The URL can be used to link to this page

Home My WebLink AboutContract 41795 (2)62C//C5/c'FO2/7 MAY 0 2011 Vendor: Customer: SOW Number: SOW Name: AT&T Contract Number: Date of Submission: Primary Work Site: STATEMENT F WORK CITY CONTRACT Nei. SECRETARY_ n q6 AT&T Consulting Solutions, Inc. (AT&T Consulting) City of Ft. Worth through Water Department 3486-01-4362 PCI Data Security Standard Trusted Advisor 40/lors/o April 11, 2011 City of Ft. Worth Water Department 902 Monroe St. Suite 202 Fort Worth, TX 76102 AT&T Consulting Solutions, Inc. is a wholly owned subsidiary of AT&T and provides services under the brand AT&T Consulting. This Statement of Work (SOW) constitutes an offer by AT&T Consulting to perform the services described herein. This offer may, at AT&T Consulting's option, be withdrawn if not signed and returned by City of Fort Worth ("City of Ft. Worth Water Department", or "CLIENT") within 15 days from the date of submission shown above. This SOW is an attachment to the Agreement, referenced by the AT&T Contract Number above, entered into by AT&T Consulting and City of Ft. Worth Water Department and is hereby incorporated into said Agreement. This p g SOW may only be modified by a written Change Order executed by the parties hereto. IN WITNESS WHEREOF, the parties hereto have caused this Agreement to be duly executed Each party warrants and represents that its respective signatories whose signatures appear below have been and are on the date of signature duly authorized to execute this SOW. AUTHORIZED SIGNATURE Signature /?rn2,210 C2).542--- Name Printed /bit N ,ateaye7- Title Date APPROVED AS TO VOITS1 L9L-9GMIX Y Assistant itv Attcney FOR AT&T CONSULTING INTERNAL USE ONLY Attested by: Marty Hendrix., ;re to M phish.n _ I i ` Ii ACCEPTANCE SIGNATURE AT&T Consulting Solutions, Inc. sag tu�eISA CA f-GUTSHALL CONTRACT SPECIALIST • CUSTOMER CONTRACTS Name Printed Title Date ,�o tt t&z 4d ifour lizz? oo poi /JAI fibs3o O� 0 0 ge(04,4 *4 000000 Ens .�y"cY • ATTUID Initials OFFICIAL RECORD CITY SECRETARY ET. WORTH, TX SOW #3486-01-4362 City of Ft. Worth Water Department — PCI Readiness Assessment and Trusted Advisor Table of Contents 1. Introduction 3 2. Description of Work and Scope 3 3. Approach 4 4. Deliverables 4 5. Risks 4 6. Assumptions 5 7. Disclaimer of Warranties 5 8. Coordination, Planning, & Project Initiation Meeting 5 9. Escalation Process 6 10. Completion Criteria 6 11. Client Responsibilities 6 12. Initiation of Work 7 13. Expected Duration 7 14. Estimated Charges and Expenses 7 15. Invoicing and Payment 8 16. Change Order Process 8 17. Engagement Contacts 8 Revised April 5, 2011 2011 AT&T Knowledge Ventures All rights reserved. Q� SOW #3486-01-4362 City of Ft. Worth Water Department — PCI Readiness Assessment and Trusted Advisor • 1. Introduction City of Ft. Worth Water Department has approached AT&T Consulting Solutions to provide consulting services regarding Payment Card Industry (PCI) Compliance. The overall goal of this engagement is to provide consulting surrounding the PCI Data Security Standard (DSS), act as an advisor in creating unique solutions that meet PCI requirements, and assessing City of Ft. Worth Water Department's strategy pertaining to their overall PCI compliance program and remediation of its gaps. This document includes: • Scope of Work — AT&T Consulting's methodology for conducting the Compliance Assessments and our analysis of how the various requirements of the Compliance Assessment intersect. • Deliverables — Description of the deliverables for this project. • Pricing — AT&T Consulting's pricing model for this engagement and the included components. • Project Assumptions — any assumptions that were used to derive the scope of work or pricing for this engagement. 