Managed Services – Terms & Conditions – Alliance Business Technologies

Terms and Conditions

5 . Third Party Software and Third-Pary Services

8 . Intellectual Property Rights

16 . Personal Property Securities Act

Schedule 1 – Order Form Summary

Schedule 2 – Service Level Targets

Schedule 3 – Change/Project Management

Schedule 4 – Managed Support Services – Service Definitions

Schedule 5 – Managed Security Services – Service Definitions

Schedule 6 – Data Security Incident Remediation

1. Agreement

These Terms and Conditions together with the attached Schedules and the Order (collectively, the Agreement) set out the terms and conditions which govern the provision of the Services by ABTechnologies to Customer. If there is an inconsistency between the various parts of the Agreement, the following order of precedence will apply to the extent of the inconsistency:

these Terms and Conditions;
the Schedules; and
the Order.

2. Term and Exclusivity

2.1 Term

This Agreement commences on the Commencement Date and continues for the initial term (if any) specified in the Order, following which it will automatically extend for the renewal period specified in the Order unless it is terminated in accordance with clause 13 (the Term).
If no initial term is specified in the Order, the Agreement will proceed on a month-to-month basis unless it is terminated in accordance with clause 13.

2.2 Exclusivity

Customer must not engage, or enter into an agreement to engage, another supplier of services which are the same as or similar to the Services during the Term without ABTechnologies’ prior written approval.
ABTechnologies provides the Services to Customer on a non-exclusive basis. Nothing in this Agreement prevents the ABTechnologies from providing, or entering into an agreement to provide, services which are the same as or similar to the Services to any third party.

3. Provision of Services

3.1 General

ABTechnologies will:
1. use the reasonable care and skill that can be expected from a competent service provider in providing the Services to Customer in accordance with the Service Levels;
2. retain sufficient and appropriately qualified and experienced Personnel to provide the Services; and
3. use its best endeavours to meet the targeted response times and targeted resolution times for applicable Services based on the agreed Service Levels specified in, Schedule 2 – Service Level Agreement.
Customer acknowledges and agrees that:
1. the Services or components of the Services may be performed via third parties, including telecommunications and internet service providers;
2. outages, performance degradations or unavailability attributable to such third parties are beyond the control of ABTechnologies and may impact ABTechnologies’ ability to provide the Services in accordance with the Service Levels; and
3. ABTechnologies will take all reasonable steps to ensure that such third parties comply with the availability requirements of this Agreement.
ABTechnologies may subcontract the performance of all or part of the Services. ABTechnologies will remain responsible for the provision of any subcontracted Services.

3.2 Scheduled maintenance

If scheduled maintenance is to be carried out, such maintenance will be performed during the times specified in the Order (Maintenance Window). If the scheduled maintenance is unable to be completed within the Maintenance Window, ABTechnologies will promptly notify Customer. If emergency maintenance is required, subject to ABTechnologies providing Customer with prior notice, it may be performed at alternative times to the Maintenance Window.

3.3 On-boarding and Off-boarding assistance

If specified in the Order and prior to the provision of the Services, ABTechnologies will provide the On-boarding Assistance.
If specified in the Order and prior to the end of the Term, ABTechnologies will provide Customer with Off-boarding Assistance.
ABTechnologies will advise Customer on the on-boarding and/or off-boarding timeframes applicable to Customer. Customer acknowledges that ABTechnologies’ timeframes to on-board and/or off-board Customer are dependent on several factors, including the Customer Environment and the number of End Users.

3.4 Material Changes

Customer acknowledges and agrees that ABTechnologies, acting reasonably, may vary the terms of this Agreement and/or the Fees if the number of End Users increases or decreases and/or the Customer Environment changes materially, or if Customer wishes to make a Change Request as specified in Schedule 3 (Material Change).
Customer will advise ABTechnologies in writing if it wishes to make a Material Change. Unless otherwise agreed by the Parties, a Material Change will be effective from the beginning of the next calendar month following acceptance of the Material Change by ABTechnologies.
If ABTechnologies does not agree to the proposed Material Change, it will notify Customer in writing within a reasonable time of the request being made, not exceeding 14 days.
If Customer does not agree with a variation to the terms of the Agreement and/or the Fees made under clause 3.4(a):
1. Customer must provide notice to ABTechnologies within two Business Days that it does not agree to the variation; and
2. the Parties will discuss the variation in good faith within three Business Days of the date on which ABTechnologies receives the notice from Customer with a view to reaching an agreement as to the variation and, if an agreement cannot be reached on the date of the discussion, either Party may terminate the Agreement in accordance with clause 13.1 and no variation will be made to this Agreement.

3.5 Project Based Work

This clause applies to the extent that Customer requests project-based work, including but not limited to:
1. new hardware installation, data migrations and company relocations, in the Order; and
2. Infrastructure Projects and BAU Projects as specified in Schedule 3, (collectively, Project Based Work).
Where specified in the Order, ABTechnologies will provide the Project Based Work to Customer.
Project Based Work will be charged on either a time and materials basis in accordance with ABTechnologies standard rates or on a fixed fee basis, as advised by ABTechnologies to Customer.

4. Software and Equipment

4.1 General obligations, access, and rights

Customer acknowledges that all title in and to any Software or Equipment, for example anti-virus licences, backup licences, managed firewalls or ABTechnologies servers, used by ABTechnologies in connection with the provision of the Services remain at all times with ABTechnologies.
Customer acknowledges and agrees that its access to and use of Software may be governed by third party licence terms and Customer is solely responsible for its compliance with such third-party licence terms.
The Equipment will only be affixed to the Site if it is reasonably necessary for its ordinary use. If the Equipment is attached to the Site, the Equipment does not become a fixture and ABTechnologies can still remove the Equipment in accordance with this Agreement.
Customer must not part with possession of the Equipment without the prior written consent of ABTechnologies.
Customer must:
1. properly operate any Equipment in accordance with the reasonable requirements and instructions of ABTechnologies;
2. ensure the Equipment is maintained in substantially good repair and condition during the Term; and
3. ensure the Equipment does not damage, hinder or unduly interfere with any other third party or their equipment.
Subject to any negligent act or omission of ABTechnologies and to the extent permitted by any applicable Laws, Customer remains solely responsible and liable for its access and use of its own equipment and software (Customer Equipment) and indemnifies ABTechnologies against all Claims, losses, liabilities, damage, and injury incurred by Customer, ABTechnologies or any third party by or as a result of use of such Customer Equipment.

4.2 Procurement and sale of Hardware

This clause applies to the extent ABTechnologies supplies Hardware to Customer under the Order. The supply of Hardware is independent of the provision of Services and must be specified in the Order.
Risk in the Hardware passes to Customer immediately on delivery of Hardware to the Site, and title to the Hardware passes to Customer when the Fees have been paid in full to ABTechnologies. Customer must pay the Fees in respect of the Hardware in advance and prior to delivery, unless otherwise agreed in the Order.
Customer must not do anything to affect ownership of the Hardware unless or until title has passed to Customer.
Subject to the payment of the applicable Fees, where Customer requests installation of the Hardware, ABTechnologies agrees to ensure the Hardware is installed and operational, in accordance with the Operating Manuals, at the Site and to install the Hardware on or before the installation date agreed between the Parties during Customer’s normal business hours.
The Hardware will be deemed to have been accepted by Customer on the earlier of the date which is five (5) Business Days after delivery of the Hardware to the Site and the execution of the Customer Acceptance Form. Upon installation of the Hardware, Customer will sign a further Customer Acceptance Form, which will be evidence Customer has accepted installation of the Hardware.
Customer must obtain and maintain all necessary consents, permits, licences, registrations and approvals from any Government, body corporate, landlord or entity for the Hardware to be installed, used, hired, maintained, upgraded, inspected and/or accessed at the Site by ABTechnologies or its Personnel.
Subject to clause 11, Customer acknowledges and agrees that ABTechnologies makes no representations and gives no warranties in respect of Hardware, including that the Hardware is fit for any particular purpose.

5. Third Party Software and Third-Party Services

5.1 Third Party Software

This clause applies to the extent that Customer purchases Third Party Software in connection with this Agreement. The supply of Third-Party Software is independent of the provision of Services and must be specified in the Order.
Where ABTechnologies supplies Third Party Software to Customer, Customer acknowledges and agrees that its access to and use of such Third-Party Software is governed by the third-party licence terms between Customer and the licensor (Third Party Licence Terms) and Customer is solely responsible for its compliance with such Third-Party Licence Terms.
Subject to clause 11, Customer acknowledges and agrees that ABTechnologies makes no representations and gives no warranties in respect of the Third-Party Software, including that the Third-Party Software is fit for any particular purpose.

