If you would like to download a copy in PDF format, please click on the button below.
PLEASE READ THE BELOW WHICH FORM PART OF THE AGREEMENT BETWEEN CITATION ISO CERTIFICATION AND YOUR ORGANISATION
1) At the point of booking the gap-analysis visit, Citation ISO Certification will set up a client account and send login details to the Client system administrator via automated email. The Client will be responsible for:-
a) Ensuring that it has one system administrator who will be familiar with the use of Atlas and will be the point of contact for all permitted users of the Client.
b) Providing Citation ISO Certification with the details of any changes to the Client’s system administrator’s contact details without undue delay.
c) Providing the telecommunications, network services and correctly configured hardware and other equipment needed to access Atlas.
d)Not using Atlas in a way which a) is prohibited by law or regulation, b) is fraudulent or has fraudulent purpose or effect, c) in any way which violates the rights of any other person or to harass, upset, embarrass, alarm or annoy other person, d) in any way which is not consistent with the purposes for which we are providing you with access, or e) to upload or input any information or materials which infringe copyright, database right, trademark or other intellectual property rights of any other person.
e) Citation ISO Certification may remove any information or material which is uploaded by the Client if, in Citation ISO Certification’s opinion, such information or material does not comply with our Acceptable Use Policy.
2) The Client should ensure that:-
a) Their IT systems are protected with regularly updated and industry standard Anti-Virus software and that appropriate hardware protection, backup procedures and firewalls are in place commensurate with the nature of the data being stored and the risk of loss or damage.
b) Administrators and users have a unique user ID to monitor access and prevent unauthorised access to records held within Atlas.
c) Ensure that Personal Data (including Special Categories of Personal Data) is not stored within Atlas and wherever this is unavoidable, redact all evidence that is stored within Atlas when it is uploaded. The Client accepts all responsibility for Personal Data stored within Atlas.
d) There is a suitably robust password policy and protocol in place to prevent unauthorised access to Atlas. This policy should include requirements for password strength and change protocols and a prohibition for the sharing of passwords or the use of another user’s login or password.
e) There are policies and supporting documentation in place to ensure the security and integrity of information stored electronically.
f) A risk assessment has been carried out and is regularly reviewed to ensure that the security arrangements in place are proportionate to the needs of the business and the perceived risk of loss or destruction of Client Data within Atlas.
g) Citation ISO Certification retain the right to disable access to Atlas at any time if we have reason to believe that the Client’s login details have been compromised in any way.
3) Occasionally, Citation ISO Certification may:-
a) Change the technical specification of Atlas for operational reasons, provided that any change to the technical specification does not materially reduce the performance of Atlas.
b) Give the Client instructions which it reasonably believes are necessary for reasons of health, safety or quality of any service provided by Citation ISO Certification to the Client or any other client and the Client shall comply with such instructions.
c) Suspend Atlas for operational reasons such as repair, maintenance or improvement or because of an emergency. Citation ISO Certification will give the Client as much written or oral notice as practicable and Atlas will be restored as soon as possible.
4) Although Citation ISO Certification aims to provide an uninterrupted Service, due to Citation ISO Certification’s reliance on third-party suppliers and telecommunications services over whom Citation ISO Certification has no direct control, from time to time faults or interruptions in Atlas may occur. In the event that such a fault does occur, Citation ISO Certification will endeavour to repair the fault in accordance with any service levels as soon as circumstances allow.
5) The Client must not attempt to gain unauthorised access to, harm or disrupt Citation ISO Certification’s systems. The Client must not attack Atlas or Citation ISO Certification’s systems via a denial-of-service attack or distributed denial-of-service attack.
6) The Client must not knowingly introduce any viruses, trojans, worms, logic bombs or other material which is malicious or may be technologically harmful to Atlas, Citation ISO Certification’s systems or the systems of Citation ISO Certification’s suppliers (including the servers on which we host Atlas, any other servers or any services, networks, devices, accounts, data, computers, or databases whether connected to Atlas or otherwise).
7) Whilst we will use reasonable endeavours to prevent it, we do not guarantee that Atlas will be 100% secure from viruses, trojans, worms, logic bombs or other material which is malicious or may be technologically harmful to the Client’s systems.
8) All pre-existing Intellectual Property Rights of the Client will remain with the Client and will not be transferred to Citation ISO Certification as part of this Contract.
9) All Intellectual Property Rights and/or relating to Atlas shall remain the property of Citation ISO Certification. The Client shall acquire no rights in Atlas other than the right to use Atlas in accordance with the terms of this Contract.
10) The Client will remain as the owner of Intellectual Property in any information that is uploaded or input into Atlas.
