as well as the correct transmission of the same to the Vendor. |
| • | Preparation of the annual budgets and the scheduling of the provision of all services. |
| • | Approval of the investments and expenditures necessary for the correct provision of the services. |
| • | The management of functional changes necessary for the correct operation of the services, as well as the final acceptance of the changes that will be made. |
| • | Supervision of the services, so that they may be carried out in a manner that is satisfactory for the users. |
| • | Approval of any technical changes that may be necessary for the correct provision of the services. |
On the part of the Vendor:
| • | The correct performance of the procedures and processes necessary for the provision of the services covered by the contract. |
| • | Installation and maintenance of all computer and electronic equipment involved in the provision of the services. |
| • | Management of any technical changes that may be necessary for the correct performance of the services, as well as the performance of the same services and the final acceptance of those that are performed. |
| • | Carrying out functional changes in order to comply with the instructions given by the Customer. |
| • | Relations with external vendors in all matters related to technical assistance and the resolution of incidents. |
| • | The establishment of a methodology and quality standards that will ensure the minimum guaranteed levels of availability and performance, as specified in the Contract. |
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 3 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| • | Creating and maintaining an updated, complete inventory of all the hardware and software installed that is involved in the provision of the services. |
| • | At all times respect and act in accordance with the Safety Standards and Policies approved by the Customer and consider any future guidelines that the Customer may issue in regards to safety. |
“Audits” shall be understood in accordance with the provisions of the THIRTEENTH CLAUSE of the Computer Services Outsourcing Contract executed by PRODUBAN and the Bank.
Any Audit visits to the Bank and in which PRODUBAN must participate will be formally notified with advance notice greater than 3 weeks, by means of a document which will indicate the dates requested for the audit visits and the term for delivery.
PRODUBAN shall provide all the information required that it has available to the Bank official designated as the coordinator of the same, and shall carry out all technical actions necessary to comply with the requirements of the cited audit.
3. General Levels of Relationship
Within the relationships necessary for the successful completion of the Outsourcing Contract, the Customer and the Vendor shall frame their relationship with three hierarchical levels: A management level, a tactical level and an operational level, and the corresponding tasks to be assumed are detailed below.
3.1 Management Level
In general, any actions at this level shall be intended to determine the Strategic Plan and the Customers needs as well as the commercial effects of the same.
The primary tasks entrusted to this level shall be to carry out the development, preparation and monitoring of:
| | • | an Annual Technology Plan that ensures the alignment of the service provided by the Vendor with the Customer’s technology strategy; |
| | • | an Annual Projects Plan by identifying the future needs of the Customer’s users, by anticipating long-term system requirements; |
| | • | a Budget that includes the cost of the service provided by the Vendor, anticipating to the extent possible any deviations due to changes in the same. |
This level of management shall be responsible for resolving all disagreements between the parties that cannot be resolved at lower levels.
This level shall convey in a clear manner to the lower levels all the needs of the Customer’s clients specified in the Annual Technology Plan and the Annual Projects Plan, as well as the priorities of the same.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 4 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
In general, actions at this level shall be intended to regulate the detailed monitoring and control of the Plans and the Budget specified by the management level. The primary tasks entrusted to this level shall be:
| • | Performing follow-up on the progress of the Scheduling of Projects and activities by control of the specific projects defined for the progress of the service; |
| • | Performing adequate management and follow-up on deviations from the schedule and the levels of service agreed upon in the Service Level Agreements, and approving corrective actions regarding any deviations from the same. |
| • | Performing budget follow-up on the investments and expenses necessary to carry out the projects, as well as the financial impact of day-to-day activities intended to provide the services in an efficient manner. |
This tactical level shall be responsible for resolving any disagreements between the parties that may arise from the day-to-day activities, that cannot be resolved at the operational level, and all disagreements that cannot be resolved shall be escalated to the management level.
The tactical level shall be required to clearly convey to the operational level all instructions received from the management level, as well as any instructions issued as a part of its own activity, for the correct performance of the services.
This level shall also be required to convey to the management level any new information that arises from the day-to-day provision of the services that affect or may affect the service provided to the customers, as well as any significant deviations from the budgets that are detected during the course of the activity.
3.3 Operational Level
In general, the work of the operational level shall entail the performance of the processes and procedures defined in the Vendor’s technical documentation related to the performance of the service covered by the computer services outsourcing contract, in accordance with the levels of service agreed upon by the parties.
These processes and procedures include the availability of the services for a percentage of time equal to or greater than that agreed upon in the Service Level Agreement, with a response time less than or equal to that specified in the same Contracts. It shall also include the management of incidents that occur and any problems detected during the time periods specified in the Service Level Agreement.
The operational level of the Vendor shall also carry out complete monitoring of the progress of all hardware and software components that are involved in the provision of the service, its capacity, performance and the requirements for updating said components.
Any changes necessary in order to carry out these duties as well as procurement needs shall be conveyed to the Customer for approval. A schedule for making said changes shall be prepared, which shall then be approved by both parties.
Any disagreements between the Vendor and the Customer that cannot be settled at this operational level shall be brought up to the tactical level for resolution.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 5 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
Participants at this level will be required to report to the tactical level any incidents, changes or new information detected in their day-to-day work that may affect the service provided to the customers or that entails a deviation from the budget approved for the provision of the same service.
4. Relationship Aspects for All Levels
The levels of relationship defined in Section 3 of this document must always work under the premise of two fundamental aspects for the correct performance of the agreement between the Vendor and the Customer: Safety and Quality.
The characteristics that define these aspects are detailed below:
4.1 Safety Aspect
The primary premise that defines the safety aspect shall be that the services provided to the Customer by the Vendor under the Computer Services Outsourcing Contract cannot present any consequence or risk to the physical and logical safety of each and every one of the components involved in the provision of the same services, guaranteeing compliance with the safety criteria set forth by specific outside entities.
The Vendor shall propose specific procedures to the Customer for the receipt of Customer Safety Audits, shall determine the Safety requirements of Customer applications, shall authorize actions that are requested under special circumstances outside of the specified policies or standards, shall monitor the progress of indicators, trends and Control Tables, including the request for Audits made to the Safety service provider, and shall manage responses to Official Entities and Entities representing the Customer.
These actions shall be carried out jointly by the Customer and the Vendor.
This Safety aspect shall also include Operational Risk Management that must establish policies and criteria intended to ensure the continuity of the service, include Risk Management in the provision of services and evaluate and propose actions based on their regulatory impact.
Said Safety shall be provided to the Customer by the Vendor by means of Computer Safety Cross Support designed by the Vendor for all the services.
4.2 Quality Aspect
The two fundamental premises that define the quality aspect shall be the provision of all services with quality indicator values greater than or equal to those specified in the Service Level Agreement and the definition of actions intended to gradually improve the values of said indicators.
Both aspects of this area that will be managed in order to achieve said premises shall be quality management and service level management, as detailed in Sections 4.2.1 and 4.2.2 of this document:
4.2.1 Quality Management
Quality management shall include the preparation of the Vendor’s Quality Plan and the performance of all tasks necessary to ensure compliance with the same,
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 6 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
defining quality goals and indicators that allow compliance with the same to be measured, by establishing quality standards for the processes performed in relation to the service and by performing on-going monitoring of the Quality Plan.
4.2.2 Service Level Management
Management of the Level of Service offered to the Customer shall include confirmation that the levels agreed upon in the service Level Agreement are achieved, by describing and stating the scope of the service provided in the Catalog corresponding to the service, determining the Volume, Availability and response time expected in the Service Level Agreement.
The actions to be taken in the event of non-compliance shall be defined through the preparation and implementation of Plans of Action to improve the service and resolve incidents and problems.
5. Roles of Participants at Each Level
In order to correctly perform the tasks assigned to the levels specified in Section 3 of this document, roles are defined for both parties in Sections 5.1.1 and 5.1.2 below.
Roles that relate to the tactical level shall be represented by the persons indicated in Section 5.2 – Identification of Roles and Contact Persons, below. Roles that relate to the operational level shall be assigned in the section for identifying roles and contact persons in the Relationship Model document that is specific to each service.
Roles that relate to the management levels are the Customer’s supervisors of Technology and Production, as well as the Vendor’s supervisor. The definition of the corresponding functions is beyond the scope of this document. Persons who fulfill these duties shall also be identified in Section 5.2 of this document.
5.1 Vendor
5.1.1 Account Manager
The Vendor’s Supervisor to the Customer shall ensure that the service covered by the Outsourcing Contract and that the Vendor provides to the Customer is provided in accordance with the Annual Technology Plan, the Annual Projects Plan and the Budget that is established on an annual basis.
In general, the primary functions that fall within the scope of this role shall be to maintain on-going communication with the Customer’s Contract Manager, informing him of any facts relevant to the collaboration of the Vendor and the Customer; holding an annual meeting with the Customer’s Technology and Production Supervisors in order to establish the Annual Budget and the Projects Plan, and to be responsible for the legal and financial aspects of the Contract: Billing and Modifications.
5.1.2 Service Manager
This shall be the Vendor’s Representative to the Customer and the person responsible for said service having the elements and scope defined in the Catalog and ensuring that it is rendered in accordance with the provisions of the Service Level Agreement.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 7 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
In general, the primary functions that fall within the scope of this role shall be to hold monthly meetings with the Customer’s Contract Manager, carrying out tactical scheduling and monitoring of projects, verifying that the service being provided complies with the established objectives, proposing improvements and actions to raise Levels of Service; proposing modifications to the Service Level Agreement; advising the Management in matters related to Information Systems strategy; collaborating with the Contract Manager to establish priorities for Service Requirements, and planning changes to the service that are approved by the Management.
This person shall be responsible for the correct drafting of the Service Catalog, the Service Level Agreement and the Financial Viability Model for said Service.
5.1.3 Technical Area Supervisors
These are the representatives of each of the areas necessary to operate, maintain and support the infrastructure used to provide each of the services specified in the Vendor’s organization and they shall be responsible for all the processes, procedures and tasks specified for the correct operation of the services performed, in accordance with the standards established for this purpose, and the quality indicators defined in the Service Level Agreements.
In general, the primary functions assigned within the context of this role shall be to hold monthly meetings with the Customer's Contract Manager and with the Vendor's Service Manager, performing tactical scheduling and follow-up on projects; proposing improvements and technical actions to increase Levels of Service; providing points of view as a technical expert in said aspects of the service and collaborating to plan changes to the service as approved by the Management.
5.2 Customer
5.2.1 Contract Manager
This person shall be the Customer’s representative responsible for controlling the levels of service provided by the Vendor.
In general, the primary functions assigned within the context of this role shall be to meet monthly with the Vendor’s Account Manager and the Service Manager to monitor the Scheduling and Projects; to audit the overall status of the service; manage the development and approval of the Service Level Agreement, and to propose any changes considered relevant; monitor the continuity of services and compliance with the levels agreed upon; proposing and implementing new technologies, together with the Service Manager, in function of the company’s objectives and strategy; auditing service quality through reports that will be provided by the Vendor and being responsible for assigning priorities to service activities, in particular for the management of Changes and Problems.
5.2.2 Service Manager
This shall be the Customer representative responsible for the day-to-day management of the service provided by the Vendor.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 8 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
In general, the primary functions assigned in the context of this role shall be to review and monitor the service in the short term; meeting periodically with the Vendor’s Service Manager and with the supervisors of the Vendor’s various technical areas (Operation, Communications, Safety, etc.) in order to monitor the Service Level Agreement and the review of incidents that occur as well as the planning of the schedule of changes proposed by the Service Manager for the next period and to inform the Contract Manager of any relevant matter related to the service.
The following figure shows a graphical approximation of the roles:
| | | Monitoring | Service Audit | 7 x 24 | Service Audit | Architecture | Development |
| | Service Coordinator | Service Manager |
| SCL | Alpha Operation | |
| MAD | Service Manager (Latam 3 D + 1 FTE) | Service Coordinator |
| | Operation 25 D + 3 FTEs | Systems Technique 11 D + 6 FTEs | Communications 2 D | CSC 1 D + 1 FTE | |
| | Dedicated (D) = 42 Full-time Equivalents (FTEs) = 11 | PRODUBAN (53 FTEs) |
Figure 1: Service Roles and Responsibilities
5.3 Identification of Roles and Contact Persons
The following persons are designed to perform the roles specified in Sections 5.1.1 and 5.1.2:
Customer:
| Director of Technology and Systems: | |
Service Manager: | Gustavo Lucero |
Vendor:
The Vendor's technical area supervisors shall be appointed by the company management and their appointment therefore is beyond the scope of
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 9 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
this contract. For the purpose of the tasks assigned by this document, the participants shall be those determined by the Vendor.
6. Formalization of Lines of Communication
The formalization of Lines of Communication to perform the tasks entrusted to the various levels shall be carried out by documenting and creating working groups that will hold periodic meetings where the matters will be dealt with, as detailed below.
6.1 Vendor’s Reporting Obligation
The Vendor shall deliver the following documents to each group, at the time intervals agreed upon:
Budget Review: Will detail the budget status by entries and will identify any possible deviations from the budget.
Project Progress: Will detail the progress, attainment of objectives and budget status of projects in progress and the overall view of the projects plan agreed upon for the fiscal year.
Service Level Monitoring: Containing the percentage of attainment of the service objectives established in the corresponding Service Level Agreements, the list of incidents from the prior period, communication of general maintenance actions for the period.
The documentation that the Vendor must prepare shall be:
| | • | The Report on the Level of Service attained, which shall specify the values attained since the last meeting for the indicators specified in the Service Level Agreement. |
| | • | The Calendar of Production Changes, which shall specify all changes to components that affect the service that will take place during the period until the next meeting. |
| | • | The Incident Management Report, which will provide information regarding incidents that have occurred since the last meeting and that affect the service covered by this document. |
The definitive reporting forms shall be obtained after an interim 3-month period during which they shall be customized to the requirements of the Service.
6.2 Management Level
In general, the components of this level shall hold at least one annual meeting to identify and establish the needs of the Bank for the next year, by preparing an Annual Plan covering the same needs.
Said meeting shall also approve the Computer Projects Plan for the year, as well as the Annual Budget needed to cover that work.
The participants in said meeting shall be, for the Customer, the Assistant VP of Technology and Systems, and optionally the Contract Manager, and from the Vendor, the Service Manager and/or the Account Manager.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 10 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
6.3 Tactical Level, Scheduling and Monitoring
In general, the components of this level shall hold one meeting per month, which shall under normal circumstances deal with the monitoring and control of the budget for projects including the Projects Plan prepared by the Management Level. This meeting shall also cover, under normal circumstances, all aspects related to the services: Scheduling and prioritization of actions, technical monitoring of the service levels established in the Service Level Agreement, proposed or approved changes to the services or the Service Level Agreement and the study and approval, as applicable, of requests made by users.
The participants at this meeting shall be, from the Customer, the Assistant VP of Technology and Systems and/or the Contract Manager, and from the Vendor, the Account Manager and/or the Service Manager.
Every quarter, this meeting shall also deal with the development of the Annual Production Projects Plan, in compliance with the Annual Plan, and based on the Service Level and Capacity criteria and the monitoring of all matters related to Operational Risk and the requirements of regulatory entities. The quality of the model shall be reviewed, complying with its methodology, certification, auditing and quality indicator aspects.
All the technical documentation required to perform the aforementioned actions shall be provided by the Vendor.
6.4 Operational Level. Service Audit
The Certifier and/or Service Supervisor from the Customer and the Service Manager and supervisors of technical areas of the Vendor shall hold a monthly meeting, representing their corresponding principals.
