Head Agreement Template

PARTIES: 1. Commonwealth of Australia represented by the Department of Finance and Deregulation 2.
[Service Provider]
GATEKEEPER ACCREDITATION HEAD AGREEMENT
Contents
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. Definitions........................................................................................................................ Interpretation................................................................................................................... Scope of Head Agreement................................................................................................ Term of Head Agreement................................................................................................. Gatekeeper Accreditation................................................................................................. Gatekeeper Certificate of Accreditation........................................................................... Gatekeeper Accreditation Certificate............................................................................... Delivery of Services.......................................................................................................... Maintaining Accreditation................................................................................................. Gatekeeper Evaluators..................................................................................................... Gatekeeper Audits............................................................................................................ Amendment of Accreditation Process, Criteria and Policies.............................................. Changes to Approved Documents.................................................................................... Change of Circumstances................................................................................................. Management of Aggregate Commonwealth Risk.............................................................. Consequences of Accreditation........................................................................................ Service Provider Not Sole Supplier................................................................................... Warranties........................................................................................................................ Indemnity......................................................................................................................... Termination by Finance.................................................................................................... Termination by Service Provider...................................................................................... Termination for Convenience........................................................................................... Consequences of Termination / Expiry............................................................................. Limitation of Liability........................................................................................................ Confidential Information................................................................................................... Privacy............................................................................................................................. Publicity........................................................................................................................... Intellectual Property......................................................................................................... Dispute Resolution........................................................................................................... Variation of Head Agreement........................................................................................... Assignment and Novation................................................................................................ Waiver.............................................................................................................................. Entire Agreement............................................................................................................. Archives Act 1983............................................................................................................ Subcontracting................................................................................................................. Applicable Law................................................................................................................. Conflict of Interest............................................................................................................ Notices............................................................................................................................. Survival of Clauses...........................................................................................................
Schedule 1 Agreement Details................................................ 1. Address of Department of Finance and Deregulation (Parties)............ 2. Address of Service Provider (Parties).................................................... 3. Type of Accreditation Granted to Service Provider (clause 5).............. Schedule 2 - Approved Documents and Accreditation Policies and Criteria.............................................................................
3 Head Agreement Template February 2009
This deed of agreement 2009 1.
is
made
on
Commonwealth of Australia (Commonwealth) represented by the Department of Finance and Deregulation (Finance) of the address set out at Item 1 of Schedule 1. [Service Provider] (Service Provider) whose registered office is at the address set out at Item 2 of Schedule 1.
2.
Recitals A. On 6 May 1998 the Australian Government published the Gatekeeper Strategy for the use of Public Key Technology (PKT) for Australian Government purposes, and commenced to implement this Strategy. In September 2006 the Australian Government published the Gatekeeper Public Key Infrastructure (PKI) Framework (the Framework) which is designed to meet emerging business needs and reduce the cost and complexity of implementing PKT for Australian Government purposes and which is to be administered by Finance. Under the Framework, service providers involved in providing a range of services are granted Gatekeeper Accreditation by the Gatekeeper Competent Authority after a successful evaluation against the Accreditation Policies and Criteria to enable them to provide these Services to, or in relation to, Commonwealth Agencies. The Service Provider applied to obtain Gatekeeper Accreditation, and the evaluation of the Service Providers operation against the relevant Policies and Criteria has been successfully completed. The Gatekeeper Competent Authority has agreed to grant Gatekeeper Accreditation of the kind described at Item 3 of Schedule 1 to the Service Provider and that accreditation continues subject to the terms of this Head Agreement. On and from the Commencement Date, the Service Provider is entitled to provide Services to, or in relation to, Commonwealth Agencies within the framework of this Head Agreement.
C.
E.
Signed sealed and delivered for and on ) behalf of the Commonwealth of ) Australia represented by the Department ) of Finance and Deregulation
) ) _______________________________________) Witness ) _____________________________________ Representative
THE COMMON SEAL of.....................) ............................................................) was hereunto affixed in Accordance with its Articles of Association in the presence of: ) ) _______________________________________) Witness ) _____________________________________ Director ) )
The Parties agree as follows:
1. Definitions
The terms used in this Head Agreement, unless the contrary intention appears, have the same meaning as in the Gatekeeper Glossary at www.gatekeeper.gov.au.
2. Interpretation
In this Head Agreement, unless the contrary intention appears: a) monetary references are references to Australian dollars; b) clause headings are for convenient reference only and have no effect in limiting or extending the language of the provisions to which they refer; c) a reference to a person includes a partnership and a body whether corporate or otherwise; d) where a word or phrase is given a particular meaning, other parts of speech and grammatical forms of that word or phrase have corresponding meanings; e) a reference to a clause or schedule is a reference to a clause of or schedule to this Head Agreement; f) a reference to a body, a position or an authority whether statutory or not: i)which ceases to exist; ii)whose powers or functions are transferred to another body, position or authority; or iii)which retains its powers and functions but changes its name; is a reference to the body, position or authority which: iv)replaces it; v)substantially succeeds to its powers or functions; vi)has the new name; or vii)is notified to the Service Provider from time to time by the Minister of State that is responsible for the body, position or authority; g) a reference to a website by address or location is a reference to a website located at a replacement address or location as notified to the Service Provider by Finance from time to time; h) no provision of this Head Agreement will be construed adversely to a Party solely on the ground that the Party was responsible for the
preparation of this Head Agreement or that provision; i) a reference to writing, or written, refers to any representation of words, figures or symbols capable of being rendered in a visible form; and j) words in the singular include the plural and vice versa.
3. Scope of Head Agreement

