MEMORANDUM OF UNDERSTANDING – SERVICES Attorney-General’s Department and [THE AGENCY] FOR PARTICIPATION AS BOTH A DATA HOLDING AND REQUESTING AGENCY IN THE NATIONAL FACIAL BIOMETRIC MATCHING CAPABILITY Version 5.0 (10 October 2016) This MOU is intended to operate in conjunction with the Interagency Data Sharing Arrangement Template and Access Policy documents AGD has provided/will provide for the Face Verification Service and Face Identification Service. The template is intended to form the basis for arrangements and negotiation between Commonwealth entities only. MOU for Data Holding Agencies Table of Contents Part A – Background ............................................................................................................................... 4 1. Parties ......................................................................................................................................... 4 2. Context ........................................................................................................................................ 4 Part B – Interpretation ............................................................................................................................. 5 3. Interpretation ............................................................................................................................... 5 4. Definitions .................................................................................................................................... 5 Part C – Term and Termination, Compliance and Governance .............................................................. 9 5. Term ............................................................................................................................................ 9 6. Termination of this MOU ............................................................................................................. 9 7. Compliance ................................................................................................................................. 9 Part D – Access to Services.................................................................................................................. 10 8. Services..................................................................................................................................... 10 9. Terms of access to service ....................................................................................................... 10 10. Security ................................................................................................................................. 11 11. Remediation .......................................................................................................................... 11 Part E - Service Requirements.............................................................................................................. 12 12. AGD General Service Levels ................................................................................................ 12 13. AGD Service Levels to the Agency as a Requesting Agency ............................................... 13 14. The Agency’s Commitments to AGD as a Data Holding Agency ......................................... 13 15. The Agency’s Commitments to AGD as a Requesting Agency ............................................ 13 16. AGD’s access to resolve technical issues ............................................................................ 14 17. Management of the Agency’s use of the Services ................................................................ 14 18. Interactions with the public .................................................................................................... 14 19. Understanding on costs and charges ................................................................................... 15 20. Understanding on Data Holding Agency imposed costs and charges .................................. 15 Part F – The Agency’s Use of its own Data Source(s) through the Interoperability Hub ...................... 15 21. Control of Nominated Users .................................................................................................. 15 22. Appointment of Nominated Users ......................................................................................... 16 23. Management of Nominated Users ........................................................................................ 17 24. Termination of Nominated Users .......................................................................................... 17 Part G – Disputes, Suspension and Termination .................................................................................. 17 25. Dispute Resolution ................................................................................................................ 17 26. Suspension of service ........................................................................................................... 18 27. Termination of service ........................................................................................................... 18 28. Opportunity for the Agency to Respond ................................................................................ 19 Part H – Miscellaneous ......................................................................................................................... 