During these meetings, the Service Level document shall be presented. Any repeated problems with installation shall be reviewed and an Action and Prevention Plan shall be prepared to correct and avoid said problems. The Schedule of Production Changes for the period until the next meeting shall be determined.
The progress of machinery and the Capacity Plan related to the service shall be reviewed, as well as the requirements for improvement based on changes to the volume of service. This meeting shall also be competent to deal with all matters related to the Operation and Technique of Systems that have occurred during the period since the last meeting.
6.5 Operational Level. Management of Incidents and Changes
For all services agreed upon by the Customer and the Vendor, the Management of Incidents shall be carried out through Cross Support of the Corporate Support Center, the process for managing incidents and problems is described in the technical document titled “Incident Management Guide.” All aspects related to the type of incidents, the method for managing the same and informing the user shall be established in the operational document of the Corporate Support Center, and if necessary they shall be specified in the Specific Relationship Model for the Service.
Every month a meeting shall be held by the Customer’s Service Manager and the Certifier, and the
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 11 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
Vendor’s Service Manager and/or Area Supervisors (Technical Systems, Operation, etc.) for a technical committee meeting.
The purpose shall be to review any incidents from the prior period (Resolution and Prevention Plan), action related to Infrastructure during the following period and communicating any installations planned during the period. A schedule of changes shall be established that shall include any tests and certifications to be carried out by the Customer’s Certifier for said service.
With the same frequency, the Customer shall receive the Changes and Incident Management document prepared by the Vendor.
An emergency procedure shall be prepared to manage those requests for changes that, for business reasons cannot follow the normal procedure based on monthly meetings, requiring in any event the timely approval by both parties.
Two operational committees are likewise established:
| | • | Daily Incident Committee: (Conference call or video conference). A conference call will be held every day to discuss any incidents that have occurred in the construction of grids, and incidents corresponding to the previous day, as well as to communicate the batch run of the previous day, thus covering changes of low- and medium-impact that were performed on the previous day and those scheduled for that day. |
| | • | Weekly Change Committee – Technological Changes Committee: (Conference call or video conference). Changes having a medium to high impact will be covered, determining the schedule for changes for the subsequent period, and communication of the changes carried out during the previous period. |
These operational committees may vary the frequency of their meetings based on the progress of the service and the corresponding needs, and always by agreement between the Customer and the Vendor.
6.5.1 Definition of Types of Incidents
Based on the types of incidents specified in the Sample Operating Document of the Corporate Support Center, the following types of incidents are defined:
| | • | VERY SEVERE or SEVERITY LEVEL 1 incidents: Those that halt the use of any system application by affecting the Customer's business processes. Any incident that involves a complete shutdown of the process chain, affects a Session Change during working hours, or that directly affects compliance with the delivery of results and/or the authorization of services. |
| | • | SERIOUS or SEVERITY LEVEL 2 incidents: Those that halt the use of any portion or function of a system application, adversely affecting efficiency, but without impeding the operation of the Customer's business. This type of incident does not affect the performance of a Session Change, does not directly affect the authorization of services or the delivery of priority results, but involves stopping more than one process and affects the delivery of results. |
| | • | NORMAL or SEVERITY LEVEL 3 incidents: This type of incident does not affect the business, involves affecting few users or non-critical functions. This type of incident occurs during a terminal task, understanding this to be that which, since it is a final task, its application does not provide conditions; therefore it does not halt any |
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 12 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | processes or files to another task, which generates as a result a report or file, which does not affect the Line service. |
Response and/or resolution times for each type of incident shall be specified in the Service Level Agreement corresponding to the service covered by this document, and in general in the Incident/Problem Management Guide.
6.5.2 Communication of Incidents to External Vendors
The Vendor shall be responsible for opening incident reports and communicating the same to external vendors, and for monitoring the same until they are resolved by the vendor. The Vendor shall keep the Customer informed of any resulting actions.
6.5.3 Responsibility for Following up on Incidents
The Vendor shall be responsible for following up on incidents and problems until they are resolved, and for proposing or taking measures for preventive actions.
6.5.4 Responsibility for Accepting / Implementing Changes
Responsibility for ACCEPTING changes shall rest fully with the Customer once said change has been certified by the Certifier and once the dates have been approved by the end users or areas requesting the change.
Responsibility for the timing of the IMPLEMENTATION of changes shall be jointly shared by the Customer and the Vendor's technical areas, by evaluating the business decision and the best technical timing for its implementation, respectively.
The Vendor shall periodically supply the Customer with the volume of changes made and the percentage assessment of the results.
7. Application Software Maintenance Agreements
The Customer agrees to execute a Maintenance Agreement with third parties for all Software included in the Catalog of any services provided by the Vendor, except for Operating System software and all software that is included in maintenance agreements signed by the Vendor and other vendors of the same. The Maintenance Agreement must include the right of the Vendor to enter into the outsourcing contracts necessary to resolve any aspect related to the provision of the services.
8. Acceptance of Vendor Procedures and Processes
Initially during the provision of the service by the Vendor, the operating procedures currently employed by the Customer shall be used. Any subsequent changes that may be made to said procedures shall be carried out gradually and by mutual agreement, ensuring the provision of the service during the specified terms.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 13 of 14CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
Furthermore, the Customer agrees that no service or any update to the same shall be put into production unless it complies with the standards established for this purpose by the Vendor and unless the corresponding quality controls have been performed.
| | | | | |
/s/ Francisco del Valle Garrido | | | /s/ Juan Fernández Fernández | |
| Produban, Servicios Informáticos Generales, S.L. | | | Banco Santander – Chile | |
| By power of attorney | | | By power of attorney | |
Francisco del Valle Garrido | | | Juan Fernández Fernández | |
| | | | |
| | | | | |
| | | | /s/ César Naranjo Ramirez | |
| | | | Banco Santander – Chile | |
| | | | By power of attorney | |
| | | | César Naranjo Ramirez | |
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC | March 20, 2007 |
Page 14 of 14
CONFIDENTIAL
Bandera 140 — Tel.: (56 2) 320 2000 — Santiago — www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
Appendix II
CATALOG
for the Outsourcing of Computer Services
“BSS Data Processing Service”
by and between
PRODUBAN, Servicios Informáticos Generales, S.L.
and
BANCO SANTANDER CHILE
Santiago de Chile and Madrid, December 3, 2007
Ref.: BSS_SPDV00_CATR17_20070620
[Ink stamp appears on bottom of every page:
“Produban Servicios Informáticos Generales S.L.]
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 1 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
TABLE OF CONTENTS
| 1. | DESCRIPTION AND SCOPE OF SERVICE | 3 |
| | 1.1 | Description of the Service | 3 |
| | 1.2 | Scope | |
| 2. | COMPONENTS AND GENERAL ACTIVITIES COMPRISING THE SERVICE | 4 |
| | 2.1 | Components | 4 |
| | 2.1.1 | Architecture | 5 |
| | 2.1.2 | Mainframe | 5 |
| | 2.1.3 | Intermediate Systems (Unix and Wintel) | 6 |
| | 2.1.4 | Communications | 9 |
| | 2.2 | General Activities Comprising the Service | 10 |
| | 2.2.1 | Scheduled Activities | 11 |
| | 2.2.2 | On-demand Activities | 12 |
| | 2.2.3 | Projects | 12 |
| 3. | SPECIFIC ACTIVITIES BY SERVICE PROVIDED | 13 |
| 4. | REPORTS OF ACTIVITY AND LEVELS OF SERVICE | 23 |
| 5. | GENERAL BACKUP POLICY | 23 |
| | 5.1 | Backups under Normal Regimen | 24 |
| | 5.2 | Future Backups | 24 |
| | 5.3 | Restoration Policies and Procedures | 24 |
| | 5.3.1 | Normal Recovery | 24 |
| | 5.3.2 | Special Recovery | 24 |
| 6. | TECHNOLOGICAL CONTINGENCY PLAN | 25 |
| | | | |
List of Figures
| | | |
| Figure 1: | Supported Instances and Environments | 4 |
| Figure 2: | Detailed Overall Diagram | 5 |
| Figure 3: | Mainframe Platform | 6 |
| Figure 4: | SUN Servers | 7 |
| Figure 5: | Production Environment | 7 |
| Figure 6: | Development and Approval Environments | 8 |
| Figure 7: | SAN Intermediate Services Storage | 8 |
| Figure 8: | Backup Intermediate Services | 9 |
| Figure 9: | Detail of WAN Communication | 10 |
| | | |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 2 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
1. Description and Scope of Service
1.1 Description of the Service
The Data Processing Service to be provided by PRODUBAN, Servicios Informáticos Generales, S.L. (hereinafter the Vendor) to Banco Santander Chile (hereinafter the Customer) within the context of this Agreement consists of providing the Information Technology and Communications (ITC) infrastructure (Hardware and Software components) and performing the activities required for the provision of the functionalities required by the Customer.
This service covers activities within the aspects of:
| | • | Operation (Production Environments, QA/Approval and Development) |
| | Activities corresponding to the production area that ensure the provision of IT functions required by the business areas of the Customer (Batch, transactions, data management, backups, recovery, operation, etc.); |
| | • | Administration and Systems Techniques |
| | Activities that ensure the provision of the operational IT infrastructure required by the Customer (installation, maintenance, monitoring, custom development, etc.); |
| | Activities necessary for administration of the portion of the GSNet/LATAM interconnection network that connects Santiago, Chile with Madrid to ensure a secure connection between the BSS and the data processing facilities in Boadilla del Monte. This does not include the “Organization Network” of the BSS. |
| | Activities required for the implementation of security policies and procedures marked from the Customer, that shall comply with the security standards of Santander Group, in order to ensure the availability of access to data and systems, the integrity and confidentiality of the same for components and tasks for which the Vendor is responsible, safeguarding the provisions that in this regard are issued by the auditing authority in Chile. |
1.2 Scope
The service covered by this agreement shall be provided through the components specified in this catalog, and in the volumes specified in Appendix III to the Contract “Level of Service Agreement,” in the section titled “Volume of Service.”
Any variation from this scope must be decided in meetings held by the levels specified in Appendix I – Relationship Model,” and their financial impact must be approved for inclusion in the Contract Budget.
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 3 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
2. Components and General Activities that Comprise the Service
2.1 Components
All those components of the Vendor’s IT infrastructure that are involved to a greater or lesser extent in the provision of all, several or any of the functionalities that the service provides to the Customer and that are under the supervision of the Vendor shall be considered components of the service.
The business services are based on the ITC Infrastructure of the Vendor, which shall include:
• Mainframe platform and the corresponding storage
• Intermediate systems platform, with the corresponding storage, which supports the following services:
° MIS
° Payment Methods Datamart
° Blanca II
° ITACA
° Control-M Scheduler
• Communications Infrastructure for connectivity between Customer CPDs and Vendor CPDs.
The foregoing infrastructure, located in Spain, supports the Environments and Instances that are presented below, which are within the context of services of Produban:
| Platform | zOS | Intermediate Services |
| Environment | SYSD | SYSQ | SISP | Unix and Wintel Systems |
| Instance | Development | Testing and Integration | Approval | QA | Production | Development | Approval | Production |
Figure 1: Supported Instances and Environments
The current and primary components that support the service covered by this contract are described schematically below.
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 4 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
2.1.1 Architecture
The following figure shows the architectural view of the components under the direct administration of the Vendor and those that are in Chile to be directly administered by Altec Chile or via outsourcing contracts that the Customer may enter into.
[Key of items from Figure 2:]
| Managed by Altec | | Managed by Produban |
Sucursales = Branch offices Atencion Telefonica = Telephone Service Banca por Internet = Online Banking Banca Personas = Personal Banking Banca Empresas = Business Banking Banca Personas / Empresas = Personal / Business Banking Banca Automatica = Automatic Teller Banking Autoservicios = Self Service Servimatico = [unclear – possible ATM] Redes medios de pago = Payment Methods Networks Especificos = Specific Features Apllo. Departamentales = Dept. Support | Sucursales = Branch Offices Aplicaciones = Applications | Aplicaciones = Applications Aplicaciones no Altair = Non-Altair applications Datamart Medios de Pago = Datamart Payment Methods |
Figure 2: Overall Detailed Diagram
The key components that support the service for each of the platforms included under this contract: Mainframe, Intermediate Systems and Communications.
2.1.2 Mainframe
Figure 3 shows, in schematic fashion, the mainframe platform, which is located in the two existing CPDs in Boadilla del Monte, also including the infrastructure dedicated to safety copies.
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 5 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
[Key of items from Figure 3:]
Acoplamiento = Connection
Tarjetas OSA = OSA Cards
Desarrollo = Development
Director = Manager
Conectividaad datos = Data Connectivity
Copia Síncrona = Synchronous Copy
… Cintas = … Tapes
Primario = Primary
Figure 3 – Mainframe Platform
2.1.3 Intermediate Systems (Unix and Wintel)
Solaris systems are installed on physical partitions (or dominoes) consolidated into 3 Sun E25K servers:
| | • | The production systems on 2 Sun E25K servers, each installed in a CPD at Boadilla (CPD East and CPD West). This enables support for a contingency involving this platform. |
| | • | The development and approval systems on 1 Sun E25K server at the CPD West at Boadilla. |
| | • | The SAS servers on two Sun Fire V490 servers each installed at one Boadilla CPD (CPD East and CPD West). |
The Wintel systems are installed on physical servers located at the CPD East in Boadilla. The backup systems are located at the CPD West in Boadilla.
The following figures show the location diagrams of the SUN servers and the distribution by CPDs of the various Production, Development and Approval environments with the corresponding storage and backup systems.
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 6 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
[Key of items from Figure 4:]
CPD Boadilla Oeste = CPD West, Boadilla
CPD Boadilla Este = CPD East, Boadilla
Desarrollo = Development
Producción = Production
Figure 4 – SUN Servers
[Key of items from Figure 5:]
CPD Boadilla Oeste = CPD West, Boadilla
CPD Boadilla Este = CPD East, Boadilla
[Other captions in this diagram are illegible.]
Figure 5 – Production Environment
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 7 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
[Key of items from Figure 6:]
CPD Boadilla Oeste = CPD West, Boadilla
Desarrollo = Development
Homologación = Approval
servicio = Primary system
almacenamiento = Storage
[Other captions in this diagram are illegible.]
Figure 6: Development and Approval Environments
[Key of items from Figure 7:]
CPD Boadilla Oeste = CPD West, Boadilla
CPD Boadilla Este = CPD East, Boadilla
4a copia = 4th copy
Rojo = Red
Azul = Blue
Figure 7: SAN Intermediate Services Storage
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 8 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
[Key of items from Figure 8:]
CPD Boadilla Oeste = CPD West, Boadilla
CPD Boadilla Este = CPD East, Boadilla
Servidores Windows = Windows Servers
VLAN Administración = Administration VLAN
Figure 8 – Intermediate Services Backup
2.1.4 Communications
Communication between the CPDs in Santiago, Chile and Madrid (Boadilla and Mesena) shall be accomplished, under normal working conditions, through the Level 1 Interconnection Line (Point to Point) of the GSNet LATAM network.
This connection is duplicated and is supplied by different operators to ensure the continuity of communications. There is also an automatic switch to the duplicate infrastructure in the event that the section in service goes out of service. Communication over Level 2 interconnection lines (MPLS, 2 nodes) and Level 3 lines (VPN over the Internet) are available and will be used on a contingency basis.
The following figure shows a simplified diagram of communication between Chile and Spain.