31 This Head Agreement sets out the terms and conditions under which the Service Provider has obtained and maintains Gatekeeper Accreditation and provides Services to, or in relation to, Customers. For the avoidance of doubt, this Head Agreement only applies in relation to the supply of Services, and not to any other services supplied by the Service Provider. Subject to clause 16.3, nothing in this Head Agreement prevents the Service Provider from providing services outside the scope of its Gatekeeper Accreditation to a customer other than a Customer. Any function, power or right in this Head Agreement given to the Commonwealth may be performed or exercised by the Gatekeeper Competent Authority or an appointee of the Gatekeeper Competent Authority. The Parties agree that they will undertake their obligations and exercise their rights under this Head Agreement in good faith and in a spirit of cooperation.
32
33
34
35
4. Term of Head Agreement

i.This Head Agreement commences on the Commencement Date and, subject to this Head Agreement, continues from Year to Year.
5. Gatekeeper Accreditation
i.The Parties are executing this Head Agreement to signify that the Service Provider has been granted the type of Accreditation described at Item 3 of Schedule 1, and to ensure that the Services are provided in accordance with the arrangements described in this Head Agreement. ii.The Service Provider has been granted Accreditation on the basis of the Approved Documents.
6. Gatekeeper Certificate of Accreditation

Finance must issue a paper certificate to the Service Provider after the Gatekeeper Competent Authority has granted Gatekeeper Accreditation to the Service Provider, and that certificate must set out the date on which the Gatekeeper Competent Authority granted that Accreditation.
7. Gatekeeper Accreditation Certificate

Once the Gatekeeper Accreditation Certificate (GAC) arrangement is operational, the Gatekeeper Competent Authority must issue a GAC to the Service Provider after that Authority has granted Gatekeeper Accreditation to the Service Provider.
8. Delivery of Services
Where the Service Provider wishes to provide Services, it must provide the Services in accordance with the Approved Documents, but only on and from the Commencement Date.
9. Maintaining Accreditation
91 To maintain Gatekeeper Accreditation, the Service Provider must: (a) continue to comply with the Accreditation Policies and Criteria; (b)conduct its operations in accordance with the Approved Documents; (c) comply after a reasonable period of notice with a reasonable direction from the Gatekeeper Competent Authority or its delegate relating to the Accreditation Policies and Criteria; (d)provide the Services from within Australia; and (e) continue to be on the ICT Multi-Use List. 92 The Gatekeeper Competent Authority may revoke the Service Providers Gatekeeper Accreditation if: (a) the Service Provider breaches the requirements of clause 9.1; (b)the Gatekeeper Competent Authority has given the Service Provider written notice specifying that breach; and (c) the Service Provider fails to remedy that breach to the reasonable satisfaction of the Competent Authority within 20 Business Days of receipt of that notice, or such longer period as may be specified in the notice.
93
If this Head Agreement is terminated (see clauses 21, 22 and 23), the Service Provider will cease to hold Gatekeeper Accreditation from the date of expiry or termination of this Head Agreement.
10.
101
Gatekeeper Evaluators
The Service Provider must, in response to a request by Finance arising in relation to either clause 12 or clause 13: (a) allow Authorised Evaluators reasonable access on reasonable notice during normal working hours to the Service Providers personnel, premises, equipment, systems and documentation for the purpose of evaluating the Service Providers operation against the Accreditation Policies and Criteria; (b)co-operate fully with the Authorised Evaluators and respond promptly to, and comply with, any reasonable request from them; and (c) where required by an Authorised Evaluator, pay all fees and costs incurred as a direct result of them carrying out their role as an Authorised Evaluator.
102
The cost of all actions required to be taken by the Service Provider to address any issues identified by an Authorised Evaluator, or Finance, is to be borne by the Service Provider.
11.
111
Gatekeeper Audits
Finance requires an annual audit to be conducted by an Authorised Auditor of the Service Providers compliance with the Accreditation Policies and Criteria and Approved Documents. Finance may also require an audit by an Authorised Auditor if Finance has issued a notice under clause 9.2(b) or clause 20.1(a) - to investigate whether or not a breach has been remedied. The Service Provider must: a) allow an Authorised Auditor reasonable access on reasonable notice during normal working hours to the Service Providers personnel, premises, equipment, systems and documentation for the purposes of auditing the Service Providers compliance with the Accreditation Criteria, Policies and Approved Documents; b) co-operate fully with an Authorised Auditor and respond promptly to, and comply with, any reasonable request from them; and c) where required by an Authorised Auditor, pay all costs incurred by the Authorised Auditor as a direct result of them carrying out their role as an Authorised Auditor.
112
113
114
Where Finance specifies in a written Non-compliance Notice to the Service Provider that the audit findings reveal: a) major non-compliance, failure or significant compromise of the Service Provider's operations in particular with respect to any aspect of the security of the Service Providers operations (in this Agreement called, and the written notice to be described as, a Major Non-compliance Notice) - the Service Provider must take immediate action to remedy the items specified in the Major Noncompliance Notice; or b) minor non-compliances or weaknesses (in this Agreement called, and the written notice to be described as, a Minor Non-compliance Notice) - the Service Provider must take action to remedy the items specified in the Minor Non-compliance Notice as soon as possible.
115
The Service Provider must advise Finance within 10 Business Days (or such other period as may be specified in a Non-Compliance Notice sent under clause 11.4) of the actions taken pursuant to the Noncompliance Notice, and the expected timeframe for completion of corrective action. If the Service Provider does not remedy items described in a Major Non-compliance Notice in a timeframe that the Gatekeeper Competent Authority considers is reasonable in all the circumstances, and the Gatekeeper Competent Authority takes the view that compliance with the Accreditation Policies and Criteria and Approved Documents requires the Service Provider to take action or further action: a) the Gatekeeper Competent Authority may direct the Service Provider to take those actions by a particular date, and provide reasons why it requires those actions to be taken; and b) the Service Provider must take those actions by that date unless otherwise agreed with the Gatekeeper Competent Authority.
116
117
The cost of any actions required under this clause 11 to be taken by the Service Provider is to be borne by the Service Provider.
12. Amendment of Accreditation Process, Criteria and Policies