5.2 Third Party Services

This clause applies to the extent ABTechnologies supplies Third Party Services to Customer under the Order. The supply of Third-Party Services is independent of the provision of Services and must be specified in the Order.
Third Party Services may be subject to additional terms and conditions as specified from time to time (Third Party Service Terms) and Customer acknowledges and agrees that its access to and use of any Third-Party Services may be governed by such Third-Party Service Terms.
If Customer requests ABTechnologies to provide services outside the scope of the Third-Party Services, ABTechnologies may provide it in accordance with the rates applicable at the time of Customer’s request.

6. Customer obligations

6.1 General

Customer agrees and undertakes to:
1. do all things necessary to enable ABTechnologies to perform its obligations under this Agreement including performing any works, providing any equipment or connecting any services as reasonably required by ABTechnologies from time to time;
2. provide ABTechnologies and its Personnel with access to the Site and Customer’s Personnel as and when reasonably requested by ABTechnologies;
3. comply with all Laws applicable to the Site including occupational health and safety laws;
4. comply with all data retention Laws applicable to Customer;
5. provide ABTechnologies with all information and documentation as reasonably requested by, or as otherwise necessary for ABTechnologies;
6. use reasonable security precautions in connection with its use of the Services;
7. co-operate with ABTechnologies’ reasonable investigations of outages, security problems and any suspected breach of this Agreement;
8. keep the contact and other account information that ABTechnologies holds about it up-to-date;
9. not use or attempt to use the Services for any activity which breaches any Law, order, regulation or industry code of practice;
10. not distribute, store or publish any content or material that is restricted, illegal or otherwise unlawful under any applicable Law, or which is likely to be offensive or obscene to a reasonable person; and
11. not interfere or attempt to interfere in any manner with the functionality or proper operation of the Services.
Customer must implement and incorporate any recommended changes in respect of the Customer Environment which ABTechnologies reasonably requires to ensure the effective and timely provision of the Services (Recommendations).

6.2 Site and access requirements

Customer must:

at its own expense and in accordance with the reasonable directions and specifications of ABTechnologies and its suppliers, prepare and provide access to the Site prior to the supply of the Services;
ensure that the Site is maintained in good working repair and condition;
ensure the supply of adequate electric current and electrical and mechanical fittings at the Site;
ensure existing building connection frames, cables and sockets are in good working order; and
allow ABTechnologies Personnel to access its Site, facilities, and specified equipment to perform its obligations under this Agreement, as and when reasonably requested by ABTechnologies.

7. Fees and Payment

7.1 Fees

Customer will pay the Fees which are specified and invoiced by ABTechnologies in accordance with the Order.
Without limiting clause 3.4, the Parties agree that the Fees will increase each year on July 1 by the greater of:
1. the CPI rate; or
2. a percentage specified in the Order.
During the Term and in addition to its rights under clause 7.1(c), ABTechnologies may increase the Fees on written notice to Customer as follows:
1. following any increase in the costs of providing the Services as result of any change or increase in costs passed on by any third-party suppliers. Any increase in Fees under this clause must be done on a cost pass through basis and must not exceed the increase applied by the third-party suppliers. Where able to do so, on request, Supplier will provide Customer with reasonable written evidence verifying the thirdparty supplier’s increase; and
2. following any material increase in the costs of providing the Services as a result of any change or increase in the costs of labour, insurance, or such other internal cost to Supplier. Any increase in Fees under this clause must be done on a cost pass through basis where possible having regard to the actual increase in the costs of providing the Services.

7.2 Invoicing and payment

ABTechnologies will issue invoices for the Fees in accordance with the Order and Customer must pay all undisputed invoices within 30 days from the date of invoice, unless otherwise specified in the Order.
If Customer disputes in good faith any amount on an invoice provided by ABTechnologies, then Customer is not obligated to pay the disputed amount until the dispute is resolved but must pay all other undisputed amounts. Any disputed invoice will be resolved in accordance with clause 14.
Subject to clause 7.2(b), if Customer fails to pay any Fees by the due date, ABTechnologies may charge interest on the outstanding Fees or any other monies due and unpaid by Customer, until such time as Customer has paid in full, the outstanding amount and any interest accrued on the outstanding amount, and Customer will pay to ABTechnologies any reasonable costs incurred by ABTechnologies in relation to collection of any amounts owing.

7.3 Taxes

The Fees are exclusive of GST, and where applicable, GST and other taxes, duties or levies will be added to the Fees payable at the then prevailing rate.

8. Intellectual Property Rights

Customer acknowledges that ABTechnologies and its licensors own or are entitled to all right, title to and interest including all Intellectual Property Rights in the Services and any documentation supplied by ABTechnologies to Customer in connection with the Services.
Nothing in this Agreement transfers ownership of the Intellectual Property Rights subsisting in the Services and related documentation except as expressly permitted by the terms of this Agreement.

9. Privacy

9.1 Personal Information

If the performance of rights and obligations under this Agreement involves the handling of any Personal Information, then each Party must:

comply with all applicable provisions of the Privacy Act;
comply with all reasonable requests or directions of the other Party in connection with an obligation of the other Party under the Privacy Act;
use the Personal Information only for the purposes of performing its obligations under this Agreement;
not transfer that Personal Information outside of Australia or allow persons outside of Australia to have access to that Personal Information, unless the other Party has consented in writing to such transfer or access;
take all necessary steps to ensure that such Personal Information is protected against misuse, loss and unauthorised access; and
without undue delay, notify the other Party if it becomes aware of a breach of any applicable privacy laws in connection with this Agreement.

9.2 Eligible Data Breach

Promptly, and no later than 7 days upon becoming aware of an actual or suspected Cyber Breach, in relation to the Customer Environment, Customer will:
1. immediately investigate, or procure the investigation of, the Cyber Breach;
2. assess if the Cyber Breach constitutes an Eligible Data Breach and notify ABTechnologies of the following:
  1. the reasons why Customer considers that a reasonable person would or would not conclude that the Cyber Breach is an Eligible Data Breach;
  2. whether Customer will make any statements to the affected individuals and the Office of the Australian Information Commissioner; and
  3. where there are reasonable grounds to conclude that the Cyber Breach constitutes an Eligible Data Breach, prepare statements in accordance with section 26WK of Part IIIC of the Privacy Act and make statements to the affected individuals and the Office of the Australian Information Commissioner to notify them of the Cyber Breach.
On receipt of a notification under clause 9.2(a)(ii) that Customer will not be issuing any statements to the affected individuals and the Office of the Australian Information Commissioner, ABTechnologies may:
1. immediately investigate, or procure the investigation of, the Cyber Breach;
2. assess if the Cyber Breach constitutes an Eligible Data Breach; and
3. if ABTechnologies considers that there are reasonable grounds to conclude that the Cyber Breach constitutes an Eligible Data Breach, ABTechnologies will:
  1. notify Customer of the reasons why ABTechnologies considers that a reasonable person would conclude that the Cyber Breach is an Eligible Data Breach; and
  2. prepare statements in accordance with section 26WK of Part IIIC of the Privacy Act and issue the statements to the affected individuals and the Office of the Australian Information Commissioner of the Cyber Breach on behalf of itself and Customer.
Customer will reimburse ABTechnologies on demand for all reasonable costs incurred by ABTechnologies under this clause 9.2.

10. Confidentiality

10.1 Treatment of Confidential Information

Each Party acknowledges that the Confidential Information of the other Party is valuable to the other Party. Each Party undertakes to keep the Confidential Information of the other Party secret and to protect and preserve the confidential nature and secrecy of the Confidential Information of the other Party.

10.2 Use of Confidential Information

A Recipient may only use the Confidential Information of the Discloser for the purposes of performing the Recipient’s obligations or exercising the Recipient’s rights under this Agreement.

10.3 Disclosure of Confidential Information

A Recipient may not disclose Confidential Information of the Discloser to any person except:

representatives, legal advisers, auditors and other consultants of the Recipient who require it for the purposes of performing its obligations or exercising its rights under this Agreement and then only on a need-to-know basis; or
if required to do so by Law or a stock exchange.

10.4 Return of Confidential Information

Upon the expiry or termination of this Agreement, the Recipient must promptly deliver to the Discloser all documents or other materials containing or referring to the Discloser’s Confidential Information which are in the Recipient’s possession, power or control or in the possession power or control of persons who have received the Confidential Information from the Recipient under clause 10.3.