20 29. Limit of AGD’s Responsibility ................................................................................................ 20 30. Intervening Event .................................................................................................................. 20 31. Subcontracting and AGD Service Providers ......................................................................... 20 32. Notices .................................................................................................................................. 21 33. Confidentiality ........................................................................................................................ 21 34. Variation ................................................................................................................................ 21 Part I – Execution .................................................................................................................................. 22 Schedule 1 – Internal Access Permissions & Transaction Quotas ......................................................... 1 Schedule 2 – Nominated User Quotas, Roles and User-level Access Permissions .............................. 1 Schedule 3 – Principal Client Administrator ............................................................................................ 1 Schedule 4 – Data Holding Agency Service Levels ................................................................................ 1 Schedule 5 – AGD Service Levels .......................................................................................................... 1 Schedule 6 – Statement of Legislative Compliance ............................................................................... 1 Schedule 7 – Contact Information ........................................................................................................... 1 Schedule 8 – Nominated User Registry Requirements .......................................................................... 1 Schedule 9 – Compliance Statement ...................................................................................................... 1 Schedule 10 – Variation Request Form .................................................................................................. 1 3 Part A – Background 1. Parties This Memorandum of Understanding (MOU) is made between the following agencies (the Parties): Commonwealth of Australia acting through and represented by the Attorney-General’s Department ABN 92 661 124 436 (AGD) Commonwealth of Australia acting through and represented by the [Insert name] [ABN] (the Agency) 2. Context 2.1. This document (the MOU) sets out the understanding between AGD and the Agency in relation to: 2.1.1. providing Identity Information held by the Agency to Requesting Agencies through the Interoperability Hub. 2.1.2. terms on which the Agency will access and use its own Data Source(s) and other Participants’ Data Sources through the Services provided via the Interoperability Hub. 2.1.3. the Agency’s compliance with safeguards contained in applicable legislation when using and managing data obtained through the Services provided via the Interoperability Hub. 2.2. This MOU is intended to operate and be interpreted in conjunction with: 2.2.1. The Access Policy for the FVS, and 2.2.2. FVS IDSA(s) the Agency has entered into. 2.3. There is no intention for this MOU to create a legal relationship between the Parties; it does not create legally binding obligations on the Parties. 2.4. The Agency acknowledges the Services it will access through the Interoperability Hub are designed to assist and complement the Agency’s existing processes and procedures for verifying a person’s identity. 2.5. The Agency understands: 2.5.1. Identity Information may contain Personal Information and Sensitive Information, 2.5.2. it is responsible for any decisions it makes based on the Identity Information it receives through the Services, and 2.5.3. information or a positive or negative Response received through the Interoperability Hub is not intended to be used as the sole basis for the Agency to make a decision about an individual’s entitlement to a service, a product, an outcome, or the applicability of a law or policy to an individual. 4 Part B – Interpretation 3. Interpretation 3.1. 4. The Schedules to this MOU form an integral part of the MOU and are subject to its provisions unless specified otherwise. In the event of any inconsistency between the Schedules or any other attachments and the MOU, the terms of the MOU will prevail. Definitions In this MOU, capitalised terms have the meaning given below. Access Policy means a documented set of requirements approved by [Governing Body] that a Participant will comply with in order to access a service facilitated by the Interoperability Hub. Drafting note: For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee” Administration Facility means a service provided through the Portal that enables Client Administrators to add, manage (including password reset, access support, and access re-justification) and remove Nominated Users. Client Administrator means an Employee of a Participant whose user account enables performance of administrative functions specified in this MOU and in any data sharing arrangement. These functions include, but are not limited to, Nominated User creation and