121 122 Finance may amend the Accreditation Process or the Accreditation Policies and Criteria at any time in accordance with this clause 12. All amendments to the Accreditation Process and the Accreditation Policies and Criteria must be raised with and agreed by the Gatekeeper Policy Committee in accordance with its Terms of Reference and endorsed in writing by the Gatekeeper Competent Authority. Finance must give written notice to the Service Provider describing any amendments to the Accreditation Process and/or the Accreditation Policies and Criteria relevant to the Service Provider that have been endorsed in writing by the Gatekeeper Competent Authority, and the timeframe and manner (each of which must be agreed with the Service Provider) within which the Service Provider must comply with those amendments. The Service Provider must comply with the amended Accreditation Process and/or the Accreditation Policies and Criteria (as the case may be) within the timeframe and the manner specified in the notice referred to in clause 12.3. If the Service Provider does not comply with the clause 12.3 notice in a timeframe that the Gatekeeper Competent Authority considers is reasonable in all the circumstances, and the Gatekeeper Competent Authority takes the view that compliance with the terms of the notice requires the Service Provider to take action or further action: a) the Gatekeeper Competent Authority may direct the Service Provider to take those actions and provide reasons why it requires those actions to be taken; and b) the Service Provider must take those actions. 126 127 The cost of any actions required under this clause 12 to be taken by the Service Provider is to be borne by the Service Provider. An amendment to the Accreditation Process need not affect any Contract entered into by the Service Provider before the date specified by the Gatekeeper Competent Authority in accordance with clause 12.3 notice.
123
124
125
13.
131 132
Changes to Approved Documents

No changes are to be made to the Approved Documents, including the Security Profile, except in accordance with this clause 13. No changes are to be made to the Service Providers Security Profile without the prior approval in writing of the Gatekeeper Competent Authority. Subject to clause 13.2, changes to the Approved Documents must be conducted in accordance with the change process described in the relevant Approved Document, and if there is no change process in the relevant document, in accordance with a process approved in writing by the Gatekeeper Competent Authority. All changes made to the Approved Documents (including the Security Profile) are subject to audit in accordance with clause 11.
133
134
14.
Change of Circumstances
If the Service Providers circumstances change and the Service Provider considers that this may impact on its ability to maintain its Accreditation, or if the Service Provider wishes to change some aspect of the manner of its operations as described in the Approved Documents, the Parties must consult with each other in good faith with a view to deciding what action to take in relation to, among other things, the Service Providers Gatekeeper Accreditation, this Head Agreement and the Approved Documents.
15. Management of Aggregate Commonwealth Risk

151 The Gatekeeper Competent Authority may: a) after consultation with the Service Provider and Customers; b) taking into account, amongst other things, the available technology, security issues and concerns, and business issues raised by the Service Provider and Agencies; and c) for the purposes of effectively managing Aggregate Commonwealth Risk; issue a direction in writing to the Service Provider requiring the Service Provider to take the action specified in the direction within the period or periods specified in the direction. 152 While the Gatekeeper Competent Authority has discretion to direct the Service Provider to take whatever action is required for the purpose described in clause 15.1(c), the Gatekeeper Competent Authority must:
a) act reasonably in all the circumstances; b) only require the Service Provider to take those actions which are necessary to achieve the purposes outlined in clause 15.1(c); and c) notify the Service Provider in writing of the reasons for issuing the direction. 153 In this clause 15, the term Aggregate Commonwealth Risk includes, but is not limited to, security, business or technology risks that in the Gatekeeper Competent Authoritys reasonable opinion have the potential to adversely impact the operations of Commonwealth Agencies.
16.
161
Consequences of Accreditation
Obtaining Gatekeeper Accreditation entitles the Service Provider to: a) represent to third parties that it has been granted Gatekeeper Accreditation; and b) provide Services to, or in relation to, a Customer.
162
The Service Provider must not represent to any party that its Gatekeeper Accreditation implies any guarantee of any kind by the Commonwealth, Finance, the Gatekeeper Competent Authority, the Authorised Evaluators or the Authorised Auditors in relation to the provision of Services by the Service Provider, or in relation to products supplied by, or through, the Service Provider. If the Service Provider offers services to a customer other than to, or for the purposes of, a Customer, the Service Provider must not state, warrant or represent to that other customer that the Service Providers Gatekeeper Accreditation will ensure that those Services will be fit for that non-Commonwealth purpose. The Service Provider agrees to indemnify the Commonwealth against any substantiated loss, damage or liability that the Commonwealth suffers or incurs as a result of a breach by the Service Provider of this clause 16.
163
164
17.
Service Provider Not Sole Supplier

