Dated <00/00/2013
THE APM GROUP LIMITED
¨
<INSERT NAME>
IA Professional Agreement
Contents
Clause Page
1. Definitions 3
2. APMGs Duties and Obligations 5
3. IAPP Scheme Operation 6
4. IAP Warranties and Indemnities 6
5. Confidentiality 8
6. Data Handling 9
7. Official Secrets 10
8. Security 10
9. Consideration 10
10. Intellectual Property 10
11. Termination 11
12. Corrupt Gifts 11
13. Change in Law 11
14. General 12
Schedule 1 IAPP Branding Licence 14
Schedule 2 Consideration 16
Schedule 3 IAPP Code of Conduct 17
Schedule 4 Application Process 19
Schedule 5 Security 21
This Agreement is dated on <00 day of MONTH 201¨
Between:
(1) The APM Group Limited a company incorporated in England and Wales under registration number 02861902 whose registered office is at 6th Floor Sword House, Totteridge Road, High Wycombe, Buckinghamshire HP13 6DG (“APMG”); and
(2) <INSERT name, address> (the “IAP”).
Whereas
(A) APMG is a UKAS accredited, accreditation, certification and qualification organisation.
(B) APMG has been appointed by the Government Communication Headquarters (GCHQ) to accredit and certify Information Assurance Professionals (IAP) pursuant to an agreement by GCHQ and APMG dated 26th July 2011 (the “Head Agreement”).
(C) APMG has rights granted by GCHQ to award certification to the IAP and to licence it to use certain trade marks as specified in and in accordance with the terms of the IAPP Branding Licence.
It is hereby agreed:
1. Definitions
1.1 In this Licence Agreement:
Agreement means this contract together with any schedules or annexes attached hereto;
APMG Ethics and
Standards Board means the independent confidential board that handles all complaints and appeals and set the APMG Code of Ethics;
APMG Code of Ethics means the code of ethics as laid down by the APMG Ethics and Standards Board (or a similar code) which is available at www.apmgroupltd.com/AboutAPMGroup/CorporateGovernance.aspx;
APMG Information
Systems means the information systems and databases, whether online or not, that the IAP has access to in order to carry out their duties under this Agreement;
Application Process means the process by which an IAP may apply and obtain certification as detailed within Schedule Four;
Claim means any claim, demand, action, cost, expense (including legal cost and disbursement), loss, damage and liability of whatsoever nature;
Confidential
Information means all information obtained, provided or developed (whether by, or on behalf of, APMG or the IAP or GCHQ), or any information concerning APMG (including any of its subsidiaries or affiliates (its “Group”)) or GCHQ which might reasonably be considered by APMG or the IAP ) or GCHQ (as appropriate) to be confidential including (without limitation): financial information, pricing structures, customer lists, any data relating to customers or exam candidates, information regarding past, current or future projects of APMG or any member of its Group or GCHQ, any future proposed examinations or qualification schemes, any intellectual property of APMG or its Group or GCHQ (whether registered or unregistered) and any other information which APMG (or any agent or employee of APMG) or GCHQ identifies as being confidential and includes all such information in whatever form (including, without limitation, in written, oral, visual or electronic form) other than (i) information which is, or subsequently becomes, public knowledge other than as a direct or indirect result of the information being disclosed in breach of this Agreement, (ii) information which, prior to disclosure, was not subject to any confidentiality obligation of any sort, (iii) information which is properly disclosed under any legal requirement to a designated regulatory or other body, or (iv) information which, prior to disclosure, was already known by the recipient;
Contracting Authority has the meaning given in regulation 3 of the Public Contract Regulations 2006, as amended from time to time;
GCHQ means The Secretary of State for Foreign and Commonwealth Affairs (acting through the Government Communication Head Quarters, GCHQ -by its information assurance arm, CESG, the UK Government’s National Technical Authority for Information Assurance), of Hubble Road, Cheltenham, Gloucestershire GL51 OEX;
Good Industry Practice means the use of standards, practices, methods and procedures conforming to law, and the exercise of that degree of skill, care, diligence, prudence and foresight that would reasonably and ordinarily be expected from a skilled and experienced person in the same or similar circumstances;
Head Agreement shall have the meaning given in Recital (B);
IA Professional
Online System means the secure network that is accessible to the IAP in order to submit, track and progress applications and obtain all necessary information relating to this Agreement (www.apmg-ia.com);