2. Description of Work and Scope This section provides a description of services, scope of activity, and support requirements associated with the services. General Description AT&T approaches the details of each PCI project uniquely to the customer, however, our general approach for City of Ft Worth Water Department is as follows: • AT&T Consulting will review the PCI Summary received from the City Project Manager, interview various Water Department employees and assess various components/documents to provide feedback pertaining to City of Ft. Worth Water Department's strategies, architecture, and systems from both a PCI QSA perspective as well as from a security industry standard practices perspective, including review the Water Department's options (roadmaps) for housing applications with a third party (Click2Gov — H2Online) • AT&T Consulting will provide PCI Subject Matter consulting as needed to assist City of Ft. Worth Water Department in mapping out cardholder data flows and scoping the cardholder environment • AT&T Consulting will provide feedback to the Water Department regarding the City Project Manager's report and recommend if any changes are warranted. • AT&T Consulting will provide PCI Subject Matter consulting as needed to assist City of Ft. Worth Water Department in its effort to complete PCI DSS Self -Assessment Questionnaire(s). • AT&T Consulting will provide PCI Subject Matter consulting as needed to City of Ft. Worth Water Department in its effort to complete PCI DSS remediation. AT&T Consulting will provide strategic guidance to City of Ft. Worth Water Department regarding vulnerability scanning IDS, patching, and monitoring. • AT&T Consulting will assist City of Ft. Worth Water Department as needed to develop effective security policies, processes, procedures, and standards that meet the PCI requirements and address the unique security needs of the organization. • AT&T Consulting will provide guidance to City of Ft. Worth Water Department to break any project tasks into specific, functional groups. These groups typically resemble either specific applications or business processes. AT&T Consulting with work with the Water Department to determine which individuals or groups will be responsible for addressing any gaps/issues. • AT&T Consulting will review the data flow of Internet -facing hosts that process, store, or transmit credit card data to determine the systems that are in scope of the PCI DSS Once systems that are in scope have been determined, AT&T Consulting will provide advice on compliance solutions and compensating controls that will help mitigate the risk and limit the scope of systems that must be PCI compliant. • AT&T Consulting will assist City of Ft. Worth Water Department to design security controls across all in - scope systems and the network in general. AT&T Consulting will do this in a manner that considers the overall integrity and protection of City of Ft. Worth Water Department's critical data, not just to a point of conformance with the PCI requirements. Version 1.0 Page 3 of 7 2011 AT&T Knowledge Ventures All rights resented. [ SOW #3486-01-4362 City of Ft. Worth Water Department — PCI Readiness Assessment and Trusted Advisor 3. Approach AT&T Consulting will sponsor a "Project Kick -Off' meeting to: review this SOW, obtain any information required from City of Ft. Worth Water Department but not yet received, and discuss working arrangements pursuant to this SOW. Upon commencement of our service to City of Ft. Worth Water Department, AT&T Consulting will conduct a kick-off meeting (phone conference, or in person) as described in the "Communications Section' to establish rules of engagement and share critical information. AT&T Consulting's approach is highly collaborative. At any point during the engagement an identified non -compliant issue will be communicated to the Points of Contact in a manner agreed upon dunng this kick-off meeting. Each party will designate a Single Point of Contact (SPOC) that has the authority to represent such party and has decision -making authority for most matters. All material communications should be conducted through the SPOCs. Such communications should either be in writing or summed up in writing. However, it is recognized that for the sake of efficiency, there will need to be direct communications between AT&T Consulting team members and various City of Ft Worth Water Department's employees. Any conversation that may have a material outcome on the success of the engagement will need to be documented and sent to the SPOCs. Deliverables AT&T Consulting will provide the following deliverables as part of this project: Name:Of Deliverable Description flf Deliverable PCI DSS Remediation Roadmap This report 's provided to City of Ft. Worth Water Department at the conclusion of the engagement The purpose of this report is to outline high-level findings (gaps) and to present tactica resolutions to address these gaps. To the extent permitted by law, this report shall be