11. Warranties

11.1 Supplier warranties

ABTechnologies’ goods and services come with guarantees that cannot be excluded under the Australian Consumer Law. For major failures with the service, Customer is entitled:
1. to cancel its service contract with ABTechnologies; and
2. to a refund for the unused portion, or to compensation for its reduced value.
Customer is also entitled to choose a refund or replacement for major failures with goods. If a failure with the goods or a service does not amount to a major failure, Customer is entitled to have the failure rectified in a reasonable time. If this is not done Customer is entitled to a refund for the goods and to cancel the contract for the service and obtain a refund of any unused portion. Customer is also entitled to be compensated for any other reasonably foreseeable loss or damage from a failure in the goods or service.
To the extent permitted by Law and subject to this clause 11, ABTechnologies excludes all conditions, warranties and terms not expressly set out in this Agreement. Where applicable Law provides any consumer guarantee, condition or warranty which cannot be excluded, ABTechnologies’ liability for any breach of such consumer guarantee, condition or warranty will be limited to the extent permitted by applicable Law to, at its option to the provision of the entitlements set out in clauses 11.1(a) or 11.1(b).

11.2 Customer warranties

Customer warrants that:

it owns the rights or has the right to use any software, hardware, systems, IP addresses, domain names and all other items in the Customer Environment; and
the Customer Environment is in good working order, and it has sole responsibility for the availability and integrity of the Customer Environment.
it will:
1. take all reasonable precautions to safeguard its business and specifically its Customer Environment, the Software and Equipment and all applicable software hardware and data to minimise any loss or disruption, including (as applicable implementing effective audit control, firewalls, virus checking controls, data security measures and appropriate data and software back-ups; and
2. comply with ABTechnologies’ or the applicable vendor’s written instructions for the access and use of all Software and Equipment used within the Customer Environment.

12. Liability

12.1 Limitation on liability

To the extent that the ABTechnologies is not permitted to lawfully exclude its liability under clause 12.6, this clause 12.1 will apply.
To the extent permitted by Law, ABTechnologies’ total aggregate liability whether in tort (including negligence), contract, breach of statutory duty, misrepresentation, restitution or otherwise, is limited to:
1. where less than 12 months has elapsed since the Commencement Date, the Fees payable under this Agreement in the 12 months following the Commencement Date; or
2. where more than 12 months has elapsed since the Commencement Date, the Fees paid under this Agreement in the immediately preceding 12-month period.
To the extent permitted by Law, ABTechnologies is not responsible for any loss or damage incurred by Customer or any third party and Customer releases ABTechnologies and its Personnel from all Claims in connection with:
1. a Cyber Breach, irrespective of whether caused or contributed to by ABTechnologies or its Personnel, including but not limited to, any statutory fines or penalties;
2. Customer’s failure to comply with its obligations or warranties under clause 11.2 (including Customer’s failure to implement any Recommendation); or
3. a third party’s failure to comply with its obligations to Customer, including under any Third-Party Licence Terms, Third Party Service Terms or any other terms entered into by a Customer and the relevant third party.
Unless otherwise specified in an Order, ABTechnologies’ only obligation arising from a Cyber Breach is to attempt the restoration of such Customer Data to the last available backup.

12.2 No consequential loss

To the extent permitted by law, neither Party is liable whether in tort (including for negligence), contract, breach of statutory duty, misrepresentation, restitution or otherwise for indirect loss of profits, loss of business, depletion of goodwill, loss or corruption of data or information, or pure economic loss, or for any other special, indirect, or consequential loss, costs, damages, charges or expenses however arising under this Agreement.

12.3 Proportionate liability

A Party’s liability under this Agreement will be reduced to the extent that the other Party caused or contributed to the relevant liability or the act giving rise to the liability.

12.4 Avoiding or minimising loss

A Party which incurs a loss under this Agreement must take reasonable steps to avoid or minimise the loss.

12.5 Indemnity

To the extent permitted by Law, ABTechnologies agrees to indemnify the Customer against any and all Claims arising out of:
1. a Claim by a third party that the Services infringe the Intellectual Property Rights of that third party;
2. death or personal injury; and
3. damage to tangible or real property.
Clause 12.5(a) will not apply to the extent the infringement is caused by:
1. Customer failing to promptly provide ABTechnologies with written notice of such a Claim against Customer;
2. Customer failing to give ABTechnologies sole control of the defence and settlement of such a Claim against Customer; or
3. Customer failing to provide ABTechnologies with all reasonable assistance in relation to the defence and settlement of such a Claim.
To the extent permitted by Law, Customer indemnifies ABTechnologies, and will keep ABTechnologies indemnified, from and against any Claims that ABTechnologies suffers, incurs or is liable for, whether or not contemplated by the Parties, as a result of any:
1. material breach of this Agreement by Customer;
2. loss of, or damage to, any property caused by any act or omission of Customer or Customer’s Personnel, including through negligence;
3. personal injury (including sickness or death) caused by an act or omission of Customer or Customer’s Personnel, including through negligence;
4. all Claims, arising from or in connection with a Cyber Breach caused or contributed to by Customer or its Personnel;
5. fraud, criminal offence or wilful misconduct by Customer or Customer’s Personnel; and
6. Claims by Customer or a third party against ABTechnologies arising because of any act or omission of Customer in connection with this Agreement, except to the extent that the Claim arises because of ABTechnologies’ negligence or breach of this Agreement.
If a Claim is made by a party alleging Customer’s access or use of the Services infringes that party’s Intellectual Property Rights, ABTechnologies will, at its option either:
1. modify or replace the Services so that they become non-infringing; or
2. procure for Customer the right to continue using the Services.

12.6 Exclusions from liability

To the extent permitted by Law, ABTechnologies will not be liable for loss (including under a warranty or indemnity) suffered by Customer, or failure to provide the Services, to the extent caused or contributed to by any of the following:

a use of the Services in combination with materials or services not supplied to Customer by ABTechnologies. To avoid doubt, Customer will be liable for any loss suffered or incurred by Customer as a result of materials or services it procures or performs itself, or acquires from a third party;
a use of the Services in breach of this Agreement;
operation or use of any Software, Hardware or Equipment supplied under the Agreement other than in accordance with the recommended operating procedures and relevant user documentation or in accordance with normal business use and requirements;
faults, malfunction or defect in any Third-Party Software or Third Party Services; or
telecommunications or power failure or fault or defective network or internet connection affecting Customer or affecting ABTechnologies provided that ABTechnologies is unable to reasonably mitigate through its business continuity and disaster plan.

13. Termination

13.1 Termination for convenience

Either Party may terminate this Agreement for convenience by giving the other Party not less than 90 days’ written notice.

13.2 Termination for cause

This Agreement may be terminated at any time during the Term immediately by a Party if the other Party:
1. is in material breach of any of its obligations under this Agreement and it has not rectified the breach within 30 Business Days from receiving written notice requiring it to do so;
2. is no longer able to perform its obligations under this Agreement due to a change in Law which prevents a Party from performing its obligations under this Agreement; or
3. suffers an Insolvency Event.
Without limiting clause 13.2(a), ABTechnologies may terminate this Agreement or suspend the Services if Customer fails to make payment and has not rectified the non-payment within 7 Business Days from receiving written notice requiring it to do so.

13.3 Consequences of termination

Upon termination of this Agreement in accordance with this clause 13:

where Customer terminates this Agreement under clause 13.1, Customer agrees to pay for any costs or expenses (including any pre-paid subscriptions, Hardware purchases and licences) incurred directly under this Agreement by ABTechnologies as a result of such early termination;
all amounts due and payable to ABTechnologies, whether or not invoiced, including any Fees for Services provided up to the date of termination, as at the date of termination become a debt due and payable on the effective date of termination;
each Party must promptly return or destroy the other Party’s Confidential Information, as directed by the other Party; and
if this Agreement is terminated by Customer in accordance with clause 13.1 or clause 13.2, ABTechnlogies will promptly provide an overview of currently registered configuration items, a network diagram and any available administrative credentials previously made known to ABTechnologies.

13.4 Non-solicitation

Each Party agrees not to directly or indirectly solicit, recruit or make an offer of employment to the Personnel of the other Party during the Term and for a period of three (3) months following expiration or termination of the Agreement.

13.5 Survival of rights

Termination of this Agreement does not affect the rights of a Party which have accrued up to the date of such termination.

14. Dispute Resolution

14.1 Dispute Notice

If any dispute or difference arises between the Parties with respect to the construction, effect or operation of this Agreement, or with respect to any matter connected with this Agreement or arising out of it (a Dispute), the Parties must take the following steps to attempt to resolve the Dispute:

either Party may serve a written notice on the other Party stating the nature of the Dispute and invoking the dispute resolution process set out in this clause 14 (a Dispute Notice); and
the Parties’ respective Authorised Officers must meet within 10 Business Days after the date of the receipt of the Dispute Notice, or such other period as the Parties agree in writing and negotiate in good faith to resolve the Dispute.