IAPP means the Information Assurance Professionalisation Project which is the industry-wide scheme which sets out the standards, practices, methods and procedures for certification of IAPs, incorporating the IAPP Standard;
IAPP Branding Licence means the IAPP licence as set out under Schedule One;
IAPP Code of Conduct means the code as prescribed by GCHQ for all IAPPs to adhere to and as set out in Schedule Three;
IAPP Data means any data processed by or on behalf of the IAP for the purposes of this Agreement, including diagrams, drawings, images, information, text, or sounds, back-up data, or other materials or items that are embodied in any medium (including all electronic, magnetic, optical or tangible medium), and including GCHQ and APMG data;
IAPP Standard means the standard entitled “CESG Certification for IA Professionals”, as amended by GCHQ from time to time and available at http://www.cesg.gov.uk/awarenesstraining/IA-Certification/Pages/index.aspx
IAP means the individual identified as the Information Assurance Professional (IAP) on the signature page;
Intellectual Property
or IPR means any patents, trade marks, service marks, design rights, applications for any of the former rights, copyright, database rights, trade secrets, trade or business names and other similar rights or obligations whether registrable or not and the rights to sue for passing off;
Law means any Act of Parliament or subordinate legislation within the meaning of section 21(1) of the Interpretation Act 1978 and any enforceable European Union legislation;
Permitted Uses means the use or uses specified in Schedule One which are the sole uses in respect of which the IAP may use the Trade Mark(s);
Personal Data shall have the same meaning as prescribed in the Data Protection Act 1998;
Security Policy
Framework means the framework that provides central internal protective security policy and risk management for government departments and associated bodies;
Term means a period of three (3) years from the date given on the IAP certificate (the “Certification Date”) unless terminated in accordance with Clause 11;
Territory means the United Kingdom only;
Third Party IPR Claim means any Claim that the use of the IPR licensed under the IAPP Branding Licence, or any IPR asserted or used in connection with IAPP infringes any third party IPR;
Trade Mark(s) shall be defined within Schedule One.
1.2 The singular includes the plural and vice versa.
1.3 Reference to a gender includes the other gender and the neuter.
1.4 The headings in this Agreement are for ease of reference only and shall not affect its interpretation.
1.5 References to clauses and schedules are, unless otherwise provided, references to the clauses and schedules to this Agreement.
2. APMGs Duties and Obligations
2.1 APMG will at all times act in a manner that is consistent with the IAPP Standard, owned and controlled by GCHQ.
2.2 APMG will at all times comply with the provisions of the Data Protection Act 1998.
2.3 In accordance with clause 2.2 above, APMG agrees to:
2.3.1 only use IAP Personal Data in accordance with the terms of this Agreement and the Head Agreement and shall not store, copy, disclose or use or in any other way process data except as necessary for the performance of this Agreement;
2.3.2 ensure that it has appropriate operational and technical processes in place to safeguard against any unauthorised access, unauthorised or unlawful processing, loss, destruction, damage, alteration, theft, use or disclosure of any IAP Personal Data; and
2.3.3 ensure no IAP Personal Data is disclosed to any third party, including a party which may process the data on behalf of APMG, without prior consent from the IAP.
3. IAPP Scheme Operation
3.1 GCHQ shall have sole and absolute control of IAPP, including the IAPP Standard and related protocols in relation to its existence, scope, configuration, development, implementation, management, operation and use.
3.2 The IAP shall at all times comply with and act in a manner that is consistent with the IAPP Code of Conduct and the IAPP Standard.
3.3 In the event the certified IAP does not comply with the IAPP Standard, IAPP Code of Conduct or IAPP generally, APMG shall promptly enforce IAPP, including the IAPP Code of Conduct and IAPP Standard, including:
3.3.1 where appropriate, by revoking or suspending IAPP certification from any such IAP; and
3.3.2 informing GCHQ without delay, notifying any IAPs material failure to comply, of which it is aware, to GCHQ for consideration.
3.4 The IAP acknowledges and agrees that GCHQ may itself take appropriate action (including suspending or revoking IAP certification) to uphold the reputation and good standing of IAPP and that prior notice of such action will be communicated to APMG in writing to avoid duplication of efforts.
