request for quotation (rfq) - singaporeair.com€¦ · this request for quotation (rfq) is for the...

V44 22.01.2018

RFQ VM2018-006 Brand Protection Services of 42

REQUEST FOR QUOTATION (RFQ)

Project Title: Brand Protection Services Quotation Number: VM2018-006 Type of Document: Main (Part 1) Organization: SIA Co. Regn. Number: 197200078R

Confidentiality: This Request for Quotation (RFQ) is the property of Singapore Airlines Limited (SIA) and/or its subsidiaries. Any reproduction of its contents (in whole or part) except for the preparation of the Quotation must have prior written approval by the designated representatives of SIA and/or its subsidiaries.

V44 22.01.2018


TABLE OF CONTENTS Table of Contents.................................. ................................................................................................... 2

Sect ion 1: In t roduct ion ........................... ........................................................................................ 3

Sect ion 2: Execut ive Summary ...................... .............................................................................. 5

Sect ion 3: Schedu le of Events ..................... ................................................................................ 6

Sect ion 4: Format of Proposal ..................... ................................................................................ 7

Sect ion 5: Terms and Condit ions ................... .......................................................................... 12

Sect ion 6: Evaluat ion Process ..................... .............................................................................. 33

Annex 1: Vendor Prof i le Matr ix for RFQ VM2018-006 . ..................................................... 34

Annex 2: IPT Declarat ion by Vendor /Contract ing Part y ................................................. 35

Annex 3: Declarat ion of Part ic ipat ion by Relat ives/ Associated Compan ies ......... 37

Annex 4: Individual Non-Disclosure Agreement ...... .......................................................... 38

Annex 5: Terms and Condi t ions on Usage of SIA IT Re sources ................................. 41

V44 22.01.2018


SECTION 1: INTRODUCTION

This Request for Quotation (RFQ) aims to select vendor services to provide Brand Protection services to the SIA Group (SIA). The initial contract term will be for a period of one (1) year. Thereafter, SIA is to have the option to extend the engagement annually for another 2 years at the same terms and conditions.

1.1 To participate in this RFQ, Vendor is required to submit their Intent-to-Bid as follows:

(a) Email to [email protected] by the submission deadline: • Annex 1 (Vendor Profile Matrix) • Non-Disclosure Undertaking (NDU*) Letter duly signed by your authorized signatory

(b) Post or courier to reach SIA within 3 business days of the submission deadline:

• One (1) original set of the Non-Disclosure Undertaking (NDU) Letter duly signed by your authorized signatory

The NDU Letter should be sent to:

IT Procurement & Admin Singapore Airlines Limited SIA Computer Centre 722 Upper Changi Road East Singapore 486854 Attention: Khoon Heng Tuck or Ms. Nirmala Rajakrishnan (Mimi)

*Vendors who already have a signed Non-Disclosure U ndertaking (NDU) Letter or Non-Disclosure Agreement (NDA-CP) Version 2.0, 4 August 2016 with SIA will only need to quote the said document for reference. Vendors will be informed of SIA’s acceptance of their Intent-to-Bid. The RFQ document consisting of confidential information will be sent via email. Fulfilment of all the criteria above does not imply SIA’s acceptance of the Intend-to-Bid. No reasons will be given to the unsuccessful Vendors. All Annexes listed within, which form part of this RFQ, will be issued accordingly as stated below:

(1) Annexes within the Main document are (“Part 1”):

Annex 1 - Vendor Profile Matrix Annex 2 - IPT Declaration by Vendor/Contracting Party Annex 3 - Declaration of Participation by Relatives/Associated Companies Annex 4 - Individual Non-Disclosure Agreement Annex 5 - Terms and Conditions on Usage of SIA IT Resources

(2) Confidential Annexes (“Part 2”) to be released to eligible vendors after SIA’s acceptance of the Vendors’ Intent-to-Bid which comprise the Vendor Profile Matrix and Non-Disclosure Agreement, are listed below:

Annex 6 - Service Level Agreement Annex 7 - Information Security Requirements Annex 10 - Pricing Table Annex 13 - Detail Scope of Work

1.3 The RFQ proceedings shall be in accordance with the Schedule of Events. 1.4 This RFQ provides sufficient information and instructions for Vendor s to prepare a reasonably complete

proposal to SIA. However, if there is a need to seek clarifications, requests should be sent as an attachment in Microsoft Word to:

Attention to: Suriah Jamallodin Email address: [email protected]

V44 22.01.2018


When submitting questions, the identity of Vendor’s representative must be clearly indicated. SIA will respond to the questions in writing. All the questions and the corresponding responses will be made known to Vendors who have responded to this RFQ without revealing the identity of the source of the questions.

1.5 Two (2) sets of the RFQ submission (“Quotation”), i.e. one (1) original and one (1) copy, are required. For

easy identification, the cover of the documents (including the envelopes) must be clearly marked with either ‘ORIGINAL’ or ‘COPY’ and the RFQ reference number “VM2018-006”.

In addition, prepare two (2) sets of CDs or Thumbdrives containing the soft copy of your Quotation submission. Label the CDs with “VM2018-006 Brand Protection Services” and “your organisation’s name”; and put them in an envelope marked “Softcopy of RFQ VM2018-006”. The Quotation and CDs should be submitted by hand in sealed envelopes to:

IT Procurement & Admin Singapore Airlines Limited ITD Quotation Box (SIA Pass Office) SIA Training Centre 720 Upper Changi Road East Singapore 486852 Attention: Khoon Heng Tuck or Ms. Nirmala Rajakrishnan (Mimi)

Vendors are required to get the RFQ submission stam ped at the SIA Pass Office before depositing the RFQ submission into the ITD Quotation Box. Subm issions that are not stamped will be considered invalid. Overseas Vendors may fax their Quotation Submission to (65) 6490 0761 but the original Quotation Submission must reach the above person within three (3) business days from the deadline for Submission of Proposal as otherwise the submission will not be valid. Vendors may verify receipt of their fax with RFQ e-mail address: [email protected]. Overseas Vendors must ensure that all pricing information be faxed.

Vendors are advised to submit their Quotation before the deadline for submission, as late submissions will

not be accepted. Strictly no online or e-mail submission is permitted.

1.6 This RFQ does not represent a contractual offer from SIA.

Vendors are to note that their responses to this RFQ are expected to be included in the contract if their bid is successful.

V44 22.01.2018


SECTION 2: EXECUTIVE SUMMARY This Request for Quotation (RFQ) is for the provision of Brand Protection services to SIA Group which scope would include:

a. Monitoring, detection and take down of i. phishing sites impersonating any of SIA Group of companies ii. malicious domain impersonating any of SIA Group of companies iii. email servers and domains used to send phishing or fraudulent emails to any of SIA Group of

companies iv. social media accounts impersonating any of SIA Group of companies v. sites hosting leaked accounts belonging to any of SIA Group of companies

b. Keywords monitoring including domains, leak accounts etc associated with any of SIA Group of companies

in the Internet and the Dark/Deep Web etc. The initial contract term will be for a period of one (1) year, which would include a minimum of 20 takedown incidents. SIA shall have an option to purchase additional take down services anytime during the contract period. Thereafter, SIA will have the option to extend the engagement annually for another 2 years (i.e. 1+1+1), at the same terms and conditions.

V44 22.01.2018


SECTION 3: SCHEDULE OF EVENTS EVENT DATE Quotation Invitation 06 June 2018

Submission of Intent-to-Bid: 1. set of Vendor Profile Matrix 2. original sets of NDU Letter

By 11 June 2018, 12 Noon, Singapore Time

Questions from Vendors By 13 June 2018

SIA’s Responses to Questions By 19 June 2018

Submission of Proposal By 27 June 2018, 12 Noon, Singapore time

Appointment of Vendor(s) Expected to be around 3-6 months after Submission of Proposal

V44 22.01.2018


SECTION 4: FORMAT OF PROPOSAL

4.1 Part 1: Vendor Profile Matrix Enclose the completed Vendor Profile Matrix (as in Annex 1) in this part.

4.2 Part 2: Standard Forms

Enclose the completed following Forms: (1) IPT Declaration by Vendor/Contracting Party (as in Annex 2 ) (2) Declaration of Participation by Relatives/Associated Companies (as in Annex 3 ) (3) Non-Disclosure Undertaking (NDU) Letter (given as a separate document) SIA reserves the right to share your response to the RFQ with its advisors, if required. Before commencing work for SIA, employees/subcontractors of appointed Vendor(s) will also be required to sign “Individual Non-Disclosure Agreement” and undertake to abide the “Terms And Conditions on Usage of SIA IT Resources” if such employees/subcontractors of the appointed Vendor are required to use SIA equipment [see Annex 4 and 5]. Note: Vendor must have Non-Disclosure Agreement(s) with their contractors.

4.3 Part 3: Executive Summary

Summarise the salient points of your proposal in no more than two (2) pages. Briefly describe your proposal and how it will meet the requirements of the RFQ.

4.4 Part 4: Proposal

Each proposal should be structured in a clear, concise, straightforward manner and in accordance with the outline of the respective sections herein. Vendors should exercise care to present only realistic, attainable commitments in their proposal. Vendors shall provide explicit responses of compliance or non-compliance to any requirements set out in the Quotation Documents. In the event of any non-compliance with the Quotation Documents, Vendor shall satisfy SIA the extent of its non-compliance with reasons. Where Vendors fail to satisfy SIA in the manner above, the proposal is liable to be rejected. Notwithstanding the above, by submitting the proposal, Vendors agree to fully comply with the following RFQ documents (“Non-negotiable RFQ ”):

• Annex 4: Individual Non-Disclosure Agreement • Annex 5: Terms and Conditions on Usage of SIA IT Resources • Annex 7: Information Security Requirements

SIA reserves the right to exclude a proposal if it contains any ambiguities or lacks clarity Describe your proposed solution(s) and highlight any key assumptions you have made.

Provide a complete point-by-point response to the Scope of Work (in the main RFQ, and any additional information you deem necessary to support your proposal, explaining how your system would handle each requirement). This complete point-by-point response shall be done in the form of a Compliance Table as shown in Part 6: Compliance to Quotation. Describe how other vendors or vendor products, if any, will be integrated into your solution processes.

Describe the approach, processes and methodologies, if any, that you will be using in the system you are proposing.

V44 22.01.2018


State where your company had introduced such system and briefly describe your investments and the outcome. In addition, give a brief overview of your experience in introducing the system.

State the time frame and schedule, from initiation till completion, for delivery of each of the requirements. Provide a standard man-day rate, if any, to be used in your commercial proposal for all future application development work. Specify the notification period required for commencement of any future development work. For work covered in this RFQ, Vendor must submit a fixed fee proposal. Vendor can also propose an alternative solution that is more cost effective and meets the Business objectives. If so, please describe what would/would not be available.

4.4 Part 5: Pricing

The Vendor shall quote the annual fee for the services provided, which includes a minimum of 20 takedown or shutdown incidents. The Vendor shall provide the tier rate for additional takedown services needed. All prices should be quoted in Singapore Dollars (SGD) with a validity period of twelve (12) months from the deadline for submission Please see Annex 6.1 (Service Level Agreement) for details on different severity levels. Kindly note that the Service Level Agreement will also apply during the Warranty Period. Provide also a price breakdown, as listed in the table under Annex 10 (Pricing Table). All prices should be quoted in Singapore Dollars (SGD) with a validity period of twelve (12) months from the deadline for submission. If there is re-quote, the 12-month validity shall be from the date of re-submission of quote. Vendor shall bear any withholding tax, if applicable. State in your price quotation, all assumptions and service levels offered if they differ from that stated in Annex 6.1 (Service Level Agreement for Warranty Period and Application Maintenance Services (after Warranty Period)). All title, ownership and other intellectual property rights in any software customisation and related documentation created or otherwise developed pursuant to this Quotation vest in SIA. By submitting the Quotation, Vendor agrees to assign to SIA any intellectual property rights that subsist in or arise from the deliverables of any software customisation and related documentation created or otherwise developed pursuant to this Quotation. Also indemnify SIA if suit. SIA reserves the right to award the RFQ in whole, part or not at all.

4.6 Part 6: Payment Terms

Describe your payment terms and schemes (including exit mechanism) to compensate SIA in the event that you cannot deliver and fulfil the obligations as stated in your quotation proposal. Please note Section 5. The successful Vendor(s) will follow the Payment Terms/Scheme as stated below: Upon acknowledgement of Contract 50% of Quotation Amount * Upon signoff of Deliverables/Milestones 50% of Quotation Amount * Note: This may be broken down further depending on the Deliverables/Milestones.

V44 22.01.2018


Please note that SIA requires the successful Vendor to place a Security Deposit with SIA upon award of quotation [Section 5: Terms and Conditions, point 5.17].

4.7 Part 7: Compliance to Quotation The proposal should reflect the full understanding of all sections within the RFQ.

In respect of the following RFQ documents, Vendor shall provide explicit point-by-point responses of compliance or non-compliance in the form of a compliance table as set out below: Section 5: Terms and Conditions Annex 6: Service Level Agreement Annex 13: Detail Scope of Work

V44 22.01.2018


FORMAT OF VENDOR’S COMPLIANCE TABLE

Para. No. SIA Requirements Compliance Remarks 2.14 Award of Quotation 2.14.1 Any subcontractors or

assigned Vendors shall be named with the Quotation Submission. [SIA] reserve the right to reject subcontractors or assigned Vendors without giving reasons, where Vendors will have no right to make changes to the final price in terms of compensation and/or replacement.

