I Document Control

ACCEPTABLE USE AGREEMENT Reference: ISMS 1

For Third Parties Using FirstBank’s Information Issue No: 4
Systems Issue Date:22/11/2017
Page 1 of 5

Information Security Agreement between First Bank of Nigeria Limited of Samuel Asabia House,
35 Marina, Lagos Nigeria (hereinafter referred to as “FirstBank”).

And
TeamApt Limited
[Complete official name and address of authorized designated user]

(Hereafter “the Designated User”)

(Together referred to as the Parties)

WHEREAS
a) FirstBank stores, processes, and disseminates large amounts of information via its
Information Resources.
b) The Designated User shall in the course of directly or indirectly executing functions or
services on behalf of FirstBank be exposed to, have access to or be granted access to First
Bank’s Information Resources.
c) This Agreement sets out the terms and conditions, upon which the Designated User shall,
utilize the Information Resources.

1. Definitions
“Authorized Third Party” refers to a person to whom the Bank has granted access to
Information Resources

“Information Security” is the protection of data, applications, systems, and network resources
from accidental or deliberate misuse through unauthorized disclosure, alteration, or
destruction;

Internal Use Only

I Document Control
ACCEPTABLE USE AGREEMENT Reference: ISMS 1
For Third Parties Using FirstBank’s Information Issue No: 4
Systems Issue Date:22/11/2017
Page 2 of 5

“Information Resources” are resources for which the Designated User(s) has authorization to
access, and include:
a) Printed or written communications and documentation, such as reports, letters, and
memos;
b) Online screen transactions;
c) Software applications;
d) Data set files and databases residing on any media, such as tapes, disks, diskettes, microfilm,
and microfiche;
e) Processing systems including, but not limited to servers, PCs, workstations, laptops and
printers;
f) Network resources;
g) Confidential Information
“Confidential Information” shall include all communications and information whether written,
visual or oral, including but not limited to business plans, results, reports, date, Cardholder
Data, card information, formulae, process, technical information, materials, designs,
specification of products, know-how, software programs and samples, and information
concerning the trade secrets, customers, marketing, business associations, finances, financial
arrangements, financial projections, current or future business plans and models, technical or
commercial affairs of First Bank, its employees, agents, representatives and customers,
regardless of whether such information is designated as “Confidential Information” at the time
of its disclosure.

2. Warranty of Prior Authorization

The Designated User(s) represents and warrants to FirstBank that he/she is authorized to access
FirstBank’s Information Resources either by virtue of his status as a staff of an Authorized Third
Party or by separate authorization from FirstBank.

3. Acknowledgement
The Designated User(s) acknowledges that:

Internal Use Only

I Document Control
ACCEPTABLE USE AGREEMENT Reference: ISMS 1
For Third Parties Using FirstBank’s Information Issue No: 4
Systems Issue Date:22/11/2017
Page 3 of 5

a) FirstBank stores, processes, and disseminates large amounts of information;

b) Loss, damage, or disclosure of information, applications, systems, or network resources
could result in significant operational or financial loss to FirstBank;
c) It is imperative for FirstBank, and the Designated User, to ensure the integrity, accuracy,
availability, and confidentiality of these resources through the use of effective security
controls.

4. FirstBank account name and password

a) When satisfied that the Designated User(s) has appropriate authorization to access
FirstBank’s Information Resources, access authority to FirstBank’s Information Resources
shall be granted through a FirstBank account name and password.

5. Obligations of the Designated User(s)

The Designated User(s) shall:
a) Safeguard the confidentiality, integrity and availability of Information Resources to which he
or she or they have access in line with FirstBank’s Information Security Policy;
b) If a Third Party Service provider (TPP) that handles Card Data will conform to all PCI DSS
requirements.
c) Take precautions to prevent the introduction into their PCs of software viruses, malicious or
any other code that might compromise information security or normal operations.
d) Be responsible for the confidentiality of access credentials (usernames, passwords, access
cards, Cardholder Data etc.) provided and shall not loan their user ID and password or share
it with others;
e) Be personally accountable for all actions that occur under the user ID provided to the
Designated User;
f) Select an alphanumeric password that would not be easily “determined/guessed”; do not
use repeating characters, do not use obvious words such as name of the individual, or
individual’s spouse, children, or pet, days of the week, names of the months, the Designated
User’s login ID, birthday or phone number;

Internal Use Only

I Document Control
ACCEPTABLE USE AGREEMENT Reference: ISMS 1
For Third Parties Using FirstBank’s Information Issue No: 4
Systems Issue Date:22/11/2017
Page 4 of 5

g) Ensure that the password is a minimum of Eight characters in length and that it is changed
every 90 days at least;
h) Log out or lock the terminal when leaving it, even for a short period of time;
i) Keep FirstBank documents, diskettes, and copies of files containing sensitive data in a secure
cabinet, desk, or room, and dispose of them properly when they are no longer needed;
j) Immediately change the password in the event the Designated User(s) suspects or believes
his or her or their user ID and password have been compromised in any way;
k) Not be allowed to use the user ID provided by FirstBank for private use or any other
purposes other than those specifically allowed by FirstBank;
l) Not be allowed to test or attempt to compromise FirstBank security controls without the
specific advance approval in writing from FirstBank.
m) If a TPP for Card Data, it will not share Cardholder Data with other vendors or third party
without the consent of FirstBank.
n) Not to disclose any Confidential Information (i.e. Customer information, trade Secret and
Cardholder data which may be obtained via the Information Resources in the course of
performing his/her duties.

6. Termination
This Agreement shall commence on the date of execution by the Designated User and shall
remain in force for a period of 10 years. The Bank may at any time and without prior notice
deny the Designated User access to any Information Resource.

a) At the expiration of the agreement with FirstBank the Designated User has a duty to return
all records, notes, and other written, printed or other tangible materials in its possession
pertaining to the Information Resources and Confidential Information (where applicable)
immediately.
b) Notwithstanding anything to the contrary in this Agreement express or implied, and to the
fullest extent permitted by law, the confidentiality and non-disclosure obligations contained

Internal Use Only

I Document Control
ACCEPTABLE USE AGREEMENT Reference: ISMS 1
For Third Parties Using FirstBank’s Information Issue No: 4
Systems Issue Date:22/11/2017
Page 5 of 5

herein shall remain binding on the Designated User and shall survive the termination or
expiration of this Agreement.

Internal Use Only

I Document Control
ACCEPTABLE USE AGREEMENT Reference: ISMS 1
For Third Parties Using FirstBank’s Information Issue No: 4
Systems Issue Date:22/11/2017
Page 6 of 5

7. Non-Disclosure Agreement
In the event the Information Resources are not accessible to the Designated Users by virtue of a
relevant policy, or decision of the Management of FirstBank, the Designated Users organisation
undertakes to execute a Non-Disclosure Agreement in a form approved by FirstBank, as a
precondition to being granted access to FirstBank’s data.

This Agreement shall be governed by and construed in accordance with the Laws of the Federal
republic of Nigeria

For and on behalf of the within named For and on behalf of the within named
First Bank of Nigeria Limited [Name of Designated User]

____________________________________ ____________________________________

Name: _____________________________ Name: ______________________________

Designation: _________________________ Designation: _________________________

Signature: ___________________________ Signature: ___________________________

Date: _______________________________ Date: _______________________________

In the presence of:

Witness Name:_________________________
Address:_______________________________
Occupation:____________________________

Signature:______________________________

Internal Use Only