a) the Service Provider has the right to be a sole supplier of Services to Agencies; or b) any Agency will enter into a Contract with the Service Provider.
This Head Agreement does not mean that:
18.
Warranties
a) use by the Commonwealth (including its contractors) of any item provided by the Service Provider for the purposes of the Accreditation Process or this Head Agreement will not infringe the Intellectual Property Rights of any person; and b) the Service Provider will perform its obligations under this Head Agreement in a manner that does not infringe any Intellectual Property Rights of the Commonwealth or any third party.
18.1 The Service Provider warrants that:
18.2The Service Provider warrants that: a) the Service Providers execution and delivery of the Head Agreement, and the performance of its obligations under this Head Agreement, will not constitute: i)a violation of any judgement, order or decree; ii)a default under any contract by which it or any of its assets are bound; or iii)an event that would, with notice or lapse of time, or both, constitute such a default; b) the Service Provider is duly constituted as a corporation under the Corporations Law; c) the constituting documents of the Service Provider empowers the Service Provider to enter into this Head Agreement and to do all things that it can reasonably contemplate will be required by this Head Agreement; d) all necessary corporate approvals have been obtained by the Service Provider to render this Head Agreement binding on, and legally enforceable against, the Service Provider in accordance with its terms; e) it will immediately notify Finance of the occurrence of, or the pending or threatened occurrence of, any event of which it is aware that may cause or constitute a breach of any of the representations, warranties or covenants contained or made in connection with this Head Agreement, including without limitation, any event that may result in a material adverse change in the business of the Service Provider or may affect the financial viability of the Service Providers business;
f) it has disclosed to Finance prior to the Commencement Date details of any litigation or proceeding whatsoever, actual or threatened, against the Service Provider that may have an adverse effect on the ability of the Service Provider to provide the Services to a Commonwealth Agency and these disclosures are true and correct as at the Commencement Date; and g) throughout the term of this Head Agreement, any additional issues of the kind and described in clause 18.2(f) that arise from time to time subsequent to the Commencement Date will be disclosed by the Service Provider to Finance when they occur.
19.
Indemnity
19.1The Service Provider releases and indemnifies the Commonwealth, including its employees, agents and sub-contractors (those indemnified) against any loss (including reasonable legal costs and expenses) or liability that has been incurred by them and which has arisen from a claim, action or proceeding by a third party against those indemnified where that loss or liability was caused by, or arose out of: a) a wilful, unlawful or negligent act or omission, in connection with this Head Agreement by the Service Provider, its employees, agents or sub-contractors; or b) use by any of those indemnified of an item provided by the Service Provider to the Commonwealth, which use the third party claims is an infringement of the Intellectual Property Rights of the third party. 19.2 The Commonwealth shall notify the Service Provider in writing as soon as practicable of any claim, action or proceeding referred to in clause 19.1 that is threatened or brought against any of those indemnified. 19.3 The Service Provider acknowledges that the Commonwealth is bound to conduct any claim, action or proceeding in accordance with current Commonwealth policy and in particular, the Legal Services Directions issued by the Commonwealth Attorney-General pursuant to section 55ZF of the Judiciary Act 1903 (Cth). 19.4 Each indemnity in this Head Agreement is a continuing indemnity, separate and independent from the other obligations of the Parties, and survives termination and repudiation of this Head Agreement.
20.
Termination by Finance
a) the Service Provider commits a material breach of this Head Agreement which is capable of being remedied but the breach continues for 15 Business Days after the Service Provider is given a notice by the Gatekeeper Competent Authority requiring the breach to be remedied; b) the Service Provider commits a breach which cannot be remedied, which breach is, in the reasonable opinion of the Gatekeeper Competent Authority, a serious breach of this Head Agreement; c) the Service Provider ceases to hold any licence, approval, authorisation endorsement or consent required to enable it to comply with its obligations under this Head Agreement; d) the Service Providers Gatekeeper Accreditation is revoked; e) where there occurs either a single incident, or a series of incidents, that in the reasonable opinion of the Gatekeeper Competent Authority, constitutes a material compromise of the Service Providers security in relation to the provision of the Services; f) any action is taken to make the Service Provider an externally administered body corporate as defined by the Corporations Law, or an insolvent under administration; or g) the Service Provider ceases to be controlled by its existing parent company and that change of control, in the reasonable opinion of the Gatekeeper Competent Authority, has a materially adverse effect on the provision of Services to a Commonwealth Agency.
20.1 Each of the following is an Event of Default:
20.2A failure by the Service Provider to comply with a direction issued by the Gatekeeper Competent Authority under this Head Agreement in accordance with the terms of that direction shall be deemed to be a breach of the kind referred to in clause 20.1(b). 20.3Without prejudice to any other right or remedy that Finance has, if any Event of Default occurs, the Commonwealth may terminate this Head Agreement by giving 20 Business Days notice to the Service Provider.
21.
Termination by Service Provider
Without prejudice to any other right or remedy which the Service Provider has, the Service Provider may terminate this Head Agreement: a) by giving 20 Business Days notice to Finance if:
i)Finance commits a breach of this Head Agreement which is capable of being remedied but the breach continues for 20 Business Days after Finance is given a notice by the Service Provider requiring the breach to be remedied; or ii)Finance commits a breach which cannot be remedied, which breach is, in the Service Providers reasonable view, a serious breach of this Head Agreement; or b) by giving notice to Finance before the time for compliance with a direction issued by the Gatekeeper Competent Authority has arrived where the Service Provider does not wish to comply with that direction.
22.
Termination for Convenience
22.1 The Gatekeeper Competent Authority may terminate this Head Agreement at any time by written notice to the Service Provider. 22.2 The Service Provider must immediately comply with any directions given in the notice in relation to subsequent performance of its obligations under this Head Agreement, any Contracts, or the conduct of any activities under the Approved Documents, and do all that is possible to mitigate its losses arising from the termination of this Head Agreement. 22.3The Commonwealth will indemnify the Service Provider against any liabilities or expenses which are reasonably and properly incurred by the Service Provider as a direct consequence of termination under this clause 22, but the Commonwealth will not be liable to indemnify the Service Provider for any loss of profits. 22.4The Service Provider must, in each of its sub-contracts where the fees or other consideration to be paid exceeds $20,000, reserve a right of termination in similar terms to this clause 22.
23.
Consequences of Termination / Expiry