Y

Vendor(s) may include any additional information deemed necessary to support their proposal, and explain how the proposed system would handle each requirement. For the avoidance of doubt, SIA reserves the right to refer to the compliance table for the purposes of interpreting Annex 13: Detail Scope of Work or any other compliance table (hereinafter collectively referred to as “Compliance Tables” submitted by Vendor(s) pursuant to the RFQ. References to the Contract shall include a reference to the Compliance Tables and the Contract shall be construed and interpreted accordingly. For the avoidance of doubt, “compliance with the RFQ requirements” shall mean strict adherence to the clause with no amendments.

Describe how other Vendors or Vendors products, if any, will be integrated into your solution processes.

Describe the approach, processes and methodologies that you will be using in the system you are proposing.

Vendors should enter a “Y” (Yes) or “N” (No) to indicate if it complies with the RFQ requirement as written.

Vendors who do not comply with an RFQ requirement exactly as written must enter an “N” in the “Compliance (Y/N)” column. Vendors must accordingly give their counter-proposal in the “Remarks” column to clearly indicate the changes to the original RFQ requirement. Where a Vendor fails to indicate compliance against any RFQ requirement, it shall be deemed that Vendor complies with the RFQ requirement exactly as written and Vendor’s proposal shall be evaluated accordingly. For each of the RFQ requirements which a Vendor has indicated non-compliance, Vendor is to state in the “Remarks” column and Pricing Table the addition cost, if any, for Vendor’s full compliance with the RFQ requirements. If Vendor does not provide the respective cost statement, it will be deemed that Vendor’s response is non-negotiable, and Vendor’s proposal shall be evaluated accordingly.

V44 22.01.2018


4.8 Part 8: Information Security Policies

Declare whether your organisation has a series of documented internal Information Security policies, standards, guidelines and/or procedures. The short listed candidates will be required to provide SIA with a copy of their Information Security documents. Vendor should confirm to SIA Information security policies and guidelines. Your submission of this Quotation indicates your acceptance of the requirements under Annex 7 (Information Security Requirements).

4.9 Part 9: Prior Experience Describe generally your relevant corporate experience in providing such services to organisations similar to SIA in size, complexity, and type of environment, especially in the airline business. List at least three (3) relevant customer references with which you have undertaken similar projects, together with their names and contact details.

4.10 Part 10: Authorised Negotiator Include the name, address and telephone number of the person in your organisation authorised to negotiate contract terms and make binding decisions on contract matters.

4.11 Part 11: Contract A Letter of Award (LOA) will be issued to the successful vendor and this together with the Terms and Conditions of this RFQ, the Quotation Documents, the Statement of Work, including all discussions arising from (including but not limited to) email/ presentations/ clarifications/ Compliance Tables, will represent the formal Contract.

V44 22.01.2018


SECTION 5: TERMS AND CONDITIONS

5.1 DEFINITION OF QUOTATION DOCUMENTS 5.1.1 Quotation Documents shall include the Terms and Conditions; Scope-of Work; Specifications and

Requirements; etc., issued prior to the Quotation closing date. 5.1.2 The Quotation Documents and additional materials that may modify or interpret, including drawings and

specifications, by additions, deletions, clarifications or corrections will become part of the Contract Documents when the Contract is executed.

5.2 TERMS OF APPLICATION 5.2.1 Application of Quotation by Vendor constitutes acceptance by Vendor of all terms and conditions printed on

this form and all other attachments hereto. 5.2.2 Upon the acceptance of the RFQ documents, Vendors undertake to submit their proposal by the allotted time

unless Vendor(s) declares in writing, prior to the Submission Date, their intention not to bid for the RFQ. 5.2.3 Quotation proposal(s) must be signed with the name typed below the signature.

5.3 QUOTATION PROCEDURES 5.3.1 All Quotations must be prepared and submitted in accordance with the procedures described herein. 5.3.2 All paragraphs shall be noted and replied to. 5.3.3 Numbers shall be stated in writing and in figures. 5.3.4 Quotations shall be signed with the name typed below the signature. If Vendor is a corporation, Quotation

must be signed by an authorised officer of the corporation and stamped with the name of the corporation. 5.3.5 The pricing for the goods to be supplied or services to be rendered shall be exclusive of any Goods and

Service Tax ("GST"), i.e. prices quoted shall not include any GST component. Vendors must also indicate whether they will be charging SIA any GST for the s upply.

5.3.6 Unless otherwise provided in any supplement to these instructions, no Vendor shall modify his Quotation

after submission. The price quoted shall be treated as the last price Vendor is prepared to offer. Vendors are therefore reminded to quote their best and last price.

5.3.7 Vendors must submit their Quotation on time and at the correct location. Strictly no email submission is

permitted. Vendors are advised to submit their proposals before the specified deadline. Late submissions will not be accepted.

5.3.8 The proposal and any additional materials submitted by Vendor will not be returned to Vendor. SIA will

endeavour to keep the proposal and any additional materials in the strictest confidence. 5.4 QUOTATION AMOUNT 5.4.1 The amount quoted by Vendor shall be the amount agreed to upon appointment of the successful Vendor.

The amount shall not be varied in any way, unless mutually agreed in writing. 5.5 TAXES 5.5.1 Vendor shall bear any withholding tax, if applicable. 5.6 VENDOR'S RESPONSIBILITY 5.6.1 Vendors shall undertake the preparation of their Quotation at their own cost including travel to Singapore, if

any, during the quotation process. 5.6.2 The submission of Quotation represents that Vendors have read and understand the Quotation documents. 5.6.3 Vendors must state clearly whether they comply with the RFQ requirements.

V44 22.01.2018


5.7 SIA'S OBLIGATION TO VENDORS 5.7.1 SIA or its agents will assist Vendors whenever and wherever possible in determining local conditions and

clarification of the Quotation Documents. 5.7.2 SIA may reject any, part of, or all Quotations and waive any informality or irregularity in any Quotation

received. No reason shall be given to any unsuccessful Vendor for not being awarded the quotation. 5.8 PATENT RIGHTS AND ROYALTIES 5.8.1 All royalties and fees whatsoever claimable by or payable to any person, firm or corporation or government

or in connection with an invention or patent used or required to be used in connection with the equipment or any portion thereof shall be deemed to be included in the total Quotation price.

5.9 COMPLIANCE TO REQUIREMENTS, STANDARDS AND GUIDE S 5.9.1 Vendor shall comply with all requirements, standards and guides given in the RFQ and Annexes. 5.9.2 The following Guides are to be given to eligible vendors after SIA’s acceptance of Venodrs’ Intend-to-Bid:

1. Application Maintenance: intentionally left blank

2. Incident Management: intentionally left blank

5.9.3 Vendors are to adhere to Industry Software Development Guidelines/Best Practices.

5.10 OTHER CONTRACTUAL REQUIREMENTS 5.10.1 Vendors will purchase and maintain various insurance such as workmen compensation and liability insurance;

and furnish performance and payment bonds, where applicable. 5.11 PERMITS 5.11.1 Vendors shall, at their cost, obtain any permits or licenses required to bring in resources not limiting to

equipment and materials. 5.12 ACCEPTANCE OF QUOTATION 5.12.1 SIA shall not be bound to accept the lowest or any quotation, nor is SIA liable for any claims for whatever

costs that may be incurred in the preparation of the Quotation. SIA reserves the right to accept the whole or part of the Quotation.

5.13 NOTIFICATION TO VENDORS 5.13.1 All Vendors will be notified of the award as soon as approval by the relevant committee has been given. 5.14 AWARD OF QUOTATION 5.14.1 The award of the Quotation shall be subject to such additional terms and conditions as may be agreed upon

between SIA and the successful Vendor in addition to the terms and conditions specified in this Quotation. 5.15 QUOTATION DOCUMENTS 5.15.1 All Quotation Documents and clarifications shall form an integral part of a formal Contract that is to be entered

into between SIA and the successful Vendor. Until a contract is executed, the Quotation shall be binding on Vendor.

5.16 FORMAL CONTRACT 5.16.1 A Letter of Award (LOA) will be issued to the successful Vendor and this will form the Contract which

comprises the terms and conditions of this RFQ, the Quotation Documents, the Statement of Work, including all discussions arising from (including but not limited to) email/presentations/clarifications.

5.17 SECURITY DEPOSIT

Note: Security deposit is only applicable to award that is over SGD600,000.

5.17.1 Upon award of the Quotation, the successful Vendor shall furnish a security deposit in Singapore currency

equivalent to five percent (5%) of the value of contract. If the deposit is below S$2,000.00, the amount shall be paid by a crossed cheque (for local contractors/ suppliers only) or bank draft (for local and overseas

V44 22.01.2018


contractors/suppliers) in favour of Singapore Airlines Limited. Should the deposit be S$2,000.00 and above, a banker's guarantee in SIA’s standard format will be acceptable, provided such guarantee undertakes to meet all claims arising during the period of the contract. This deposit shall be retained for the duration of the contract and shall, after damages, if any, have been deducted, be refunded in Singapore currency to the successful Vendor at the end of the contract by way of a cheque drawn on a bank in Singapore or by way of return of the banker's guarantee, as the case may be. No interest shall be paid on the deposit and any gain or loss resulting from currency exchange shall be borne by the successful Vendor. Upon project delay, Vendors shall extend the security deposit for the duration of the extension.

5.18 SPECIMEN FOR BANKER'S GUARANTEE

BANKER'S GUARANTEE

(FOR QUOTATION SECURITY DEPOSIT) 1 In consideration of Singapore Airlines Limited awarding Quotation No.______________ to______________________________ of _________________________________ (hereinafter referred to as the `Contractor') and Singapore Airlines Limited not insisting on the full cash security deposit being paid by the Contractor, we the Guarantor hereby guarantees Singapore Airlines Limited the sum of S$ ____________ being the amount of the Security Deposit required for the due and faithful performance of the said Contract. 2 In the event of the Contractor failing to fulfil any of the terms and conditions of the said Contract, the Guarantor shall indemnify Singapore Airlines Limited against all losses, damages, costs, expenses sustained by Singapore Airlines Limited up to the sum of Dollars (S$__________). The guaranteed sum shall be payable to Singapore Airlines Limited immediately upon demand. 3 The liability of the Guarantor under this Guarantee shall continue for the duration of the Contract period ________________________________and the Guarantor undertakes to meet all claims arising during the period of the Contract, provided that any claim hereunder should be made not later than three months after the expiry date.

5.19 STAMP DUTY 5.19.1 Stamp duty payable on the Contract shall be solely borne by successful Vendor. 5.20 PRICE DURING CONTRACT PERIOD 5.20.1 The successful Vendor may not amend the bid price during the Contract period. Any increase in costs of

production or in any other aspect may not be passed on to SIA by way of an increase in the awarded price or a change in the goods and/or services to be provided.

5.21 CONFORMANCE WITH AGREED SPECIFICATIONS 5.21.1 All works must be carried out in accordance with the specifications and accompanied drawings that have

been agreed to by SIA and successful Vendor. 5.21.2 Should there be non-conformance to the performance and functional requirements during development

and/or SIT and/or UAT and/or Warranty Period, the successful Vendor(s) will be solely responsible for all costs associated with rectifying the above stated.

5.22 DELIVERY AND COMPLETION DATE 5.22.1 The successful Vendor will deliver the equipment/service no later than the date to be agreed upon in the

Contract. 5.23 OBSOLETE MODEL 5.23.1 In the event that the model of the Product specified has become obsolete and cannot be supplied at the time

of purchase, the successful Vendor shall supply an improved model of the Product to SIA at the same price or lower price than that specified in this Quotation. Vendor shall write in officially thirty (30) days in advance to obtain the prior approval of SIA before supplying the improved model. Once the approval has been granted, the improved model shall replace the obsolete model henceforth. Vendor shall not supply the obsolete model thereafter.

V44 22.01.2018


5.24 WARRANTY PERIOD 5.24.1 Vendor guarantees that the items supplied and/or services performed conform to the order made and are

suitable for the use for which it is intended and is free from any defects whatsoever.

5.24.2 All software licenses and hardware supplied shall have a warranty of at least twelve (12) months from the day of delivery acceptance.

5.24.3 Vendor shall provide a warranty of three (3) months for the customised solution, starting from the successful

operational cutover. 5.25 WARRANTY IDENTIFICATIONS Not applicable 5.26 VENDOR’S OBLIGATIONS 5.26.1 Vendor shall:

5.26.1.1 implement the Project diligently, efficiently, in a timely manner with reasonable care and skill according to the standards in the industry for similar services;

5.26.1.2 adhere to SIA’s administrative procedures applicable to Vendor and SIA’s reasonable

instructions and guides (including but not limited to those guides listed in clause 5.9 (Guides)) issued from time to time in relation to the Project made available to Vendor and which may be revised by SIA from time to time;

5.26.1.3 adhere to the IT Security Requirements set out in Annex 7 (IT Security Requirements) and

which may be revised from time to time;

5.26.1.4 adhere to the Singapore Airlines Suppliers’ Code of Conduct (www.singaporeair.com/pdf/media-centre/supplierscodeofconduct.pdf) and which may be revised by SIA from time to time;

5.26.1.5 conform with any laws, statutory orders, regulations and standards applicable to the Project

including, but not limited to any applicable regulations of telecommunications or media utility companies or bodies, and apply for all necessary licenses or permits required for the implementation of the System;

5.26.1.6 ensure the members of Vendor Project Management Team attend progress meetings as

required by SIA, and prepare and deliver a progress report in writing to SIA in time for discussion at the next progress meeting. This report will include a report on the progress of the Project and such other matters as SIA may require.