considered Confidential information. PCI DSS Remediation Roadmap This report will outline high-level findings and present a strategic plan to address any gaps that would prevent City of Ft. Worth Water Department from becoming PCI-compliant. The report will provide an overview of City of Ft. Worth Water Department's PCI security posture along with a strategic plan that outlines and prioritizes remediation projects to convey an overall approach to achieving PCI compliance. This report shall include documentation of networks, systems, processes, and cardholder data flows subject to PCI DSS. The report will include: • Gaps: A description of the PCI DSS element and the associated gap • Remediation plan: Recommendation of tactical strategy to address the gap • Validation requirement: Descnption of what evidence will be needed to validate that a gap has been remediated • Root cause analysis: Determination of the actual cause of the gap so that City of Ft. Worth Water Department can adjust their underlying processes, standards, and programs to prevent the gap from recurring in the future 5. Risks AT&T Consulting has identified the following potential risks in being able to complete this engagement as defined in the deliverables and completion criteria sections. If any of these risks are in danger of occurring, AT&T Consulting shall invoke the Escalation Process. If any of these risks do occur the parties agree to resolve the situation via the Change Order Process. Notwithstanding the foregoing, neither of the parties is bound to use the Change Order Process in the event of a material breach by the other party. Version 1.0 Page 4 of 7 0 2011 AT&T Knowledge Ventures All rights reserved. SOW #3486-01-4362 City of Ft. Worth Water Department — PCI Readiness Assessment and Trusted Advisor • The receipt of inaccurate information regarding the network design and configuration as provided by the City of Ft. Worth Water Department or its third -party resources. 6. Assumptions The assumptions below were used by AT&T Consulting to scope this engagement based on information provided to it by City of Ft Worth Water Department. If any of these assumptions prove to be invalid the parties agree to resolve the situation via the Change Order Process. Notwithstanding the foregoing, neither of the parties is bound to use the Change Order Process in the event of a material breach by the other party. • All items listed in the Client Responsibilities section of the SOW are met, delivered, or provided (as appropriate) in a timely manner. City of Ft. Worth Water Department will provide AT&T Consulting access to the business, customer, and technical information, and facilities necessary to execute this SOW. • City of Ft. Worth Water Department will provide AT&T Consulting on -site and off -site access to documents necessary for this assessment. • City of Ft. Worth Water Department will ensure that appropriate personnel are available to meet with AT&T Consulting, as necessary. • • The AT&T Consulting professional working day is eight (8) hours, including reasonable time for meals. AT&T Consulting understands that occasions arise during customer engagements that require a longer or shorter working day. AT&T Consulting will not be obligated to extend engagements when delays result from City of Ft. Worth Water Department's inability to meet stated prerequisites prior to an engagement, nor when delays result from City of Ft. Worth Water Department's personnel not being available to provide required support. • During this effort, AT&T Consulting will not be responsible for negotiations with hardware, software, or other vendors or any other contractual relationship between City of Ft. Worth Water Department and third parties. AT&T Consulting, at the request of City of Ft. Worth Water Department, will provide input to City of Ft Worth Water Department regarding optimal product or vendor selection. • Any application code, documentation, and/or presentations developed under this document will be in English. • AT&T Consulting will perform the work between 8:30 a.m. and 5:00 p.m. (local time). Disclaimer of Warranties FURTHERMORE, EXCEPT AS SPECIFICALLY SET FORTH IN THIS DOCUMENT THE SERVICES PERFORMED AND ANY ITEMS FURNISHED UNDER THIS DOCUMENT BUT NOT LIMITED TO DATA REPORTS, DOCUMENTATION, DELIVERABLES, HARDWARE, AND SOFTWARE OF ANY KIND, AND ANY RECOMMENDATIONS OR CONCLUSIONS CONTAINED THEREIN ARE PROVIDED ON AN 'AS IS" BASIS WITH N O WARRANTIES OR REPRESENTATIONS OF ANY KIND. AT&T CONSULTING MAKES NO WARRANTY, EXPRESS OR IMPLIED, THAT ALL SECURITY THREATS AND VULNERABILITIES WILL BE DETECTED OR THAT THE SERVICES THEMSELVES OR COMPLIANCE WITH THE PCI STANDARD WILL RENDER CUSTOMER'S NETWORK AND SYSTEMS SAFE FROM MALICIOUS CODE, INTRUSIONS, OR OTHER S ECURITY BREACHES. 