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 9 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
GSNet LATAM Chile
Level 1 – Point to Point
Level 2 – MPLS (2 nodes)
Level 3 – VPN Internet
Figure 9 - Detail of WAN Communications
2.2 General Activities Comprising the Service
All those tasks performed by technicians of the Vendor intended to provide functionality to the service covered by this agreement, to perform maintenance on one, several or all components of the service, or to provide an improvement of the conditions under which the same are provided shall be considered activities that comprise the service.
Based on the frequency that said activities are carried out, the following types are distinguished:
• Scheduled Activities: Activities that are repeated periodically and on a controlled basis, normally according to pre-established procedures;
• On-demand Activities: Similar to the previous item, but carried out either at the request of the Customer, or during the resolution of problems, configuration, capacity management, etc.
• Projects: Specific actions that resolve requests for changes to infrastructure or to incorporate new components, and that have their own scheduling, objectives and follow-up.
For the service covered by this contract the activities that generally comprise the service are listed below, and the detailed activities are described in Section 4 of this document, “Specific Activities by Service Provided.”
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 10 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
2.2.1 Scheduled Activities
• Basic Operation
° Server start-up / shutdown
° Running batch processes:
| | • | Of the system: Sub-system start-up and shutdown, making safety copies, log management processes, etc. |
| | • | Related to applications: Control of batch processes related to the business will be carried out, and the adjustment and validation of these batch processes will be the responsibility of the Customer, through Altec. |
| | • | Control of the running of the Customer’s batch processes, regardless of location, will be carried out by the Vendor. The Customer, through Altec, is responsible for the availability of all the interfaces necessary for this run (at the level of available systems and sub-systems, as well as for the necessary data or files), systems not located at the Madrid CPDs. The Customer is, thus, also responsible for the availability of contact persons associated with said interfaces. |
The Vendor is responsible for the basic operation associated with the start-up / shutdown of servers and infrastructure components located at the Madrid CPDs.
| | • Monitoring: The availability of equipment and services will be audited, as will the use of the system. |
| | • Storage management / Assignment of space: Control of disk space and its assignment to various subsystems. |
| | • Backup and restoration management: Control of the systems and data backup processes, as well as the activity to restore the same as required. |
| | • Management of incidents and problems: Escalation and monitoring according to agreed upon technical procedures (See Document “ BSS_Incident Management Guide”). |
| | • Management of changes in QA / Approval and Production: |
| | (Only infrastructure in Madrid) |
| | ° Scheduling Work according to procedures for changes |
| | ° Scheduled production start-up according to the procedure for changes, and at the Instances of QA / Approval |
| | ° Start-up of production of emergency or unscheduled work per the procedure for changes. |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 11 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
2.2.2 On-demand Activities
This is the performance of activities at the request of users, in the event of incidents or due to unscheduled events.
• Basic Operation
• Monitoring
• Management of events, incidents and problems.
2.2.3 Projects
Specific activities are those related to business processes that comprise activity plans and projects.
• Adaptation of specific environment
| | ° Provision of capability for Machine / Analysis of Impact |
| | ° Management of Storage / Assignment of disk space |
| | ° Creation / Integration into Backup and Recovery processes |
| | ° Creation / Adaptation of the Incident and problem management structure, including any new components. |
• Integration into the Production Structure
° Monitoring
° Scheduler
° Creation of the corresponding documentation (departments, criticality)
• Integration into the Service Structure:
° Associated Service Indicators:
• User requirements
• Application availability
• Availability of generated data
• Response time
• Reports to be generated
• Criticality of processes for handling incidents.
1 The primary indicators are presented in the Service Level Agreement document.
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 12 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
3. Specific Activities by Service Provided
The specific activities in the context of the Processing Service to be provided by the Vendor to the Customer are:
| | • | Batch Management (business processes). Carried out by the Scheduling and Batch Control Center areas. The tasks carried out by scheduling are: |
| | ° Receipt of documentation on the work to be scheduled. Altec will be responsible for providing said documentation (shown in the Change Management Guide). |
| | ° Preparation of work (introduction / validation of data required for performance), whether for automated systems under Control-M or for those which are not automated by specific tools. |
| | ° Organization of the performance of work by the various applications, determining: |
| | • the period for performing the work |
| | • the sequence based on criticality (prioritizing work) |
| | • whether the task is dependent on completing other tasks |
| | • verification of results |
| | • management of competition and exclusion with other work or processes based on the competition for resources |
| | • recovery operation. Specific procedures will be prepared by working with the Systems Administration areas (i.e. Databases), and at times, for the resolution of recovery the Systems Tech and Altec/Development will have to work together. This will be run by the Batch Control Center |
| | • Re-start operation. The specific procedures will be prepared with the Systems Administration and Altec/Development |
| | • Management of resources, priorities and permits. |
• Transmission of orders to run work that is not periodical (received per procedure).
• New schedule of work due to
° Entry of new applications
° Running special processes
° Changes to the basic hardware and software of the environment
° Maintaining system components.
| | ° Running processes and the corresponding controls, controlling return codes and validation processes |
| | ° Running processes or special repeated processes requested by the Customer. |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 13 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| Support for and resolution of incidents involving batch processes are the responsibility of the Customer (with respect to applications and interfaces). Specifically by Platform: |
| | • | Mainframe: Support and resolution of incidents detected in batch processes of this platform will be escalated to Altec 7 x 24 which will be responsible for said incidents |
| | • | Intermediate Systems: Support and resolution of incidents detected in batch processes on this platform will be escalated to Altec Production, which will be responsible for said incidents, for systems residing in Madrid and for systems located in Chile. |
The registration, escalation and control of batch process incidents will be handled according to the Incident and Problem Management procedure defined in “Support for the Management of Incidents and Problems (CSC – Customer Support Center)”. |
| • | Transaction Management |
| | ° | Automatic start-up to authorize access to transaction applications. |
| | ° | Monitoring performance of systems housing transaction applications |
| | ° | Shutdown operation to prohibit access to transaction applications. |
| | | | |
| • Data Management: This subject is intended to guarantee the availability of media and procedures to store information that is critical to the Service. |
| The objective of data management is to guarantee the availability of stored data and its recovery when required. It specifically includes the following basic activities: |
| | | ° | Analyzing the criticality of existing data in terms of its activity |
| | | ° | Implementing global backup and recovery policies, in function of the importance of the data. Backup processes run by the applications are the responsibility of the Customer; the Vendor is responsible for the recovery of data. |
| | | ° | Providing mechanisms to protect against losses and disasters of any type. |
| | | ° | Ensure that the data are store on appropriate media during the terms specified jointly with the Customer and that its recovery is feasible and rapid. |
| | | ° | Facilitate the availability of data, so that the Customer may carry out the transfer of data and information with outside entities. |
| | | ° | Define and run the procedures that establish policies for maintaining fiscal, accounting and any other information specified by current regulations. |
| | | | |
| | | | |
| | | | |
| | • | Printing and finishing |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 14 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | | ° | The responsibility of the Vendor is focused on the availability of the data, since the printing and finishing remains in Chile, and is the responsibility of the Customer |
| | | | |
| | • Optimization and Control |
| | | ° | Systems |
| | | | • Monitoring of transaction performance under the responsibility of the Vendor |
| | | | • Monitoring capacity |
| | | | • Creation and maintenance of auto operator rules |
| | | | • Authorization for intermediate services |
| | | | • Running optimization tasks that are derived from the foregoing points |
| | | ° | Batch |
| | | | • Inclusion of JCLs in the daily scheduling of production events, and for Approval and QA events |
| | | | • Monitoring of Process Performance |
| | | | • Performance of tasks that are derived form the aforementioned monitoring |
| | | | • Actions to correct work for the optimization of processes. |
| | | | |
| • | Management of Room Logistics |
| | ° | Receipt of the new hardware |
| | ° | Provide the infrastructure necessary and inclusion in Inventory Management, Capacity and Availability |
| | ° | Base software: The installation of base software is related to the installation of the hardware and is carried out by Systems Support teams |
| | ° | Adjust the contingency plans to the new infrastructure |
| | ° | Diagnose or design impacts of the changes on applications and issue reports in this regard. |
| | | | |
| • | Systems and Subsystems Administration |
| | ° In general, the following activities are carried out for all subsystems: |
| | | • Use system and subsystem monitors to obtain performance and evaluation background information |
| | | • Control the response time of systems in general, based on the transactional environments |
| | | • Provide technical assistance to the operations area, delivering support and technical upgrades. |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 15 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | | | |
| | | | |
| | | • | Maintain and update the system software, product programs and tools (excluding applications whether for its own development or third parties). |
| | | • | Keep the system software updated by means of PTFs (Program Temporary Fixes) and monitor the description of the problem by means of APARs (Authorized Program Analysis Reports). |
| | | • | Maintain a register of the use of general resources associated with each subsystem and its associated products. |
| | ° | MVS System Programming: |
| | | • | Provide all the instances of work covering the Service (Development and Integrated Testing, QA, Approval and Production). |
| | | • | Provided technical support for the software, operating system and products, delivering support and technical upgrades to the involved parties. |
| | | • | Use system monitors in order to obtain background on behavior and evaluation, controlling the consumption and distribution of CPU memory resources and seeking a high effectiveness of the same. |
| | | • | Control and report on the use and distribution of critical disk space (system and spool space). |
| | | • | Maintain LPARs and the priorities / configurations of the system. |
| | | • | Install, maintain and update access control software |
| | | • | Implement the protection requirements for operating system resources via access control software. |
| | ° | CICS/MQ systems programming: |
| | | • | Maintain and update the system software for the online environment. |
| | | • | Structure CICS regions to support the requirements of the Customer’s applications. |
| | | • | Prepare configurations for the system so as to maximize performance and capacity. |
| | ° | Programming of data base management systems: |
| | | • | Maintain and update the system software for data base administration |
| | | • | Maintenance of the DBMS (Data Base Management System). |
| | | • | Reorganize the Data Base and image copies |
| | | • | Review and physical support of the Data Base |
| | | • | Scheduling of capacities of the data bases and management of performance. |
| | | • | Monitoring and handling of system resources (e.g. DASD, CPU) in support of the data bases and scheduling of capabilities. |
| | | • | Recovery of the Data Base. |
| | | | |
| | ° | Data base support: |
| | | | |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 16 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| • | Develop the following activities supplemented by the Client’s personnel: Monitoring of data bases, this activity is related to verification of status and projection of data basses in regards to the use of space. |
| | ° | Programming of VTAM and TCP/IP systems: |
| | | • | Maintain and update the communications software |
| | | • | Control and monitor the behavior of system communications resources, including the associated hardware and software, seeking to maintain their high availability. |
| | ° | Programming of intermediate platform Operating Systems: |
| | | • | Provide all the instances of work covered by the service |
| | | • | Provide technical support for the software, operating system and products, providing support and technical upgrades to those involved. |
| | | • | Use system monitors to obtain background information on behavior and evaluation, verifying consumption and distribution behavior of CPU-memory resources, seeking a high efficacy rate of the same. |
| | | • | Control and report the use and distribution of the critical disk space resource (systems space). |
| | | • | Maintain the partitions and priorities/configurations of systems. |
| | ° | Support for Control-M: |
| | | • | Define the Control-M systems for environments under the responsibility of the Vendor on the various platforms. |
| | | • | Make changes to the product that are necessary to customize environments / platforms. |
| | | • | Apply maintenance, according to the instructions and materials delivered by the supplier. |
| | | | | |
| • | Basic Software and Hardware Maintenance |
| | ° | Hardware: Does not involve the specific maintenance of components (these are the responsibility of the hardware services providers), but rather the supervision and coordination of the same and their customization, which affects the configuration and availability. |
| | ° | Software: Consists of the application of patches, service packs, etc., and/or version changes. In the case of complex changes, (the Procedure for the Management of Changes will be followed), areas external to the Vendor must participate, such as Development or Users. |
| | | | | |
| • | Data bases for Approval, QA and Production |
| | ° | Administration of table spaces, segments and objects |
| | ° | Supervision and optimization of performance |
| | ° | Maintenance and application of patches |
| | ° | Control of availability |
| | ° | Management of changes and analysis of integrity |
| | ° | Management of storage and assignment of space. |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 17 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| • | Operation | | |
| | ° | Management of Capacity and Availability |
| | ° | Management of alarms, consoles of various servers |
| | ° | Operate disk consoles |
| | ° | Management of peripherals, and carry out the mounting / unmounting of tapes per requests by applications or developers |
| | ° | Execute console commands |
| | ° | Monitor systems. The fundamental objective is to receive information regarding the operation of production infrastructures, in terms of trends as well as specific device actions. In light of the Service Level Agreement, provide the information necessary for the preparation of monitoring reports. |
| | ° | Perform the daily processes to refresh environments. |
| | ° | Open and close applications. |
| • | Optimization and control |
| | ° | Repetitive structural installations |
| | ° | Action before incidents |
| | ° | Modification of Server parameters |
| | ° | Support for the creation of objects on subsystems |
| • | Processing in the event of a contingency |
| | ° | Recovery of equipment from the Data Center and/or data network by failures |
| | ° | Develop and maintain the disaster recovery plan |
| | ° | Coordinate disaster recovery tests |
| | ° | Carry out disaster recovery tests and report the results of the same |
| | ° | Insure compliance with regulatory requirements. |
| • | Monitoring and control | |
| | ° | Preparation of service reports (for internal and external use) and delivery of files to the Customer |
| | ° | Execution of specific tasks of the system on a scheduled basis or upon request (according procedures). |
| | ° | Specific actions regarding tasks being performed (changes in order or in conditions) in order to better comply with agreed upon schedules. |
| • | Inventory Management | |
| | ° | Carry out inventory and manage life cycle of installed machines |
| | ° | Periodically review the installed equipment and update inventory |
| | ° | Coordinate and support changes to the IT infrastructure involved in the service. |
| • | Support for the Management of Incidents and Problems (CSC – Customer Support Center) |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 18 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | | | | |
| | ° | Management and escalation of second-level incidents, and to the 7x24 group and Altec Production in Chile (according to the Incident Management Procedure). |
| | ° | Management of Problems in the corresponding area (according to procedures). |
| • | Management of Changes |
| | ° | Coordination of the Vendor’s Changes Committee with the Customer |
| | ° | Preparation of software for its installation in approval, QA and production |
| | ° | Installation of the software on all platforms for which the Vendor is responsible |
| | ° | Coordination of changes to approval, QA and production for platforms for which the Vendor is responsible. |
| | The Vendor shall have the authority to approve changes in production, subject to the escalation procedures defined in the Change Management process. |
| • | Management of stress and volume tests |
| | ° | Produban Changes Management shall be responsible for the Stress and Volume Tests, which are carried out on the platforms managed by Produban |
| | ° | The QA departments of Altec and Produban will work together on the stress and volume tests that impact the infrastructures of Altec and Produban. |
| | ° | Scheduling and execution of the stress and volume tests of the software that is to be placed into production in order to guarantee the stability of the system. |