5.26.1.7 cooperate fully with SIA and SIA’s project manager (if any) and with other vendors or service

providers of SIA of products, services or related software systems which interface or are operated or to be operated as part of or in conjunction with the System or any part thereof, as and when directed by SIA in connection with the System, and in good faith assist in, participate and contribute to discussions or matters raised by SIA with a view to determining and implementing a reasonably practical solution to issues arising in relation to the interfacing and connection of the System to such products services and systems.

5.26.1.8 Not applicable 5.26.2 Vendor warrants and undertakes:

5.26.2.1 it has the right power and authority to enter into this Agreement;

5.26.2.2 that it has the rights necessary to perform its obligations hereunder; 5.26.2.3 its title to and property in the Software and Documentation is free and unencumbered and it owns

or has all necessary rights to grant the rights contemplated hereunder including all Intellectual Property Rights in the Software and Documentation;

V44 22.01.2018


5.26.2.4 all items supplied solely by Vendor to SIA under this Agreement do not alone or in any

combination infringe any Intellectual Property Rights, and it is not aware of any claims of the Intellectual Property Rights in the Software or the System that would be inconsistent with the performance of its obligations under this Agreement;

5.26.2.5 Not applicable 5.26.2.6 to provide prompt receipt, analysis and resolution of any technical problems notified by SIA to

Vendor; and 5.26.2.7 Not applicable 5.26.2.8 Not applicable

5.26.3 Where Vendor and its subcontractors (if any) and its authorized personnel has been granted access to SIA’s

premises in connection with Vendor’s performance of its obligations under this Agreement, Vendor will comply and will ensure that its employees, subcontractors (if any) and other authorized personnel comply, with SIA’s site or office regulations (including its working arrangements with other vendors or contractors) and other instructions whilst at SIA’s premises, and with the SIA Terms and Conditions on Usage of IT Resources set out in Annex 5 (Terms and Conditions of Usage of IT Resources (and Specimen Individual Non-Disclosure Agreement)) and which may be revised from time to time. Vendor shall also ensure that its employees, subcontractors (if any) and other authorized personnel shall adhere to the terms of the individual non-disclosure agreements (a specimen of which is set out in Annex 5 (Terms and Conditions of Usage of IT Resources (and Specimen Individual Non-Disclosure Agreement))) which shall be signed by them.

5.27 VENDOR PERSONNEL 5.27.1 Vendor shall use appropriately qualified and skilled personnel to provide the Services. Vendor shall use the

staff approved by SIA (in its’ sole discretion) as comprising Vendor Project Management Team to perform its obligations under this Agreement and will not without the consent of SIA change the staff allocated. SIA may at its’ reasonable discretion require Vendor to substitute any of its staff in Vendor Project Management Team.

5.28 LATE COMPLETION 5.28.1 If Vendor fails to achieve completion of the entire System by the Targeted System Completion Date, SIA shall, at

its option, either claim damages for breach of this Agreement, or obtain payment from Vendor by way of liquidated damages, the sum equivalent to of one percent (1%) of the Contract Sum per week or part thereof commencing on the day after the Targeted System Completion Date and expiring on the Acceptance Date, subject to a maximum of ten percent (10%) of the Contract Sum. Such payment shall be without prejudice to Vendor’s obligation to complete the Services as soon after the Targeted System Completion Date as shall be reasonably possible.

5.28.2 Where the entire System is to be completed by Vendor in phases as set out in the Project Schedule (each a

“Phase ”), in the event that Vendor fails to meet any deadline specified in the Project Schedule for the completion of each Phase (each a “Targeted Phase Completion Date ”), SIA shall, at its option, either claim damages for breach of contract, or obtain payment from Vendor by way of liquidated damages, the sum equivalent to of one percent (1%) of the total sum payable under this Agreement for the completion of that particular Phase (each a “Partial Contract Sum ”) per week or part thereof commencing on the day after the relevant Targeted Phase Completion Date, subject to a maximum of ten percent (10%) of the relevant Partial Contract Sum. Such payment shall be without prejudice to Vendor’s obligation to complete the Services as soon as reasonably possible.

5.28.3 If Vendor fails to meet any Targeted Phase Completion Date by more than ten (10) weeks, or fails to achieve

completion of the System by more than ten (10) weeks after the Targeted System Completion Date, SIA shall be entitled without prejudice to any other rights or remedies it may have hereunder or at law to terminate forthwith this Agreement immediately by giving written notice to Vendor.

5.29 TERMINATION 5.29.1 This Agreement may be terminated:

5.29.1.1 by Vendor giving written notice to SIA if SIA fails to pay any undisputed charges due hereunder within ninety (90) days after written notification of such default of the due date therefor; or

V44 22.01.2018


5.29.1.2 by SIA giving written notice to terminate Vendor if Vendor commits any breach of any term of this Agreement and (in the case of a remediable breach) fails to remedy the breach within fourteen (14) days of a written notice from SIA to remedy the breach. Vendor’s breach of any of the following clauses (regardless of severity or materiality) shall be deemed to constitute a material breach: • Scope of Project And Obligations (5.26) • Confidentiality (5.30) • Data (5.31) • Intellectual Property Rights (5.37) • Anti-Corruption/Anti-Bribery Representation And Warranties (5.49.10) • Export Laws (5.49.13) • Singapore Airlines Suppliers’ Code of Conduct; or

5.29.1.3 by SIA at any time upon the giving of thirty (30) days’ written notice to Vendor; or 5.29.1.4 by either Party giving written notice to the other Party in the event that either Party (a) files for

bankruptcy; (b) becomes or is declared insolvent, or is the subject of any proceedings related to its liquidation, insolvency or the appointment of a receiver or similar officer for it; (c) makes an assignment for the benefit of all or substantially all of its creditors; or (d) enters into an agreement for the composition, extension, or readjustment of substantially all of its obligations.

5.29.2 Upon expiry or early termination of this Agreement, Vendor will ensure that the Services and deliverables

rendered or delivered up to and including the date of expiry or termination will be properly and fully handed over to SIA and/or other SIA-appointed vendor(s)/contractor(s) in accordance with reasonable procedures specified by SIA.

5.29.3 Upon expiry or termination of this Agreement, Vendor shall promptly return to SIA all SIA Personal Data, and

delete all existing copies of SIA Personal Data in its possession or under its control, unless otherwise instructed by SIA or otherwise required under Applicable Data Protection Laws or other applicable laws.

5.29.4 Upon expiry or termination of this Agreement, a request for return of Confidential Information is deemed to be

made and clause 5.30.5 shall apply. 5.29.5 Any termination of this Agreement pursuant to this clause shall be without prejudice to any other rights or

remedies any Party may be entitled to hereunder or at law and shall not affect any accrued rights or liabilities of either Party. For avoidance of doubt, SIA shall, in the event of termination pursuant to clause 5.29.1.3, pay to Vendor for the Services which have been rendered by Vendor such sums accrued due and payable under this Agreement, pro-rated where necessary in respect of the amount of work actually done up to and including the date of termination.

5.29.6 In the event of a material breach of this Agreement by Vendor and/or termination by SIA pursuant to clause

5.28.3 without prejudice to any other rights or remedies SIA may have hereunder or at law, SIA shall obtain a full refund from Vendor of all payments made under this Agreement.

5.29.7 All clauses of this Agreement so intended to survive after expiry or termination of this Agreement shall survive the

expiry or sooner termination of this Agreement. 5.30 CONFIDENTIALITY 5.30.1 For the purposes of this Agreement, “Confidential Information” includes the terms of this Agreement, all

information (written or oral) concerning the business and affairs of SIA (including, without limitation, information relating to the operational systems and processes including the System as adopted by SIA, customers and services of SIA or its related or associated companies, reports, recommendations, advice or tests, source and object codes of software incorporated into the operational systems and processes operated by SIA or its related or associated companies including the System), and Data, obtained or received or accessed by Vendor as a result of or in connection with the entry or performance of this Agreement. Any information which Vendor has received or will receive in tangible form from the disclosing Party that is marked as "Confidential" or "Proprietary" or with words to similar effect pursuant to this Agreement will also be considered Confidential Information.

V44 22.01.2018


5.30.2 Vendor agree to keep confidential, and to procure that its officers, employees, agents, vendors and subcontractors keep confidential, any Confidential Information, and shall not, disclose the Confidential Information to any other person unless disclosure has been expressly permitted by SIA in writing. Vendor agrees and acknowledges that Confidential Information shall only be used for the purposes of the Project and/or in performing its obligations under this Agreement.

5.30.3 Vendor agrees to disclose such Confidential Information only to the extent necessary to such of its officers,

employees and agents, approved vendors and subcontractors as shall have a need to know for the proper purposes referred to in this clause 5.30. Vendor hereby undertakes to take all such steps as shall from time to time be necessary to ensure compliance by its employees agents contractors and subcontractors with the provisions of this clause 5.30.

5.30.4 Notwithstanding the foregoing, Vendor shall not be liable to SIA for the disclosure of any Confidential

Information which is in or later enters the public domain, other than by reason of any breach, default or wilful or negligent act or omission of Vendor or any of its officers, employees, agents, vendors or subcontractors.

5.30.5 Upon request, Vendor shall immediately return to SIA all tangible materials (including copies thereof), excluding

(i) such tangible materials relating to the Project which have been installed, commissioned and accepted by SIA; or (ii) made available or supplied by Vendor including, but not limited to any documents, disks and/or tapes, without retaining any copies, notes or extracts. If not returned, such tangible materials shall be destroyed (or deleted if stored or contained in a database or compilation system).

5.30.6 The provisions of this clause 5.30 shall survive, and continue to be binding on the Parties after, the

termination of this Agreement. 5.31 DATA 5.31.0 Definitions and Interpretations “Applicable Data Protection Laws” means: (i) in respect of EU Personal Data, any law, statute, declaration,

decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding instrument of the Data Controller’s Member State which implements the Directive, the e-Privacy Directive and the GDPR once it takes effect (in each case as amended, consolidated, re-enacted or replaced from time to time); (ii) in respect of Singapore Personal Data, means the PDPA; (iii) all other applicable laws, regulations, and official interpretations thereof pertaining to Personal Data, personally identifiable data or privacy; (iv) in respect of SIA Personal Data, all of the above.

“Data” means any category of information in any form, disclosed, furnished, provided by, or made available

directly or indirectly to Vendor, Vendor Personnel and/or Sub-contractor by or on behalf of SIA or otherwise received or obtained by Vendor, Vendor Personnel and/or Sub-contractor pursuant to, by virtue of, or in the course of negotiating or performing this Agreement (whether before or after the Effective Date), including: (i) all information relating to the clients and customers of SIA; (ii) all Personal Data; and (iii) all communications between the Parties relating to the aforesaid. Data may be stored, transmitted, Processed and/or retrieved in, to or by the System for the purposes of this Agreement and shall include all data, information and computer programs provided by or derived from third parties for the purposes of the System whether concerning flight schedules, customers, suppliers, operational data, billing information or otherwise, as well as all compilations or databases containing Data.

“Data Controller” means the legal person which, alone or jointly with others, determines the purposes and

means of the Processing of EU Personal Data. “Data Subject” means the individuals who are the subject of the SIA Personal Data. “Directive” means Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on

the protection of individuals with regard to the processing of personal data and on the free movement of such data.

“EU Personal Data” means all Personal Data (as the term is defined in the GDPR) of individuals in the EU or

whose behaviour is monitored in the EU.

V44 22.01.2018


“e-Privacy Directive” means Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector. “GDPR” means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data. “Member State” means the member states of the European Union from time to time. “PDPA” means the Singapore Personal Data Protection Act 2012 (as amended, consolidated, re-enacted or replaced from time to time).

“Personal Data” means (i) all data which is defined to be “personal data” or equivalent under the Applicable

Data Protection Laws; and (ii) all information the collection, disclosure, use or processing of which is subject to Applicable Data Protection Laws.

“Process, Processed or Processing” shall: (i) in respect of Singapore Personal Data, mean carrying out of any

operation or set of operations in relation to the personal data, and includes any of the following: (a) recording; (b) holding; (c) organization, adaptation or alteration; (d) retrieval; (e) combination; (f) transmission; (g) erasure or destruction; (ii) in respect of EU Personal Data, means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Regulator” means the data protection supervisory authority which has jurisdiction over SIA’s Processing of

SIA Personal Data. “SIA Personal Data” means the EU Personal Data and the Singapore Personal Data. “Singapore Personal Data” means data, whether true or not, about an individual who can be identified either

from that data or from that data when combined with other information to which an entity has access or is likely to have access.