14.2 Mediation

lf the Dispute is not resolved in accordance with this clause 14 within 20 Business Days of the date of the Dispute Notice, or such other period as the Parties agree in writing, the Dispute will be referred to mediation in accordance with the Mediation Rules of the Resolution Institute (ACN 008 651 232) (Resolution Institute). Such mediation will be conducted by a mediator who is independent of and appointed by agreement of the Parties or failing agreement within seven days of receiving either Party’s notice of dispute, by a mediator appointed by the Chair of the Resolution Institute or the Chair’s designated representative. The Parties will equally share all the costs of the mediation, including without limitation any fees charged by the mediator.

14.3 Arbitration

If the Dispute is not settled within 20 Business Days of referral to mediation in accordance with clause 14.2 (unless such period is extended by agreement of the Parties), it will be and is hereby submitted to arbitration in accordance with Arbitration Rules of the Resolution Institute. Unless the parties agree upon an arbitrator, either Party may request a nomination from the Chair of Resolution Institute. The Parties will equally share all the costs of the arbitration, including without limitation any fees charged by the arbitrator.

14.4 Commencing proceedings

Other than proceedings for urgent interlocutory relief, a Party may not commence or maintain any proceedings in any court with respect to a Dispute unless and until that Party has complied with the procedures in this clause 14.

15. Insurance

15.1 Insurance Requirements

Each Party must procure and maintain all necessary or prudent insurance policies in relation to its obligations under this Agreement, including but not limited to:

workers compensation insurance, as required by Law;
public and product liability insurance, with a limit, appropriate to the internal risk assessment of each Party.
professional indemnity insurance, with a limit, appropriate to the internal risk assessment of each Party.
cyber insurance, with a limit, appropriate to the internal risk assessment of each Party.

15.2 Certificates of Insurance

A Party may reasonably request certificates of insurance as evidence that the other Party is in compliance with clause 15.1 and that other Party must provide the relevant certificates within 30 days of receiving such a request.

16. Personal Property Securities Act

Customer acknowledges that ABTechnologies’ interest under this Agreement is a Security Interest for the purposes of the PPSA and:
1. that Security Interest relates to the Equipment and all proceeds of any kind; and
2. this Agreement is a security agreement for the purposes of the PPSA.this Agreement is a security agreement for the purposes of the PPSA.
Customer consents to ABTechnologies effecting a registration on the PPSA (in any manner ABTechnologies considers appropriate) in relation to any Security Interest arising under or in connection with this Agreement.
If required by ABTechnologies, Customer must pay all costs associated with the registration, maintenance, and withdrawal of any Security Interest on the PPSR which secures Customer’s obligations under any agreement with ABTechnologies.
Customer waives its right to receive any notice under the PPSA (including notice of a verification statement) unless the notice is required by the PPSA and cannot be excluded.
Customer must do all things (including signing any document) and provide all information necessary to enable ABTechnologies to perfect and maintain the perfection of any and each Security Interest granted to ABTechnologies by Customer.
For the purposes of this clause 16, Customer irrevocably appoints ABTechnologies to be its attorney with power to do all things necessary or expedient including entering into any documents deemed necessary by it to give effect to Customer’s obligations under this Agreement.
If Chapter 4 of the PPSA applies to the enforcement of a Security Interest arising under or in connection with this Agreement, Customer agrees the following provisions of the PPSA will not apply to the enforcement of that Security Interest:
1. section 95 (Secured party must give notice of removal of accession), to the extent that it requires ABTechnologies to give Customer a notice;
2. section 96 (When a person with an interest in the whole may retain accession);
3. subsection 121(4) (Enforcement of security interests in liquid assets – notice to higher priority parties and grantor);
4. section 125 (Obligation to dispose of or retain collateral);
5. section 130 (Notice of disposal of collateral), to the extent that it requires ABTechnologies to give Customer a notice;
6. paragraph 132(3)(d) (Secured party to give statement of account – statement of account following disposal);
7. subsection 132(4) (Secured party to give statement of account – statement of account if no disposal);
8. section 142 (Entitled persons may redeem collateral); and
9. section 143 (Entitled persons may reinstate security agreement).
Where a person is a controller in relation to the Equipment, the Parties agree that Part 4.3 of the PPSA will not apply to the enforcement of any Security Interest in the Equipment by that controller.
Notices or documents required or permitted to be given to Customer for the purposes of the PPSA must be given in accordance with the PPSA.

17. General

17.1 Force Majeure

Neither Party will be liable to the other for any delay or failure to perform its obligations under this Agreement as a result of a Force Majeure Event.
If a Force Majeure Event arises:
1. the affected Party must notify the other Party of the extent to which the affected Party is unable to perform its obligations;
2. the affected Party will use its reasonable endeavours to mitigate the effect of the Force Majeure Event; and
3. the affected Party will not be liable to the other Party for any Claim the other Party suffers or incurs as a result of that Force Majeure Event.
A Force Majeure Event does not relieve a Party from liability for an obligation which arose before the occurrence of that event, nor does that event affect the obligation to pay money in a timely manner.
If the Force Majeure Event continues for a period of more than 30 days, either Party may terminate this Agreement by written notice to the other Party.

17.2 Notices

Any notice given in connection with this Agreement must be in legible writing and must be addressed to a Party and either hand delivered to or sent by post to the relevant address or emailed to the relevant email address, as set out in Item 2 of the Agreement Details. A notice is taken to have been given:

in the case of being hand delivered, on the date on which it is delivered;
in the case of being sent by post, on the fifth (ninth if sent to an address in another country) day after the date of posting; or
in the case of delivery by email, at the time sent, unless the sender is notified, by a system or person involved in the delivery of the email, that the email was not successfully sent.

17.3 Governing Law

This Agreement is governed by the laws of Queensland, Australia. Each Party submits to the non-exclusive jurisdiction of the courts of Queensland and its appellate courts.

17.4 Counterparts

This Agreement may be executed in any number of counterparts, all of which taken together are deemed to constitute the same Agreement.

17.5 Waiver

A provision of this Agreement or a right created under it, may not be waived or varied except in writing, signed by the Party or Parties to be bound.

17.6 Costs

Each Party musty bear its own costs arising out of the negotiation, preparation and execution of this
Agreement.

17.7 Severability

If any part or provision of this Agreement is judged invalid or unenforceable in a jurisdiction, it is severed for that jurisdiction, and the remainder of this Agreement will continue to operate in full force.

17.8 Assignment and novation

Customer may not assign or transfer its rights and obligations under this Agreement without the prior written consent of ABTechnologies. ABTechnologies may assign, transfer or novate its rights and obligations under this Agreement without the prior written consent of Customer.

17.9 Remedies

The rights of a Party under this Agreement are cumulative and not exclusive of any rights provided by Law.

17.10 Amendments

Any amendment to this Agreement has no force or effect, unless effected by a document executed by the Parties.

17.11 Survival

Clauses 1, 6, 7, 8, 10, 10, 12, 13, 14, 15, 16, 17, and 18 survive termination of this Agreement.

17.12 Entire Agreement

This Agreement constitutes the entire agreement between the Parties about its subject-matter and supersedes any previous understandings or agreements on that subject-matter.

17.13 Relationship of the Parties

Nothing in this Agreement is intended to create a partnership, joint venture, or agency relationship between the Parties, and each of the Parties agree that they are entering into this Agreement only as independent contractors.

17.14 Third Parties not entitled to enforce this Agreement

The Parties agree that other than nothing in this Agreement will confer on any Third Party any benefit or any right to enforce any provision of this Agreement.