8. Coordination, Planning, & Project Initiation Meeting AT&T Consulting recognizes the value of communication and ongoing collaboration with our customers. As such, we include a project initiation meeting (kick-off meeting) with all of our engagements During the meeting, AT&T Consulting will address the following topics: • • • • • Introduce key people at City of Ft. Worth Water Department and AT&T Consulting. Exchange contact information (for regular reporting and emergencies). Review scope of services. Review communication, notification, and issue escalation procedures and escalation points of contact. Discuss other specific City of Ft Worth Water Department requests and rules of engagement (e.g., periods during which AT&T Consulting should not perform testing). Version 1.0 Page 5 of 7 0 2011 AT&T Knowledge Ventures All rights reserved. SOW #3486-01-4362 City of Ft. Worth Water Department — PCI Readiness Assessment and Trusted Advisor • Discuss the involvement of City of Ft. Worth Water Department's technical staff in the project for the purpose of knowledge transfer and security • AT&T Consulting will discuss the deliverables required at completion of the project, the designated recipient, and the manner in which AT&T Consulting will forward those deliverables. For the duration of the engagement AT&T Consulting will conduct status meetings. The frequency of the status meetings will be determined at the kickoff meeting. AT&T Consulting will conduct the status meetings in person during the period of onsite performance and via a conference call during periods of remote work. 9. Escalation Process Both parties agree to use the following escalation process when a situation arises that either party feels could jeopardize the overall success of the engagement Either party may initiate the escalation process, by contacting the named individual at the top of the table. If the initiating party feels that the situation: hasn't been adequately resolved; isn t being resolved quickly enough or is of sufficient magnitude to cause significant damage to the overall relationship, they may proceed along the escalation path, as they deem appropriate Initiation of this process is restricted to the individuals that are named in the escalation path for their party. The escalation path can be updated during the Kickoff Meeting. A) AT&T Consulting Escalation Path Name` Jerry Sommerville Title ` :v Professional Services Manager Phone Number' (817) 614 8492 Rock Carter Professional Services Manager (678) 943-9359 Larry Smith VP Operations (770) 750 7467 B) City of Ft. Worth Water Department Escalation Path Name.. Barbara Wilson Frank Crumb Fernando Costa Title Senior IT Manager Director- Water Department Assistant City Manager Phone Number _.. <' 817-392-8272 817-392 8246 817-392-6122 10. Completion Criteria This engagement will be deemed completed when the following items have been accomplished: • All deliverables specified in this SOW have been submitted • The key deliverables or findings have been presented to City of Ft. Worth Water Department's executive sponsors of this engagement. • The agreement expires on its terms and has not been extended by the parties. 11. Client Responsibilities City of Ft. Worth Water Department agrees to provide timely access to all personnel resources (including all necessary hardware, software, network access, adequate and secure workspace, and telephone access) and requested information that is deemed necessary by AT&T Consulting to ensure that AT&T Consulting can fulfill its commitments stated herein When possible, AT&T Consulting will make reasonable efforts to provide lead time to City of Ft. Worth Water Department Typically, this notification will occur at the weekly status meetings. City of Ft. Worth Water Department also specifically agrees to: • Assign a SPOC to represent City of Ft. Worth Water Department. The SPOC will have decision -making authority for most matters that may arise and will serve as an escalation