5.31.1 If for any reason Vendor, Vendor Personnel and/or Sub-contractor are permitted access to, or are supplied with

or otherwise provided with Data by or on behalf of SIA during performance or for the purposes of the Services, then without prejudice to the provisions of Clause 5.30 (Confidentiality), Vendor, Vendor Personnel and Sub-contractor shall:

(a) use and/or hold such Data for the purposes and in the manner directed by SIA and not otherwise

modify, amend or alter the contents of Data or disclose or permit the disclosure of such Data to any third party unless specifically authorized in writing by SIA;

(b) comply in all respects with any all Applicable Data Protection Laws;

(c) comply with all SIA security policies, standards, requirements and specifications, including Annex 7

(Information Security Requirements), as may be updated by SIA in writing from time to time, with respect to safeguarding Data;

(d) provide appropriate equipment and software to implement security solutions in accordance with SIA’s standards and requirements referred to in (c) above;

(e) without prejudice to the generality of (c) and (d) above, implement appropriate technical and

organizational measures and safeguards (including, as appropriate, (i) the pseudonymisation of Data, (ii) ensuring the ongoing confidentiality, integrity, availability and resilience of Processing systems and services, (iii) restoring the availability and access to Data in a timely manner in the event of a physical or technical incident, and (iv) regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing) and take all necessary steps

V44 22.01.2018


to protect against (i) unauthorised, accidental or unlawful access, disclosure, use or Processing; (ii) destruction, erasure, damage, corruption, interference, loss, modification, amendment or alteration; and/or (iii) other misuse; of Data stored, accessed, collected, used or Processed by Vendor or Sub-contractor and Data in the custody, possession or control of Vendor or Sub-contractor that are no less rigorous than the most rigorous practices of SIA and Vendor, for similar types of information, as of the Effective Date. Vendor shall provide to SIA a written description of such technical and organisational measures and safeguards employed by it upon request by SIA;

(f) ensure that Data provided to Vendor in connection with this Agreement is stored or recorded

accurately; (g) segregate all Data from the data or information of any third party, including any other client of Vendor; (h) upon the expiry or termination of this Agreement (howsoever occasioned) or the written request of SIA,

within fourteen (14) days, return to SIA or destroy (as SIA may direct) at Vendor's own cost and expense, all materials containing Data and copies thereof in Vendor's and/or Sub-contractor’s custody, possession or control and shall certify to SIA that no copies thereof have been retained;

(i) not subject the Data or any part thereof, and Vendor will not agree to grant in respect of the same, to

any Encumbrances whatsoever and Vendor will not assert any other right whatsoever against the Data; (j) not sell, assign, lease, license, publish, exploit or otherwise deal with the SIA Information or carry out

any data mining, data compilation or data extraction, for the purposes of statistical or trade analysis or otherwise, based on or in connection with the Data, except where strictly necessary for the provision of the Services under this Agreement;

(k) not relocate outside Singapore Data unless Vendor gives 30 days prior notice where Vendor intends

to relocate the Data; and (l) as soon as Vendor becomes aware of any breach or potential breach of security relating to or including

Data or any unauthorised collection, disclosure, use or loss of Data: (i) promptly notify SIA of the same; (ii) promptly provide SIA with full details of, and investigate and assist SIA in investigating the same; (iii) co-operate with SIA in any investigation or litigation against third parties deemed necessary by SIA to protect the interests of SIA or SIA’s rights in the Data; and (iv) use its best endeavours to prevent a recurrence of the same.

5.31.2 Vendor shall:

(a) procure that Sub-contractor and Vendor Personnel comply with the obligations relating to Data under this Agreement. Vendor shall be liable for Vendor's, Subcontractor's and Vendor Personnel’s collection, disclosure, use, processing or loss of Data and compliance with this Clause 5.31 (and the documents referenced herein) and Annex 7 (Information Security Requirements) as may be updated by SIA from time to time; and

(b) ensure that Sub-contractor and Vendor Personnel will not attempt to access or allow access to Data that is not required for the performance of the Services by Sub-contractor or Vendor Personnel.

5.31.3 All Data remains the property of SIA or the relevant third parties (other than Vendor). Nothing in this Agreement

shall be construed as giving Vendor any rights to such Data as a result of or in connection with the Services. SIA shall have full discretion in determining the scope, extent and type of information which it wishes to disclose to Vendor for or in connection with this Agreement (which information will comprise Data). Vendor undertakes

V44 22.01.2018


that it shall not do or permit any act in derogation with such ownership or control of SIA. In particular, Vendor shall not, except strictly with SIA’s prior written authorization or consent:

(a) duplicate, distribute, duplicate or reproduce (or permit the same of) any of the Data or any contents thereof;

(b) in any way use (or permit the use of) any of the Data or any contents thereof;

whether during the term of this Agreement or after expiry or termination of this Agreement.

5.31.4 SIA and Vendor acknowledge that as between the Parties, Vendor is a data intermediary and shall Process

Singapore Personal Data on behalf of and for the purposes of SIA in accordance with this Agreement. The term “data intermediary” shall have the meaning set out in the Applicable Data Protection Laws, and shall include an organisation that Processes data on behalf of and for the purposes of another organisation, pursuant to a written contract.

5.31.4.1 Vendor represents, warrants and undertakes that it shall collect, disclose, use and Process the

Personal Data only for the purpose of providing the Services in accordance with this Agreement and SIA’s instructions and that: (i) it will comply at a minimum with SIA’s instructions and Applicable Data Protection Laws; and (ii) it has provided SIA with full details of its internal procedures and processes with regards to its collection, disclosure use and processing of SIA Personal Data ("Data Protection Processes") and will work with SIA within the agreed timescales to prepare and agree in writing (amending its current procedures as required) a method for ensuring its procedures comply with SIA’s requirements as notified to Vendor. If at any time Vendor changes any of its Data Protection Processes affecting this Agreement as agreed with SIA or otherwise, it will promptly notify SIA in writing of such changes and refrain from implementing and using any such changes unless and until agreed by SIA.

5.31.4.2 Vendor shall Process SIA Personal Data only to the extent, and in such a manner, as is necessary for

the purposes of performing its obligations under this Agreement, in accordance with SIA’s instructions from time to time, and shall not Process the SIA Personal Data for any other purpose. Vendor shall keep written records of any Processing of SIA Personal Data it carries out on behalf of SIA. Vendor shall, where Vendor collects Singapore Personal Data on behalf of SIA: (i) agree the drafting and format of the provision of information to the Data Subjects in relation to the Processing to be undertaken with SIA in writing prior to the data collection; and (ii) ensure that appropriate consent has been obtained from the relevant Data Subjects in accordance with the PDPA prior to collecting such Singapore Personal Data; and (iii) if Vendor does transfer any Singapore Personal Data to a country outside Singapore with SIA’s consent in accordance with Clause 5.31.4.12, Vendor shall ensure that the recipient of such data is under contractual obligations to protect such Singapore Personal Data to the same or higher standards as those imposed under the PDPA.

5.31.4.3 At SIA’s request, Vendor shall provide to SIA a copy of all SIA Personal Data held by it in the format and on the media reasonably specified by SIA.

5.31.4.4 Vendor shall notify SIA promptly if it becomes aware of (a) any unauthorised or

unlawful Processing, loss of, damage to, corruption or destruction of the SIA Personal Data; and (b) any advance in technology and methods of working which mean that SIA should revise the security measures set out in Annex 7 (Information Security Requirements).

5.31.4.5 Vendor represents, warrants and undertakes that it will not modify, amend, alter, delete, publish,

disclose or divulge any SIA Personal Data to any third party (including Sub-contractor or any Data Subject) unless SIA has given its prior written consent. Vendor may only authorise a Sub-contractor to Process the SIA Personal Data on Vendor's behalf subject to SIA’s prior written consent where Vendor has supplied SIA with full details of Sub-contractor, provided that (a) Sub-contractor's contract is on terms which provide a standard of protection to Personal Data that is comparable to the protection under this Clause 5.31 and (b) Sub-contractor's contract terminates automatically on expiry or termination of this Agreement for any reason.

5.31.4.6 Vendor shall not transfer or relocate, or cause any Sub-contractor to transfer or relocate, any SIA

V44 22.01.2018


Personal Data out of or outside Singapore except with the prior written consent of SIA. If given, Vendor shall provide an adequate level of protection to any SIA Personal Data transferred in accordance with Applicable Data Protection Laws, relevant SIA policies and all reasonable instructions of SIA, at Vendor's own cost and expense.

5.31.4.7 Vendor shall immediately transfer, amend, rectify, erase, delete or complete any SIA Personal Data on receiving instructions to this effect from SIA. Vendor undertakes in particular to amend, rectify, delete, erase or complete any Personal Data if it appears that such measures are required by the requirements of any applicable laws, rules and/or regulations, after being notified of the same by SIA.

5.31.4.8 Vendor shall cease to retain SIA Personal Data as soon as retention of Personal Data is no longer required for business or legal purposes or for the provision of the Services hereunder.

5.31.4.9 Vendor represents, warrants and undertakes that it shall in the event of a potential or actual breach by Vendor, Sub-contractor or Vendor Personnel, of Applicable Data Protection Laws, or in the event that any action of Vendor, Sub-contractor or Vendor Personnel causes or could reasonably be regarded as causing a breach by SIA of Applicable Data Protection Laws, or where there is, or Vendor reasonably believes that there is, any improper, unauthorized or unlawful access to, use of, or disclosure of, or any other compromise which affects the availability, integrity or confidentiality of SIA Personal Data which is Processed by Vendor under or in connection with this Agreement (each such event a "Data Protection Breach"), comply with SIA’s then-current data protection reporting processes in accordance with SIA’s instructions at the relevant time. In addition, upon becoming aware of such Data Protection Breach, Vendor shall: (a) without undue delay, notify SIA in writing of all known details of the Data Protection Breach relating

to the SIA Personal Data, including: (i) a description of the nature of the Data Protection Breach including, where possible, the categories and approximate number of Data Subjects and records concerned; (ii) the name and contact details of the data protection officer or other contact point where more information can be obtained; (iii) a description of the likely consequences of the Data Protection Breach; and (iv) a description of the measures taken or proposed to be taken to address the Data Protection Breach, including, where appropriate, measures to mitigate its possible adverse effects

(b) mitigate any harmful effect that is known to Vendor of a use or disclosure of the SIA Personal Data in violation of this Agreement or in connection with a Data Protection Breach;

(c) assist SIA in remediating or mitigating any potential damage from a Data Protection Breach. Vendor

shall further provide SIA with regular status updates on any Data Protection Breach including, but not limited to, actions taken to resolve such incident, at mutually agreed intervals or times for the duration of the Data Protection Breach;

(d) within four (4) weeks of closure of the incident, provide SIA a written report describing the Data Protection Breach, the root cause analysis, actions taken by Vendor during its response and Vendor’s plans for future actions to prevent a similar Data Protection Breach from occurring;

(e) not disclose to third parties (including Regulators) any information about a Data Protection Breach involving the SIA Personal Data without prior written and express permission from SIA for such disclosure; and

(f) assist SIA with notifying the Data Protection Breach to any Regulator or the Data Subject in accordance with the Applicable Data Protection Laws.

5.31.4.10 If Vendor receives any complaint, notice or communication which relates directly or indirectly to the

Processing of the SIA Personal Data, any Data Protection Breach and/or either party's compliance with the Applicable Data Protection Laws (including any request, complaint or other third party communication from a Data Subject, such as for EU Personal Data rights of objection, restriction of Processing, data portability or the right not to be subject to automated decision making) (a “Data Subject Request ”) or from the data protection supervisory authority or any law enforcement

V44 22.01.2018


authority), it shall immediately notify SIA and it shall provide SIA with full co-operation and assistance in relation to any such complaint, notice or communication including by: (i) immediately providing SIA with full details of the request, complaint or other communication and any other information that SIA may reasonably request; (ii) responding to the Data Subject’s access request, or a request from the data protection supervisory authority or any law enforcement authority, in accordance with SIA’s instructions; (iii) providing SIA with all SIA Personal Data it holds in relation to the relevant Data Subject within the reasonable timescales required by SIA; and (iv) providing SIA with any other information reasonably requested by SIA in connection thereto.

5.31.4.11 Vendor shall immediately inform SIA if, in its opinion, an instruction of SIA infringes the Applicable Data Protection Laws.

5.31.4.12 Vendor agrees not to Process Singapore Personal Data outside Singapore (including accessing it

from, or transferring it to, such countries) without the prior written approval of SIA. The Parties shall ensure that such access or transfer shall only take place as permitted under the Applicable Data Protection Laws and in accordance with the relevant obligations set out in Clause 5.31.4.2

5.31.4.13 In the event that Vendor engages a sub-processor for carrying out specific Processing activities on

behalf of SIA, where that sub-processor fails to fulfil its obligations, Vendor shall remain fully liable under the Applicable Data Protection Laws to SIA for the performance of that sub-processor’s obligations.

5.31.4.14 Vendor shall do or procure the doing of all such acts and execute or procure the execution of all such

documents as SIA may consider necessary or desirable for compliance with any Applicable Data Protection Laws, from time to time on request by SIA. For the avoidance of doubt, all costs and expenses incurred by Vendor, Sub-contractor and/or Vendor Personnel to enable compliance with the requirements of this Clause 5.31 shall be borne solely by Vendor.

5.31.5 Vendor represents, warrants and undertakes that only Vendor Personnel who ‘need to know’ will be given

access to the Data, and only to the extent necessary to perform Vendor's obligations under this Agreement. 5.31.5.1 Vendor shall ensure that all Vendor Personnel:

(a) are informed of the confidential nature of the SIA Personal Data, have committed to binding contractual obligations of confidentiality or are under an appropriate statutory obligation of confidentiality and hold and use all SIA Personal Data in confidence; (b) have undertaken adequate training in the laws relating to handling SIA Personal Data; and (c) are aware both of Vendor’s duties and their personal duties and obligations under such laws and this Agreement and will comply with such obligations.

5.31.5.2 Vendor shall take reasonable steps to ensure the reliability of Vendor Personnel who have access to

the SIA Personal Data. 5.31.6 For the avoidance of doubt, Clauses 5.31.4 to 5.31.5 shall be without prejudice to the generality of Clauses

5.31.1 to 5.31.3. 5.31.7 Without prejudice to the generality of Clause 5.36, Vendor shall permit SIA designees access to: (i) its premises,

records, and Data Protection Processes, and to those of Sub-contractor; (ii) all facilities, equipment, documents and electronic data relating to the processing of Personal Data under this Agreement; and (iii) Vendor Personnel; to audit Vendor's compliance with its obligations under this Clause 5.31, including allowing such access immediately in the event of any Data Protection Breach. Each such audit shall be carried out at SIA’s cost and expense unless any unreported Data Protection Breach is uncovered in the course of such audit in which case the relevant audit will be at Vendor's reasonable cost and expense. The conduct of such audits shall not relieve Vendor of any of its obligations under this Agreement. Vendor shall also make available to SIA all information necessary to demonstrate its compliance with the obligations laid down in this Clause 5.31 and the Applicable Data Protection Laws, and allow for and contribute to audits, including inspections, conducted by SIA or another auditor mandated by SIA.