3.5 The IAP shall reimburse APMG for any reasonable costs and expenses incurred by APMG in taking any such enforcement action as described in clause 3.3 above.
3.6 The IAP acknowledges and agrees that all Personal Data captured during the application stage, belonging to him will be securely stored by APMG and shall be accessible by GCHQ and any other certification bodies for this IAPP scheme, for the purposes of this Agreement. The following details shall be displayed on a publicly available successful candidate register subject to consent from the IAP: IAP candidate name, date of IAP certification, IAP role and level of certification and a unique identifier (i.e. IAP candidate number).
3.7 The IAP acknowledges and agrees to the Application Process as defined within Schedule Four and agrees that any certification and benefits afforded by this Agreement are subject to the successful assessment.
4. IAP Warranties and Indemnities
4.1 The IAP hereby warrants that:
4.1.1 he has full right and power to enter into this Agreement;
4.1.2 he shall abide by the duty of confidentiality as outlined in clause 5 during the Term and for a further period of 5 years following termination of this Agreement;
4.1.3 he shall access any APMG Information Systems using log on details as provided by APMG, and in doing so shall abide by the password policy, supplied by APMG, at all times;
4.1.4 he shall declare any potential conflict of interest with any organization or individual certified by APMG as soon as such conflict becomes apparent;
4.1.5 he shall abide by the APMG Code of Ethics at all times and shall ensure that the APMG Code of Ethics is read and reviewed by himself on an annual basis and upon being notified of any changes to ensure continued understanding of the implications in complying with the code;
4.1.6 he shall act in a manner so as not to bring APMG, GCHQ or IAPP into disrepute or damage any of the aforementioned parties operations, standing, public image, reputation or goodwill and so as not to attract adverse publicity to any of the aforementioned parties;
4.1.7 he shall act with all due care, skill and diligence in a good, safe and professional manner, in compliance with all applicable laws and guidance and consents, including the Bribery Act 2010, so as not to put GCHQ in breach of any law or guidance, and in accordance with Good Industry Practice;
4.1.8 he shall at all times comply with the IAPP Code of Conduct, as detailed within Schedule Three; and
4.1.9 he shall act with in a manner not likely to be injurious to health or to cause damage to property or the environment.
4.2 The IAP shall at all times during and after the Term, on written demand indemnify APMG and keep APMG indemnified against all claims (meaning any claim, demand, action, cost, expense, loss damage and liability of whatsoever nature) to the extent arising out of or in connection with any breach of this Agreement by the IAP or negligence on the part of the IAP in respect of any:
4.2.1 breach of any obligation contained in this Agreement;
4.2.2 actions taken pursuant to clause 3.4 of this Agreement; and
4.2.3 third party IPR claims as referred to in clause 4.3 below.
4.3 The IAP shall at all times (during and after the Term), on written demand, indemnify APMG and keep APMG fully and effectively indemnified on demand against any claim (meaning any claim, demand, action, cost, expense, loss damage and liability of whatsoever nature) that the Trade Mark(s) used under the IAPP Branding Licence infringes any third party intellectual property rights.
4.4 The IAP shall promptly notify APMG of any claims or allegation related to third party IPR of which it has notice and provide all reasonable assistance to APMG and/or GCHQ for the purpose of contesting any Third Party IPR Claims or demands made or action brought against APMG and/or GCHQ.
4.5 The IAP acknowledges that APMG shall have immediate and exclusive control of any Third Party IPR Claims.
4.6 The IAP shall not make any admissions that may be prejudicial to the defence or settlement of a Third Party IPR Claim.
4.7 The parties agree and acknowledge that in respect to any Claim (including any Third Party IPR Claim), which GCHQ acting reasonably considers is likely to have an adverse impact on GCHQ's operations (a "Sensitive Claim"), GCHQ shall be entitled to take conduct of any defence, dispute, compromise or appeal of the Sensitive Claim. Any decision of GCHQ on this issue shall be final and conclusive.
5. Confidentiality
5.1 Each Party shall at all times as far as reasonably practicable:
5.1.1 treat any Confidential Information of the other Party or GCHQ as confidential and safeguard it accordingly, and to the same standard as it would safeguard any confidential information relating to its own business, and in accordance with Good Industry Practice;