approval, reauthorisation, audit reporting and outage management. Compliance Statement means the information and evidence the Agency provides in response to the items in Schedule 9 – Compliance Statement. Data Holding Agency means a Participant receiving and responding to a Query from a Requesting Agency with which it has entered into a data sharing arrangement for the Services provided by the Interoperability Hub. Data Source means a database of Identity Information for a document type. Dispute means a difference of opinion raised by a Party relating to an operative provision of this MOU. Effective Date means the date in paragraph 5.1. Employee(s) is an individual who works under a contract of employment (whether oral or written, express or implied) and who has responsibilities and duties to a Participant. Estimated Peak Transaction Volume means the total number of Transactions in a Financial Year the Agency estimates it will submit to its own Data Source(s), as set out in Column D of each table in Part B of Schedule 1, and the total number of Transactions in a Financial Year a Data Holding Agency has determined the Agency may submit to it in relation to a Data Source, as set out in Column D of each table in Part B of Schedule 1 of all FVS IDSAs the Agency has entered into. Estimated Transaction Quota means the total number of Transactions in a Financial Year the Agency estimates it will submit to its own Data Source(s), as set out in Column C of each table in Part B of Schedule 1, and the total number of Transactions in a Financial Year a Data Holding Agency has determined the Agency may submit to it in relation to a Data Source, as set out in Column C of the table in Part B of Schedule 1 of all FVS IDSAs the Agency has entered into. 5 Executive Management means Employees of the Parties who directly supervise or are superior to the Senior Representatives. Facial Image(s) includes digital photographs, live capture images, scanned photographs and other technical information related to those images (such as the time and date of capture and data capture standards used). Face Verification Service (FVS) means the identity matching service and its three functions (Retrieve, Match and Search) that enable biographical data or a facial image associated with an individual to be compared, on a one-to-one basis, against an image held on a specific government record associated with that same individual. Financial Year means the period starting 1 July and ending 30 June the following year. FVS IDSA means an Interagency Data Sharing Arrangement entered into by the Agency and another Participant using the FVS IDSA Template. FVS IDSA Template means the version of the template FVS Interagency Data Sharing Arrangement (IDSA) most recently approved by [Governing Body] before the execution of this MOU. Drafting note: For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee” Hub Operator means the Attorney-General’s Department or an entity contracted by the AttorneyGeneral’s Department to be a managed service provider services on its behalf. Identity Information includes, but is not limited to, an individual’s facial images, government related identifiers, and other biographical or biometric information. Identity Matching Services Administrator (IDMS Administrator) means AGD employees responsible for managing the Interoperability Hub and its Services. Identity Matching Services Team (IDMS Team) means AGD employees responsible for the policy development and management of the Interoperability Hub and its Services. Image Matching means the automated process of comparing two images to determine whether they are of the same person, using a facial recognition engine. Interoperability Hub means the technical system that provides a mechanism for the secure and auditable transmission of facial images and associated information between agencies or entities participating in the National Facial Biometric Matching Capability. Intervening Event means a situation or circumstance described in paragraph 30.1. ITIL means information technology infrastructure library. Match means the function of the FVS that allows a Nominated User to submit a person’s facial image and required biographic details to a Data Holding Agency’s Data Source(s) to confirm whether it matches the person’s record. National Facial Biometric Matching Capability (NFBMC) means the infrastructure, legislative and governance arrangements that support the sharing and matching of Identity Information. Nominated User means either a person who is an Employee of the Agency or an information technology system of the Agency. 