V44 22.01.2018


5.31.8 The Parties agree to negotiate in good faith modifications to this Clause 5.31 (and the documents referenced herein) if changes are required for Vendor to continue to Process the SIA Personal Data in compliance with the Applicable Data Protection Laws or to address the legal interpretation of the Applicable Data Protection Laws, including to comply with any amendments to the PDPA.

5.31.9 Without prejudice to any other rights or remedies that SIA may have, Vendor hereby acknowledges and agrees

that a person with rights under this Clause 53.1 may be irreparably harmed by any breach of its terms and that damages alone may not be an adequate remedy. Accordingly, a person bringing a claim under this Clause 53.1 shall be entitled to the remedies of injunction, specific performance or other equitable relief for any threatened or actual breach of the terms of this Clause 53.1.

5.31.10 To the extent that the Vendor Processes EU Personal Data for and on behalf of SIA, Vendor shall in addition to

the terms set out in this Clause 5.31, comply with the terms set out in RFQ Appendix A. 5.31.11 This Clause 5.31 shall survive the termination or expiration. 5.31A DO-NOT-CALL PROVISIONS

Intentionally left blank. 5.32 LIMITATION FOR LIABILITY 5.32.1 Except as otherwise provided in this Agreement, neither Party shall be liable to the other Party for any special,

incidental, indirect, consequential, exemplary or punitive damages (including, without limitation damages for lost profits, anticipated profits, contract, goodwill, production, corruption of data, operation time, revenue, economic loss, business opportunity or business interruption) relating to this Agreement, any of the services or work product provided under this Agreement or any other subject matter of this Agreement and regardless of whether such claim be based on contract, tort, equity or otherwise.

5.32.2 Without limiting clause 5.32.1, the maximum aggregate liability of either Party to the other Party and for any or

all claims for any damages of any kind relating to this Agreement, any services or work product provided under this Agreement or any other subject matter of this Agreement shall not exceed an amount equal to the Contract Sum. This clause 5.32.2 shall not apply to the indemnity to be provided pursuant to clause 5.38 and clause 5.41.

5.32.3 The limitations of liability contained in clause 5.32.1 and 5.32.2 will apply regardless of the form of action

(including without limitation, contract, warranty, negligence, tort, strict liability or statutory) or type of damages, regardless of any claim or finding with respect to the adequacy, failure, purpose or sufficiency of any remedy offered or provided for hereunder and regardless of whether a Party was informed of, aware of or otherwise could have anticipated the possibility of such damages or liability.

5.32.4 Clause 5.32.1 and 5.32..2 shall not apply to the indemnities to be provided pursuant to Clause 5.38, Clause

5.41 and Clause 5.49.13.2; and shall not apply to damage and/or loss caused to SIA by Vendor’s (i) infringement of any of SIA’s Intellectual Property Rights, (ii) breach of clause 5.31 or Annex 7 (Information Security Requirements) and/or (iii) breach of its confidentiality obligations under this Agreement.

5.33 CONTRACT SUM 5.33.1 Subject to any changes agreed to in writing by the Parties, the Contract Sum for the Project shall be set out in the

Agreement, exclusive of any GST thereon chargeable. 5.33.2 Vendor agrees that the Contract Sum, and any other charges quoted in this Agreement, shall not be increased. 5.33.3 The Contract Sum (together with GST thereon) shall be paid by SIA in accordance with the payment schedule set

out in Agreement, after receipt of invoice from Vendor. Each invoice for the relevant part of the Contract Sum or the charges, as the case may be, shall be issued to SIA after the corresponding relevant stage of the Project or the Services has been duly completed and accepted by SIA in accordance with this Agreement, specifying the amount payable by SIA and attaching evidence of acceptance of deliverables by SIA. SIA shall pay all undisputed charges within sixty (60) days of receipt of an invoice.

5.33.4 The parties shall use their best endeavours to resolve such disputes or differences in relation to the disputed

charges in accordance with the dispute resolution process/procedure as contained in clause 5.46.

V44 22.01.2018


5.33.5 Vendor may charge SIA interest at a rate of one percent (1%) per month on any undisputed amount payable to

Vendor under this Agreement which is due and owing. 5.33.6 Unless otherwise specified, all invoices will be billed in Singapore dollars and all payments required to be made

under this Agreement shall be made in Singapore dollars.

5.33.7 Unless otherwise specified herein or agreed, all permits, licenses, royalties and fees whatsoever claimable by or payable to any person, firm or corporation or government or in connection with intellectual property used or required to be used in connection with Vendor’s obligations under this Agreement are deemed to be included in the Contract Sum, and shall be for the account of Vendor and shall not be charged to SIA.

5.33.8 Unless otherwise expressly provided, all amounts stated in this Agreement expressed to be exclusive of any

GST arising in respect of any supply made hereunder shall on the issue of a valid tax invoice in respect of the same be paid to the Party making such supply by the Party to whom it is made in addition to any other consideration payable. Save for the foregoing, all other Taxes shall be borne by Vendor, including without limitation any withholding tax payable as a result of this Agreement. SIA shall pay to Vendor all amounts due under this Agreement net of any withholding tax, and shall be permitted and entitled, if required in compliance with applicable laws or regulations, to withhold or deduct from the amounts payable to Vendor under this Agreement such taxes, withholdings and/or deductions.

5.34 STEP-IN RIGHTS 5.34.1 In the event that Vendor fails to or is in SIA’s reasonable opinion unable to perform any of its obligations under

this Agreement, SIA reserves the right to, at its option, either claim damages for breach of this Agreement, or appoint an alternative vendor to provide any Services. Such appointment and step-in Services shall be completed within a reasonable period as reasonably determined by SIA. Vendor shall reimburse SIA for the additional costs of engaging an alternative vendor. Such right shall be without prejudice to any of SIA’s rights or remedies under this Agreement or at law.

5.35 HANDOVER 5.35.1 Upon expiry or early termination of this Agreement, Vendor will ensure that the Services and deliverables

rendered or delivered up to and including the date of expiry or termination will be properly and fully handed over to SIA and/or other SIA-appointed vendor(s)/contractor(s) in accordance with reasonable procedures specified by SIA.

5.36 RIGHT TO AUDIT 5.36.1 SIA and/or its designees may, by reasonable notice in writing and at any time during normal office hours,

access the premises of Vendor, Sub-contractor and Vendor Personnel to audit their facilities, equipment, documents, records and/or data, for the purposes of verifying compliance with the terms and conditions of this Agreement, including compliance with the Information Security Requirements set out in Annex 7 and/or any other requirements under this Agreement. Vendor shall, and shall procure that Sub-contractor and/or Vendor Personnel (as may be applicable) shall, provide SIA and/or its designees with full co-operation and assistance in connection with the audit at their own cost and expense, at no additional cost to SIA. Save for the foregoing, each such audit shall be carried out at SIA’s sole cost and expense unless any unreported breach is uncovered in the course of such audit, in which case the reasonable costs of that particular audit shall be borne solely by Vendor.

5.37 INTELLECTUAL PROPERTY RIGHTS 5.37.1 All Intellectual Property Rights comprised in the Services and Software and any derivative Documentation as

well as any and all other materials or part thereof provided to or acquired by Vendor, or created or developed by Vendor for SIA for the sole purposes of this Project, shall, unless otherwise expressly agreed between the Parties, be deemed to be irrevocably assigned to and shall vest in SIA on the Acceptance Date without further charge. If required by SIA, Vendor shall do all things and sign all documents necessary to vest all such Intellectual Property Rights assigned or otherwise transferred or granted to SIA under this Agreement. For avoidance of doubt, Vendor shall have no right to sublicense, assign or transfer the source or object codes of the Software and related Documentation to any third party.

5.37.2 Where Vendor does not so create or own such Intellectual Property Rights, Vendor shall obtain and maintain

at all times for the term of this Agreement for SIA all necessary licences of Intellectual Property Rights for any third party proprietary matter contained in the System to enable SIA to use and operate the System. For the

V44 22.01.2018


avoidance of doubt, such third party proprietary matter shall include such Software created or owned by Vendor but not for the specific and sole purpose of this Project and contained in the System for which Vendor hereby grants to SIA a non-exclusive and non-transferable licence in perpetuity to use without charge as part of the System.

5.38 INTELLECTUAL PROPERTY RIGHTS INDEMNITY 5.38.1 Vendor shall indemnify and hold harmless SIA and its related and associated companies in full from and against

all actions, proceedings, claims, damages, liabilities, settlement sums, charges, losses, costs and expenses (including without limitation, legal costs and expenses and costs of other professionals) arising out of or in connection with any claim or action by any third party against SIA for actual or alleged infringement of the Intellectual Property Rights in the Software and/or related Documentation (an “Intellectual Property Infringement’), and SIA shall:

5.38.1.1 gives notice to Vendor of any Intellectual Property Infringement promptly upon becoming aware

of the same; 5.38.1.2 gives Vendor the sole conduct of the defence (at Vendor’s sole cost and expense) to any claim or

action in respect of any Intellectual Property Infringement and does not at any time admit liability or otherwise settle or compromise or attempt to settle or compromise the said claim or action except upon the express instructions of Vendor; and

5.38.1.3 acts in accordance with the reasonable instructions of Vendor and gives to Vendor such

assistance as it shall reasonably require (at Vendor’s sole cost and expense) in respect of the conduct of the said defence including without prejudice to the generality of the foregoing the filing of all pleadings and other court process and the provision of all relevant documents.

5.38.2 In addition to and without prejudice to the above;

5.38.1 If required by SIA, Vendor shall procure the right to continue with the use of the Software or part thereof which is the subject of the Intellectual Property infringement;

5.38.2 If required by SIA, replace or modify the Software or part thereof which is the subject of the Intellectual

Property infringement so that it is no longer infringing but will function in an equivalent manner. Such replacement or modification shall be subject to SIA’s approval;

5.38.3 SIA shall be entitled to reject the Software and Vendor shall have to refund to SIA the entire Contract Sum

or all sums which SIA has paid to Vendor for the Software. 5.38.3 The provisions of this clause 5.38 shall survive, and continue to be binding on the Parties after, the expiry or

termination of this Agreement. 5.39 WARRANTY 5.39.1 Vendor hereby warrants that it will carry out the Services and perform the Services with reasonable care and skill.

5.39.2 that as at and from the Acceptance Date and during Warranty Period, if used in accordance

with Vendor’s directions stated in the documentation and manuals:

(a) each individual element of the System will be compatible with all other elements of the System and will function properly in combination with each other as an integrated system;

(b) the Software is suitable and adequate for use with the Hardware and will meet the functions

and performance levels for the System specified for or in connection with the Detailed Specifications;

(c) the Software and the System shall interface and integrate with other software systems related

to the System and utilized by SIA so as to meet the objectives of the System;

V44 22.01.2018


5.39.1.3 the media upon which the Software and related Documentation are stored will for a period of twelve (12) months from the Acceptance Date be free from defects in materials design and workmanship;

5.39.1.4 the System will be free from defects and workmanship and will be fit for the purpose which it was

intended; and

5.39.1.5 the System (including the Software and related Documentation) will conform to and perform in accordance with the Detailed Specifications (including any specified or agreed service levels).

5.39.2 Vendor further warrants and represents that the Software will not, when installed, contain Viruses that will have an

adverse effect on the information and networked system including but not limited to all hosts, routers, fileservers, firewalls and/or network appliances. Vendor shall, without prejudice to any other right of action available to SIA under this Agreement or under any general law, notify SIA immediately if the Software shall be found or should have been found to contain any Viruses.

5.39.3 Open Source Software. Vendor represents, warrants and undertakes that:

(a) if required by SIA at any time during the term of this Agreement, Vendor shall promptly make full

complete and accurate disclosure to SIA of all Open-Source Software: (i) used or proposed to be used in, or in the development of, the System; (ii) that the System is, or is proposed to be, compiled with and/or linked to, and (iii) otherwise used by Vendor in the performance of this Agreement, including full details of the applicable software version(s), operating system(s) and license terms and any other information reasonably requested by SIA;

(b) SIA, SIA users and their third party subcontractors are permitted under the applicable open source license terms to copy, modify and redistribute the source code of the Open-Source Software;

(c) The Open-Source Software is not subject to any restrictive, 'reciprocal', 'hereditary' or 'copyleft'

licenses, and SIA, SIA users and their third party subcontractors' right and license to copy, modify and distribute the Open-Source Software are not conditioned upon or subject to the resulting copies, modifications and distributions ("Derivative OSS Works") being licensed under the same licence terms and conditions as the original Open-Source Software; and

(d) There is no requirement under the applicable open source license terms for the modified source code

of the Open-Source Software, or any Derivative OSS Works, or any part of the System, to be released, disclosed or distributed back to the open source community or to any third party under any circumstances.

SIA may at its option and in its full discretion require the Vendor to cease the use of any Open-Source Software and to substitute, replace, or provide alternatives to such Open-Source Software, at no additional charge to SIA. Any such substitution, replacement and/or provision of alternatives required by SIA shall be without prejudice to Vendor's obligation to complete the implementation of the System and perform the Services hereunder in accordance with the Project Schedule.