a) receives a Termination Notice under clause 20 or 22; or b) issues a Termination Notice under clause 21;
23.1If the Service Provider:
then: c) from the date it issues or receives the notice where it has issued or received a Termination Notice; the Service Provider must: d) not enter into any new Contracts with Customers, or renew any existing Contracts; e) not enter into any new Subscriber Agreements, or renew any existing Subscriber Agreements that were entered into for Commonwealth Agency purposes; f) make arrangements to novate to a Gatekeeper accredited CA or terminate all Subscriber Agreements that were entered into for Commonwealth Agency purposes in accordance with the relevant Certificate Policy; g) give notice to all Commonwealth Agencies terminating its Contracts with them, the termination to be, subject to clause 23.4, effective in accordance with the terms of the relevant Contract; h) subject to the requirements of this clause 23, continue to provide the Services in accordance with the contractual arrangements it has with Commonwealth Agencies, and any relevant Approved Documents which include arrangements to accommodate significant interruptions in the provision of the Services; and i) co-operate with Finance (and Finance must co-operate with the Service Provider), and any Commonwealth Agencies, to achieve a seamless and secure migration of the Agencies and Subscribers to a new Gatekeeper accredited CA, or RA, as the case may be. 23.1The Gatekeeper Competent Authority may give reasonable written directions to the Service Provider on the requirements of clause 23.1 and the Service Provider must comply with any such directions given within a timeframe to be agreed between the Parties. 23.2The Gatekeeper Competent Authority may, after receiving a written request from the Service Provider, by notice to the Service Provider, agree to vary any of the times or time periods specified in clause 23.1. 23.3The Service Provider must, in each Contract, reserve a right to
terminate, which termination is to be effective on the date this Head Agreement terminates or expires. 23.4Subject to this clause 23, if this Head Agreement expires, or is terminated, the accrued rights of the Parties remain unaffected.
24.
Limitation of Liability
24.1The aggregate liability of either Party for all Causes of Action is limited to $50,000 per Year during the term of this Head Agreement. 24.2The limitation in clause 24.1 does not apply in relation to liability for: a) personal injury, including sickness and death; b) loss of, or damage to, tangible property; or c) an indemnity provided under this Head Agreement. 24.3In no event shall a Party that incurs liability for a Cause of Action be liable for any indirect or consequential loss or damage or loss of revenue, profits, goodwill, bargain or opportunities or loss or corruption of data or loss of anticipated savings incurred or suffered by the other Party whether caused by negligence or otherwise or whether or not the first Party was or should have been aware of the possibility of such loss or damage. 24.4In this clause, Cause of Action means a breach of this Head Agreement or any other common law, equitable or statutory cause of action arising out of the operation of this Head Agreement. 24.5This clause 24 survives the expiry or termination of this Head Agreement.
25.
Confidential Information
25.1 Subject to clause 25.3, a Party must not, without the prior written consent of the other Party, disclose any Confidential Information (see clause 25.8) of the other Party to a third party. 25.2 In giving written consent to the disclosure of Finances Confidential Information, Finance may impose such conditions as it thinks fit, and the Service Provider agrees to comply with these conditions. 25.3 The obligations on the Parties under this clause 25 will not be taken to have been breached to the extent that Confidential Information: (a) is disclosed by a Party to its Advisers or employees solely in order to comply with obligations, or to exercise rights, under this Head Agreement;
(b) is disclosed to a Partys internal management personnel, solely to enable effective management or auditing of Head Agreementrelated activities; (c) is disclosed by Finance to its responsible Minister; (d) is disclosed by Finance, in response to a request by a House or a Committee of the Parliament of the Commonwealth of Australia1; (e) is shared within Finance, or with another Commonwealth Agency, where this serves the Commonwealths legitimate interests; (f) is authorised or required by law to be disclosed; (g) is disclosed by Finance and is information in a material form in respect of which an interest, whether by licence or otherwise, in the Intellectual Property Rights in relation to that material form, has vested in, or is assigned to, Finance under this Head Agreement or otherwise, and that disclosure is permitted by that licence or otherwise; or (h) is in the public domain otherwise than due to a breach of this clause 25. 25.4 Where a Party discloses Confidential Information to another person: (i) pursuant to clauses 25.3 (a), (b) or (e), the disclosing Party must: i)notify the receiving person that the information is Confidential Information; and ii)not provide the information unless the receiving person agrees to keep the information confidential; or (j) pursuant to clauses 25.3 (c) and (d), the disclosing party must notify the receiving party that the information is Confidential Information. 24.5The Parties may agree in writing after the Commencement Date that certain additional information is to constitute Confidential Information for the purposes of this Head Agreement, and where the Parties so agree, that documentation is incorporated into, and becomes part of this Head Agreement, on the date by which both Parties have signed that documentation. 25.6 The obligations under this clause 25 continue, notwithstanding the expiry or termination of this Head Agreement: (k) in relation to an item of information described at Item 4 of Schedule 1 for the period set out in that schedule in respect of that item;
1 This would include a request to publish information on the Internet, for example, pursuant to the Senate Order on Government Agency Contracts dated 27 September 2001. 20 Head Agreement Template February 2009
and (l) in relation to any information which the Parties agree in writing after the Commencement Date is to constitute Confidential Information for the purposes of this Head Agreement for the period agreed by the Parties in writing in respect of that information. 25.7Nothing in this clause 25 affects any obligation which the Service Provider may have either under the Privacy Act 1988 as amended from time to time, or under this Head Agreement, in relation to the protection of Personal Information. 25.8Subject to the operation of the law relating to confidential information, for the purposes of this Agreement, the information specified at Item 4 of Schedule 1, and information specified in any agreement referred to in clause 25.5, is the Confidential Information of the respective Parties.
26.
Privacy
(m)agrees to abide by the Information Privacy Principles as if it were a Commonwealth Agency when it is delivering Services to a Customer; and (n) will, in the course of providing the Services, comply with the obligations set out in this clause 26 in the light of its obligation described in clause 26.1(a).