18. Definitions and interpretation

18.1 Definitions

In this Agreement, unless the context requires otherwise:

Agreement is defined in clause 1;

Agreement Details means the section of this Agreement entitled ‘Agreement Details’;

Authorised Officers means any person who is a director, manager, agent or otherwise entitled to make decisions and give directions on behalf of, and bind, the entity, including entering into contracts, deeds and agreements;

BAU Project is defined in Schedule 3;

Business Day means a day that is not a Saturday, Sunday or public holiday in Queensland, Australia;

Change Request is defined in Schedule 3;

Claim means any claim, notice, demand, action, proceeding, litigation, investigation, judgment, damage, loss, cost, expense or liability however arising, whether present, unascertained, immediate, future or contingent, whether based in contract, tort or statute and whether involving a third party or a Party to this Agreement; Commencement Date means the commencement date of this Agreement, as specified in Item 3 of the Agreement Details;

Confidential Information means all confidential, non-public or proprietary information, regardless of how the information is stored or delivered, exchanged between the Parties, before, on or after the date of this Agreement, relating to the business, products, services, customers or other affairs of the Discloser of the information but does not include information which is in or becomes part of the public domain other than through breach of this Agreement;

Corporations Act means the Corporations Act 2001 (Cth);

Customer Acceptance Form means the form Customer or its agent signs upon the delivery and/or installation of the Hardware;

Customer Data means all data and information relating to Customer, and its operations, facilitates, customers, Personnel, assets and Customer Environment (including Personal Information) in whatever form that information may exist and which:

is supplied or made available by Customer to ABTechnologies;
is created or accessed by or on behalf of ABTechnologies in the course of performing the Services; or
ABTechnologies has access to under this Agreement;

Customer Environment means Customer’s information technology, telecommunications, internet and other relevant infrastructure that interfaces with the Services;

Customer Equipment is defined in clause 4.1(f);

Cyber Breach means any incident in respect of the Customer Environment or Customer Data (including in respect of Personal Information held or stored by ABTechnologies on behalf of Customer) (Data) that results in:

an Eligible Data Breach;
the Data having been misused, interfered with, corrupted or subject to unauthorised access, modification or disclosure;
unauthorised access to the Data, storage device or computer network in which such information is stored;
that Data or the storage device or computer system on which such information is stored being lost or misplaced; or
any part of the Data becoming corrupted, not accessible, incorrectly modified or deleted as a result of loss, unauthorised disclosure or unauthorised access;

Discloser means a discloser of Confidential Information;

Dispute is defined in clause 14.1;

Dispute Notice is defined in clause 14.1;

Eligible Data Breach has the meaning set out in the Privacy Act;

End User means an employee, contractor, business partner or customer of Customer who interacts with or uses the Customer Environment;

Equipment means any equipment, hardware or tools forming part of the Services which are provided by ABTechnologies to Customer;

Fees means the fees payable by Customer for the Services, Hardware, Third Party Software, Thir Party Services Project Based Work, On-boarding Assistance or Off-boarding Assistance as specified in the Order;

Force Majeure Event means an event which is beyond the reasonable control of the party affected, whether foreseeable or otherwise, and which could not have been prevented by the party affected exercising reasonable diligence and includes an act of God, earthquake, cyclone, fire, explosion, flood, landslide, lightning strike, storm, tempest, drought, war or pandemic (declared or undeclared), invasion, act of a foreign enemy, hostilities between nations, civil insurrection, explosion, government intervention, act of public enemy, sabotage, malicious damage, terrorism, civil unrest; contamination by radioactivity from any nuclear waste or from combustion of nuclear fuel, confiscation, requisition, expropriation, prohibition, embargo, damage to property by or under the order of any government authority, strikes at a national level or industrial disputes at a national level, or any failure of the internet or telecommunications services, any failure of public service, absence of transport facilities,
absence of raw material supplies, plant breakdown or failure of plant to perform to expected specifications;

GST has the meaning given in the GST Law;

GST Law has the meaning given in the A New Tax System (Goods and Services Tax) Act 1999 (Cth), and terms used which are not defined in this Agreement, but which are defined in the GST Law, have the meanings given in the GST Law;

Hardware means any hardware which Customer independently procures from ABTechnologies;

Infrastructure Project is defined in Schedule 3;

Intellectual Property Rights means all intellectual property rights including current and future registered and unregistered rights in respect of copyright, designs, circuit layouts, trademarks, trade secrets, know-how, confidential information, patents, invention and discoveries and all other intellectual property as defined in article 2 of the convention establishing the World Intellectual Property Organisation 1967;

Insolvency Event means in respect of a Party, the occurrence of one or more of the following events:

an application or order is made for the winding up or dissolution or a resolution is passed, or any steps are taken to pass a resolution for the winding up or dissolution of the company;
a provisional liquidator, liquidator or person having a similar function under the laws of any relevant jurisdiction is appointed in respect of the company or any action is taken to appoint such a person and the action is not stayed, dismissed or withdrawn within ten (10) Business Days;
the company is deregistered under the Corporations Act or other legislation or notice of its proposed deregistration is given to it; or
anything analogous to or of a similar effect to anything described above under the Laws of any relevant jurisdiction;

Law means any:

law including Commonwealth, State, Territory, local government legislation or any regulations, by-laws, declarations, ministerial directions and other subordinate legislation;
common law;
government or any governmental, semi-governmental, administrative, fiscal or judicial body, department, commission, authority, tribunal, agency or entity requirement or authorisation (including conditions in respect of any authorisation); and
code of conduct, writ, order, injunction or judgment;

Maintenance Window is defined in clause 3.1(c);

Material Change is defined in clause 3.4(a);

Off-boarding Assistance means the off-boarding assistance specified in the Order;

On-boarding Assistance means the on-boarding assistance specified in the Order;

Operating Manual means the documentation that provides instructions on the installation and use of
Hardware;

Order means the order form document in the form of Schedule 1 – Template Order Form that details
the Services to be provided to Customer;

Party means a party to this Agreement and Parties means both of them;

Personal Information has the meaning given in the Privacy Act;

Personnel means in respect of a Party, that Party’s employees, officers, contractors and agents;

PPSA means the Personal Property Securities Act 2009 (Cth) and any regulations made pursuant to it;

PPSR means the Personal Properties Securities Register established pursuant to the PPSA;

Privacy Act means the Privacy Act 1988 (Cth);

Project Based Work is defined in clause 3.5(a);

Recipient means a recipient of Confidential Information;

Recommendations is defined in clause 6.1(b);

Related Body Corporate has the meaning it is given in the Corporations Act;

Security Interest has the same meaning given in the PPSA;

Services means the managed services to be provided by ABTechnologies to Customer, as described in the Order, and any services to be provided pursuant to a Service Request as described in Schedule 3;

Service Level means the service levels in respect of the Services, as set out in Schedule 2 – Service Level Agreement;

Service Request is defined in Schedule 3;

Site means the location for the provision of the Services, as specified in the relevant Order;

Software means any software forming part of the Services which is provided by ABTechnologies to Customer;

Term has the meaning given in clause 2;

Third Party Licence Terms has the meaning given in clause 5.1;

Third Party Software means any software independently procured by Customer from ABTechnologies;

Third Party Services means any services which ABTechnologies resells on behalf of a third party to Customer; and

Third Party Service Terms is defined in clause 5.2.

18.2 Interpretation

The following apply in the interpretation of this Agreement, unless the context otherwise requires:

a reference to any Act, regulation, rule or similar instrument includes any consolidations, amendments or re-enactments of it, any replacements of it, and any regulation or other statutory instrument issued under it;
a reference to the singular includes the plural number and vice versa;
a reference to a gender includes a reference to each gender;
person includes a firm, corporation, body corporate, unincorporated association and a governmental authority;
a reference to a party or a person includes that party’s or person’s executors, legal personal representatives, successors, liquidators, administrators, trustees in bankruptcy and similar officers and, where permitted under this agreement, their substitutes and assigns;
an agreement on the part of, or in favour of, two or more persons binds or is for the benefit of them jointly and severally;
includes means includes but without limitation;
where a word or expression has a defined meaning, its other grammatical forms have a corresponding meaning;
a reference to doing something includes an omission, statement or undertaking (whether or not in writing) and includes executing a document;
a reference to a clause, schedule or annexure is a reference to a clause of, or a schedule or an annexure to this Agreement; and
a heading is for reference only. It does not affect the meaning or interpretation of this Agreement.

Schedule 1 – Order Form Summary

This Summary sets out the Order Details, Fee information, Service description, inclusions, exclusions, and assumptions as per signed managed services agreement quotation, and will vary per agreement level.

Any defined terms used in this Order and the rules of interpretation will be the same as in the Terms & Conditions.

Order Details
Initial Term	a. On-Demand, b. 12 Months, c. 24 Months, d. or 36 Months.
Renewal Period	12 Months, automatically renewing on Anniversary Date
Business Hours	Business Support Hours: Monday-Friday 7AM – 5PM, AEST. Emergency After Hours support provided outside business hours.
Maintenance Window	Tues/Wed/Thurs between 1AM – 4AM, Weekly.