5.39.4 Vendor shall forthwith upon receipt of a notice in respect of a breach of warranty remedy the same by making such

alterations or modifications to the System or taking such other steps necessary to remedy the breach of warranty. The remedial Services provided by Vendor during the Warranty Period shall be provided with all necessary items free of charge for any breach of warranty reported by SIA to Vendor during the Warranty Period regardless of the fact that the period taken to remedy such breach of warranty extends to a date after the expiry of the Warranty Period. Services provided by Vendor in respect of the service and support of the System during the Warranty Period shall comply with the terms set out in Annex 6.1 (Service Levels).

5.39.5 Not applicable 5.40 ESCROW Not applicable

5.41 GENERAL INDEMNITY

V44 22.01.2018


5.41.1 Vendor agrees to indemnify and hold harmless SIA and its related and associated companies in full from and against all actions, proceedings, claims, damages, liabilities, losses, costs and expenses (including without limitation, legal costs and expenses) whatsoever arising out of or in connection with (i) Vendor’s breach of Clause 5.31 (Data) or the Information Security Requirements set out in Annex 7; (ii) Vendor’s breach of its confidentiality obligations under this Agreement; (iii) fraud, gross negligence or wilful misconduct of Vendor, Vendor Personnel or Vendor's agents, and/or (ii) bodily injury or death of any person or damage to real and/or tangible personal property directly caused by the negligence or wilful misconduct of Vendor, Vendor Personnel or Vendor's agents.

5.41.2 Vendor agrees to maintain at its own cost a comprehensive policy of insurance (including but not limited to a

professional indemnity insurance policy) to adequately cover its entire liability in respect of any act or default for which it may become liable to indemnify SIA under the terms of this Agreement.

5.41.3 The remedies contained in this clause are without prejudice to and in addition to any warranties, indemnities, remedies or other rights provided by law, and/or under any other provision of this Agreement for the benefit of SIA.

5.42 DATE COMPLIANCE 5.42.1 Vendor warrants that the Services and the Software will be free from data compliance problems and that the

performance or the functionality of the Software or obligations to be performed under the Agreement shall not be affected, impeded or interrupted by the entry or processing of any data value or date-dependent function, whether such date is past, current or future.

5.43 SERVICE STANDARDS 5.43.1 At all times, Vendor shall perform the Services so as to meet or exceed the Service Levels as contained in

Annex 6.1 (Service Levels) and shall comply at all times with the requirements of the Service Levels. 5.43.2 Vendor acknowledges that the non-performance of those Services may cause dramatic and immediate impact

on SIA by way of one or more of the following: (a) loss of revenue; (b) increased expenses; (c) diminished service quality to SIA’s customers; and

(d) harming the goodwill, reputation, image or prestige of SIA or of any trade mark, service mark or trade name of SIA.

5.43.3 Without limiting any other right which SIA has under this Agreement, failure to achieve a Service Level shall

result in a Service Level Credit pursuant to Annex 6.1 (Service Levels). 5.43.4 Vendor shall perform the Services so as to meet or exceed the higher of the following:

(a) the best industry and professional standards and practices; (b) the Service Levels

5.43.5 Without in any way limiting any other obligation as set out in this Agreement, the Parties agree to the concept

of continuous improvement to the Services. 5.43.6 In the event Vendor fails to meet the Service Levels as contained in Annex 6.1 (Service Levels), SIA shall be

entitled to, at its option, either claim damages for breach of the Service Levels, or obtain payment of Service Level Credits in accordance with Annex 6.1 (Service Levels).

5.43.7 Should Vendor fail to meet the Service Levels as contained in Annex 6.1 (Service Levels) on more than three

(3) occasions, SIA shall be entitled to terminate this Agreement by giving written notice to Vendor. Any termination of this Agreement pursuant to this clause shall be without prejudice to any other rights or remedies any party may be entitled to hereunder or at law and shall not affect any accrued rights or liabilities of either party.

5.43.8 Vendor acknowledges and agrees that the Service Level Credits and Vendor’s obligations relating thereto

shall not in any way limit SIA’s rights and remedies at law or under the Agreement nor shall the Service Level Credits be deemed or construed to be liquidated damages or a sole and exclusive remedy or in derogation of any other rights and remedies SIA has under the Agreement.

V44 22.01.2018


5.44 FORCE MAJEURE 5.44.1 Neither Party shall be liable to the other for any delay in performing or any failure to perform, its obligations

under this Agreement where such delay or failure is caused by Acts of God, public enemy, war, revolution, civil commotion, blockage or embargo, tornadoes, epidemics, quarantines, freight embargoes and acts of government (“Force Majeure Event”).

5.44.2 The Party claiming the Force Majeure Event will promptly notify the other in writing within seven (7) days on

becoming aware of the occurrence of the Force Majeure Event, giving reasons for the delay or stoppage (and the likely duration).

5.44.3 The Party affected by the Force Majeure Event shall for the duration of such event be relieved of its obligations

as is affected by such event and the period of performance of this Agreement by the affected Party shall be extended by a period equal to the period of delay or stoppage. As regards such delay or stoppage:

5.44.1 any costs arising from the delay or stoppage will be borne by the Party incurring those costs; 5.44.2 either Party may, if the delay or stoppage continues for more than sixty (60) continuous days, terminate

this Agreement with immediate effect on giving written notice to the other and neither Party will be liable to the other for such termination; and

5.44.3 The Party affected by a Force Majeure Event shall make all reasonable efforts to remedy the conditions

causing the suspension or failure of full performance hereunder and to resume fulfilment of all its obligations hereunder.

5.45 NOTICES 5.45.1 All notices required or permitted to be given hereunder shall be in writing and in the English language and shall

be sent by hand or by post or by facsimile to the respective addresses and/or numbers of the Parties set out below or to such other address or numbers as the relevant Party may hereafter specify to the other Party by notice in writing expressed to be for the purposes of this clause. If to SIA: If to Vendor: Singapore Airlines Limited [Name ] 722 Upper Changi Road East [Address SIA Computer Centre ] Singapore 486854 Singapore [ ] Attn: Senior Manager Attn: [name of contact person] IT Procurement & Admin [designation] Fax: +65 4900761 Fax: [ ]

5.45.2 Any notice, demand or other communication so addressed to the relevant Party shall be deemed to have been

delivered if (i) delivered by hand, on the date of receipt, (ii) delivered by post, five (5) days after despatch, or (iii) delivered by fax, when transmitted, error free.

5.46 DISPUTE RESOLUTION 5.46.1 In the event of any dispute of difference arising out of or in connection to this Agreement or the breach thereof

including any question regarding its existence, validity or termination, the Parties shall use their best endeavours to settle such disputes or differences through amicable discussions. To this effect, they shall consult and negotiate with each other, in good faith and understanding of their mutual interests, to reach an amicable and equitable solution satisfactory to both Parties.

5.46.2 If the Parties are unable to reach any solution within a period of thirty (30) days after the commencement of the

negotiation then the disputes or differences shall be referred to and finally resolved by arbitration in Singapore in accordance with the Arbitration Rules of the Singapore International Arbitration Centre ("SIAC Rules") for the time being in force which rules are deemed to be incorporated by reference into this clause. All arbitration proceedings shall be in the English language.

V44 22.01.2018


5.46.3 The commencement of any arbitration proceedings under this clause shall in no way affect the continual performance of the obligations of the Parties under this Agreement, except insofar as such obligations relate to the subject matter of such proceedings.

5.47 GIFTS, INDUCEMENTS AND REWARDS 5.47.1 Vendors are advised to refrain from offering gifts and rewards in any form or manner to any SIA employee

in relation to the obtaining or execution of any contract with SIA, whether or not the like acts are performed by Vendor(s) or persons acting on his/their behalf with or without the knowledge of Vendor(s).

5.47.2 SIA shall terminate, forfeit the deposits and debar Vendor(s) for any appropriate period of time if it is proven that

Vendor(s) has/have offered and/or given gifts and rewards in obtaining or in execution of any contract. 5.48 LAW APPLICABLE TO CONTRACT 5.48.1 The laws of the Republic of Singapore shall govern the validity and interpretation of the Contract and the

legal relationship of the parties to it. 5.49 GENERAL 5.49.1 Waiver

No waiver of any rights arising under the Agreement shall be effective unless in writing and signed by the party against whom the waiver is to be enforced. No waiver of any breach of the Agreement shall operate as a waiver of any subsequent breach of the same or any other provision. The failure of either party to enforce at any time of the provisions of the Agreement shall in no way be interpreted as a waiver of such provision.

5.49.2 Severability

If any term or provision of the Agreement shall be held to be invalid, illegal or unenforceable, the remaining terms and provisions of the Agreement not affected by such invalidity, illegality or unenforceability shall remain in force and effect and such invalid, illegal or unenforceable term or provision shall be deemed not to be part of the Agreement.

5.49.3 Assignment/Novation

The Agreement is personal to Vendor and shall not be assigned or novated either as to the whole or any part thereof, without the prior written consent of SIA. SIA may, by notification to Vendor, assign or novate the whole or any part of the Agreement to any party. Vendor shall be deemed to have consented to such assignment or novation, which shall be effective on the date that SIA notifies Vendor.

5.49.4 Binding Effect on Successors-in-title

The Agreement shall operate for the benefit of and be binding on the successors in title and permitted assigns of each party.

5.49.5 Sub-contracting

Vendor shall carry out its obligations hereunder personally. Vendor shall not subcontract the whole or any part of its obligations under the Agreement without the prior written consent of SIA.

5.49.6 Set-off

Notwithstanding any other provision to the contrary contained in the Agreement, SIA will be entitled, at any time and from time to time, without notice to Vendor, to set off and deduct from any and all amounts payable to Vendor (whether under the Agreement or any other agreement), any and all sums that may be due and owing by Vendor to SIA, its related or associated companies, whether under the Agreement or otherwise (including without limitation, any liquidated damages payable under any of the clauses of the Agreement, or any amounts previously overpaid to Vendor.

5.49.7 No Partnership or Joint Venture

Nothing in the Agreement shall create or be deemed to create a partnership or joint venture between the parties and unless otherwise expressly provided in the Agreement, no party shall enter into or have authority to enter into any engagement or make any representation or warranty on behalf or pledge the credit of or otherwise bind or oblige the other party thereto. The parties enter into the Agreement as independent contractors.

V44 22.01.2018


5.49.8 Exclusion of third party rights A person not party to the Agreement (other than a permitted assign to whom rights have been assigned in accordance with the provisions of the Agreement) shall have no right under any legislation for the enforcement of contractual terms by a third party (whether in force now or to be enacted in the future and as the same may be modified, adapted or supplemented from time to time) to enforce any term of the Agreement.

5.49.9 Time is of the essence

Time is of the essence of the Agreement but no failure or delay on the part of SIA in exercising any right, power, privilege or remedy shall impair any such right, power, privilege or remedy or be construed as a waiver thereof or an acquiescence to such default.

5.49.10 Anti-Corruption/Anti-Bribery Representations and Warranties

Vendor represents and warrants that it is in compliance with all laws of those countries in which it operates, including all anti-corruption and anti-bribery laws, and will remain in compliance with all such laws during the term of this Agreement. Vendor further represents and warrants that it has not made, authorized or offered to make payments, gifts or other transfers of value, directly or indirectly, to any government official or private person in order to (1) improperly influence any act, decision or failure to act by that official or person, (2) improperly induce that official or person to use his or her influence with a government or business entity to affect any act or decision by such government or entity or (3) secure any improper advantage.

Vendor agrees that should it learn or have reason to know of any payment, gift or other transfer of value, directly or indirectly, to any government official or private person that would violate any anti-corruption or anti-bribery law, it shall immediately disclose such activity to the SIA. If, after consultation by the Parties to the Agreement, any concern cannot be resolved in the good faith and reasonable judgment of the SIA, then SIA, on written notice to Vendor, may withdraw from or terminate this Agreement.

SIA shall have the right to terminate this Agreement if Vendor breaches this, or any other, representation, warranty or undertaking set forth in this Agreement.

5.49.11 Publicity

All media releases, public announcements and public disclosures by Vendor relating to this Agreement, or the subject matter thereof, including but not limited to promotional marketing material, but not including any announcement intended solely for internal distribution by SIA and Vendor nor any disclosure required by legal, accounting or regulatory requirements, shall be approved by SIA prior to release.

For the avoidance of doubt, the obligations of this Clause shall survive the expiration or termination of this Agreement without limitation in point of time.

5.49.12 Non-solicitation 5.49.12.1Vendor agrees that during the period described in Clause 5.49.12.2below, it shall not, without the prior

written consent of SIA, for any reason either on its own account or through its employees or agents or otherwise or on behalf of any other person, firm, company or other organisation and other than by general advertising, solicit, interfere with, procure or entice away any employee of SIA assigned to the performance of services in connection with this Agreement.

5.49.12.2 The period referred to Clause 5.49.12.1 shall be the period beginning on the date of this Agreement and

continuing until the earlier of either:

(a) twelve (12) months after the expiry or termination of this Agreement; or

(b) in relation to a particular employee of the type referred to in Clause 5.49.12.1, twelve (12) months after that employee or contractor ceases to be engaged or employed in connection with this Agreement.