26.1The Service Provider:
26.2The Service Provider shall take all reasonable measures to ensure that: (o) Personal Information held in connection with a Subscriber Agreement is protected against loss, and against unauthorised access, use, modification, disclosure or other misuse in accordance with the procedures set out in the Approved Documents and that only authorised personnel have access to the Personal Information; and (p) search access to Certificate Revocation Logs and Relationship Certificate Directories is restricted in a manner that ensures compliance by the Service Provider with clause 26.1(a). 26.3The Service Provider may only vary the Security Profile insofar as it impacts on the protection of Personal Information if it complies with clause 13.
26.4The Service Provider shall: (a) use any Personal Information held in connection with issuance of a Certificate only for the purposes of fulfilling its obligations under the relevant Certificate Policy; and (b) ensure that Subscribers are informed in a timely manner of their privacy and security responsibilities in relation to Key generation and security of the Subscribers Keys. 26.5The Service Provider shall not disclose, other than to a sub-contractor for the purposes of providing the Services, any Personal Information obtained in connection with issuance of a Certificate without the prior written approval of the Subscriber, and the Service Provider shall immediately notify the Subscriber where it becomes aware that a disclosure of Personal Information may be required by law. 26.6The Service Provider shall not transfer Personal Information held in connection with issuance of a Certificate outside Australia, or allow parties outside Australia to have access to it, without the prior written approval of the Subscriber. 26.7The Service Provider agrees in respect of any Services that it is Gatekeeper Accredited to provide to Commonwealth Agencies: (q) to notify individuals whose personal information the Service Provider holds, that complaints about acts or practices of the Service Provider may be investigated by the Privacy Commissioner who has power to award compensation against the Service Provider in appropriate circumstances; (r) not to use or disclose Personal Information or engage in an act or practice that would breach section 16F of the Privacy Act 1988 (Cth) (direct marketing), an NPP (particularly NPPs7 to 10) or an Approved Privacy Code (APC), where that section, NPP or APC is applicable to the Service Provider, unless: (i) in the case of section 16F - the use or disclosure is necessary, directly or indirectly, to discharge an obligation under this Head Agreement or Subscriber Agreement; or (ii) in the case of an NPP or an APC - where the activity or practice is engaged in for the purpose of discharging, directly or indirectly, an obligation under this Head Agreement or a Subscriber Agreement, and the activity or practice which is authorised by the relevant contract is inconsistent with the NPP or APC2; (s) to disclose in writing to any person who asks, the content of the provisions of this Head Agreement or Subscriber Agreement (if any) that are inconsistent with an NPP or an APC binding a party to the
Note that section 6A of the Privacy Act 1988 (Cth) requires that the Service Provider be obliged to carry out the activity. 22 Head Agreement Template February 2009
relevant contract3. 26.8 The Service Provider shall ensure that any of its employees requiring access to any Personal Information held in connection with issuance of a Certificate must, before they get access to that Personal Information: a) give a written undertaking not to access, use, disclose or retain Personal Information except in performing their duties of employment; and b) be informed that failure to comply with the written undertaking may be a criminal offence and may also lead the Service Provider to take disciplinary action against the employee. 26.9 The Service Provider agrees to ensure that any subcontract entered into for the purpose of providing Services to a Commonwealth Agency contains provisions to ensure that the subcontractor has the same awareness and obligations as the Service Provider has under this clause, including the requirement in relation to subcontracts. 26.10Clauses 26.8 and 26.9 shall not be read so as to prevent an employee or sub-contractor from using, for their own purposes, any information that it acquires independently of its employment or work for the Service Provider. 26.11 The Service Provider acknowledges that: (t) any unauthorised and intentional access, destruction, alteration, addition or impediment to access or usefulness of Personal Information stored in any Commonwealth computer, or in a computer containing information on behalf of the Commonwealth, in the course of performing its obligations under this Head Agreement or a Subscriber Agreement may be an offence under Part VIA of the Crimes Act 1914 (Cth) for which there are a range of penalties, including a maximum of ten years imprisonment; and (u) the publication or communication of any fact or document by a person which has come to their knowledge or into their possession or custody by virtue of the performance of any of their obligations under this Head Agreement or a Subscriber Agreement (other than to a person to whom the Service Provider is authorised to publish or disclose the fact or document) may be an offence under section 70 of the Crimes Act 1914 (Cth), the maximum penalty for which is two years imprisonment. 26.12 The Service Provider shall, in respect of any Personal Information held in connection with the issuance of a Certificate, co-operate with any reasonable requests or directions of Finance arising directly from, or in connection with the exercise of the functions of the Privacy Commissioner under the Privacy Act 1988 (Cth) or otherwise, including, but not limited to, the issuing of any guideline concerning the handling
3 Section 95C, Privacy Ac 1988 (Cth). 23 Head Agreement Template February 2009
of Personal Information. 26.13 The Service Provider agrees to indemnify the Commonwealth in respect of any loss, liability or expense suffered or incurred by the Commonwealth which arises directly or indirectly from a breach of any of the obligations of the Service Provider under this clause 26, or a subcontractor under the subcontract provisions referred to in subclause 26.9. 26.14 This clause 26 shall continue to have effect after the termination or completion of this Head Agreement. 26.15 In this clause 26 the terms approved privacy code (APC) and National Privacy Principles (NPPs) have the same meaning as they have in section 6 of the Privacy Act 1988 (Cth), and the term Commonwealth Agency has the same meaning as the term agency has in that Act.
27.
Publicity
The Service Provider must not make, or authorise the making of, any public statement relating in any way to Gatekeeper Accreditation that is misleading or deceptive in any manner.
28.
Intellectual Property