11) The Client will be permitted to add their logos to Atlas so that they print on documentation; however, the Client shall acquire no rights in Atlas other than the right to use Atlas in accordance with the terms of this Contract.
12) The Client shall not remove or tamper with any copyright notice attached to any Output Data or any other materials supplied pursuant to this Contract. The provisions of this clause will continue to operate after the termination of this Contract.
13) Save to the extent permitted by law, the Client shall not modify, merge or combine with any other software or documentation or reverse engineer or decompile the whole or any part of Atlas or Output Data.
14) The Client may use the content and materials available in Atlas for its own business purposes, but the Client must not provide any or part of this content to any third party without Citation ISO Certification’s permission.
15) The Client may not link to Atlas from any other site.
Authorised Users: Refers to your employees who are authorised by you to use the Software Services, as further described in clause 2a
Data: The data or information, in whatever form (including images, still and moving, and sound recordings), the provision of which comprises the Software Services (wholly or in part).
Derived Data: Any Data (wholly or in part) Manipulated to such a degree that it:
a) cannot be identified as originating or deriving directly from the Data or the Software Services and cannot be reverse engineered in order for it to be so identified; and
b) is not capable of use substantially as a substitute for the Data or the Software Services.
Harmful Materials: Material that is:
I.is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
II. facilitates illegal activity;
III. depicts sexually explicit images;
IV. promotes unlawful violence;
V. is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
VI. is otherwise illegal or causes damage or injury to any person or property;
Initial Subscription Term: The initial subscription term for the Software Services as set out in the Client Agreement.
Manipulate: To combine or aggregate the Data (wholly or in part) with other data or information or to adapt the Data (wholly or in part).
Manipulated Data: Any Data which has been Manipulated. Manipulated Data includes any Derived Data.
Normal Business Hours: The period from 09:00 to 17:30 (UK time) on any day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.
Sites: The list of your sites or departments set out in the relevant Client Agreement.
Software Services: Access to our online platform services as more particularly described in the relevant Client Agreement (and includes a reference to any software forming or made available as part of such online platform services).
Subscription Term: The Initial Subscription Term together with any subsequent renewal periods.
Terms and Conditions: The terms and conditions which apply to the Contract which you have entered into with us in relation to, amongst other things, the provision of the Software Services.
Virus: Anything or any device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network, or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
Vulnerability: A weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability. The term Vulnerabilities shall be construed accordingly.
Your Data: The data inputted by you, Authorised Users, or us on your behalf for the purpose of using the Software Services or facilitating your use of the Software Services.
2) User subscriptions
a) Subject to payment of the charges in accordance with the terms of the Contract, we grant you a non-exclusive, non-transferable right, without the right to grant sublicences, to permit your Authorised Users to use the Software Services during the Subscription Term solely for your internal business operations at the Sites.
c) In relation to the Authorised Users, you shall ensure that:
I. the maximum number of Authorised Users that you authorise to access and use the Software Services shall not exceed the number of User Subscriptions you have purchased or been granted from time to time;
II. you will not allow or permit any User Subscription to be used by more than one individual Authorised User unless it has been reassigned in its entirety to another individual Authorised User, in which case the prior Authorised User shall no longer have any right to access or use the Software Services;
III. each Authorised User shall keep a secure password for their use of the Software Services, and each Authorised User shall keep their password confidential;
V. if any of the audits referred to in clause 2c(iv) reveal that any password has been provided to any individual who is not an Authorised User, then without prejudice to our other rights, we may promptly disable such passwords and we shall not issue any new passwords to any such individual.
d) If any of the audits referred to in clause 2c(iv) reveal that you have:
I. underpaid Annual Fees to us
then without prejudice to our other rights, you shall pay to us an amount equal to such underpayment as calculated in accordance with the prices set out in the Client Agreement within 30 business days of the date of the relevant audit.
e) Subject to clause 2j, you shall not, and shall ensure that none of your Authorised Users shall, access, store, distribute or transmit any Viruses, or any Harmful Material during the course of your use of the Software Services and we reserve the right to disable your and any Authorised User’s access to any material that breaches the provisions of this clause.
f) Unless permitted to do so by law, you shall not and you shall ensure that none of your Authorised Users shall, do or attempt to do any of the following:
I. copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software Services (including any associated documentation) in any form or media or by any means, or attempt to do so;
II.decompile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software Services;
III. access all or any part of the Software Services (including any associated documentation) in order to build a product or service which competes with the Software Services;
IV. use the Software Services to provide services to third parties;
V. license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit or make the Software Services available to any third party except the Authorised Users;
VI. obtain, or assist third parties in obtaining, access to the Software Services, other than as provided under this clause 2; or
VII. introduce or permit the introduction of any Virus or Vulnerability into our network and information systems.
g) You and each Authorised User shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Software Services and, in the event of any such unauthorised access or use, promptly notify us.