5.49.13 Export Laws 5.49.13.1 Vendor warrants and represents that:

(i) as at the Effective Date it is in compliance with, and during the term of this Agreement it shall remain in compliance with, all applicable technology control, export controls and embargo

V44 22.01.2018


regulations under local and international laws, regulations and requirements ("Export Laws"), and will not export, transfer, divert, release or disclose any materials (including data and software) to any country or territory prohibited by any Export Laws or to any national or resident of such country or territory unless Vendor has obtained all necessary approvals or permits;

(ii) no Export Law prevents or limits Vendor’s ability to perform its obligations under this Agreement;

(iii) Vendor shall not do, omit to do or permit the doing of any act which may or would cause SIA to violate any Export Laws; and

(iv) if there is or is likely to be any change in Export Laws that may or would affect Vendor's performance of obligations under this Agreement, Vendor shall forthwith inform SIA in writing, and if Vendor is no longer able to perform the Agreement or any part thereof as a result of such change in Export Laws, then SIA may forthwith upon written notice terminate this Agreement or any part thereof without prejudice to any rights SIA may have hereunder or at law.

5.49.13.2 Vendor agrees to indemnify and hold harmless SIA and its related and associated companies in full from and against all actions, proceedings, claims, damages, liabilities, settlement sums, charges, losses, costs and expenses (including without limitation, legal costs and expenses and costs of other professionals and any penalties or other amounts levied, imposed or charged by any regulator or regulatory authority) whatsoever arising out of or in connection with any breach of Export Laws or any breach by Vendor of Clause 5.49.13.1. This indemnity shall survive the expiry or termination of this Agreement and shall not be subject to any limitations or exclusions of liability under this Agreement.

5.49.14 Annual Security Reviews or Security Audits 5.49.14.1 Vendor shall, on an annual basis and at its sole cost and expense, promptly make available to SIA

the results of any security reviews or security audits conducted by Vendor, its Sub-Contractors or any Vendor Personnel (including internal and external auditors), relating to Vendor's systems, operating practices, processes and procedures to the extent relevant to the Services or to the SIA account (collectively “Vendor Systems ”), including copies of any such audit reports, or parts of such reports, which relate to security which are conducted by, or on behalf of, Vendor, its Sub-Contractors or any Vendor Personnel, provided that Vendor shall be under no obligation to disclose Vendor’s actual cost of providing the Services, its profit margin for the provision of the Services, and/or information of Vendor’s other customers.

5.49.14.2 Vendor shall promptly inform SIA (including informing SIA at all SIA designated management board meetings) in writing whether any reviews or audits other than those referred to in Clause 5.49.14.1 conducted by Vendor, its Sub-Contractors or any Vendor Personnel (including internal and external auditors) relating to Vendor Systems indicate that (i) Vendor is not providing the Services in accordance with this Agreement; or (ii) Vendor may be in breach of this Agreement. Vendor will advise SIA of the findings of the audit in writing in this regard, and shall provide SIA with an action plan addressing the issue. Notwithstanding the foregoing, Vendor shall be under no obligation to disclose information relating to Vendor's actual cost of providing the Services or its profit margin for the provision of the Services, or to Vendor's other customers.

RFQ Appendix A EU Personal Data

If Vendor processes EU Personal Data for and on behalf of SIA, then Vendor is required to fill in the Appendix A : EU Personal Data (attached below) and appended to the LOA.]

RFQ Appendix A EU

Personal Data.docx .

V44 22.01.2018


SECTION 6: EVALUATION PROCESS The proposals will be evaluated based on the following factors (including but not limited to): • Compliance to SIA’s Terms and Conditions

• Company’s reputation in handling brand protection, including takedown of phishing domains/emails, etc.

• Overall value; i.e. cost versus effectiveness of the solution proposed. • Point-by-point responses to the Scope of Work • Completeness of your solution:

• Functional Requirements • Methodology of Monitoring / Detection / Takedown services • Service Level Agreement

V44 22.01.2018


ANNEX 1: VENDOR PROFILE MATRIX FOR RFQ VM2018-006

Complete the Matrix briefly. Additional information can be given as an attachment or in the relevant parts of your Quotation submission.

Category/Section Description Corporate Information Company’s Name and Address

Parent Company Name and Address (if any) Mission and Direction Core Competencies / Business Revenue for the 3 most current year-end periods Net Profit for the 3 most current year-end periods Technology / Business Partner Contact Person’s Name, Job Title, email address, mobile & DID contact no., fax no.

Experience Relevant Brand Protection Services:

- number of years

Approximate number of Take down services - Phishing Sites

Approximate number of Take down services - Phishing Email Address / Server

Approximate number of Take down services - Social Media

Approximate median takedown time and average takedown time

Brief description of how the company have successfully takedown a phishing site/email, and any lessons learnt (a brief description can be given as attachment)

Relevant Customer Reference with similar services engagement :

- list three (3) references

Resources Number of Staff Worldwide

- Total - Technical (Consultant, Engineer, etc) - Post Implementation Support

Number of Staff in Singapore - Total - Technical (Consultant, Engineer, etc) - Post Implementation Support

Information Security and Quality Assurance State whether your organisation has a series of documented Information Security policies and Quality Assurance policies. Existing Information Security policies (Yes / No) Existing Quality Assurance policies (Yes / No)

V44 22.01.2018


ANNEX 2: IPT DECLARATION BY VENDOR/CONTRACTING PARTY RFQ VM2018-006 : Brand Protection Services (To be completed by a Corporation) To: Singapore Airlines Ltd

(Name of SIA Group Company) We, ………………………………………………………… hereby declare as follows: (Name of Vendor/Contracting Party)

YES NO 1

We are a company in which _____________________________________ the CEO of SIA and/or *his/her Immediate Family (directly or indirectly) have an interest of 30% or more.

2

We are a company in which ______________________________________ a Director of SIA and/or *his/her Immediate Family (directly or indirectly) have an interest of 30% or more.

3

We are a company in which Temasek and/or its subsidiaries when taken together (directly or indirectly) have an interest of 30% or more.

If answer to paragraph 3 is yes, please also indicate below:

3.1

Whether the shares in your company are held directly by Temasek and/or by Temasek subsidiaries/associates, and name such subsidiaries/associates, if any. ____________________________________________________________________ ____________________________________________________________________

3.2

Whether you are listed, or you are a member of a group of companies listed (name the company which is listed), on the Singapore Exchange Securities Trading Limited or any other exchange (name such exchange, if applicable). If you are, please state the names of the directors and audit committee members of the listed company. ____________________________________________________________________ ____________________________________________________________________

3.3

If the above answer is positive, please provide a list of your directors and the members of your audit committee (if you are listed) or (if you are a member of a listed group) a list of the directors and members of the audit committee of the group committee which is listed. ____________________________________________________________________ ____________________________________________________________________

4.

We are none of the above.

We confirm that the above information is true and correct. We understand that you require the information to comply with Chapter 9 of the Listing Manual of the Singapore Exchange Securities Trading Limited.

Name: …………………………………………. Signature: ……………………………………. Designation: …………………………………… Date: …………………………………………. Note: * Delete as appropriate

V44 22.01.2018


DEFINITIONS “Associate” : (a) In the case of a Director or the CEO if SIA:

(i) his immediate Family;

(ii) the trustees of any trust of which he or his Immediate Family is a beneficiary or, in the case of a discretionary trust, is a discretionary object; and

(iii) any company in which he and his Immediate Family together (directly or indirectly)

have an interest of 30% or more; or

(b) In relation to Temasek:

(i) its subsidiaries; or

(ii) any company in which Temasek and/or its subsidiaries when taken together (directly or indirectly) have an interest of 30% or more.

“Immediate Family” : In relation to a Director or the CEO of SIA: (a) his spouse; (b) his child, adopted child or step-child;

(c) his sibling; and (d) his parent.

“SIA” : Singapore Airlines Limited. “Temasek” : Temasek Holdings (Private) Limited, a company incorporated in Singapore.

V44 22.01.2018


ANNEX 3: DECLARATION OF PARTICIPATION BY RELATIVES /ASSOCIATED COMPANIES

ANNEX 3: DECLARATION OF PARTICIPATION BY RELATIVES/ ASSOCIATED COMPANIES

RFQ VM2018-006: Brand Protection Services Vendor must declare whether any associated company, business partner or relatives are bidding in this Quotation exercise. Vendors who make false declarations will be disqual ified. Please complete the Section which is applicable. Section 1 I declare that I have no associated company, business partner or is relative taking part in the Quotation. Signature

Name & Designation

Company Stamp

Section 2 (Please use new page if space is insufficient.) I declare that the following person/company is also bidding in the Quotation: No. Name of Person/Company Relationship to Vendor

1

2

3

Signature

Name & Designation

Company Stamp

ANNEX 4: INDIVIDUAL NON-D ISCLOSURE AGREEMENT To be signed by the appointed vendor only after award of Quotation THIS AGREEMENT is made this ___________________ ("Effective Date ") between: Singapore Airlines Limited (UEN 197200078R), a company incorporated in Singapore with its registered office at 25 Airline Road, Airline House, Singapore 819829 (which may where the context allows include any or all of its Affiliates) ("SIA"), and Name of Individual :_______________________________ ________________(NRIC/Passport No._____________________) of address: _______________________________________________________________________(the “Vendor Personnel ”) hereinafter referred individually as "a Party " or collectively as "the Parties ".

WHEREAS: A. Vendor Personnel is a/an employee, servant, officer, agent, consultant and/or contractor (as may be applicable) of

Name of Vendor: ______________________ __(Business Registration No._____________________) (“the Vendor ”).

B. As between SIA and the Vendor, for the purposes of facilitating the business dealings, operations, cooperation or

discussions, or for the purposes of performance of obligations under any agreement, or for the purposes of discussions concerning a potential business relationship, or the evaluation or establishment of a potential business relationship, in respect of the procurement, development, implementation and/or maintenance of existing and/or new IT solutions and/or systems for SIA (each a “Purpose ”), SIA may from time to time disclose Confidential Information (as hereinafter defined) to the Vendor. In connection with the foregoing, SIA may from time to time also disclose Confidential Information (as hereinafter defined) to the Vendor Personnel.

C. The Parties agree to the disclosure and use of such Confidential Information on and subject to the terms of this Agreement.

THE PARTIES AGREE as follows: 1. The Vendor Personnel acknowledges that SIA

operates in a highly competitive industry and that any and all information relating to a Purpose, if disclosed (whether directly or indirectly) to a third party without the express authorisation of SIA would have a detrimental effect on the business of SIA. In consideration of being made privy to the Confidential Information (as hereinafter defined), the Vendor Personnel hereby agrees to observe and be bound by the terms of this Agreement.

2. In this Agreement, "Confidential Information" means

any non-public information which, under the circumstances surrounding the disclosure, ought to be regarded as proprietary or confidential to SIA, however recorded, preserved or disclosed and whether or not marked as confidential or private, of SIA that SIA discloses to Vendor and/or Vendor Personnel, and shall include but is not limited to: a. information, Personal Data, knowledge and

data, whether or not in relation to a Purpose and howsoever obtained or disclosed or accessed, including copies and reproductions thereof in which SIA has a business, proprietary or ownership interest or has a legal duty to protect, which SIA considers to be confidential and/or which is identified by SIA as confidential and/or any information which a reasonable third party acting in good faith would recognise as being confidential in nature;

b. SIA Data; c. any information relating to SIA’s business,

affairs, customers, clients, suppliers, plans, intentions, or market opportunities;

d. SIA’s operations, processes, product information, know-how, designs, trade secrets or software;

e. the fact that discussions and negotiations are taking place concerning the Purpose and the status of those discussions and negotiations; and

f. any information or analysis derived from the foregoing.

"SIA Data" includes any information belonging to SIA or provided by SIA for a Purpose which includes but is not limited to all data, information and computer programs provided by or derived from third parties whether concerning flight schedules, customers, suppliers, operational data, billing information or otherwise, and Personal Data (of passengers or otherwise), as well as all compilations or databases containing such data and information. “Affiliate” in relation to SIA means SIA's related or associated companies and such entities which SIA controls, directly or indirectly. For the purposes of this Agreement: (a) "associated company" shall mean any entity in which at least 20% but not more than 50% of its shares are held by SIA or the Singapore Airlines Group, and (b) the expression "control" in the relevant context shall mean either (i) control of at least 50% of the issued share capital of an entity; (ii) control of at least 50% of the voting rights attached to the shares of the issued share capital of an entity, (iii) control of the composition of the board of directors of an entity, or (iv) undertaking or control of the management and/or operation of the business of an entity.

3. The Vendor Personnel hereby agrees to use the

Confidential Information only for a Purpose and for no other purpose whatsoever and hereby undertakes that the Confidential Information shall only be disclosed to Vendor’s employees, servants, officers, agents, consultants and contractors on a need-to-know basis for a Purpose.

4. The Vendor Personnel further agrees to keep the

Confidential Information in strictest confidence and treat with the same degree of care it extends to Vendor’s own Confidential Information (such care not being less than a reasonable degree of care), agrees to protect the Confidential Information from unauthorised or inadvertent use, disclosure, dissemination or publication, and shall not, directly or indirectly, use for himself or on behalf of or disclose to any third party except as provided in this Agreement any Confidential Information received from SIA. To the extent that the Confidential Information contains any Personal Data (as hereinafter defined), the Vendor Personnel shall comply with all applicable Data Protection Laws in respect of the collection, use, disclosure or processing of such Personal Data. "Data Protection Laws" shall refer to Singapore’s Personal Data Protection Act 2012 (Act 26 of 2012), whether in force now or to be enacted in the future and as the same may be modified, adapted or supplemented from time to time, and all other applicable laws, regulations, and official interpretations thereof pertaining to Personal Data, personally identifiable data or privacy. "Personal Data" means all information (including for the avoidance of doubt opinions) which identifies an individual, in any form, whether true or not, about an individual who can be identified from that data or from that data and other information to which the organisation has or is likely to have access, and shall include: (a) all data which is defined to be “personal data” or equivalent under the applicable Data Protection Laws; and (b) all information the collection, disclosure, use or processing of which is subject to Data Protection Laws.