28.1The Commonwealth acknowledges that the Service Provider retains all Intellectual Property Rights in the Approved Documents. 28.2Subject to clause 25, and except as otherwise agreed by the Parties, the Service Provider grants the Commonwealth a non-exclusive, nontransferable, royalty-free, world-wide licence during the term of this Head Agreement to exercise the Service Providers Intellectual Property Rights in the Approved Documents so as to enable the Commonwealth to use, reproduce and distribute the Approved Documents for the sole purposes of evaluating the Service Providers operation, granting Accreditation and auditing the Service Providers ongoing compliance with the Accreditation Criteria, Policies and Approved Documents.
29.
Dispute Resolution
29.1If a dispute arises between the Parties in relation to this Head Agreement (Dispute), either Party may by written notice to the other Party specify the details of the Dispute (Dispute Notice). 29.2If a Dispute Notice is given then the Parties must promptly meet and negotiate in good faith to resolve the Dispute. 29.3If the Dispute remains unresolved 20 Business Days after receipt of the Dispute Notice, the Parties agree to submit the Dispute to mediation administered by and in accordance with the mediation rules of the
Australian Commercial Disputes Centre (ACDC). 29.4A single mediator will be agreed by the Parties or, failing agreement, appointed by the ACDC. The mediation will be held in Canberra and be subject to the laws in force in the Australian Capital Territory. A Party may be represented by legal counsel in any mediation. 29.5Nothing in this clause 29 prevents a Party from seeking urgent relief before an appropriate Court.
30.
Variation of Head Agreement
This Head Agreement shall only be varied by way of a deed of variation signed by the Parties.
31.
Assignment and Novation
31.1The Service Provider may not assign or novate the whole or part of this Head Agreement without the prior written consent of Finance. 31.2Finance may decline to consent to a proposed assignment or novation. 31.3Without limiting Finances absolute discretion under clause 31.2, the grounds on which Finance may decline to consent to a proposed assignment or novation include that the proposed assignee or the entity to whom the obligations are to be transferred, as the case requires, does not have Gatekeeper Accreditation.
32.
Waiver
The failure of either Party to enforce this Head Agreement shall in no way be interpreted as a waiver of its rights under this Head Agreement.
33.
Entire Agreement
This Head Agreement constitutes the entire agreement between the Parties and supersedes all prior representations, agreements, statements and understandings relating to its subject matter, whether verbal or in writing.
34.
Archives Act 1983
34.1The Parties will ensure that the custody or ownership of Commonwealth records as that term is defined in the Archives Act 1983 (Cth) is not transferred without the prior written approval of the National Archives of Australia. 34.2The Service Provider agrees to comply with any direction given by Finance for the purpose of transferring Commonwealth records to the National Archives of Australia or providing the National Archives of Australia with full and free access to those records.
35.
Subcontracting
35.1The Service Provider must not, without the prior written approval of the Gatekeeper Competent Authority, subcontract the provision of any significant element of Services under a Contract without the written approval of the Gatekeeper Competent Authority. 35.2If the Gatekeeper Competent Authority consents to the work being performed by a sub-contractor, the Service Provider: is in no way relieved from performing its obligations under this Head Agreement; (v) must ensure that the sub-contractor has been granted Gatekeeper Accreditation to the extent that the sub-contractors activities fall within the activities that would normally require such Accreditation prior to it commencing the sub-contracting activities; (w) must ensure that the sub-contractor is aware of the provisions of this Head Agreement relevant to the part of the work to be performed by the sub-contractor; and (x) must include in any sub-contract where the fees or other consideration to be paid valued at $20,000 or more a right of termination of the kind described in clause 22. 35.3The Service Provider agrees that the Competent Authority may request withdrawal and replacement of any sub-contractor, and if Finance wishes to do this, it must notify the Service Provider in writing setting out reasons for making such a request for withdrawal or replacement. 35.4A failure by the Service Provider to comply with a request issued by the Gatekeeper Competent Authority to withdraw and replace a subcontractor under this Head Agreement shall give rise to a Dispute Notice being provided to the Service Provider and the Dispute will be resolved in accordance with clause 29.
36.
Applicable Law
36.1This Head Agreement is governed by, and is to be construed in accordance with, the laws from time to time in force in the Australian Capital Territory. 36.2The Parties agree to submit to the jurisdiction of the courts having jurisdiction in the Australian Capital Territory.
37.
Conflict of Interest
37.1Each Party undertakes to the other that, to the best of its knowledge, at the Commencement Date, no conflict of interest exists or is likely to arise in the performance of its obligations under this Head Agreement.
37.2Each Party will promptly notify the other in writing if a likely conflict of interest arises during the term of this Head Agreement. 37.3Should a conflict of interest arise which significantly affects the interests of the other Party, that conflict may be treated by the other Party as a breach of this Head Agreement of the kind described in clause 20.1(b) or clause 21(a)(ii).
38.
Notices
38.1Any notice, advice, agreement, undertaking or any other communication given by one Party to the other for the purposes of this Head Agreement must be in writing. 38.2 The address for service of notice of each Party is as set out at Item 5 of Schedule 1 unless otherwise advised in writing by the relevant Party. 38.3 A notice under this Head Agreement is deemed to have been given if: (y) it is delivered by hand - on the date upon which it is delivered and a receipt obtained; it is sent by registered post - on the day upon which it is delivered and a receipt obtained; transmitted by facsimile transmission - when the sender receives confirmation of a successful transmission; transmitted by email - when the sender receives confirmation that the email has been opened; and the Parties have previously agreed that notices can be digitally signed and delivered electronically when the sender receives confirmation of successful receipt. 38.4 If delivery or receipt of a notice occurs on a day on which business is not normally conducted in the place of receipt, or it is received later than 4 PM local time it will be deemed to be given on the next day on which business is normally conducted in that place.
39.
Survival of Clauses
If this Head Agreement is terminated for any reason, or expires, those clauses that are necessary for the Parties to effectively exercise their rights, and discharge their obligations and responsibilities to each other, and in particular to ensure that the operations of Commonwealth Agencies are not unduly disrupted, will survive the termination or expiration of this Head Agreement.
Schedule 1 Agreement Details