| | | Any change to Production must go through the previous environments without exception, which does not mean that everything is tested in QA. In order to require this test, the change has to either be new software, or represent a significant percentage (+50%) within the Application, or affect several applications or substantially change conditions (relationships, functionalities). Simple promotions or those with simple changes are not tested. Those changes for which in their prior research it is believed that testing is not necessary are also not tested. |
| | ° | For tests that are carried out online (stress), a difference will be made between the Financial Terminal and Middleware Components (OBUS Format). Transactions are carried out by MQ injectors in the QA environment. |
| | | It is the responsibility of the Customer to deliver the OBUS and TF formats to the Vendor for the performance of the tests, and to report the details of the transaction and the estimated data (peaks) that are expected to be obtained from the tests: transactions per second, average response time and critical schedule. |
| | ° | Volume (batch) tests are based on the performance of grids in the QA environment. |
| | | The Customer must provide information relative to: estimated run time, start time, conditions, frequency, relationship of jobs and programs and an overall flow chart of the grid. Likewise, the |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 19 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | | |
| | | | | |
| | | Customer must provide all the files and interfaces necessary in order to carry out said test. |
| | ° | It is the responsibility of the Customer to provide all the information necessary to carry out said tests, at the level of defining the environment (data, application software, files, etc.) as well as documentation. |
| • | Management of Technological Changes |
| | ° | Coordination with the Customer Changes Committee |
| | ° | Coordination of the installation of hardware and software for systems and communications |
| • | Management of Communications |
| In order to attain the overall objective to provide communications service between Chile and the Vendor, the following activities shall be carried out, limited to said environment: |
| | ° | Control of Vendors of subcontracted communications services within the GSNet context: |
| | | • | Management of various contracts and agreements that the Customer has with integrators and operators related to Communications services. |
| | | • | Management of the service provided by integrators and operators, controlling the levels of service agreed upon with the same. |
| | ° | Installation | | |
| | | • | Installation of the Server cabling infrastructure in the rooms in Madrid |
| | | • | Installation of the communications infrastructure (data) |
| | | • | Configuration of equipment: Routers, Switches, hubs and channel extenders |
| | | • | Adjustment of the Technology Contingency Plan to the new infrastructure (in the CPDs in Madrid). |
| | ° | Operation |
| | | • | Management of Configuration, Capacity and Availability |
| | | • | Management of communications alerts |
| | | • | Monitoring of communications systems (data). The fundamental objective is to receive information regarding the operation of production infrastructures, in terms of tends as well as specific deviations. In light of the Service Level Agreement, provide the information necessary to prepare the follow-up reports |
| | | • | Actions for change or improvement |
| | | • | Hardware maintenance |
| | | | | |
| | ° | Customization |
| | | The customization of the communications technology infrastructure shall be determined by the guidelines for technological updating adopted at the corporate level, required by the Customer or recommended by the Vendor. The information generated by Monitoring shall be used to: |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 20 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | | | • | Define projects to upgrade infrastructure |
| | | | • | Analyze new products |
| | | | • | Define the criteria to prioritize package traffic on the MPLS network |
| • | Communications research |
| | This group of activities includes: |
| | ° | The design of communications solutions. In order to design solutions, a cost study shall also be carried out, so that, in the event that it is necessary, additional budget entries may be approved by the Customer, to allow them to be carried out |
| | | This refers to data solutions in the following environments: |
| | | • | WAN networks: |
| | | | • | Connection between the CPDs in Chile and the CPDs in Spain |
| | | • | LAN networks: |
| | | | • | Server networks in the CPD in Spain |
| | ° | Customization to comply with the IP addressing plan of the group |
| | ° | Communications management tools |
| | | • | Monitoring systems |
| | | • | Control of versions and configurations of network electronics |
| | | • | Design of network maps and alerts |
| | ° | Analysis, design, evaluation and scheduling of projects corresponding to: |
| | | • | The study and implementation of new technologies that offer better technologies or financial improvements that offer a decrease in the cost of communications. |
| | | | | |
| • | Security |
| | The activities that the Vendor shall carry out in this context for the provision of services to the Customer covered by this agreement are listed below: |
| | ° | Security of information and integrity of data |
| | | • | Centralization, service, resolution and/or escalation of incidents or security requests. Requests by users and access to resources and applications that are the responsibility of the Customer are excluded. |
| | | • | Emergency access control in order to resolve incidents. |
| | | • | Implementation of antivirus systems in Windows environments that are at the Madrid CPDs and under the responsibility of the Vendor |
| | | • | Application of the security patches and configuration improvements based on the best practices and non-compliance with the guidelines defined by Corporate Security and the Customer |
| | ° | Security of logical access |
| | | The security policies that provide configuration of logical access will be framed by the Customer, and shall comply on a general level with the Corporate Security Policy of the Santander Group, and including Customer-specific aspects. The installation and configuration activities related to the application of said policies |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 21 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | | | | |
| | | in IT components and systems within the context of this agreement shall be the responsibility of the Vendor. |
| | | | | |
| | | • | Installation and configuration of a firewall and any other necessary tools |
| | | • | Configuration of router and switching components in order to restrict access at the level of network interfaces |
| | | • | Registration and periodic monitoring of access to base platforms in order to ensure and encourage the correct use of facilities |
| | | • | Communication to the Customer of the polices for access control and restriction for access keys to the various systems of the facility (mainframe and intermediate systems), in order to align the Customer with the general policies of the group |
| | | • | Support and recommendations for the configuration of navigation options within the various systems/applications, based on the permits granted to the user and/or group of users. The responsibility for said configuration of systems/applications corresponds to the Customer. |
| | ° | Administration of Intermediate Systems at the Operating System (“Root”) level. |
| | Any installation and security administration involving the following shall be the responsibility of the |
| | | Customer: |
| | ° | Mainframe: |
| | | • | At the system level (RACF), communications (communications on the Mainframe platform), CICS and Data Bases (DB2). |
| | | • | Development of the processes and procedures to ensure the integrity of data (at the data base level) |
| | | • | At the applications level |
| | ° | Distributed systems: |
| | | • | At the applications level |
| | ° | Management of users and working groups. |
| | | • | Identify and implement the protection requirements for application resources |
| | | • | Implement data protection requirements using access control software that allows management of usage rights for employees of the Customer as well as the Vendor: |
| | | | • | Identification and authentication of users |
| | | | • | Assignment of profiles and access permits |
| | | | • | Elimination / debugging of users |
| | | | • | Passwords (assignment, resetting, cancellation, etc.). |
| | | | | |
| | | • | Implementing and maintaining security controls that allow the tasks of the previous item to be carried out on those subsystems and applications that do not use access control software for security. |
| | ° | Support for conducting security audits |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 22 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | | | | |
| | | At security audits responsibility falls on the Customer, and the Vendor shall provide the necessary support: |
| | | | | |
| | | • | Documentary support for requests for access logs, processes and any other type that is logged in the systems to be audited |
| | | • | Provide lists of users by service, profiles, privileges, permissions, etc. related to the users authorized on the Customer systems, for those systems for which the Vendor is responsible. |
| | | • | Provide contracts with other entities that support the performance of the activities included in the service covered by this contract. |
| | | • | Provide manuals, configuration diagrams, communication diagrams and any other documentation that describes the provision of the service covered by this contract. |
| | | • | Technical assistance for revisions of the security mechanisms and processes analyzed during the security audit, excluding those carried out within applications. |
| | | • | Document the activity logs required by the Customer in the regular performance of the activities corresponding to the service covered by this contract (excluding any activity log created by applications, and only for components for which the Vendor is responsible). |
4. Activity Reports and Levels of Service
The Vendor shall inform the Customer of the activity and level of service achieved based on the frequency and content of the reports specified in the Service Level Agreement document.
In the face of specific events or situations that require special monitoring and follow-up, the Customer may request greater detail for the information provided by request to the Service Manager.
5. General Backup Policy
Within the general strategy of the Vendor in order to guarantee the continuity of the Customer’s service, all applications, associated data and basic software for the technology platforms that support the services to be provided to the customer are backed up according to the following general plan:| | • Disk housings, for the mainframe platform and intermediate systems, are replicated at the two CPDs; |
| | • The backups for both platforms are carried out at the opposite CPD of the one that houses the server. One CPD houses the server and the other contains the backup cartridges. |
The backup and recovery of files is applied to all technology platforms located in Madrid.
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 23 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
The generation of backup copies may be carried out in two ways:
• Event-based backups
Which are described below.
5.1 Normal Regimen Backups
The Customer shall be responsible for providing the Vendor with the specifications necessary related to business or legal requirements to carry out data backups.
The Vendor must provide the licenses and install backup agents. In this manner the Vendor implements and incorporates said backup into the normal Production regimen. This service shall be required of the Vendor every time that the following events occur:
| | 1. Change in utility and/or procedure |
| | 2. Each time that a new machine is incorporated into the Data Center |
| | 3. Changes to applications and new applications. |
The Altec Media Administration Supervisor will send the request to the Vendor’s Supervisor using the Event-based Backup Form. This service will be required in relation to the following events:
| | 3. Technical tests and projects |
5.3 Restoration Policies and Procedures
The commitment times for restoration of the various systems and the hold time for data will be determined with the Customer during the transition period. All of this is in function of the type of application and the organizational or legal requirements that the Customer must fulfill. The Customer must communicate these conditions to the Vendor so that it may adjust its actions based on the needs specified by the Customer.
Recovery may be considered regular or special. The conditions that are generally applied to each type are described below:
Recovery from the Development and Approval environment are declared to be normal, i.e. these requests will be received only on business days, Monday through Friday during service hours. If the request arrives outside of these times, it will be left for the next day. The response time for this type of request shall be 24 hours.
Recovery of Production, Data security and Auditing are declared to be special, i.e. these requests will be immediately attended to by the Altec Media Administration and Vendor Operations units, once
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 24 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
the recovery form arrives. The response time will depend on the information to be recovered and the availability of the equipment.
For mass project file recovery, the Customer’s Supervisor shall coordinate the scheduling, performance and commitments in a timely manner with the Vendor’s Service Manager.
6. Technology Contingency Plan
There is a Technology Contingency Plan prepared by the Vendor that contains the procedures for mitigation, actions before, during and after a contingency and the strategies for recovering computing and telecommunications services.
The Vendor agrees to keep the Plan up to date at all times and aligned with the requirements that the Customer may have with respect to its own Business Continuity Plan. Furthermore, the Vendor may amend the content subject to notification of and agreement with the Customer.
The Vendor shall coordinate and control actions to mitigate risks, contingencies and for recovery contained in the Plan, without that presupposing, under any circumstances, the delegation of any responsibilities that may correspond to the Customer.
The Customer agrees to provide the Vendor with the information necessary in order to maintain the Plan and to follow the applicable procedures.
In order to verify the updating and effectiveness of the Plan, the same shall be tested annually. The parties shall determine the scope of the same, and preferably must include verification of the procedures that have been changed or modified since the last test.
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 25 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
The procedures for mitigation, contingencies and recovery of other systems of the Vendor, as well as all those of the Customer, are explicitly beyond the scope of the Plan.
| | | | | |
/s/ Francisco del Valle Garrido | | | /s/ Juan Fernández Fernández | |
| Produban, Servicios Informáticos Generales, S.L. | | | Banco Santander – Chile | |
| By power of attorney | | | By power of attorney | |
Francisco del Valle Garrido | | | Juan Fernández Fernández | |
| | | | |
| | | | | |
| | | | /s/ César Naranjo Ramirez | |
| | | | Banco Santander – Chile | |
| | | | By power of attorney | |
| | | | César Naranjo Ramirez | |
| APPENDIX II BSS_SPDV00_CATR17_20070620 (2) (2).doc | March 20, 2007 |
Page 26 of 26
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
Appendix III
SERVICE LEVEL AGREEMENT
for the Outsourcing of the
“BSS Data Processing Service”
by and between
PRODUBAN, Servicios Informáticos Generales, S.L.
and
BANCO SANTANDER CHILE
Santiago de Chile and Madrid, December 3, 2007
Ref.: BSS_SPDV00_SLAR26_20070620
[Ink stamp appears on bottom of every page:
“Produban Servicios Informáticos Generales S.L.]
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 1 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| TABLE OF CONTENTS |
| | | | |
| 1. | INTRODUCTION | 4 |
| 2. | DESCRIPTION AND SCOPE OF SERVICE | 4 |
| | 2.1 | Scope | 4 |
| | 2.2 | Volume of Service | 5 |
| | 2.2.1 | Infrastructure of Relevant Systems | 5 |
| | 2.2.2 | Communications | 6 |
| 3. | COMMITMENTS OF THE PARTIES | 6 |
| 4. | MEASUREMENT AND MONITORING INDICATORS AND TOOLS | 7 |
| | 4.1 | Indicators | 7 |
| | 4.2 | Tools | 7 |
| 5. | SERVICE SCHEDULE | 7 |
| 6. | AVAILABILITY OF DATA SERVICES | 8 |
| 7. | BATCH JOBS | 8 |
| | 7.1 | Periodic batch jobs | 9 |
| | 7.2 | Random batch jobs | 9 |
| 8. | ONLINE AVAILABILITY | 10 |
| 9. | ONLINE RESPONSE TIME | 11 |
| 10. | DATA COMMUNICATION BETWEEN THE CPDS IN CHILE AND SPAIN | 12 |
| 11. | WAIVER OF LIABILITY | 12 |
| 12. | INCIDENT MANAGEMENT | 13 |
| | 12.1 | Level of Severity of Incidents | 13 |
| | 12.1.1 | Very Serious Incidents: Severity 1 | 13 |
| | 12.1.2 | Serious Incidents: Severity 2 | 13 |
| | 12.1.3 | Normal Incidents: Severity 3 | 14 |
| | 12.2 | Reaction and Resolution or Escalation Times | 14 |
| | 12.3 | Escalation Procedure | 15 |
| | 12.3.1 | Severity 1 Incidents | 15 |
| | 12.3.2 | Severity Level 2 and 3 Incidents | 15 |
| | 12.3.3 | Incidents related to batches | 16 |
| 13. | CONTINGENCY PLAN | 17 |
| 14. | SERVICE VERIFICATION AND ADJUSTMENT PERIOD | 17 |
| 15. | ACTIONS IN THE EVENT OF NON-COMPLIANCE WITH THE SERVICE LEVEL AGREEMENT | 17 |
| 16. | SERVICE LEVEL REPORTS | 18 |
| | 16.1 | Monthly Frequency | 18 |
| | 16.2 | Weekly Frequency | 19 |
| | 16.3 | Daily Frequency | 19 |
| | 16.4 | Other Reports | 19 |
| 17. | PROCEDURE FOR REVIEW AND CHANGES TO THE SERVICE LEVEL AGREEMENT | 20 |
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 2 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| LIST OF TABLES |
| | | |
| Table 1: | Volumes of Systems Involved | 6 |
| Table 2: | Volumes Associated with Communications | 6 |
| Table 3: | Online Availability Indicators | 11 |
| Table 4: | Service Level Indicators for Data Communication | 12 |
| Table 5: | Service Level Objectives for Incident Management | 14 |
| Table 6: | Escalation of Severity Level 1 Incidents | 15 |
| Table 7: | Summary of Hierarchical Escalation Times | 16 |
| LIST OF FIGURES |
| | | |
| Figure 1: | Components within the Scope of Service | 5 |
| Figure 2: | Supported Instances and Environments | 10 |
| Figure 3: | Escalation of Batch Incidents | 16 |
| Figure 4: | Service Level Indicators | 18 |
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 3 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
1. Introduction
This document is an appendix to the Computer Services Outsourcing Contract for the “BSS Data Processing Service” between Banco Santander Chile (hereinafter the Customer) and PRODUBAN, Servicios Informáticos Generales, S.L. (hereinafter the Vendor).
This document defines the objectives to be attained in the provision of the Data Processing Service provided by the Vendor to the Customer, within the scope described in Appendix II to the Contract, “Catalog of Services.”
The service level objectives established in this document use as a reference the values that the Customer currently has and measures, in the end complying with the end of the transition period, which will last for 6 months. During the transition period, the actual service levels achieved will be monitored and the levels that will be established as service level objectives to be provided by the Vendor shall be agreed upon.