5. The Vendor Personnel expressly understands that the

Confidential Information disclosed by SIA under this Agreement is of a commercially valuable and highly sensitive nature. Vendor Personnel shall inform SIA immediately on becoming aware of any unauthorised use or disclosure of the Confidential Information, and co-operate in every reasonable way to help SIA regain the Confidential Information and use its best efforts to prevent further unauthorised use or disclosure of the Confidential Information. The Vendor Personnel acknowledges that damages alone would not be an adequate remedy for the breach of any of the provisions of this Agreement. Accordingly, without prejudice to any other rights and remedies it may have, SIA shall be entitled to seek the granting of equitable relief (including without limitation injunctive relief) concerning any threatened or actual breach of any of the provisions of this Agreement.

6. The provisions of this Agreement relating to

Confidential Information shall not apply to:

a. Information which at the time of disclosure is in the public domain.

b. Information which becomes part of or enters the public domain other than in breach of this Agreement or other than due to any default, wrongful, unlawful, wilful or negligent act or omission of the Vendor Personnel and/or Vendor or any of its employees, servants, officers, agents, consultants and contractors involved for a Purpose.

c. Information which was known to the Vendor Personnel and/or Vendor prior to receipt from SIA provided such prior knowledge can be adequately substantiated by documentary evidence antedating the disclosure by SIA.

d. Information which has been independently developed or obtained by the Vendor Personnel and/or Vendor, or obtained by the Vendor Personnel and/or Vendor from a third party other than in breach by either of them of their respective obligations to maintain confidentiality.

e. Information which is required to be used or disclosed by reason of any law, governmental or other regulations or the requirements, orders, directions, instructions or notices of any regulatory authority including any stock exchange, provided however that the Vendor Personnel shall promptly notify SIA of such requirements and shall use its best efforts to limit the scope of the use or disclosure.

7. All Confidential Information is delivered “as is”. Vendor

Personnel acknowledges that except as expressly set forth herein, (a) SIA has not made any promise to the Vendor Personnel, express or implied, upon which the Vendor Personnel is entitled to rely in any way; and (b) the Vendor Personnel specifically waives and disclaims any reliance, dependence or action based on any written or verbal statement or promise made by SIA to the Vendor Personnel and/or Vendor. The Parties understand that SIA does not have any obligation to provide Confidential Information to the Vendor Personnel, that SIA does not make any representation or warranty with respect to the accuracy or completeness of the Confidential Information, and that SIA shall not be liable to the Vendor Personnel for any loss or damage resulting from the use of or reliance on any of the Confidential Information, except as otherwise provided in a formal written agreement executed between the Parties for a Purpose.

8. Upon termination, abandonment or completion of any

Purpose for whatever reason or upon termination of this Agreement, the Vendor Personnel shall not make further use of the Confidential Information related to such Purpose and shall return all of the Confidential Information to SIA, including all copies or reproductions, extracts, summaries or notes, or destroy the same in accordance with the directions of SIA and certify the same have been destroyed. SIA may at its sole discretion notify Vendor Personnel that a Purpose has been terminated, abandoned or completed.

9. SIA may, at any time direct the Vendor Personnel to

return all Confidential Information to SIA, or part thereof, and not to make further use of the Confidential Information to be returned. Upon receipt of such directions, the Vendor Personnel shall promptly deliver the requested Confidential Information without retaining any copies or excerpts thereof to SIA. If the requested Confidential Information are still required by the Vendor Personnel to perform their services for the project, then in such event, both Parties shall endeavour to obtain alternative information from other sources so that the Vendor Personnel can proceed with the performance of their services.

10. Subject to Clause 11, unless expressly assigned to the

other Party, whether in this Agreement or in some other document made between the Parties, all Intellectual Property Rights (as hereinafter defined) belonging to the respective Parties shall remain vested in the Party concerned. Except as expressly provided for under Clause 11, the Parties do not intend for this Agreement to grant any right (license or otherwise) in or to any Confidential Information. Vendor does not acquire any rights in any Confidential Information, except the limited right to use Confidential Information for the

Purpose. SIA has no obligation to purchase any products or services from the Vendor. "Intellectual Property Rights" includes in Singapore and throughout the world and for the duration of the rights (a) any patents, utility models, copyrights, registered or unregistered trade marks or service marks, trade names, brand names, layout-design rights, registered designs and commercial names and designations; (b) any invention, discovery, trade secret, know how, or confidential, business, scientific, technical or product information; (c) any other rights resulting from intellectual activity in the commercial, industrial, scientific, literary and artistic fields and whether dealing with manufactured products or services; and (d) any letters patent, deed of grant, certificate or document of title for any thing referred to in paragraphs (a), (b) or (c) of this definition.

11. All Intellectual Property Rights comprised in any and all

materials (including software, source code, documentation, data, concepts and ideas) or any part thereof created or developed (whether jointly or independently by either Party) in connection with any Purpose(s) (collectively, the "Foreground IP") shall, unless otherwise expressly agreed between the Parties, be deemed to be irrevocably assigned to and shall vest in SIA upon creation without further charge. If required by SIA, Vendor Personnel shall do all things and sign all documents necessary to vest all such Intellectual Property Rights assigned or otherwise transferred or granted to SIA under this Agreement.

12. Vendor Personnel shall indemnify and hold harmless

SIA and its related and associated companies in full from and against all actions, proceedings, claims, damages, liabilities, settlement sums, charges, losses, costs and expenses (including without limitation, legal costs and expenses and costs of other professionals and any penalties or other amounts levied, imposed or charged by any regulator or regulatory authority) arising out of or in connection with any claim or action by any third party against SIA for actual or alleged infringement of the Intellectual Property Rights in connection with the Foreground IP. This Clause 12 shall survive the termination of this Agreement.

13. The Vendor Personnel shall not assign his benefits,

rights and obligations under this Agreement to any third party without the prior written consent of SIA. Subject to the above limitation, this Agreement will inure to the benefit of and be binding upon the Parties, their successors and assigns.

14. If for any reason any provision or part thereof of this

Agreement is found to be unenforceable, such provision or part thereof shall be deemed to be severed from this Agreement and the remainder of the Agreement shall remain in full force and effect and may be enforced to the fullest extent possible.

15. This Agreement shall not be modified except by a

written agreement dated subsequent to the date of this Agreement and signed by both Parties. None of the provisions or part thereof of this Agreement shall be deemed to have been waived by any act or acquiescence on the part of SIA, its agents or employees, unless by an instrument in writing signed by both Parties. No waiver of any provision of this Agreement shall constitute a waiver of the same or any other provision(s) in this Agreement on another occasion.

16. The provisions of this Agreement shall be governed

by and construed in accordance with the laws of the Republic of Singapore and the Parties hereby submit to the exclusive jurisdiction of the Courts of the Republic of Singapore.

17. This Agreement shall come into effect on the Effective

Date and shall remain in full force and effect in perpetuity (notwithstanding the completion, abandonment or termination of any Purpose) unless earlier lawfully terminated, provided that any provision of this Agreement which expressly or by implication is intended to come into or continue in force on or after termination of this Agreement shall survive and continue to be binding on Vendor Personnel indefinitely following termination. This Agreement may be terminated by mutual agreement of the Parties.

SIGNED SIGNED For and on behalf of Singapore Airlines Limited

SIA Project Manager Name of Project:___________________________

Name of Vendor Personnel

Signature:________________________________

Signature: ________________________________

Name: _________________________________

Name: : _________________________________

Job Title: __________________________________

Job Title: : __________________________________

V44 22.01.2018

ANNEX 5: TERMS AND CONDITIONS ON USAGE OF SIA IT RESOURCES To be signed by the appointed vendor only after award of Quotation Pursuant to _________________Agreement dated __________ (“Agreement”) between <Company> and SIA, this letter is to confirm your said engagement by SIA will be subject to the terms and conditions of the Non-Disclosure Agreement dated _______ signed between <Company> and SIA, and the following terms and conditions (which is not exhaustive). In the performance of the services set out in the Agreement and to any and all other IT resources that SIA may have in future, you are advised and you agree and undertake to strictly adhere to the following terms and conditions (“T&Cs”): (A) GENERAL 1. You agree and shall:

a. endeavour to strictly comply with SIA’s security policies when using or accessing SIA’s IT resources including but not limited to, e-mail, intranet, and applications.

b. protect the confidentiality of the PIN(s) or password(s) assigned to him/her at all times, and ensure that the same is not revealed or disclosed in any manner whatsoever to any person or persons whomsoever, within SIA or outside.

c. use the IT resources strictly for official company business only, and will be responsible to ensure that resources will be used for the purpose intended for.

d. acquire, install and use licensed and authorised software by SIA only, and in a manner permitted by the license. e. be responsible for the data accessed, retrieved, changed, stored or transmitted through any of the company’s IT resources. f. inform SIA ([email protected]) as soon as possible if they suspect that there is an IT security breach or when they

experience an IT security breach. g. return to SIA all documents, papers, memoranda, software, hardware and any other property that you obtained from or prepared for

SIA during the course of your engagement in SIA. You further undertake not to retain or make a copy such material or any part thereof, nor will you reconstruct such material based upon any confidential information known to you during your engagement with SIA.

2. You shall under no circumstances:

a. use SIA’s IT resources for i. private purpose, social or any unlawful purposes such as, but not limited to, vice, gambling or other criminal purposes; ii. sending to or receiving from any person any messages which is offensive on moral, religious, communal or political grounds, or is

abusive or of an indecent or menacing character; iii. making defamatory statements about any person, party or organisation; iv. circulating "chain letters" or spreading rumours; v. distributing third party copyright materials; vi. distributing trade secrets or sensitive corporate information which may cause damage to the organisation, financially or otherwise; or vii. persistently sending messages without reasonable cause or for causing any threat, harassment, annoyance, inconvenience or needless

anxiety to any person whatever. b. engage in system activities that may in any way, result in inconvenience to other users of the system, or compromise the security of

SIA’s systems and network. Any attempts to crash the system, introduce malicious codes including but not limited to viruses and trojan horse, gain unauthorised access, sabotage other systems using account or resources on SIA’s system and network, or any other malicious attempts that cause any form of system damage to SIA’s systems and network are all acts deemed as violations of these T&Cs.

c. attempt to or break the security mechanism, which has been installed on SIA’s computer equipment. d. gain access or attempt to gain access to any computer system, information or resources without authorisation by the owners or holders

of the right to such systems, resources and/or information. e. violate intellectual property rights to the information or resources available. f. make any copy or copies of any program/software that has been installed on your computer other than for backup or archival purposes. g. download to the desktop or server any software that is subject to distribution limits. h. transmit or remove confidential systems, applications or information/data from SIA premises without SIA’s approval. i. port or transmit any information or software (into or out of SIA’s network) which contains :

i. a virus, worm or other harmful component; ii. prohibited material as defined by the Broadcasting Act (Chapter 28).

j. attach any unauthorised computer equipment, e.g., modem, to SIA’s PC/workstation. k. connect to an external network using computer equipment, e.g., a modem, while your PC, notebook or similar computer equipment is

logged onto the SIA network. l. bring in to SIA premises personal or <Company> computer equipment such as notebooks with the intention of connecting on to SIA’s

network, without prior authorisation by SIA. In the event such permission is granted, you shall: i. ensure that the notebook is free of malicious codes such as viruses, worms or other harmful components by installing the latest

updated version of acceptable anti-virus software with its latest signature file on the notebook. Anti-virus software from the following companies are acceptable : McAfee, Symantec, and Trend Micro.

ii. undertake that you will not, under any circumstances, connect to an external network, e.g., through a modem, while you are logged on to the SIA network.

(B) MISUSE OF SIA IT RESOURCES

SIA’s systems are subjected to audit and users should therefore not expect a right to privacy. Any unauthorised access or attempted access may be an offence under the Computer Misuse and Cybersecurity Act and/or any relevant applicable law within and outside Singapore. [For employers only] You undertake that you will ensure that any personnel under your employment and all others under your employment, including any sub-contractors or agents, having access to any of the confidential information and documents or such matters are subject to the same obligations as set out in the abovementioned T&Cs.

V44 22.01.2018

[For employers only] SIA reserves the right to request the removal of any of your employee from the Project team forthwith and/or terminate the Agreement forthwith if you or any employee or subcontractors or agents commits a breach of or is in non compliance with any provision of these T&Cs. Should SIA request the removal of such employee, you will endeavour to procure a replacement. Any such replacement offered by you shall be subject to SIA’s prior written consent, which consent shall not be unreasonably withheld. I acknowledge and agree that any act or omission, which in any way is in contravention with the terms and conditions set out herein, is expressly prohibited by law, may result in civil and criminal penalties to which I will be liable. [For employers only] I further agree that I will at my expense, indemnify, defend and hold harmless SIA from any claim brought or filed by a third party against SIA due to my aforesaid act or omission. [For employers only] I undertake to pay liquidated damages of a minimum of S$10,000 to SIA if it is established that malicious code has been introduced into SIA’s network or a security breach has occurred, arising from an infringement of these T&Cs. SIA reserves the right to terminate the contract in the event of a serious security breach. [For employers only] SIA reserves the right to terminate the contract in the event of a serious security breach. The terms set out are acceptable to me, and are hereby agreed to: ___________________________ DATE

______________________________ SIGNATURE

___________________________ COMPANY

______________________________ PRINT NAME