6 Nominated User Quota means the total number of the Agency’s Nominated Users that may access a Data Source in a Financial Year as specified in: each table in Schedule 2 – Nominated User Quotas, Roles and User-level Access Permissions, and as specified in each table in Schedule 2 of all FVS IDSAs the Agency has entered into. Nominated User Registry means any or all of the registers of Nominated Users of the Agency in its capacity as a Requesting Agency as set out in Schedule 8 – Nominated User Registry and the registers the Agency is required to keep under FVS IDSAs it has entered into. Outage means an occurrence within AGD or the Agency’s information and communications technology environment that results in the partial or complete cessation of the Services. Participant means an agency, organisation or entity that connects to the Interoperability Hub. Personal Information has the same meaning as in the Privacy Act. Portal means the user interface associated with the Interoperability Hub that allows Nominated Users to access the Services or perform administrative functions. Post-Incident Report (PIR) means a report relating to the Interoperability Hub or the Services containing recommendations to mitigate risks and minimise vulnerabilities identified by a potential or actual security breach. Principal Client Administrator is an Employee of the Agency who has the power to appoint the Agency’s Client Administrators and Nominated Users and is appointed by the Agency under this MOU. Privacy Act means the Privacy Act 1988 (Cth). Production Environment means the information technology environment used to deploy the production version of the Interoperability Hub and Portal that allows Nominated Users to run Transactions and perform administrative functions. Query means Identity Information submitted by a Participant either through the Portal or by a systemto-system connection that is intended to be compared against the Identity Information held in a Data Source. Re-authorise means a management process by which a Client Administrator satisfies themselves that a Nominated User meets the requirements of paragraph 22.1 of this MOU or paragraph 6.6 of all FVS IDSAs the Agency has entered into, either upon a change of Role or at regular intervals for a continuing Nominated User. Representative means, in relation to a party, the person specified as a Representative for that party in Schedule 7 – Contact Information or as otherwise notified by a Party to the other Party from time to time. Requesting Agency means a Participant that submits a Query to a Data Holding Agency with which it has entered into an interagency data sharing arrangement for the Services provided through the Interoperability Hub. Response means Identity Information or a system response (including but not limited to a Yes/No Flag or an ‘error message’) provided from the Data Holding Agency via the Interoperability Hub to the Requesting Agency either through the Portal or by a System-to-system connection. 7 Retrieve means the function of the FVS that allows a Nominated User to submit a person’s biographic details to a Data Holding Agency’s Data Source(s) to retrieve either that person’s Facial Image, that person’s biographic details, or both. Role means a category of Nominated User(s) specified by the Agency in Column A of all tables in Schedule 2 of this MOU, and in Column A of all tables in Schedule 2 of each FVS IDSA the Agency has entered into. Sandpit Environment means a shared IT environment between AGD, the Hub Operator and the Agency used for initial integration testing with the Interoperability Hub by the Agency to test the Agency’s application with the services provided by the Interoperability Hub. Search means the function of the FVS that allows a Nominated User to submit a person’s biographic details and Facial Image to the Data Holding Agency’s Data Source(s) to verify that person’s record. Security Risk Management Plan means a document relating to the Services and/or connection to the Interoperability Hub which identifies security risks and appropriate mitigation measures for information technology systems, determines a risk tolerance threshold, and ensures consistent and coordinated management of risks across a Participant. A security risk management plan is undertaken in accordance with the information security management framework which is required by the Australian Government information security management protocol of the Australian Government Protective Security Policy Framework. Senior Representative means the person specified as a Senior Representative for a Party in Schedule 7 – Contact Information or as otherwise notified by a Party to the other Party from time to time. Sensitive Information has the same meaning as in the Privacy Act. Services means the Identity Matching services to be provided by AGD to the Agency, specified in Item 8. . Suspension and Termination Framework means a document approved by [Governing Body] that sets out the policy and principles for suspending access to the Interoperability Hub and its Services. Drafting note: For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee” System Configuration Items are externally configurable values set across the NFBMC for Participants by IDMS Administrators. System and User-Acceptance Testing (UAT) Environment means the IT environments used for end-to-end integration testing, performance, and user-acceptance testing of the Interoperability Hub which Participants will use to undertake the tests to ensure that the Interoperability Hub meets their requirements. System-to-system means Queries submitted by a Requesting Agency to a Data Holding Agency through the Hub via a Requesting Agency information technology system, or third-party information technology system used by a Requesting Agency. Technical Specifications means a document available on a sharepoint site for the Interoperability Hub, as updated from time to time by AGD in relation to either a single Data Source or multiple Data Sources. Transaction means both a Query and Response sent through the Interoperability Hub. 8 User Requirements means the characteristics, qualifications or other items specified by the Agency for a Role in Column B of all tables in Schedule 2 of this MOU and in Column B of each table in Schedule 2 of all FVS IDSAs the Agency has entered into. User-level Access Permissions means a subset of Identity Information a Nominated User with a particular Role can access through the FVS, as specified by the Agency in column D of each table in Schedule 2 of this MOU and in Column D of each table in Schedule 2 of all FVS IDSAs the Agency has entered into. Part C – Term and Termination, Compliance and Governance 5. 