The signatures at the end of this document indicate that the Customer and the Vendor are in agreement as to its content, and that the objectives are attainable, forming the requirements for the service provided to the Customer by the Vendor.
2. Scope and Volume of Service
The service that the Vendor shall provide to the Customer breaks down into a series of Elements and Activities, as defined in Item 1 of Appendix II to the Contract, titled “Service Catalog.”
The Components are comprised of the technology infrastructure operated directly by Produban. Certain subsystems located in Chile are serviced by personnel from Altec Chile or may be the subject of local outsourcing, and are beyond the scope of the service provided by Produban.
A schematic representation of the components serviced by Produban and those that are not, and which therefore are beyond the scope of this service level agreement, is presented in Figure 1 – “Architecture of Banco Santander Santiago.”
Said diagram shows to the left of the vertical line “service boundary,” within the shaded zone, the subsystems that may be serviced by Altec, or which may be outsourced, and those systems to the right of the line are serviced by Produban, and are the subject of this Services Level Agreement (SLA).
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 4 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
[Key of items from Figure 1:]
| Managed by Altec | | Managed by Produban |
Sucursales = Branch offices Atencion Telefonica = Telephone Service Banca por Internet = Online Banking Banca Personas = Personal Banking Banca Empresas = Business Banking Banca Personas / Empresas = Personal / Business Banking Banca Automatica = Automatic Teller Banking Autoservicios = Self Service Servimatico = [unclear – possible ATM] Redes medios de pago = Payment Methods Networks Especificos = Specific Features Apllo. Departamentales = Dept. Support | Sucursales = Branch Offices Aplicaciones = Applications | Aplicaciones = Applications Aplicaciones no Altair = Non-Altair applications Datamart Medios de Pago = Datamart Payment Methods |
Figure 1: Components falling within the Scope of Service
2.2 Volume of Service
The Customer and the Vendor agree to a maximum volume of service that will be considered to have been exceeded when one or several of the circumstances described in the following paragraphs occur.
2.2.1 Infrastructure of Relevant Systems
| Parameter | Definition | Limit Value |
| Total number of MIPS contracted per partition (base line) | Production partition | 2,506 MIPs and 25 GB of memory |
| QA / Approval Partition | 100 MIPS and 8 GB of memory |
| Development | 500 MIPs and 8 GB of memory |
| Volume of mainframe disks | Disk space for data | 23.5 TB of data with another 23.5 TB for backup |
| No. of CPUs of SUN intermediate systems | Production, for application servers as well as database servers | 20 CPUs, UltraSaprc IV+ 1,500 MHz and 144 GB RAM |
| Development | 4 CPUs, UltraSaprc IV+ 1,500 MHz and 32 GB RAM |
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 5 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| Parameter | Definition | Limit Value |
| | Approval | 8 CPUs, UltraSaprc IV+ 1,500 MHz and 64 GB RAM |
| No. of CPUs of Wintel intermediate systems | Production | 8 CPUs, Xeon 3.6 GHz, 32 GB RAM |
| Development | 3 CPUs, Xeon 3.6 GHz, 16 GB RAM |
| Terminal Server | 2 CPUs, Xeon 3.6 GHz, 8 GB RAM |
| Disk space on intermediate systems | Disk space for data | 13.5 TB net (18.6 gross) SAN, with another 13.5 TB net (18.6 gross) backup SAN |
The 3,106 MIPs shown in the above table are the base line (contracted capacity) for the Customer. The total installed capacity is 3,516 MIPs.
| Parameter | Definition | Limit Value |
| Volume of CPD lines | Average usage volume of primary CPD access lines | Exceeds 70% for 80% of the service time (10:00 a.m. to 11:00 p.m. Monday to Sunday) |
| | Table 2: Volumes Associated with Communications |
3. Commitments of the Parties
The Vendor agrees to maintain the Service Level indicators at values equal to or better than those specified in this Service Level Agreement, provided that the service volume is not greater than the parameters set forth in this section. If these maximum volumes are exceeded, the Vendor agrees to continue providing the service to the Customer, under the best possible conditions, with the limitation of available capacity.
When the indicators associated with these components indicate continued use approaching 90%, in particular the volume of MIPS consumed, the Vendor shall initiate a change request process to research a possible expansion, provided that the continued use of the components under conditions approaching the availability limits could cause a decline in operation as specified in this SLA.
Furthermore, if the limits set above are exceeded during the effective term of the Outsourcing Contract, the Customer and the Vendor agree either to approve changes to the values of indicators of this Service Level Agreement, or to approve and carry out changes to the systems that are timely for the reestablishment of the same. Furthermore, if applicable, the budget items necessary to carry out said changes shall be approved.
These decisions shall be made at the meetings held by the parties per the provisions of the Relationship Model.
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 6 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
4. Measurement and Monitoring Indicators and Tools
4.1 Indicators
Service Level indicators are those measurements, which when taken objectively, serve both parties in determining whether the agreed upon service level is being provided in an effective manner, from the perspective of the components of the service as well as the various specific activities based on the Service provided (Paragraph 1.3 of Appendix II to the Contract, “ Service Catalog”).
The indicators used to measure the service level of each activity are defined for each of them, expressing the compliance values.
The Vendor shall provide the tools and implements necessary to carry out the management and control of the elements included in the SLA. Said tools will be:
System and networks management and monitoring tools. All those systems installed in the service infrastructure that allow determination of dedicated resources, as well as any sessions or transactions performed in the applications that comprise the referenced service, and the use of resources (communications as well as systems).
Application of Incident Management. The Application of Incident Management is the tool used by the Customer Support Center of the Vendor to manage incidents. All incidents reported to the Customer Support Center shall be entered in the data base of this application, which will provide information regarding the number, status and resolution time of incidents. In the event that this application changes, the use of the new one will be provided to the Customer.
Probes. Probes are computer systems that automatically and periodically carry out a simulation, configured as desired in advance, of actions representing the functionality of an application or service which is accessed from any of the browsers available on the market. The results of said browsing are stored and processed in a data base, for subsequent study. The Probes provide data regarding Availability, Response Time and Performance. The Probes may be used to carry out a simulation prior to stress tests or changes to the capacity of the service components.
5. Service Schedule
The Customer Support Center (CSC) provides services 24 x 7, and is the point of entry for all requests and incidents related to the service. Operating services are also provided 24 x 7.
The remaining components of the processing service are provided:
| • | | Monday through Friday, during work hours of the service (8:00 a.m. to 8:00 p.m. local Chilean time). |
| • | | Outside of the scheduled hours for conducting tasks that must be carried out without affecting Customers or users. |
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 7 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
During the rest of the schedule, technicians will be available on-call and their actions will be delimited by the escalation procedure described below in this document.
6. Availability of Batch Services
Availability of data services is understood to be the opportunity for the correct delivery of data, using as an indicator the time when the Customer should have data associated with the services covered by this SLA available, obtained as a result of the daily chain processes, free of errors and ready for subsequent processing.
The indicators associated with availability are defined in function of data type. Monitoring of compliance with these service levels is collected in the corresponding control table that is generated daily. Its contents are attached as to this document as Appendix A – “Control Table.”
7. Batch Jobs
Batch jobs will be subject to a correct completion commitment, i.e. work completed without errors due to the platform, operation or scheduling, within the specified terms. There are two categories of batch jobs:
7.1 Periodic Batch Jobs
• These measure the Vendor’s compliance with respect to its obligations to deliver data and information corresponding to process schedules, free of errors associated with the services covered by this contract, from data obtained from chain processes. An error is understood to be a result that is different from the control established for this application by the Customer. Examples of process schedules:
| ° | | Monthly processes (includes obligations of the Customer to External Institutions) |
| ° | | Monthly Management Audit |
| ° | | Others that the Customer may decide to include in the future as the result of new applications in Production. |
| • | | The Customer shall deliver the schedules for scheduled processes in November of each year for the following year, based on the established change management process. This document shall constitute the Annual Schedule. |
| • | | The Customer shall deliver to the Vendor, no later than the 15th day of each month of the next following business day, the schedules for preliminary monthly processes |
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 8 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | duly dated for processing in the subsequent month. As of the date on which the preliminary calendars of monthly processes are available, the Vendor shall participate, under the direction of the Customer, in coordination activities that are carried out in order to prepare the final calendar. |
| • | | The Vendor must, five business days after receipt, confirm the feasibility for performing [the actions] during the schedules specified in the same, in accordance with the Standards of Service. |
| • | | In the event that the Vendor cannot comply with one or more of the processes indicated in said calendars, it must demonstrate its inability to do so and propose an alternative that is demonstrated to be valid. Based on the foregoing, the parties may agree to the corresponding modification. |
| • | | For new applications, the standard shall be established after confirming its anticipated behavior during the QA period and at least once during production. For applications that enter production under special circumstances without QA, the behavior will be confirmed after at least three production runs. |
| a) | | Random Processes included in the documentation of applications: |
| • | These processes may only be requested Area Managers of the Customer’s Technology Division (including in the Control Group. |
| • | They shall be performed in the Production Grid for the day on which the process is requested, if it is requested no later than 2:00 p.m. on the corresponding day. |
| • | They shall be performed in the Production Grid of the day following the date of the request if the request arrived after 2:00 p.m. |
| • | Any exceptions to the foregoing, regarding the opportunity to run the jobs, must have the approval of at least the Customer Service Supervisor, the person serving in his place or the person to whom he delegates this authority in writing. |
| • | It is established that the results of these processes must be free of errors associated with the services covered by this contract, from the data obtained as a result of the batch processes of the chains. An error is understood to be a result that is different from the control established for this application by the Customer. |
| • | These requests must be made through the Change Control tool available for this purpose. |
| b) | | Random Processes NOT included in the application documentation. |
| | These processes may only be requested, at a minimum, by the Customer Service Supervisor, the person serving in his place or the person to whom he delegates this authority in writing, and they may be: |
| • | At the request of the Customer: These are processes carried out to meet random needs and they do not necessarily form part of the respective application. |
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 9 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| • | Random Processes dependent on a Special Environment (for example, processes that require restoring data bases from previous periods): The run is started within 2 hours following the time when the special environment becomes available. |
| • | These requests must be made through the Change Control tool available for this purpose. |
Online availability shall be understood to be the period of time within the period of measurement during which the system or systems controlled with all the corresponding subsystems and components are operating error-free and fully performing the corresponding functions for the end users. This measurement shall be carried out on a weekly basis [and] it shall be applied to two situations:
| | • | Partial loss of service or degradation of response times for some of the transactions that are most representative of the applications. |
The objective for availability shall be calculated using the following formula:
(TT – TND) / TT) * 100
where:
| | TT =Total operating time expected of the service or Service Window |
| | TND =Corresponding down time. |
The following table presents the Customer Environments and Instances that are supported by the Vendor.
| Platform | zOS | Intermediate Services |
| Environment | SYSD | SYSQ | SISP | Unix and Wintel Systems |
| Instance | Development | Testing and Integration | Approval | QA | Production | Development | Approval | Production |
Figure 2: Supported Instances and Environments
The following table shows the daily availability objective for each Instance. The time values are considered to be expressed in minutes:
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 10 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| Indicator | Service Window | Daily Availability Objective |
| Production Instances for both Environments | 00:00 – 24:00 TT = 7 days x 24 hours x 60 min. | Objective: 99.8% |
Production Instances for both Environments(1) | 07:30 – 16:30 TT = 5 days x 24 hours x 60 min. | Objective: 99.8% |
| Other Instances for both Environments | 08:00 – 20:00, Monday – Friday TT = 5 days x 12 hours x 60 min. | Objective: 98% |
| Other Instances for both Environments | 20:00 – 8:00 Monday – Friday or non-business days TT = 5 days x 12 hours x 60 min. | |
Table 3: Online Availability Indicators
(1) NOTE: For Production environments two measurements will be taken, one covering the total 24-hour range and another that is specific to the prime time usage periods.
Scheduled maintenance shutdowns shall be carried out on Sundays or non-working holidays, as agreed upon with the Customer, and therefore they shall not affect availability.
Any other type of service shutdown must be agreed upon and scheduled jointly by the Vendor and Customer in order to assess and minimize any possible impact on the service.
In any event, all scheduled shutdowns must be communicated to the Customer 15 days in advance and whenever possible redundant installed capacities shall be used in order to minimize any impact on the Service.
9. Online Response Time
a) The response time for transactions in the host environments is comprised of the time used by applications plus the hardware resources available plus the systems software or the systems software environment.
b) For new applications or new transactions, the Customer will assign them an expected response time, resulting from QA volume and stress tests, measured based on transactions that are most representative of the system.
c) New transactions or those that the Customer wishes to optimize or that have exceeded the expected response times, shall be subject to investigation by the development and architecture teams, and by the Vendor.
d) The Customer is responsible for the optimization of applications and for incorporating or not incorporating additional hardware resources to optimize the transaction response time:
| i) | | The Vendor shall demonstrate to the Customer, via monthly performance and usage reports, the need to add additional resources to the platform. The resource unit to be considered shall be CPU usage in MIPS for mainframe systems, CPU usage percentage of 80% for UNIX systems and 50% for WINTEL systems, which shall include all architecture components (Example: Channels, memory, CPU, communications, etc.) necessary to guarantee the committed levels of services. |
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 11 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
e) The Vendor shall be responsible for the efficiency of the systems software environment.
f) In the event that a lack of efficiency is due to the systems software environment, the Vendor shall be responsible for taking action to correct this situation.
g) The time table for service and resolution of problems from the section titled “Incident Management” shall be applicable.
10. Data Communication between the CPDs in Chile and Spain
Data communication between the CPDs in Chile and Spain will be carried out in general over Level 1 lines (point to point).
Level 2 lines (MPLS) and Level 3 lines (VPN) are available, but they will only be used when necessary.
The service level indicators for the various lines are shown in the following table, indicating the availability and the equivalent in minutes the service is not available.
These values do not include possible shutdowns for technical maintenance performed by the operator.
| Line | Percentage Availability | Non-availability in minutes per month |
| LEVEL 1 (point to point) | 99.96% | 17,302 |
| LEVEL 2 (MPLS, 2 nodes) | 99.46% | 233,280 |
| LEVEL 3 (VPN Internet) | 98.96% | 449,280 |
Table 4: Service Level Indicators for Data Communication
11. Waiver of Liability
The Vendor shall be relieved of liability for attainment of the standards of service when its failure to comply is due to:
| • | | Interruptions requested by the Customer. These requests shall be made using the existing tool (as of execution of this contract, TSD). |
| • | | The failure of the Customer or its other Vendors to correct any errors / problems that are its responsibility and that have been properly, formally and in a timely manner reported to the Customer by the Vendor. |
| • | | Problems caused by the action or inaction by the personnel of the Customer or its other Vendors. |
| • | | Scheduled interruptions that are duly reported to the Customer and approved. |
| • | | Work performed by personnel from the Customer assigned to the Vendor for the purposes of this service, that do not comply with a procedure or instruction of the Vendor, provided that the non-performance was reported in writing by the Vendor to the Customer. For this purpose, the Customer will formally communicate to the personnel managed by the Vendor their obligation to comply with the Vendor’s instructions and procedures. |
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 12 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| • | | Problems rooted in the Hardware and/or Software of systems supplied by the Customer, provided that the Vendor has formally informed the Customer in a timely manner. |
| • | | Problems rooted in infrastructure not managed by Produban (controlled by Altec or IBM), and that may affect the normal provision of the contracted services. |
| • | | Lack of capacity of the same hardware and/or software to withstand the work load that is required and that has been reported in a timely manner to the Customer. |
| • | | Any delay in the delivery of data provided to the Vendor by the Customer, by third parties for which the Customer is responsible or by applications not operated by the service provided by the Vendor, which are necessary for running processes and as of the time when they have been duly reported to the Customer based on the Problem Administration Procedure. |
| • | | Cancellation of applications or systems due to inconsistencies in information stored in the logical data base or due to code errors in programs that are the responsibility of the Bank. |
The total life time of an incident is the time that passes from its entry into the Incident Management Application until it is fully resolved and closed.