1. Address of Department of Finance and Deregulation (Parties)
John Gorton Building King Edward Terrace PARKES ACT 2600
2.
Address of Service Provider (Parties)
[insert address]
3. Type of Accreditation Granted to Service Provider (clause 5)

[Specify here the type of Gatekeeper Accreditation granted to Service Provider]
4.
4.1
Confidential Information of the Parties (clause 25)

Finance Confidential Information
[Describe any information that Finance considers is confidential and the period during which it is to be protected by the Service Provider] 4.2 Service Provider Confidential Information [Describe any information that the Service Provider considers is confidential and the period during which it is to be protected by Finance]
5.
5.1
Addresses for Notices (clause 38)

Commonwealth of Australia General Manager Australian Government Information Management Office Department of Finance and Deregulation John Gorton Building King Edward Terrace PARKES ACT 2600 Attention: Director, Gatekeeper Facsimile Number: (02) 6215 1544 Email: gatekeeper@finance.gov.au
5.2
Service Provider Address of the Service Provider: [Insert details] Facsimile Number: [Insert number]
Schedule 2 - Approved Documents and Accreditation Policies and Criteria

[Set out in this schedule a list of the Accreditation Policies and Criteria the Service Provider was evaluated against, and the latest version of the Service Providers Approved Documents]

Head Agreement Template

Uploaded by

Copyright:

Available Formats

You might also like

Head Agreement Template

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Head Agreement Template

Uploaded by

Copyright:

Available Formats

PARTIES: 1. Commonwealth of Australia represented by the Department of Finance and Deregulation 2.

GATEKEEPER ACCREDITATION HEAD AGREEMENT

3 Head Agreement Template February 2009

This deed of agreement 2009 1.

4 Head Agreement Template February 2009

5 Head Agreement Template February 2009

The Parties agree as follows:

3. Scope of Head Agreement

4. Term of Head Agreement

7 Head Agreement Template February 2009

6. Gatekeeper Certificate of Accreditation

7. Gatekeeper Accreditation Certificate

10 Head Agreement Template February 2009

12. Amendment of Accreditation Process, Criteria and Policies

11 Head Agreement Template February 2009

Changes to Approved Documents

15. Management of Aggregate Commonwealth Risk

Service Provider Not Sole Supplier

This Head Agreement does not mean that:

13 Head Agreement Template February 2009

18.1 The Service Provider warrants that:

14 Head Agreement Template February 2009

15 Head Agreement Template February 2009

20.1 Each of the following is an Event of Default:

Termination by Service Provider

16 Head Agreement Template February 2009

Termination for Convenience

17 Head Agreement Template February 2009

Consequences of Termination / Expiry

23.1If the Service Provider:

19 Head Agreement Template February 2009

26.1The Service Provider:

21 Head Agreement Template February 2009

Variation of Head Agreement

Assignment and Novation

Archives Act 1983

27 Head Agreement Template February 2009

Schedule 1 Agreement Details

Address of Service Provider (Parties)

3. Type of Accreditation Granted to Service Provider (clause 5)

Confidential Information of the Parties (clause 25)

Addresses for Notices (clause 38)

28 Head Agreement Template February 2009

Schedule 2 - Approved Documents and Accreditation Policies and Criteria

29 Head Agreement Template February 2009

You might also like