Services
*Inclusions*
On-boarding Assistance	Description of services available: • Vulnerability & Risk Assessment • Setup of ABTechnologies Standard Security and Baseline Compliance • Device patching and agent enrolment • Enrolment into ABTechnologies Support Portal • Site Documentation • Standards definition (new/exit user process, workstation enrolment process)
Managed services	Description of services available: • Server Support • Server Patching & Release Management • Server Monitoring • Server Antivirus Management • Microsoft Application Management • Desktop Support • Desktop Patching & Release Management • Desktop Monitoring • Desktop Antivirus • User access management • User Support • Network Support & Maintenance • Network Monitoring & Alerting • Security & Information Protection • Monitor, Manage, Alert & Advise on IT Security • Network & IT Security Assessment Included • Backup & Disaster Recovery testing • Backup Disaster Recovery After Hours Test and Verification • Priority Response Times (SLA) as per Service Level Target Schedule • Escalation Management • After Hours Planned Support • After Hours Emergency Support • Onsite Support • Change and Release Management • IT Health Reporting • Service Delivery Reporting • Business Technology Review (annually) A definition of services will be provided in Schedule 4 (Managed Support Services) and Schedule 5 (Managed Security Services)
Supported Environment	1. All Servers must be running a currently supported Microsoft Windows or SQL Server operating system, have the latest Microsoft service packs and critical updates installed, and be within the server lifecycle of 5 years after the date of purchase. 2. All desktop computers and notebooks / laptops must be running a currently supported Microsoft Windows operating system, have the latest Microsoft service packs and critical updates installed, and be within the workstation lifecycle of 3 years after the date of purchase. 3. All server and desktop software must be genuine and licensed. 4. The Environment must have a current licensed, up-to-date and vendor-supported server-based antivirus solution protecting all servers, desktops, notebooks / laptops and emails. 5. The Environment must have a currently licensed, vendor-supported server-based backup solution that can be monitored and be able to send notifications on job failures and successes. 6. All wireless data traffic in the environment must be securely encrypted. 7. All supported Devices must run ABTechnologies IT monitoring agent which includes remote access software. 8. All Azure Active Directory user accounts must have Microsoft Multi-Factor Authentication implemented in order to prevent unauthorized access to the Client’s IT System. 9 .All Microsoft Office 365 email accounts must have Microsoft Multi-Factor Authentication implemented in order to prevent unauthorized access to the Client’s emails. 10. All Microsoft Office 365 email accounts must have Litigation Hold enabled to preserve electronically stored information (ESI) for legal and financial records and assurance. 11. All network, storage, and computing hardware, as well as software within the environment must be up-to-date and under vendor warranty and support. 12. All Active Directory, Computer, and Device Accounts must meet ABTechnologies Password Security Policy. 13. All Domain & Office 365 Global Administration will be limited to ABTechnologies only. If the organisation internal staff, or 3^rd-Party contractors require administrative access to these services, users will be restricted to time-limited role-based administrative access.
Off-boarding Assistance	Description of services provided: • Account Reconciliation – No credentials will be handed over to the client until all accounts have been cleared. • No credentials will be handed over to third parties. • Removal of all ABTechnologies intellectual property • Removal of all monitoring and patching services (automated health monitoring, firewall management, internet filtering, server and device management) per off boarding date. • Cancellation of 3^rd-Party Services (where ABTechnologies is the primary reseller, this includes, but not limited to; Microsoft 365 licensing, Backup and Disaster Recovery, Email/Spam Filtering, etc.) • Migration of 3^rd-Party Services (where ABTechnologies is the primary reseller, this includes, but not limited to; Website Hosting, Azure, etc.) • ABTechnologies will continue to hold responsibility for services until the off-boarding date or a mutually agreed date prior when administrative credentials have been provided to an incoming third party (MSP or otherwise) • Provided documentation will be limited to: a. Any existing network diagrams b. An export of currently registered configurations limited to servers, workstations and network devices with RMM provided details. c. A current set of available (non-ABT) administrative credentials, which will be deleted from ABTechnologies’ credential management system immediately after. • Any services not outlines above will be provided on a chargeable basis.
*Exclusions*
• Costs, charges or expenses of any software, licensing, renewals, subscriptions, hardware, shipping or training. • Costs or fees associated with any third-party vendor or manufacturer support or incident fees of any kind. • Costs, charges or expenses of any hardware, licensing, equipment and labour as may be required in order to update the Customer Environment to the minimum standard required in order for ABTechnologies to be able to provide the Services. • The cost of any initial IT infrastructure assessment and audit of the Customer’s existing information technology infrastructure and network. • Services or repair necessarily required as a result of any alteration or modification of Customer’s information technology infrastructure and network, other than that which was authorised by ABTechnologies, including any alterations, software installations or modifications of equipment performed by the Customer, the Customer’s employees or a third party. • “Bring Your Own Device” unless otherwise approved by ABTechnologies, domain connected or managed by mobile device management. The use of Customer’s Personnel’s’ personal hardware is excluded from support, although minimal provision will be extended for the support of business applications. • Costs, charges or expenses of any kind, related to the support and/or recovery of the Customer Environment, due to any actual or suspected Data Breach. • Additional charges or expenses of any kind, relating to the addition or modification of the current Customer Environment, except in accordance with clause one (1). • Costs, charges or expenses for support of any software, licensing, subscriptions or hardware not included in this Order or the Agreement.
Fees
Fees	Customer acknowledges that the price may differ monthly based on the number of end users, and that fees in respect of some of the Inclusions set out above may be invoiced on an ad hoc basis. Project Based Work will be charged at ABTechnologies’ standard rates.
Billing Terms	ABTechnologies will invoice Customer for the Fees monthly in advance, except for Project Based Work which will be invoiced monthly in arrears. Customer must pay invoices within the billing terms on the relevant invoice.
Annual Increase to Fees (%)	6%, otherwise Fees will increase by CPI each year on the anniversary of the Commencement Date.

Please Note:

Schedule can be amended based on the agreement level.

Schedule 2 – Service Level Targets

The following table shows the targets of response and resolution times for each priority level between the specified support hours.

Support Plans	Support Hours	Priority Level	Response Time	Resolution Time
COMPLETE SUPPORT	Business Days 07:00 – 17:00	1	15 minutes	4 hours
		2	1 hours	8 hours
		3	2 hours	16 hours
		4	2 hours	32 hours

COMPREHENSIVE SUPPORT	Business Days 07:00 – 17:00	1	30 minutes	8 hours
		2	2 hours	12 hours
		3	2 hours	24 hours
		4	4 hours	40 hours

ON-DEMAND SUPPORT	Business Days 07:00 – 17:00	1	Best Efforts. Any assistance provided is on a best effort, lowest priority when available.	Best Efforts. Any assistance provided is on a best effort, lowest priority when available.
		2
		3
		4
Priority	Description	Current Issue
1	Critical	Service not available (all users and functions unavailable).
2	High	Significant degradation of service (large number of users or business critical functions affected).
3	Medium	Limited degradation of service (limited number of users or functions affected, business process can continue).
4	Low	Small service degradation (business process can continue, one or two users affected).

This Schedule 2 is based on ABTechnologies’ current understanding of Customer’s current requirements and is subject to change at ABTechnologies’ our discretion. ABTechnologies reserves the right to change this SLA with 30 days’ written notice. SLA will abide when the ticket is in anticipation of a response from Customer or action from a Third Party.

Please note:

Schedule can be amended based on the agreement level.

Schedule 3 – Change/Project Management

ABTechnologies employs four levels of change/project management:

Service Request;
Change Request;
BAU Project; and
Infrastructure Project,

as tabulated below

This Schedule provides guidance on whether a change can be accommodated under this Agreement pursuant to clause 3.4 or 3.5. In considering whether a change can be accommodated, ABTechnologies considers the following:

whether there will be considerable financial outlay (risk);
whether considerable planning is required;
planning and management of travel;
whether there will be multiple hours (or days) of work;
any outages that need to be communicated with Customer and managed with users;
whether there is potential of follow-up and post implementation work, and any other factors relevant to the particular Customer request.

and any other factors relevant to the particular Customer request.

	Service Request	Change Request	BAU Project	Infrastructure Project
Description	Small change	A move, addition or change that changes the Customer Environment considerably	Big move, addition or change. Typically involving replacement or improvement of an existing part of the Customer Environment	Major infrastructural change. Typically involving an addition to or change of nature of the Customer Environment
Example	Access to mailbox	New workstation	O365 migration	New Server
Risk	Low	Low/Medium	Medium	High
Expected outcome	Certain	Certain	Expected	Expected but uncertain
Outage	Seldom	Sometimes	Usually	Always
Stakeholder Management	Typically deal with end user	End user and Customer approval	Customer approval. User management typically by Customer	Customer Management team.
Approval	Not always needed	Always needed	Formal acceptance	Formal scope acceptance
Communication	Via ticket	Email/ticket	Phone/Email/Onsite	Phone/Email/Onsite
Quoting	Not applicable	Typically informal through ticket	Formal quote	Formal quote
Coverage	Agreement	Time and materials – Material Change	Time and materials – Project Based Work	Time and materials – Project Based Work
Post implementation after-care	Not applicable	Not applicable.	Follow up incidents added to project issue phase	Follow up incidents added to project issue phase
Actors	Service Desk	System Engineers	Project Engineers / Technical Consultants	Project Engineer
Organiser	Service Desk	Resource Coordinator	Project manager	Project Manager

Please Note:

Schedule can be amended based on the agreement level.