It shall be determined by three time values:
| | | |
| • | | The reaction time by resolution teams |
| • | | The time invested in the resolution or escalation of the same |
| • | | The time required to correct the incident by the user. |
These three time values will be measured separately. The first two are attributable to the Vendor, provided that said Incidents are the responsibility of the Vendor, and the third value is attributable to the Customer.
12.1 Incident Severity Level
The general objectives for reaction and resolution times are established in function of the incident severity level. The defined levels of severity are:
12.1.1 Very Serious Incident: Severity Level 1
Very Serious Incident. Affects the operation of the business; the user cannot work with business functions.
This incident involves a total shutdown of the process chain, affects the schedule for performing Session Changes, or directly affects compliance with the delivery of results and/or the authorization of services.
12.1.2 Serious Incident: Severity Level 2
Serious Incident. Impact on service, making operation by the user difficult but not preventing business operations.
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 13 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
This is an incident that does not affect the performance of Session Changes, that does not directly affect the authorization of services or the delivery of priority results but that implies the stoppage of more than one process and that impacts the delivery of results.
12.1.3 Normal Incident: Severity Level 3
Normal Incident. This incident does not affect the business, few users or non-critical functions are affected.
This is an incident that occurs on a terminal task, understanding this to mean that since it is a final task the application does not deliver conditions, therefore it does not cause processes to halt, or files to another task [sic], which generates as a result a report or file and the latter does not affect service of the line.
12.2 Reaction and Resolution or Escalation Times
The response or reaction time is the time that passes from when the incident is communicated to the Customer Support Center until it sends it to the corresponding resolution team.
Estimated reaction and resolution or escalation times in general are presented in the following table.
| Severity | Reaction Time | Resolution or Escalation Time |
| 1 | 15 minutes | 4 hours |
| 2 | 30 minutes | 1 day |
| 3 | 1 hour | 7 days |
Table 5: Incident Management Service Level Objectives
The severity of the incident is defined when the incident report is created. The severity must be validated by the Vendor, while the latter will be used as reference for applying the time values shown in the preceding table.
Any batch incidents that are sent 7 x 24 will be treated as Severity Level 1, and their reaction time will be 15 minutes.
The resolution or escalation time has been approximated in the event that a third party is not involved in its resolution.
In the specific case of communication-related incidents, subject to a maintenance agreement with a third party, no different reaction times and resolution times shall be included, in general the following times shall be applicable:
| | | |
| • | | Reaction time: 30 minutes |
| • | | Resolution or escalation time: 4 hours |
The description of the incidents, definition of the concepts of reaction time and resolution,and the detailed process for managing the same shall be found in the document “Incident Management Guide.”
When an incident cannot be resolved by the current response level, it shall be escalated to the next resolution level based on the provisions of the following item.
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 14 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
12.3Escalation Procedure
The Customer Support Center provides service 24 x 7 therefore it must be the area that forwards all incidents detected by users and shall act as the first resolution level. Nevertheless, those incidents that are detected by the technical area teams involved in the service may be attended by them as the first resolution level.
When it is necessary to escalate incidents to higher levels, it shall be done through functional means () such as the hierarchy (support supervisor to the next level support supervisor).
| | | |
| • | | Functional route: From resolution component to next level resolution component. |
| • | | Hierarchical route: Support supervisor to next level support supervisor, with the time necessary to allow him/her to organize timely decision making. |
The description of the types of escalation is described in the technical document titled “Incident Management Guide.”
12.3.1 Severity Level 1 Incidents
All Severity Level 1 incidents follow the escalation sequence described in the following table:
| Severity Level | First Resolution Level (15 min) | Escalated to Second Resolution Level (30 min.) | Escalated to Third Resolution Level | Escalated to Fourth Resolution Level |
| 1 | Customer Support Center Technical Area involved | Support supervisor, second level | | |
Table 6: Escalation of Severity Level 1 Incidents
When escalating an incident to the next resolution level (at 15 minutes), all the incidents will be reported to:
| | | |
| • | | Management of the Vendor |
| • | | Supervisor of the Customer Support Center |
12.3.2 Severity Levels 2 and 3 Incidents
Incidents of severity levels 2 and 3 will be escalated to the supervisor of the second support level and to the supervisor of the Customer Support Center (CSC) when 50% of the time specified by the Service Level Agreement for its resolution has passed.
Incidents of Severity Level 2 and 3 shall be escalated to the Service Manager and to supervisors of the technical areas when the time specified by the Service Level Agreement for its resolution has passed.
The functional escalation shall be carried out based on the times specified in Table 6.
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 15 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
In order to escalate an incident to the hierarchical level, the following levels are considered:
| | | |
| • | | Level 1: CSC and Technical Area involved |
| • | | Level 2: Technical Area Supervisor (2nd support level) |
| • | | Level 3: CSC Supervisor and Service Manager |
| • | | Level 4: Account Manager and Vendor’s Management. |
The following table shows a summary of the escalation diagram:
| Escalation | Severity Level 2 | Severity Level 3 |
| Level 1 to 2 | 30 min. | 1 hr. |
| Level 2 to 3 | 2 hr. | 6 hr. |
| Level 3 to 4 | 4 hr. | 12 hr. |
Table 7: Summary of hierarchical escalation times
Note: Times are counted from detection of the incident. They are not cumulative.
12.3.3 Incidents related to the Batch
Any incidents related to the batch shall be distinguished based on the location of the infrastructure where it is run.
12.3.3.1 Batch Incidents involving the Infrastructure located in Spain
For the infrastructure located in Spain, the sequence of escalation shall comply with the following figure:
[Key to figure:]
Responsible del Acuerdo BSS Produban = BSS Produban Contract Manager
Dirección Explotación = Operations Department
Superado SLA = Exceeded Service Level Agreement
Responsible 7 x 24 = 7 x 24 Supervisor
Responsible Altec Producción = Altec Production Supervisor
Responsible CGR/Comunicaciones = CGR / Communications Supervisor
Responsible TS pertinente = Corresponding TS Supervisor
Después de 30 minutos = After 30 minutes
Desarrollo Altec = Altec Development
Figure 3: Escalation of Batch Incidents
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 16 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
12.3.3.2 Batch Incidents in the Infrastructure Outside of Spain
For batch processes that are run on machines that are outside of the transfer and that are not attended 24 x 7, the following procedure shall be followed:
For storage problems
Based on the procedure defined by the Services Vendor selected to support this platform.
| | | |
| • | | Non-alpha platforms (Intermediate Servers): |
Same procedure as for batch incidents
For problems with Oracle
Follow the same process as for space problems; inform monitoring in Chile, which is responsible for contacting the party to resolve this incident.
13. Contingency Plan
The Vendor shall have a contingency plan that ensures the provision of services in the event of a disaster. In order to ensure the effectiveness of said Plan, at least once a year a simulated Emergency shall be run. Said simulation may be specific to the service covered by this Contract, or it may be common to several services.
While the circumstances that caused the emergency are still in force or the elements included in the provision of the service are present, it shall be considered that the service is being provided in “contingency mode,” and the indicators defined in the foregoing sections relative to availability, response time and/or the resolution of incidents shall not be applicable.
When the circumstances that caused the emergency have abated and the items included in the provision of the service have been fully recovered, the Vendor shall restore the service in “normal mode” as soon as possible.
14. Service Verification and Adjustment Period
There shall be a transition period of 6 months following the signature of the Service Level Agreement, during which time the operation of the service covered by the contract shall be adjusted and it will be verified that the times provided by the Customer or obtained from the initial measurement comply with reality. During this period, the availability and response time need not comply with the indicators.
15. Actions in the event of Non-compliance with the Service Level Agreement
The Vendor agrees to provide the specified service to the Customer so that it may carry out its work effectively.
The service level shall be considered satisfactory provided that the Measurements of Indicators are greater than or equal to the framed Objective.
If the measured levels of the indicators are below the values specified in the objectives, the actions necessary to attempt to reestablish the values at
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 17 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
the levels established in this Agreement shall be agreed upon in the meetings specified in the Relationship Models specific to this service.
16. Service Level Reports
In order for the Customer to have a control mechanism that will allow it to compare the service provided by Produban on a continuous and on-going manner, reports shall be prepared relative to the service level provided with various content and frequencies. Specifically, various reports shall be issued monthly, weekly and daily.
In addition, the Customer as well as the Vendor shall maintain the same monitoring for a minimum period of 6 months. Upon completion of the same, the Parties shall agree if necessary to continue with said degree of monitoring at the Customer’s facilities.
16.1 Monthly Frequency
A report of the “Service Level” shall be prepared monthly and distributed to the Service Supervisor, to the Service Level Agreement supervisor and the Customer’s and Vendor’s Management.
The content of said report shall be defined and adjusted by the parties during the transition period.
| Service Level Indicators |
| [Illegible] |
| For Services |
| Comments Log |
| Monthly progress of primary services |
| Communications – Telecommunications Availability |
| [Illegible] |
| Progress of Incidents |
| Operation – Runs and error rates |
| Operation – Runs and error rates (batch) |
| Operation – Runs and error rates (Intermediate Services) SUN9 and SUN15 |
| Operation – HOST Indicators – Percentage of compliance |
| Operation – Indicators, Intermediate Services (SUN9 and SUN15) – Percentage of compliance |
CCB – Processes (Operation) – Consumption of machine by the Batch |
| Operation –Number of runs and Online error indices |
| Scheduling – Manual interventions |
| HOST Storage Management (Operation) – Robotic Activity (number of tapes) |
| HOST Storage Management – HSM Activity (number of operations) |
| HOST Storage Management – Number of files |
| [Illegible] |
| Operation – CICS transaction response time |
| Operation – Online Efficiency – Total transactions and MIPS consumed |
Figure 4: Service Level Indicators
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 18 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
16.2 Weekly Frequency
A report of “Production Indicators” shall be prepared weekly and distributed to the Customer’s Service Manager.
The contents of said report shall be defined and adjusted by the parties throughout the transition period.
16.3 Daily Frequency
Several activity reports shall be generated daily and distributed to the Customer’s Service Manager.
The reports will relate to:
| • | | Incidents (remedy, indicated by type and application) |
The content of the reports shall be specified and adjusted by the parties throughout the transition period.
16.4 Other Reports
In addition, and only in the event of non-compliance with service levels, an exception report shall be prepared, containing the following information:
| • | | List of incidents that caused degradation of the service |
| • | | Root causes of said incidents and proposed actions |
| • | | Conclusions and recommendations |
In the face of certain events or situations that require special monitoring and follow-up, the Customer may request more detailed information by submitting a request to the Service Manager.
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 19 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
17. Procedure for Reviewing and Changing the Service Level Agreement
Either of the parties may request a review of this document for the following reasons:
| • | | Changes to the business environment in which each party works |
| • | | Changes to the infrastructure that supports the service |
| • | | At the request of any of the signatories. |
Furthermore, annual reviews of the Service Level Agreement shall be prepared on the anniversary of its effective date.
| | | | | |
/s/ Francisco del Valle Garrido | | | /s/ Juan Fernández Fernández | |
| Produban, Servicios Informáticos Generales, S.L. | | | Banco Santander – Chile | |
| By power of attorney | | | By power of attorney | |
Francisco del Valle Garrido | | | Juan Fernández Fernández | |
| | | | |
| | | | | |
| | | | /s/ César Naranjo Ramirez | |
| | | | Banco Santander – Chile | |
| | | | By power of attorney | |
| | | | César Naranjo Ramirez | |
| APPENDIX III BSS_SPDV00_SLAR27_20070620 (2) .doc | March 20, 2007 |
| | |
Page 20 of 20
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
Appendix IV
SECURITY
for the Outsourcing of the
“BSS Data Processing Service”
by and between
PRODUBAN, Servicios Informáticos Generales, S.L.
and
BANCO SANTANDER CHILE
Santiago de Chile and Madrid, December 3, 2007
Ref.: BSS_SPDV00_SEGR06_20070420
[Ink stamp appears on every page:
“Produban Servicios Informáticos Generales S.L.]
| APPENDIX IV BSS_SPDV00_SEGRO6_20070420 (2) doc | March 20, 2007 |
Page 1 of 9
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
TABLE OF CONTENTS
TABLE OF CONTENTS
| 1. | INTRODUCTION | 3 |
| 2. | GENERAL CONSIDERATIONS | 3 |
| 3. | APPLICABLE CONTEXT | 3 |
| | 3.1 | Persons | 3 |
| | 3.2 | Resources | 4 |
| | 3.3 | Locations | 4 |
| 4. | OBLIGATIONS OF PERSONNEL | 4 |
| 5. | LOGICAL SECURITY | 5 |
| | 5.1 | Identification and Authentication | 5 |
| | 5.2 | Management of Profiles | 5 |
| | 5.3 | Management of Users | 5 |
| | 5.4 | Data Integrity | 6 |
| | 5.5 | Encryption | 6 |
| 6. | BACKUP COPIES AND RECOVERY | 6 |
| | 6.1 | Backup Copies | 6 |
| | 6.2 | Recovery of Data | 7 |
| 7. | MANAGEMENT OF MEDIA | 7 |
| | 7.1 | Media Storage | 7 |
| | 7.2 | Removal and Entry of Computer Media | 7 |
| | 7.3 | Re-use and destruction of media | 7 |
| | 7.3.1 | Re-use | 7 |
| | 7.3.2 | Destruction | 8 |
| 8. | TESTS USING ACTUAL DATA | 8 |
| APPENDIX IV BSS_SPDV00_SEGRO6_20070420 (2) doc | March 20, 2007 |
Page 2 of 9
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
1. Introduction
This document is an appendix to the Computer Services Outsourcing Contract for the “BSS Data Processing Service” between Banco Santander Chile (hereinafter the Customer) and PRODUBAN, Servicios Informáticos Generales, S.L. (hereinafter the Vendor).
This Appendix describes the security measures that the Vendor shall adopt for the provision of the services described in Appendix II – “Catalog,” to the Computer Services Outsourcing Contract.
The security measures include those of a technical and organizational nature and procedures to be adopted y the Vendor in relation to the personal data that the Vendor shall process for the account of the Customer pursuant to this Appendix.
2. General Considerations
The Vendor may amend the security procedures and measures set forth in this Appendix, subject to notification to and agreement with the Customer. These changes must not decrease the degree of security that the Vendor must guarantee for the processing of data according to the applicable legislation on its effective date.
This Appendix must be kept up-to-date and shall be the subject of a review whenever relevant changes are made to the security measures adopted by the Vendor.
The Vendor shall coordinate and control the security measures presented in this Appendix, without such action presupposing, under any circumstances, the delegation of the responsibilities that may be incumbent upon the Customer.
3. Context of Application
The security measures set forth in this Appendix shall be applicable to persons belonging to the Vendor that provide services to the Customer under this Appendix.