h) If you or any Authorised User become aware of any misuse of any of our data or materials, or any security breach in connection with the Software Services that could compromise the security or integrity of our data or materials, or if you or any Authorised User learn or suspect that any security feature has been revealed to or obtained by any unauthorised person, you or any Authorised User shall promptly notify us and fully co-operate with us to remedy the issue as soon as reasonably practicable.
i) Your rights to use the Software Services are only granted to you and not to any of your group companies.
j) You shall not be deemed to be in breach of clause 2e if any Harmful Materials are accessed, stored, distributed or transmitted during the course of and to the extent that this is necessary for your receipt and use of the Services as a result of or in relation to your receipt and use of our HR Services.
3) Software Services
b) We shall use reasonable endeavours to make the Software Services available 24 hours a day, seven days a week, except for:
I. planned maintenance performed outside of Normal Business Hours; and
II. unscheduled maintenance in which case we shall (where reasonably practicable) give you at least six hours’ notice in advance, unless there is an emergency which cannot be notified in advance.
c) We will, as part of the Software Services, provide you with our standard customer support services during Normal Business Hours.
4) Your data
a) You shall own all rights, titles and interests in all of Your Data that is personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of Your Data.
5) Our obligations
b)We do not warrant that:
I. your use of the Software Services will be uninterrupted or error-free; or
II. that the Software Services and/or the information obtained by you through the Software Services will meet your requirements; orthe Software Services will be free from Vulnerabilities; or
III. the Software Services will comply with any specific cybersecurity requirements that you may have.
IV. We are not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and you acknowledge that the Software Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
d) Subject to Clause 6 of the Terms and Conditions:
I. this platform and the information and services available on it is delivered “as is” without warranty of any kind;
II. we do not warrant or represent that the Software Services will be delivered free of any inaccuracies, interruptions, delays, omissions or errors (“Faults”), or that all Faults will be corrected, and we shall not be liable for any loss, damage or cost resulting from any such Faults;
III. you assume sole responsibility and entire risk as to the suitability and results obtained from use of the Software Service, and any decisions made or actions taken based on the information contained in or generated by the Software Services; and
IV. you are solely responsible for the preparation, content, accuracy and review of any documents, data, or output prepared or resulting from the use of the Software Services.
e) You understand that we are a provider of information (including opinions) for general information purposes only and do not provide compliance, risk management, legal or other professional advice (unless expressly stated in a Client Agreement). Some information may contain the opinions of third parties, and we are not responsible for these opinions. We are not responsible for any loss, damage or cost resulting from any decisions taken by you that is made in reliance on the Software Services, including legal, compliance and/or risk management decisions. You agree that you use the Software Services at your own risk in these respects.
6) Term and termination
a) You grant to us and our group companies a non-exclusive, non-transferable, revocable, worldwide royalty-free licence to:
I. access, view and Manipulate Data and create Derived Data for analysis and aggregation;
II. store the Data and Manipulated Data on your network and system in your interests; and
III. distribute the Data and Manipulated Data to Authorised Users on your network and system using the Software Services or via email.
a) You shall defend, indemnify and hold us harmless against all liabilities, costs, expenses, damages and losses arising out of or in connection with your use of the Software Services.
I. we are given prompt notice of any such claim;
II. you provide reasonable co-operation to us in the defence and settlement of such claim; and
III. we are given sole authority to defend or settle the claim.
d) In no event shall we be liable to you to the extent that the alleged infringement is based on:
I. a modification of the Software Services by anyone other than us; or
II. your or any Authorised Users’ use of the Software Services in a manner contrary to the instructions given to us; or
III. your or any Authorised Users’ use of the Software Services after notice of the alleged or actual infringement from us or any appropriate authority.
e) Other than as set out in the Contract, clauses 8b to 8d (inclusive) state your sole and exclusive rights and remedies, and our entire obligations and liability, for infringement of any third party intellectual property rights.
9) Force Majeure Clause
a) Neither party shall be liable for any failure to perform or delay in performance of any of its obligations under this Agreement caused by circumstances beyond the reasonable control of that party, including but not limited to adverse weather conditions, natural disasters, fires, floods, explosions, earthquakes, nuclear disasters, insurrection, riots, acts of terrorism, war, and acts of Government (a “Force Majeure Event”).
b) In the event of a Force Majeure Event, the affected party’s performance under this Agreement shall be suspended for the period that the Force Majeure Event continues, and the party will have a reasonable extension of time for performance of its obligations in the circumstances.
c) If the Force Majeure Event continues for more than 30 consecutive days, the unaffected party may terminate this Agreement with immediate effect.