point for relevant security testing activities, per the rules of engagement and cease -and -desist procedures This SPOC will also be the escalation point for critical vulnerabilities identified during the course of the engagement • Ensure that the SPOC be available to meet with AT&T Consulting for Status Meetings at a frequency determined dunng the Kickoff Meeting. Version 1.0 Page 6 of 7 0 2011 AT&T Knowledge Ventures All rights reserved. SOW #3486-01-4362 City of Ft. Worth Water Department — PCI Readiness Assessment and Trusted Advisor • The City of Ft. Worth Water Department SPOC will be responsible to facilitate the scheduling of interviews and information gathering sessions within the CLIENT's organization unless other arrangements are agreed upon by the SPOCs. • The City of Ft. Worth Water Department SPOC will be responsible to identify and coordinate with the appropriate individuals to review draft deliverables These reviews must be within the agreed upon timeframe in order to maintain the engagement schedule. • Provide all information and materials identified throughout the Statement of Work on time. To the best of City of Ft Worth Water Department's ability, pre -assessment evidence will be prepared prior to the site visits. • Provide proper documentation for existing network. • Provide AT&T Consulting s consultants with the necessary physical and/or system access required to complete the deliverables. • Provide appropriate personnel to assist in identifying users of systems and contact information. • Provide timely access to staff and personnel to answer questions regarding business or network information. • Make City of Ft. Worth Water Department assets (network, application and users) available for testing at appropriate points in this engagement • Make appropriate representatives available for the presentation of the final deliverable. • Inform AT&T Consulting of any developments in other projects that are not confidential that might impact this engagement. • Notify AT&T Consulting of and make available to AT&T Consulting any prior PCI assessment results if available • Provide AT&T Consulting with all relevant documentation and information as it pertains to the business requirements and current network infrastructure at the Kickoff meeting. If City of Ft. Worth Water Department fails to perform any of the responsibilities set forth herein, the parties agree to resolve the situation via the Change Order Process Notwithstanding the foregoing neither of the parties is bound to use the Change Order Process in the event of a material breach by the other party. 12. Initiation of Work In order for work to begin, AT&T Consulting will require receipt of the fully executed SOW and any documents (e.g., purchase order or master contract) required by City of Ft. Worth Water Department at least 2 weeks prior to the initiation of work. The Kickoff meeting will mark the official start of this engagement. 13. Expected Duration Based on the information provided to AT&T Consulting by City of Ft. Worth Water Department and on our professional experience AT&T Consulting estimates that the work will be completed in approximately four to eight weeks, although City of Ft. Worth Water Department may opt to use the hours at any pace that works best for them During the course of this engagement additional information will be learned about the engagement that may cause the time required to complete the engagement to differ. Changes to the Expected Duration will be addressed via the Change Order Process. 14. Estimated Charges and Expenses The rate structure for this engagement is: Estimated Effort Labor :Charge Version 1.0 Page 7 of 7 0 2011 AT&T Knowledge Ventures All rights reserved. SOW #3486-01-4362 City of Ft. Worth Water Department — PCI Readiness Assessment and Trusted Advisor AT&T Consulting will provide regular status updates to City of Ft. Worth Water Department so that the budgetary impacts may be monitored as work progresses. If during the course of the engagement, it is determined that the work will extend past the expected duration then the Change Order Process will be used to provide additional funding Delays caused by factors outside of the reasonable control of AT&T Consulting will be addressed via the Change Order Process. Both parties agree and acknowledge that this engagement is a variable -cost offering and should not be