Schedule 4 – Managed Support Services – Service Definitions

Managed Service	Meaning
Server Support	Service desk and escalated technical support teams will create, classify, investigate and resolve any significant or recurring incident, which may have been user-initiated or automatically generated, to ensure expected operation of your server infrastructure.
Server Patching & Release Management	Our systems will ensure approved Windows Operating systems patches, such as important Windows Security Updates and Service Packs are installed on your server infrastructure in a controlled manner
Server Monitoring	Real-time monitoring agents installed on your servers alert on critical issues including (but not limited to) backup failures, offline servers, disk space and security issues.
Server Antivirus	Endpoint Antivirus Protection and monitoring agents ensure virus definitions on servers are current, alerts for intrusion and malware incidents are created and recorded within the ticketing system and resolved to ensure your security.
Desktop Support	Service desk and escalated technical support teams will create, classify, investigate and resolve any significant or recurring incident which may have been user-initiated or automatically generated, to ensure expected operation of your managed workstation.
Desktop Patching & Release Management	Our systems will ensure approved Windows Operating systems patches, such as important Windows Security Updates and Service Packs are installed on your managed workstation in a controlled manner
Desktop Monitoring	Real-time monitoring using agents installed on workstations alert on critical issue including (but not limited to) backup failures, offline workstations, disk space and security issues.
Desktop Antivirus	Endpoint Antivirus Protection and monitoring agents ensure virus definitions on workstations are current, alerts for intrusion and malware incidents are created and recorded within the ticketing system and resolved to ensure security standards are maintained.
User Access Management	Identity and access management securely manage the access to services and resources for all users in your organisation. All internal and external requests to access the Client’s IT System are verified, managed, and recorded within the ticketing system and confirmed for your approval prior to execution.
User Support	Service desk and escalated technical support teams will create, classify, investigate and resolve any significant or recurring incident, which may have been user-initiated or automatically generated, to ensure your staff are able to perform their duties. These requests include (but are not limited to) new user profile creation, software and licensing, phone and email issues and requests for hardware.
Network Support and Maintenance	Technical support and maintenance provided for local network or VPN connections for the in scope Managed Sites and/or Cloud Environments. Our teams liaise on your behalf with 3^rd party vendors for network hardware and security surveillance systems
Network Monitoring	Real-time monitoring of critical network components alert on critical issues to ensure communication systems remain functional.
Network and IT Security Assessment	In depth audit of your security integrity, addressing server infrastructure, user profiles, workstations and network hardware as well as all software in your IT systems. All security aspects are accessed and reviewed, issues investigated, and any changes required are executed and documented.
Backup & Disaster Recovery Testing	Our technical consultancy teams will perform quarterly verification of backup and data recovery of your critical IT Systems in a test environment and provide quality assurance of the successful restoration in the virtual event of a server outage.
After Hours Backup & Disaster Recovery Testing	On the implementation of a full disaster recovery and business continuity solution that meet the client’s expectation of Time to Recovery, a full out of hours test and verification will be conducted and benchmarked against the expected Time to Recovery.
Priority Response Times (SLA)	Your chosen coverage model (agreement level) provides you with priority response times. Response- and Resolution times are allocated to tickets covered by a Comprehensive or Complete agreement. These tickets are operationally managed to ensure service level targets are met.
After Hours Planned Support	Services included in this agreement are covered during standard business hours of 7 AM – 5 PM (AEST). From time to time it will be necessary to plan services outside of these hours. A planned maintenance window is available for clients on a comprehensive agreement (at an additional fee) and clients on a complete agreement (included).
After Hours Emergency Support	Services included in this agreement are covered during standard business hours of 7 AM – 5 PM (AEST). When urgent disruptions to the Client’s IT Systems occur outside of these hours AB Technologies provide an after-hours emergency service. This service is strictly for emergencies and will incur an additional callout fee. For clients in different Australian time-zones the after-hours rate will commence at 5 PM local time.
Onsite Support	Managed IT Services are provided remotely, using industry standard remote-control software based on best practices, to ensure swift assistance is possible and restoration of services is not limited by geographic dispersion. However, certain tasks require onsite presence of an engineer. AB Technologies can provide local assistance at an additional fee. Should a client require frequent onsite support discounted blocks of onsite time are available as planned service visits.
Monthly IT Health Reporting	As part of the managed services agreement, the Client may receive a monthly IT Health report providing details of the condition of the IT system. The health report will inform you of any issues that are currently occurring within your infrastructure and make recommendations to remedy any such issue.
Monthly Service Delivery Reporting	As part of the managed services agreement, the Client may, by request, receive a monthly service delivery report providing details of the service management of support, including (but not limited to) numbers of tickets, SLA performance (if applicable), client satisfaction and current issues.
Business Technology Review	During a business technology review the relationship between the Client’s business objectives and the IT System’s ability to provide services to enable these objectives, is analysed and discussed with a Client Relations Manager or Technical Account Manager. This review may result in requests for changes or projects to ensure your IT infrastructure remains efficient and competitive.
Client Relations Management	The role of the client relations manager (CRM) is to manage the relationship between the key stakeholders of the client and ABTechnologies’ internal teams. The CRM will communicate important developments, consult with the client on new technologies and advise on IT strategy. The CRM will also be a point of contact in major incident management and be responsible for general client care.
Technical Account Management	The role of the Technical Consultant (TC) is to translate the client’s business requirement into technical, operationally feasible solutions, ensuring these solutions are adequately designed, scoped, implemented, tested and supported. The TC will lead technical change management and documentation of solutions, processes and procedures, as well as provide support at the highest level of escalation.
30 Day Billing Terms	Clients on a Managed Services agreement enjoy a 30-day billing term.

Please Note:

Schedule can be amended based on the agreement level.