Any persons belonging to companies other than the Vendor that participate in the provision of said services must also comply with the security measures to which they may be subject.
| APPENDIX IV BSS_SPDV00_SEGRO6_20070420 (2) doc | March 20, 2007 |
Page 3 of 9
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
3.2 Resources
The security measures set forth in this Appendix shall be applicable to the computer programs and files of the Platform as well as to the Technology Infrastructure.
Any security measures of other systems of the vendor that do not provide services within the context of this contract, all systems at the facilities of the Customer, the Customer’s users, as well as members of the Vendor’s work group charged with providing the Platform Development and Maintenance services are beyond the scope of this Appendix. The adoption of these measures shall be the responsibility of the Customer.
3.3 Locations
The security measures set forth in this document shall be applicable to facilities where the infrastructure is located. Upon the entry into force of the contract corresponding to this Appendix, said facilities are located within the Grupo Santander Complex, in Boadilla del Monte (Madrid, Spain).
All of the foregoing shall not prejudice the use by the Vendor of other facilities to store backup copies, where the securities measures necessary to protect the data will be in effect.
Data processing outside of the locations referenced above must be expressly authorized by the Customer.
4. Obligations of Personnel
All the employees of the Vendor that provide the services affected by this Appendix shall be required to comply with the measures set forth in this document and subject to the consequences that may derive from the failure to comply with the same.
Said personnel shall be required to:
| | 1. | Access only those data and resources that are required to perform their duties, provided that they are authorized to access the same. The user profile assigned to each person shall define the duties that that person may carry out in relation to the resources which he may access. |
| | 2. | Not disclose in any manner data that is considered to be confidential. The personnel may only disclose such information when expressly authorized to do so by the Customer, when complying with a court order or order of a competent government authority, or based on requirements provided by law. |
| | 3. | Inform the Security Supervisor of the Vendor when any incident occurs that may affect the security of the Platform resources. |
| | 4. | Request express authorization from the Customer to access the Customer’s information. |
| APPENDIX IV BSS_SPDV00_SEGRO6_20070420 (2) doc | March 20, 2007 |
Page 4 of 9
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
5. Data Security
5.1 Identification and Authentication
Users, from the Customer and the Vendor, shall following the following process for identification and authentication in order to access the resources of the Platform and of the Technology Infrastructure:
| | 1. | Files shall be accessed via applications or tools that allow the identification and authentication of the user or the process that requires its use. Users shall be identified in the system by presentation of an identification key that generally is entered on the keyboard from one’s work station, and that will be required before accessing the systems. |
| | 2. | The identification key will have a specific access profile associated with it. Each profile shall have certain access and operation privileges associated with it, depending on the functions to be performed. |
| | 3. | The system will keep a reliable record of users’ identity by receiving a valid password associated with the user’s identification key. Said password will be kept confidential by the user. All users must have a password. |
| | 4. | The access control security measures shall comply with the provisions of the Vendor’s Security Standards, in particular Chapter 3, relative to Access Control, and in total agreement with the Customer. |
Identification and authentication, together with the utilities belonging to the Platform and the Technology Infrastructure will allow sufficient tracks to be created to facilitate subsequent reviews of access by users.
Furthermore, there will be a system for detecting and monitoring unauthorized access to the system via the Technology Infrastructure’s logs.
5.2 Management of Profiles
The access profiles will define access privileges and functions of the various types of users for resources of the Platform and the Technology Infrastructure.
The Vendor shall define the access profiles that are necessary for the provision of the services covered by this Appendix. For its part, the Customer shall request assignment of the access profiles of its users based on the aforementioned access policies.
The Vendor agrees to provide an updated list of profiles at the request of the Customer
5.3 Management of Users
The Vendor has authorization to add / modify / delete users that are necessary for the provision of the services covered by this document, based on the procedure summarized below:
| APPENDIX IV BSS_SPDV00_SEGRO6_20070420 (2) doc | March 20, 2007 |
Page 5 of 9
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| 1. | The supervisor of each of the areas involved in providing the services will request authorization from the Vendor’s Security Supervisor to add / modify / delete a user, providing the access profile for said user and the justification for the request. |
| 2. | The Security Supervisor of the Vendor will authorize the request if it deems the reasons provided to be justified. |
| 3. | The Vendor’s authorized Security Administration personnel shall make the request to add / modify / delete the user. |
The management of the Customer’s users shall be the responsibility of the Customer.
The Vendor agrees to provide the Customer with an updated list of users with access to the applications every month.
5.4 Data Integrity
In order to ensure the integrity of the Customer’s data, the Vendor shall maintain logical separation between those data and any other data corresponding to third party customers to whom services are being provided.
5.5 Encryption
Access to application data via the backup mechanisms shall be carried out securely, using the current system or any other valid technology or method that the Parties agree to use.
Sensitive and personal data regarding third party customers in the application data bases shall have the level of encryption required by regulations for use based on the type of data in question.
6. Backup Copies and Recovery
6.1 Backup Copies
There are procedures for backup copies of data files, programs, source and object codes, as well as the operating systems and other base software for the various environments (production, preproduction and development). These procedures will be periodically reviewed in order to ensure that they are correct, that they operate correctly, and in this manner, to verify the integrity of the backed up data.
Backup copies shall be made in accordance with the needs of the service, being duly documented and available to the Customer when necessary, and it shall be adjusted when applicable, in order to comply with the actual service needs and the Customer’s or Vendor’s standards in force in regards to the availability of information.
Backup copies shall be made in order to permit the continuation of the Customer’s business in the event of a disaster and not in order to carry out inquiries as to the status of the information in the past, for which purpose the historical logs of the Platform shall be used.
The data shall be stored for the time period required by current legislation.
The Vendor agrees to maintain the same level of encryption for the backups as for the data bases that the Customer has at the primary site in order to protect the confidentiality of third party customer data.
| APPENDIX IV BSS_SPDV00_SEGRO6_20070420 (2) doc | March 20, 2007 |
Page 6 of 9
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
6.2 Data Recovery
There is a series of situations that require the recovery of data from previously made backup copies. Recovery in production environments, except in the case of scheduled tests or a disaster, shall require the explicit, written authorization of the Customer.
Recovery tests shall be carried out periodically on the pre-production environment in order to verify that the backup copies have been correctly made.
7. Management of Media
7.1 Media Storage
The media containing the backup copies are stored in locations which persons without proper authorization to use the same cannot access, and which have environmental protection measures required by the manufacturers of said media.
The media of the backup copies shall be inventoried and allow the type of information they contain and the date on which they were made to be identified.
7.2 Removal and Entry of Electronic Media
There is an established system for recording the entry and removal of computer media that either directly or indirectly shows the following:
• Type of media
• Date and time
• Issuing party / receiving party
• Number of media
• Type of information the media contain
• Form of delivery
• Duly authorized person responsible for receipt or delivery.
7.3 Re-use and Destruction of Media
When media will be destroyed or re-used, depending on the type, by the Storage Area (belonging to the Operations Department of the Vendor), the following practices will be used:
7.3.1 Re-use
| • | Disks: The data is initialized at the software level, and then the manufacturers of the disks perform a low-level hardware initialization that guarantees that no data can be read and it is impossible to recover the existing data on the disk using normal operating procedures. |
| • | Tapes: Tapes are virtual, they remain in the robot and their re-use, once they are overwritten with more recent information, makes it impossible to recover the previous data using normal operating procedures. |
| APPENDIX IV BSS_SPDV00_SEGRO6_20070420 (2) doc | March 20, 2007 |
Page 7 of 9
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
7.3.2 Destruction
| • | Disks: Disks are physically destroyed, including cutting into sections, so that the recovery of stored information cannot be accomplished with conventional procedures. |
| • | Tapes: Destruction procedures are not applicable in the case of the Customer, since all the tapes are virtual and will remain in the robot. |
8. Tests using Actual Data
As a general standard, tests prior to the installation or modification of the Platform using files with personal data of third party customers are not carried out using real data, unless they are deconstructed.
Under special circumstances, and with sufficient justification, the use of real data in non-production environments will be permitted, with prior authorization from the Vendor’s Security Manager and written notification to the Customer. In any event, it shall be ensured that the files are handled in accordance with the security measures described in this document.
9. Incidents
Any Computer Security incident shall be recorded using the tool designed for this purpose supplied by the Vendor. In any event, the following information shall be recorded:
| a) | Type of incident |
| b) | Time when it occurred |
| c) | Person that reported the incident |
| d) | Person to whom the incident was reported |
| e) | Effects of the incident |
| f) | If necessary, procedures carried out for data recovery, indicating the person that executed the process, the restored data and, as applicable, which data had to be manually recorded during the recovery process. |
10.Technology Contingency Plan
There is a Technology Contingency Plan prepared by the Vendor that contains the procedures for mitigation, actions before, during and after an emergency, and the strategies for restoring computing and telecommunications services.
The Vendor agrees to keep the Plan up to date at all times and aligned with the requirements that the Customer may have with respect to its own Business Continuity Plan. Furthermore, the Vendor may amend the content subject to notification to and approval of the Customer.
The Vendor shall coordinate and control the actions to mitigate risks, contingency and recovery actions presented in the Plan, without this presupposing, in any circumstances, the delegation of any responsibilities that may correspond to the Customer.
| APPENDIX IV BSS_SPDV00_SEGRO6_20070420 (2) doc | March 20, 2007 |
Page 8 of 9
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
The Customer agrees to provide the Vendor with the information necessary to maintain the Plan and to follow the applicable procedures.
In order to verify the updating and effectiveness of the Plan, it shall be tested annually. The Parties shall establish the scope of the same, and it must preferably include verification of the procedures that have been changed or modified since the last test.
Any procedures for mitigation, contingency and recovery of other systems of the Vendor, as well as all systems of the Customer, are explicitly beyond the scope of the Plan.
| | | | | |
/s/ Francisco del Valle Garrido | | | /s/ Juan Fernández Fernández | |
| Produban, Servicios Informáticos Generales, S.L. | | | Banco Santander – Chile | |
| By power of attorney | | | By power of attorney | |
Francisco del Valle Garrido | | | Juan Fernández Fernández | |
| | | | |
| | | | | |
| | | | /s/ César Naranjo Ramirez | |
| | | | Banco Santander – Chile | |
| | | | By power of attorney | |
| | | | César Naranjo Ramirez | |
| APPENDIX IV BSS_SPDV00_SEGRO6_20070420 (2) doc | March 20, 2007 |
Page 9 of 9
CONFIDENTIAL
Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
Appendix V
FINANCIAL TERMS
for the provision of BSS Processing Service
By and between
PRODUBAN, Servicios Informáticos Generales S.L.
and
BANCO SANTANDER CHILE
Madrid, December 3, 2007
Ref: BSS_SPDV00_ECOR00_20070322
[Ink stamp appears on bottom of all pages:
“Produban, Servicios Informáticos Generales, S.L.”]
| APPENDIX V_26_12_07 | March 20, 2007 |
Page 1 of 3
CONFIDENTIAL
Banco Santander – Chile Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
1. Introduction
These Financial Terms provide the specifications of the provisions of the Sixth Clause of the Contract for Computer Services between the Bank and Produban (the contract), of which this document is an inseparable Appendix.
2. Price of Services
The estimated price of the service for the period of January 1 through December 31, 2008 shall be as follows:
Data Processing Service: USD 11,900,000 (eleven million nine hundred thousand United States Dollars).
3. Down payment for Services
For the purposes of ensuring the provision of the service during the term specified in the fourteenth clause of the contract and any subsequent renewals thereof, the Bank shall pay to Produban for the specified services, corresponding to the initial investments, development, connectivity and testing, among other items, an amount equivalent to 10.506.907 € (ten million five hundred six thousand nine hundred seven Euros). This payment shall supplement the remuneration for recurring services that Produban shall provide during the specified period.
The parties acknowledge that the Bank shall continue to contract a contingency service with IBM Chile, for the term deemed relevant in accordance with the guidelines of the Executive Management of the Bank and in compliance with the requirements established by the Authority in Chile.
In the event that, for reasons attributable to Produban, which must be agreed upon by the parties, the Bank decides not to take or use the contracted service, this contract shall be rendered null and void. In such an event, Produban must return the down payment to the Bank.
4. Billing and Payment Terms and Method
4.1 Terms
PRODUBAN shall invoice the Bank in accordance with the provisions of this Appendix. The Bank and PRODUBAN shall review the Contract for Services and the amount of the same when any of the following cases arises:
| | • | The use or scope of the service is not within the initial framework described in the contact or it exceeds the initial budget by 20%. |
| APPENDIX V_26_12_07 | March 20, 2007 |
Page 2 of 3
CONFIDENTIAL
Banco Santander – Chile Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander Santiago | [Logo] Produban |
| | | The cost for the use of the service in one of the monthly installments invoiced to the Bank by PRODUBAN exceeds the total amount of the contract divided by the total number of months of the same by 20%. |
| | | |
| | • | At least once per year if the foregoing cases have not occurred. |
4.2 Method for Billing and Payment
The method of payment shall be by transfer to Produban’s CCC account 0049 – 5033 – 52-2416022797 in Spain,
4.3 Applicable Foreign Currency and Exchange Rate
Billing for the services covered by this contract shall be in United States dollars, and the down payment specified in Item 3 of this Contract shall be in Euros.
In witness whereof, the parties have set their hands hereto in duplicate, with one original being delivered to each party, for a single effect, in the place and on the date indicated.
| | | | | |
/s/ Francisco del Valle Garrido | | | /s/ Juan Fernández Fernández | |
| Produban, Servicios Informáticos Generales, S.L. | | | Banco Santander – Chile | |
| By power of attorney | | | By power of attorney | |
Francisco del Valle Garrido | | | Juan Fernández Fernández | |
| | | | |
| | | | | |
| | | | /s/ César Naranjo Ramirez | |
| | | | Banco Santander – Chile | |
| | | | By power of attorney | |
| | | | César Naranjo Ramirez | |
| | | | | |
| | | | Madrid, December 3, 2007 | |
| APPENDIX V_26_12_07 | March 20, 2007 |
Page 3 of 3
CONFIDENTIAL
Banco Santander – Chile Bandera 140 – Tel.: (56 2) 320 2000 – Santiago – www.santandersantiago.cl
[FIPO translation from Spanish original]
| [Logo] Santander | | Renewal Appendix BS Santiago – Produban 200701469 VI |
Appendix VI
MODIFYING THE TERMS OF THE CONTRACT TO OUTSOURCE COMPUTER SERVICES “BSS DATA PROCESSING SERVICE” EXECUTED BY PRODUBAN SERVICIOS INFORMÁTICOS GENERALES, S.L. AND BANCO SANTANDER CHILE,
on December 3, 2007
Madrid, April 11, 2008
[Ink stamp appears on bottom of all pages:
“Produban, Servicios Informáticos Generales, S.L.”]
Bandera 140 – Tel.: (562) 320-2000 – Santiago – www.santander.cl | 1/8 |
[FIPO translation from Spanish original]
| [Logo] Santander | | Renewal Appendix BS Santiago – Produban 200701469 VI |
In Madrid, on April eleventh, two thousand eight,
THERE APPEARED
PRODUBAN SERVICIOS INFORMÁTICOS GENERALES, S.L. (hereinafter PRODUBAN, the Vendor or the Lessee), Tax I.D. No. B-82077751 and with corporate domicile in Madrid, at Boadilla del Mnte, Avda. de Cantabria, s/n, represented in these proceedings by Francisco Javier del Valle Garrido, holder of I.D. No. 694509R, in his capacity as Sole Administrator and in exercise of the authority granted by the power of attorney issued to him on April 8, 2005, before Madrid Civil Law Notary Antonio Fernández-Golfín, with notary circle number 917, for the party of the first part;
and
BANCO SANTANDER- CHILE, a sociedad anónima bancaria [Chilean banking corporation], Taxpayer I.D. No. 97,036,000-K, hereinafter the Bank or the Customer, with corporate domicile at Calle Bandera No. 140, municipality and city of Santiago, represented in these proceedings by its Manager of Operations and Administration, Juan Fernández Fernández, National I.D. document No. 5,473,633-9, and by its Manager of Administration César Naranjo Ramirez, National I.D. document No. 9,830,559-9, in their capacity as attorneys-in-fact and in exercise of the authority granted to them by the power of attorney issued to them, by means of public instrument index number 5648-2005, dated June 14, 2005, issued in the city of Santiago, Chile, before Civil Law Notary Public Nancy de la Fuente Hernández, for the party of the second part.