considered a 'fixed priced bid" nor a ' not to exceed" quote. Rather, work will be billed at actual costs incurred. Travel, meals, lodging, and other direct costs for the described effort are not included in the quote above and shall be reimbursed by City of Ft. Worth Water Department at actual cost. Estimated travel cost for this engagement is $1500. The following shall be neither billed to nor payable by the Client: a) The premium cost of first or business -class airfare or of luxury lodging (note: discount airfares should be used as reasonably available); b) Any entertainment expense 15. Invoicing and Payment City of Ft. Worth is a tax exempt entity and shall not be liable for taxes under this agreement 16. Change Order Process The parties agree that this SOW may be amended by a Change Order Form signed by both parties for one or more of the following reasons: • The occurrence of any of the Risks. • The invalidation of any of the Assumptions. • Changes in the Description of Work or Deliverables requested by City of Ft. Worth Water Department and agreed to by AT&T Consulting. • Delays caused by a force majeure event as defined in the Services Agreement. • The occurrence of any other event or the discovery of any other information that affects AT&T Consulting's ability to perform the engagement as specified herein. • Any other mutually agreeable reason. The remedy to any of the above may include changes to: the composition of the engagement team, duration, delivery schedule, pricing, scope of the engagement and/or deliverables. City of Ft. Worth Water Department will obtain the necessary approvals, signatures and, if required, a purchase order for any additional costs. Whenever there is a conflict between the terms of a fully executed Change Order Form and those in this SOW, or a previous fully executed Change Order Form, the terms of the most recent fully executed Change Order Form shall prevail. 17. Engagement Contacts A) City of Ft. Worth Water Department Barbara Wilson Senior IT Manager 902 Monroe St Suite 202 Fort Worth, TX 76102 (817) 392-8272 Barbaramilson@fortworthgov.org B) AT&T Consulting Version 1.0 Page 8 of 7 D 2011 AT&T Knowledge Ventures All rights reserved. SOW #3486-01-4362 City of Ft. Worth Water Department — PCI Readiness Assessment and Trusted Advisor Mark Nimes Business Development Manager 2200 N Greenville Ave Richardson, TX 75082-4412 (972) 643 9082 mhimes@att.com Steve Levinson PCI Practice Lead AT&T Consulting Solutions 2242 Via Tiempo Cardiff by the Sea, CA 92007 (619) 241-3287 steve.levinson @ att.com Version 1.0 Page 9 of 7 2011 AT&T Knowledge Ventures All rights reserved. de: i 10 !cc/ (43? Pi AT&T Master Agreement Reference No. 138256UA City Secretary Contract No. 41553 AT&T Consulting Professional Services Attachment to Master Agreement .:1.1 V79:92tI)b AT&T Legal Name "AT&T" AT&T Sales Contact Name CUSTOMER Legal Name ("Customer") /1 Primary Contact AT&T Corp. Mark McCarty City of Fort Worth CUSTOMER Address AT&T Corp. Address and Contact AT&T Sales Contact Information 902 Monroe Street _ Mark Himes 1116 Houston St Suite 202 2200 North Greenville Avenue Fort Worth, TX 76102 Fort Worth, TX 76102 Richardson, TX 75082 Ph : (817) 884-9463 (972) 643-9082 Fax : mm8932@att.com Mh1712@att.com Sales/Branch Manager: Pattie Buikema SCVP Name: Edward Herget CUSTOMER Contact CUSTOMER Billing Address Barbara Senior IT Wilson Manager 902 Suite Monroe 202 Street 902 Monroe Street Fort Worth, TX 76102 Fort Worth, TX 76102 (817) 392-8272 Barbara.wilson@fortworthgov.org This Attachment for AT&T Consulting Professional Services is an attachment to the AT&T Master Agreement between the parties dated March 10, 2011 and recorded as City Secretary Contract No. 41553 and AT&T Contract No. 138256UA (the "Agreement"). Notwithstanding any other provision of the Agreement, notices pertaining to this Attachment or any SOW should be sent to the attention of the parties specified above. AGREED: CUSTOMER: City of Fort Worth arfripoirpig.4 By: (Authorized Agent or Representative) Fernando Costa (Typed or Printed Name) Assistant City Manager (Title) s//s ii (Dale) �'AI ROVED , �� OFoxika AND Lanx Assistant City Attorney AGREED: AT& B _ _ -- Y: y7aP43stW€iJt4e (AutRdrizbtri A: - CONTRACT SPECIAL ST - CUST ME P ) R C NTR�4 T CS (Typed or Printed Name) (Title) (Date) Or: Marty Henddx, V AT&T and Customer Confidential Page 1 of 4 sateatiteezo -40atalittiqs An,. VW/Pm% iintertit %0 ccrS.ty o G` CiCa l RECORD an SECRETARY r51 Attachment to Master Agreement AT&T Consulting Professional Services 1. SERVICES AT&T will, through its Affiliate AT&T Consulting Solutions Inc. or such other Affiliate or subcontractor that AT&T in its discretion deems appropriate, provide the AT&T Consulting Professional Services as described in Statements of Work ("SOWs") that are mutually agreed to by the parties and attached to this Attachment to the Master Agreement as Schedules. Each SOW is effective, incorporated into and made part of this Attachment, when signed by both the Customer and AT&T. 2. TERMS AND CONDITIONS A. SCOPE. AT&T will assign resources with the appropriate skills to meet the Customer's project requirements. However, any tasks identified that are outside the scope of projects described in the SOWs will be addressed with additional services offered to the Customer through a change order. If the scope of the project, number or locations of Sites, start and finish dates, work to be done, or other material parameters of the project change, AT&T and Customer shall revise the SOWs accordingly or use the change order process and make appropriate revisions to the charges for the Services. B. PENETRATION TESTING. If Customer requires that AT&T perform intrusive network vulnerability and / or penetration testing services, the parties will execute an amendment to this Attachment setting out the terms of those services. C. CUSTOMER OBLIGATIONS. Customer agrees to provide all information and cooperation necessary for implementation of the Services, including but not limited to access to individuals and facilities, determination of schedules, and selection from among alternative designs. Customer shall provide a single point of contact through whom AT&T may obtain information and assistance regarding projects between the parties. AT&T will rely on all information provided by Customer and will not be responsible or held liable for any damages or costs that result from errors or omissions in such information. Customer shall provide a suitable and safe environment for AT&T's work at the Customer's premises. Customer represents and warrants that the area of the Customer's premises within which AT&T performs Services shall be free of Hazardous Substances D. INTELLECTUAL PROPERTY RIGHTS. (i) All intellectual property and proprietary rights arising by virtue of AT&T's performance of the Services are and will be the sole and exclusive property of AT&T, and neither ownership nor title to any such property will pass to Customer. (ii) Customer shall own the copies of any reports produced and furnished to Customer by AT&T in providing the Service ("Reports"), and Customer is hereby granted, under AT&T s copyrights, the perpetual, non-exclusive, personal and non -transferable right to reproduce and modify the Reports for Customer's own internal business purposes. For avoidance of doubt, "internal business purposes' exclude public distribution or resale to third parties and revenue generation purposes. (iii) AT&T hereby grants to Customer the non-exclusive, personal, and non -transferable right to use any items (other than Reports) produced and furnished to Customer by AT&T in providing the Services, solely for Customer's own internal business purposes during the term of this Attachment, or for such other purposes as may be mutually agreed in writing by the parties. (iv) Except as otherwise specified herein, no other right or license to or under any of AT&T's intellectual property rights is either granted or implied under this Attachment. E. TERM AND TERMINATION. This Attachment shall continue until all services have been provided but not later than May 5, 2012 ('Expiration Date") AT&T and Customer Confidential Updated: 12/11/06 Page 2 of 4 Attachment to Master Agreement AT&T Consulting Professional Services F. ORDER OF PRECEDENCE. If there is any conflict between the Statement of Work, this Attachment to the Master Agreement, and the Agreement, then the order of precedence shall be the (1) the Agreement; (2) the Statement of Work and (3) this Attachment to the Master Agreement. AT&T and Customer Confidential Updated: 12/11/06 Page 3 of 4 Attachment to Master Agreement AT&T Consulting Professional Services SCHEDULE 1: STATEMENT OF WORK AT&T and Customer Confidential Updated: 12/11/06 Page 4 of 4