Schedule 5 – Managed Security Services – Service Definitions

Managed Security	Meaning
Implementation of baseline controls	The deployment of several core security policies and compliance standards that keep your users, devices, and data secure. Although ABTechnologies has been deploying many of these policies for several years, by adopting a tenant wide mandatory approach we can assure that any changes or additional policies are rapidly deployed. These default Microsoft Baseline Configurations and policies will include, but will not be limited to the following: • Deploy conditional Access policy to enforce MFA for admins and all users. • Block legacy authentication. • Device enrolment in Intune and End Point Manager. • Deployment of App Protection Policy. • Set up Microsoft Defender for Business, Exchange Online Protection and Microsoft Defender for Office 365. • Configure Microsoft Defender Antivirus and Firewall for Windows 10 and later.
Advanced 365 management of Identity, Device and Threats	Leveraging the latest Microsoft Technologies, ABTechnologies will ensure our clients have the latest Microsoft tools and policies to enable ABTechnologies to secure and manage devices, data, and users across your business. These advanced 365 management features will allow ABTechnologies to manage our clients more efficiently, so we can focus on what’s most important: quickly find and investigate risks and take action to take our client to a healthy and secure state. The advanced management capabilities will bolster security and deliver better end-user experiences to everyone in your organization. We will secure your 365 services and connected endpoints by: • Applying and updating the Microsoft 365 security baseline policies recommended for best practices across small and medium-sized business tenants. • Simplifying common support tasks to maximise the client experience. • Monitoring and management of multifactor authentication and conditional access policies across the client tenant. • Implementation of tools to help drive adoption by users such as Self-service password reset. • Monitoring and management of risky users, risky sign-ins, inactive users and device compliance. • Managing and remediating multiple threats across devices, and users and leverage automation to resolve.
Patching & Release Management (OS)	• Patches, updates, or vendor mitigations for security vulnerabilities in operating systems of internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists. • Patches, updates, or vendor mitigations for security vulnerabilities in operating systems of workstations, servers and network devices are applied within one month of release. • A vulnerability scanner is used at least daily to identify missing patches or updates for security vulnerabilities in operating systems of internet-facing services. • A vulnerability scanner is used at least fortnightly to identify missing patches or updates for security vulnerabilities in operating systems of workstations, servers and network devices. • Operating systems that are no longer supported by vendors are replaced.
Multifactor Authentication	• Multi-factor authentication is used by an organisation’s users if they authenticate to their organisation’s internet-facing services. • Multi-factor authentication is used by an organisation’s users if they authenticate to third-party internet-facing services that process, store or communicate their organisation’s sensitive data. • Multi-factor authentication (where available) is used by an organisation’s users if they authenticate to third-party internet-facing services that process, store or communicate their organisation’s non-sensitive data. • Multi-factor authentication is enabled by default for non-organisational users (but users can choose to opt out) if they authenticate to an organisation’s internet-facing services.
Regular Backups	• Backups of important data, software and configuration settings are performed and retained in a coordinated and resilient manner in accordance with business continuity requirements. • Restoration of systems, software and important data from backups is tested in a coordinated manner as part of disaster recovery exercises. • Unprivileged accounts can only access their own backups. • Unprivileged accounts are prevented from modifying or deleting backups.
Configuring Microsoft Office Macro Settings	• Microsoft Office macros are disabled for users that do not have a demonstrated business requirement. • Microsoft Office macros in files originating from the internet are blocked. • Microsoft Office macro antivirus scanning is enabled. • Microsoft Office macro security settings cannot be changed by users.
Restrict Administrative Privileges	• Requests for privileged access to systems and applications are validated when first requested. • Privileged accounts (excluding privileged service accounts) are prevented from accessing the internet, email and web services. • Privileged users use separate privileged and unprivileged operating environments. • Unprivileged accounts cannot logon to privileged operating environments. • Privileged accounts (excluding local administrator accounts) cannot logon to unprivileged operating environments.
Application Control	The execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications and control panel applets is prevented on workstations from within standard user profiles and temporary folders used by the operating system, web browsers and email clients.
Patching Applications	• Patches, updates, or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists. • Patches, updates, or vendor mitigations for security vulnerabilities in office productivity suites, web browsers and their extensions, email clients, PDF software, and security products are applied within one month of release. • A vulnerability scanner is used at least daily to identify missing patches or updates for security vulnerabilities in internet-facing services. • A vulnerability scanner is used at least fortnightly to identify missing patches or updates for security vulnerabilities in office productivity suites, web browsers and their extensions, email clients, PDF software, and security products. • Internet-facing services, office productivity suites, web browsers and their extensions, email clients, PDF software, Adobe Flash Player, and security products that are no longer supported by vendors are removed. • Patching: Limitations may apply to non-vendor support applications.
User Application Hardening	• Web browsers do not process Java from the internet. • Web browsers do not process web advertisements from the internet. • Internet Explorer 11 does not process content from the internet. • Web browser security settings cannot be changed by users.
Leaked Credential Monitoring	All client domains will be continually monitored and alerted with our Risk Detection Assessment for Dark web vulnerabilities.
External Vulnerability Monitoring	Keep track of the devices that you have exposed to the Internet. You will see what you currently have connected to the Internet within your network range and be setup with real-time notifications when something unexpected shows up. All client public IP Addresses will be continually monitored and alerted for potential security issues.
Content Filtering	ABTechnologies will provide content filtering to block access to known malicious website and specific content that may result in accessing an unsecure website.
Phishing Simulation Campaigns	Real-world phishing templates are periodically sent from a vast threat database, exposing your users to the latest email threat types. Detailed metrics on user behaviour is tracked to recognise security risks and develop the best training approach.
Cyber Security Awareness Training	When security awareness and training requirements are mandatory, make it easy for your organization to meet regulations, fight security risks, and stay secure with a ready-to-launch email phishing training program.
Cyber Incident Response & Disaster Recovery Planning	To be effective, a Cyber Incident Response Plan should align with the organisation’s incident, emergency, crisis, and business continuity arrangements, as well as jurisdictional and national cyber and emergency arrangements. It should support personnel to fulfill their roles by outlining their responsibilities and all legal and regulatory obligations. Disaster Recovery Planning is a set of planning, preparatory and related activities which are intended to ensure that an organisation’s critical business functions will either continue to operate despite serious incidents or disasters that might
Microsoft Sentinel: Cloud-native SIEM	A solution that helps organisations detect, analyse, and respond to security threats before they harm business operations. SIEM gives organizations visibility into activity within their network so they can respond swiftly to potential cyberattacks and meet compliance requirements.
Monitor, Respond, and Remediation of Alerts	Provide insights into threats and related response actions that are available in the Microsoft 365 Defender portal. These insights can help your organization’s security team protect users from email- or file-based attacks. The capabilities help monitor signals and gather data from multiple sources, such as user activity, authentication, email, compromised PCs, and security incidents. Business decision makers and your security operations team can use this information to understand and respond to threats against your organization and protect your intellectual property.
M365 Defender: Advance Detection and Response (XDR)	Automatically collects, correlates, and analyses signal, threat, and alert data from across your Microsoft 365 environment, including endpoint, email, applications, and identities. XDR is an evolution of EDR (Endpoint Detection and response) where EDR focuses on the endpoint, XDR incorporates signals from the entire environment to track the threat lifecycle.
ABT Security Operations Center (SOC)	Our SOC Team monitors, prevents, detect, investigate, and respond to cyber threats. Monitoring is 24×7, and critical alerts are actioned during business hours.
Communication Compliance & Compliance Score	Simplify the way your business manages compliance. Through Microsoft Purview Compliance Manager, we calculate a risk-based score measuring progress towards completing recommended actions that help reduce risks around data protection and regulatory standards. It also provides workflow capabilities and built-in control mapping to help you efficiently carry out improvement actions.
Insider Risk Management / Data Loss Protection	Minimize internal risks by enabling Microsoft 365 to detect, investigate, and act on malicious and inadvertent activities in your organization. Insider risk policies allow you to define the types of risks to identify and detect in your organization, including acting on cases and escalating cases to Microsoft eDiscovery (Premium) if needed. Risk analysts in your organization can quickly take appropriate actions to make sure users are compliant with your organization’s compliance standards.
Continuous Compliance Assessment / Detection & Investigation	This baseline assessment has a set of controls for key regulations and standards for data protection and general data governance.
Priva Privacy Risk Management	Provides visibility into your organisation’s data and policy templates for reducing privacy risks.

Please Note:

Schedule can be amended based on the agreement level.

Schedule 6 – Data Security Incident Remediation

When you, our client, due to any act of staff, third party or otherwise, including but not limited to actors of malicious intent, experiences a breach of data security as outlined in clause 1 of your managed services agreement, ABTechnologies will endeavour to mitigate the risks and damages of the breach and assist the client in their responsibilities under current “Notifiable Data Breach” legislation.

We will, on your behalf and upon your instruction, execute a data breach remediation plan and take any steps available to have your staff operational as quickly as safely possible. However, as ABTechnologies are not specialised in digital forensics, we cannot be certain that sensitive data was not accessed or copied during the breach event. We will provide our findings “as is” but recommend you always employ the services of specialized data security partners to perform these forensic services. We can, upon your request, bring you in contact with partners and liaise with them to perform their services.

We also recommend that infected devices are not used until forensic analysis has taken place, and that these devices are not re-imaged as part of the remediation. Should you require us to re-image the device(s) we cannot take responsibility for loss of evidence.

Furthermore, ABTechnologies cannot be held accountable for any loss of data due to the Data Security Breach and advises you that investigative and remedial services under general rule will not be covered by any managed services agreement, and hence chargeable.

We do advise all clients to strictly adhere to sound security policies. This includes but is not limited to the implementation of Multi-Factor Authentication (2FA/MFA) across all relevant systems, the strict limitation of administrative accounts to ABTechnologies staff only and protection of data by industry standard and vendor supported anti-virus and malware solutions, mail-security systems and alignment with Microsoft’s Secure Score recommendations. Please note that the Notifiable Data Breaches scheme places the responsibility for these policies with you, the client. Failure to comply with adequate protective measures may place you at risk of penalties and litigation and may exclude any services from your agreement coverage.

ABTechnologies is equipped to assist you around your current Security maturity level and can work with you to improve this to a level that further reduces your business risk.

Note that enforcement of legal requirements in case of notifiable data breach legislation is not limited to the customer. In situations where our findings indicate that reporting of a data breach is required by law, and you are unable or unwilling to address this, we may need to report the breach to the Office of the Australian Information Commissioner as per https://www.oaic.gov.au/privacy/notifiable-data-breaches/about-the-notifiable-data-breaches-scheme.

Please Note:

Schedule can be amended based on the agreement level.

Managed Services – Terms & Conditions