Both parties, in their respective capacities, mutually acknowledge the legal standing necessary to enter into this APPENDIX, for which purpose,
THEY HAVE REPRESENTED
| I. | That on December 3, 2007, the parties executed a Contract for Computer Services (Outsourcing) (hereinafter “the contract”). |
| II. | That since substantial changes have occurred in the Terms and Conditions of the referenced contract, both parties have an interest in amending them, in the manner described below. |
| III. | That the parties wish to approve the entire content of the referenced contract and additional appendices, in all aspects not amended in this Appendix. |
| IV. | That based on the foregoing and for this purpose the parties have entered into this document as Appendix VI to the Contract for Computer Services specified in Item I above, and as an integral and inseparable part of the same, based on the following |
Bandera 140 – Tel.: (562) 320-2000 – Santiago – www.santander.cl | 2/8 |
[FIPO translation from Spanish original]
| [Logo] Santander | | Renewal Appendix BS Santiago – Produban 200701469 VI |
FIRST – AMENDMENT OF THE SIXTH CLAUSE
The parties hereby agree to amend the contents of the Sixth clause of the contract referenced in Representation I above, which shall henceforth read as follows:
| | SIXTH – Remuneration, payment method, consequences of non-payment. Other expenses. |
In consideration of the Services that are the subject of the Contract, the Customer shall pay to the Vendor the amount in Euros (EUR) that the Vendor and the Customer agree upon in the Fourth Clause of Appendix VI of this Contract. The method and terms for payment of this amount shall also be specified in the aforementioned clause. The Vendor may annually inform the Customer, at least thirty (30) (consecutive) calendar days in advance of the starting date of the new annual period, of the amount to be billed, for which purpose the Vendor shall deliver to the Customer the justification for the change in the contract amount. In such a case, the Customer shall have a term of thirty (30) calendar days to inform the Vendor whether it agrees with said amount, during which period the Vendor and the Customer have to reach an agreement regarding the contract amount. The failure to provide notification during the specified term shall be considered acceptance of the same. If the Customer does not accept the new amount communicated by the Vendor, it may terminate the Contract, indemnifying the Vendor for all the investments made through the date of the rescission, and specified in Clause FOUR of Appendix VI of this contract, subject to notification to the Vendor provided with at least six (6) calendar months in advance of the date on which it wishes to terminate the contract. During said six-month period the Customer shall pay the monthly amount or the prorated amount for the six-month period that was paid during the immediately prior payment period. Until the parties have agreed on a new remuneration amount, the remuneration amount corresponding to the previous period shall be in force.
| | The referenced payments shall be made by the Customer to the Vendor monthly and in arrears. For the payment of invoices, the Vendor shall submit the corresponding invoice to the Customer, within the first ten (10) calendar days of the month following the end of the period, which invoice must comply with all the requirements of law, and in particular those related to fiscal matters. |
Bandera 140 – Tel.: (562) 320-2000 – Santiago – www.santander.cl | 3/8 |
[FIPO translation from Spanish original]
| [Logo] Santander | | Renewal Appendix BS Santiago – Produban 200701469 VI |
SECOND – AMENDMENT AND EXPANSION OF THE FOURTEENTH CLAUSE
The Parties agree to amend and expand the contents of the Fourteenth Clause of the contract referenced in Clause 1 above, which shall henceforth read as follows:
| | FOURTEENTH. – Term and Grounds for Rescission of the Contract |
| | Commitments in the event of termination of the contract. |
| | This contract shall have a term of 10 years as of January 1, 2008. After said term has passed, the contract shall be renewed tacitly, automatically and subsequently for equal one-year periods, unless either of the parties informs the other of its desire to terminate the contract by communication by means of registered letter, sent to the domicile of its counterpart indicated in this contract, at least 180 calendar days in advance of the termination of the period in question. Without prejudice to the foregoing, the Customer shall have the authority to immediately and automatically terminate the Contract or any of its Appendices, without need of judicial, arbitration or any other type of ruling, in the following cases, without said list being exhaustive: |
| | a) Non-compliance by the Vendor, in whole or in part, or inability or negligence in the performance of the obligations agreed upon in this contract or any of its appendices. |
| | b) Failure to deliver or failure to deliver in a timely manner the bonds or other guarantees required by this Contract. |
| | c) A delay of more than thirty (30) days in the delivery term for contracted Services or projects, without prejudice to the Customer’s right to collect the late fines that are specified in this instrument. |
| | d) Dissolution or termination of the Vendor company. |
| | e) Declaration of creditors’ bankruptcy or insolvency of the Vendor, or if the Vendor enters into judicial or extrajudicial agreements with its creditors. |
| | f) Lack of technical suitability of the Vendor, qualified by the Customer. |
| | g) If the Vendor or any of its subcontractors ceases paying its workers their wages, remuneration or fees, or ceases payment of any other labor, social security or tax contribution for them, which it is legally or contractually required to pay. |
| | h) If the Customer is acquired, merges, is absorbed by a third party, is transformed, divided or sells all or part of its assets. |
| | i) If the Vendor or any of its contractors fails to comply with one or more of its obligations regarding confidentiality, as described in Clause Sixteen. |
| | j) If the Vendor ceases belonging to the Santander Group. |
Bandera 140 – Tel.: (562) 320-2000 – Santiago – www.santander.cl | 4/8 |
[FIPO translation from Spanish original]
| [Logo] Santander | | Renewal Appendix BS Santiago – Produban 200701469 VI |
| | In order to terminate the Contact or one or more of its Appendices for any of the aforementioned reasons, the Customer shall only be required to submit a certified letter to the Vendor, at its domicile indicated in this instrument, at least 180 days in advance of the date set for termination, and to respect the commitments set forth below. |
| | Notwithstanding all the foregoing provisions, with respect to the term of the contract, either of the parties shall be authorized to terminate this contract in advance and unilaterally, at any time during its term, by providing notice by registered letter to the domicile of the other party, indicated in this contract, at least one hundred eighty consecutive days in advance of the date set for the termination, and by respecting the commitments set forth below. |
| | Commitments in the event of termination of the contract or its Appendices for any reason: |
| | The Vendor agrees to provide all the facilities necessary to ensure the continuation of the service or the project, the handling of all information, and to ensure the transfer of the service or the project to a third party. |
| | In addition, the Vendor shall continue providing services to the customer for at least 180 days following the date of delivery of the registered letter by means of which the Customer communicates its intention to terminate the contract for the reasons indicated above. This term may be less if the Customer so orders. During this time period, the contract rates shall remain in effect for the services that are rendered to the Vendor. |
| | If any incident of Act of God or force majeure occurs and makes it impossible to continue the services agreed upon or committed to in the Contract or its Appendices, once they have been started, the Customer agrees to pay the Vendor for the work performed, only until the time that such an incident occurs, as well as the portion corresponding to any investments made by the vendor through that date, and that are detailed in Clause FOUR of Appendix VI of this contract. |
| | Furthermore, if the customer decides to terminate the contract unilaterally, it shall be required to financially compensate the Vendor for all investments made through that date, per the table indicated in Clause FOUR of Appendix VI to this Contract. |
THIRD – TERMINATION OF APPENDIX V – FINANCIAL TERMS
The parties agree to void Appendix V – Financial Terms for the provision of BSS Processing Service, and to replace it with Clause FOUR of this Appendix VI.
Bandera 140 – Tel.: (562) 320-2000 – Santiago – www.santander.cl | 5/8 |
[FIPO translation from Spanish original]
| [Logo] Santander | | Renewal Appendix BS Santiago – Produban 200701469 VI |
FOURTH: SCHEDULE OF PAYMENTS DURING THE INITIAL TERM AND RESTITUTION TO THE VENDOR IN THE EVENT OF RESCISSION
In order to comply with the provisions of Clause Six of the contract referenced in Clause 1, “Remuneration, Payment Terms, Consequences of Non-payment. Other Expenses,” it is stipulated that:
Down Payment for Services:
For the purposes of ensuring the provision of the service during the term specified in Clause Fourteen of the contract and its subsequent renewals, the Bank shall pay Produban for the services in advance, corresponding to the initial investments, development, connectivity and tests, among other items, an amount equivalent to 10,506,907 € (ten million five hundred six thousand nine hundred seven Euros). This payment shall supplement the remuneration for the recurring services that Produban will provide in the aforementioned period.
The parties acknowledge that the Bank shall maintain a contract for contingency services with IBM Chile, which shall be administered by Produban in accordance with the provisions of Appendix A executed by Banco Santander and IBM Chile, for the term that is deemed relevant in accordance with the guidelines of the Executive Administration of the Bank and in accordance with the requirements established by the Authority in Chile.
In the event that, for reasons attributable to Produban, the Bank decides to take or not to use the contracted service, this contract shall be rendered null and void ipso facto. In such a case, Produban must return to the Bank the down payment in an amount equivalent to the proportion of the period from January 1, 2008 and the month in which the contract is terminated, to the total number of months included in the contract term specified in Clause Fourteen of this contract. For these purposes the fact that the SBIF does not authorize the operation or contracting of the services contracted in this document shall be attributed to Produban.
The down payment referenced herein shall enter into force as of the date on which the contracted service is put into production, understanding the placement into production to be the date on which the daily processing of data is begun to be provided from the facilities of the Vendor in Spain.
Recurring service payment:
The recurring service that the Customer contracts in its entry, shall be equivalent to having processing capacity of 6,000 MIPs, 36 TB and a set of machinery that is detailed in the corresponding inventory, which shall later be an appendix to this contract.
The schedule of payments for the provision of the “BSS Data Processing Service” during the period between January 1, 2008 and December 31, 2017, shall be as follows:
Payment for recurring service, 2008: 11,375,000 €
Payment for recurring service, 2009: 11,704,875 €
Payment for recurring service, 2010: 12,044,316 €
Payment for recurring service, 2010: 12,393,602 €
Bandera 140 – Tel.: (562) 320-2000 – Santiago – www.santander.cl | 6/8 |
[FIPO translation from Spanish original]
| [Logo] Santander | | Renewal Appendix BS Santiago – Produban 200701469 VI |
Payment for recurring service, 2012: 12,753,016 €
Payment for recurring service, 2013: 13,122,853 €
Payment for recurring service, 2014: 13,503,416 €
Payment for recurring service, 2015: 13,895,015 €
Payment for recurring service, 2016: 14,297,971 €
Payment for recurring service, 2017: 14,712,612 €
Which amounts include an annual correction of 2.9%.
The amounts indicated above shall be subject to an annual reduction for disbursements incurred by the Customer locally, for implementation of the service. The reduction applied by ear shall be as follows:
Reduction for 2008: 1,050,000 €
Reduction for 2009: 1,050,000 €
Reduction for 2010: 1,050,000 €
Reduction for 2011: 1,050,000 €
Reduction for 2012: 1,050,000 €
Early termination of the contract
Furthermore, the amounts that the Customer must pay in the event of rescission of the contract, per the provisions of the contract referenced in Clause I of this Appendix VI, in Clauses Six and Fourteen, as amended and expanded by this Appendix, shall be as follows:
Amount payable in the event of rescission in 2009: 18,238,000 €
Amount payable in the event of rescission in 2010: 17,092,000 €
Amount payable in the event of rescission in 2011: 15,860,000 €
Amount payable in the event of rescission in 2012: 13,794,000 €
Amount payable in the event of rescission in 2013: 11,101,000 €
Amount payable in the event of rescission in 2014: 9,262,000 €
Amount payable in the event of rescission in 2015: 7,234,000 €
Amount payable in the event of rescission in 2016: 5,016,000 €
Amount payable in the event of rescission in 2017: 2,605,000 €
The sole fact of paying the amounts for Early Termination of the Contract shall entitle the Customer to ownership of the technological equipment used for the provision of this service as of the date of the early termination.
Efficiencies of the Contract Cost
The parties agree that, together with the annual revision of the contract price specified in Clause Six of the Contract, which has been updated in this appendix, an annual contract cost efficiency plan shall be established. The vendor agrees to pass on to the customer any savings obtained in the production cost. any savings obtained must offset increases incurred for increasing MIPs, storage capacity and increased communications costs, with a minimum goal of obtaining a 2.9% reduction in costs.
Bandera 140 – Tel.: (562) 320-2000 – Santiago – www.santander.cl | 7/8 |
[FIPO translation from Spanish original]
| [Logo] Santander | | Renewal Appendix BS Santiago – Produban 200701469 VI |
Billing shall be monthly. To this end, the Vendor shall submit the corresponding invoice within the first five (5) business days of the month in course, adding the applicable VAT, and the other applicable taxes and other costs and expenses that may arise from the provision of the service shall be for its own account. The parties agree that payment shall be made monthly within the first five (5) business days of each moth as of the date of execution of the contract, by bank transfer to the current account specified for this purpose.
Notwithstanding the foregoing, this new method of payment shall not assume, in any case, the approval or conformity of the paid invoice, so that in the event that a decrease in the quality of the services rendered is observed, and if any type of incident occurs in relation to the submitted invoice, it shall be handled by a Work Group established for this purpose, which shall be comprised of the following members:
• Representative of the Vendor
• Representative of the Customer
• Representative of the Comptroller’s Office at Produban
• Representative of the Comptroller’s Office at Banco Santander Chile.
This price shall include the amounts of the various technological services that PRODUBAN provides to the Customer, agreed upon at the appropriate time by the parties and that are specified in the appendices “Customized Relationship Model,” Service Catalog” and “Level of Service Agreement.” These appendices shall remain in effect, and shall be subject to the modifications agreed upon by the parties.
This price SHALL NOT include any amounts receivable by PRODUBAN for projects requested by the Customer or those that are requested after the execution of this document, and that will be detailed in Appendices to this Set of Financial Terms, together with the documentation corresponding to each project.
For all matters not expressly provided for in this Appendix and that are applicable to the service rendered, the provisions of the contract specified at the beginning of this document shall be applicable, of which this document is an integral and inseparable part. This agreement does not entail any novation of the primary contract, except in regards to the express amendments contained herein.
In witness whereof, the parties have set their hand hereto, in two original counterparts, at the location and on the date specified above.
| | | | | |
/s/ Francisco Javier del Valle Garrido | | | /s/ Juan Fernández Fernández | |
| Produban, Servicios Informáticos Generales, S.L. | | | Banco Santander – Chile | |
| Francisco Javier del Valle Garrido | | | Juan Fernández Fernández | |
| | | | | |
By power of attorney | | | By power of attorney | |
| | | | | |
| | | | /s/ César Naranjo Ramirez | |
| | | | Banco Santander – Chile | |
| | | | César Naranjo Ramirez | |
| | | | | |
| | | By power of attorney | |
Bandera 140 – Tel.: (562) 320-2000 – Santiago – www.santander.cl | 8/8 |