6. 7. Term 5.1. This MOU will be effective from the date both Parties’ representatives have signed in Part I. 5.2. This MOU will continue from the Effective Date until terminated through the process in Item 6. . Termination of this MOU 6.1. A Party may withdraw from this MOU by giving not less than 45 days’ notice, in writing, to the other Party. 6.2. After the period in paragraph 6.1, this MOU will be terminated. Compliance 7.1. The Agency acknowledges the importance of ensuring compliance with requirements to maintain and enhance the integrity of the Interoperability Hub. 7.2. The Agency will complete a Compliance Statement and submit it to AGD for consideration by the [Governing Body] that: 7.2.1. documents any breaches of the service levels in Part E - Service Requirements and Schedule 4 – Data Holding Agency Service Levels, and 7.2.2. is signed off by its Senior Representative. 7.3. The Agency will submit the Compliance Statement in paragraph 7.2: 7.3.1. by the end of the month of March each year, or 7.3.2. if outstanding on 1 April, at the request of AGD after consultation with the Agency. Drafting note: For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee” 7.4. The Agency will ensure that, at a minimum, its Compliance Statement will contain information that provides evidence of: 7.4.1. its use of and/or or service provision to the Interoperability Hub being in accordance with 9 7.4.1.1. this MOU 7.4.1.2. the Access Policy relevant to the Services it uses, and 7.4.2. 7.5. technical, privacy and security safeguards working effectively to protect the integrity of the Interoperability Hub and the Services. Each Compliance Statement will cover a 12 month period beginning in February of the previous year and ending in February of the year in which a Compliance Statement is required to be submitted to AGD under paragraph 7.3. <Guidance note: For example, a Compliance Statement delivered to AGD in March 2017 would provide evidence of compliance for the period between February 2016 and February 2017> 7.6. The Agency will provide recommendations that may be made to it in relation to its use of and/or service provision to the Interoperability Hub to the [Governing Body] as information becomes available. This information may come from reports to the Agency from areas such as: 7.6.1. audits of the Office of the Australian Information Commissioner 7.6.2. review bodies of state/territories, and 7.6.3. other audits or reviews. <Drafting note: For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee”> Part D – Access to Services 8. Services 8.1. AGD proposes to allow the Agency to access, use and share Identity Information via the Interoperability Hub for: 8.1.1. the Face Verification Service, and 8.1.2. [Place holder for other Services]. <Guidance note: the Placeholder is included so that the Template can, in the future, also apply to the Face Identification Services. Delete ‘and sub-paragraph 8.1.2’ if FIS not used.> 9. Terms of access to service 9.1. From the Effective Date, AGD permits the Agency to test its connection to the Portal and the Interoperability Hub in the Sandpit Environment. 9.2. Once approved by the IDMS Team, the Agency will have access to the Production Environment. 9.3. AGD will allow the Agency to maintain its access to, the Production, User-Acceptance Testing or System Integration Testing Environments if: 10 9.3.1. the Agency notifies AGD of material changes to, or termination of each FVS IDSA the Agency is a party to 9.3.2. AGD [and the Governing Body] is, or remains, satisfied that: <Guidance Note: the Governing Body can be specified once Governance arrangements are settled. For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee”> 9.3.2.1. all requirements of the Access Policy for the Services have been met by the Agency, and 9.3.2.2. the Agency has met its responsibilities under this MOU. 9.4. 10. AGD will not allow the Agency to access Data Sources held by other Participants until the Agency has executed an FVS IDSA. Security 10.1. The Agency will notify AGD and any affected Data Holding Agency within 48 hours when: 10.1.1. it is aware of a security breach that affects the NFBMC or the Services. 10.1.2. the Agency suspects there is a security breach that may affect the NFBMC or the Services. 10.2. For the purposes of paragraph 10.1, a security breach includes situations related to the NFBMC or the Services where: 10.2.1. the Agency loses, or loses control over, Identity Information, and 10.2.2. Identity Information is not disclosed consistently with the terms of any FVS IDSA. 10.3. After the notification in paragraph 10.1, the Agency will complete a Post-Incident Report (PIR) within 2 weeks of the relevant security breach. 10.4. The Agency will send the Post-Incident Report and any recommendations to AGD, each Requesting Agency accessing the affected Data Source(s) and any affected Data Holding Agency. 11. Remediation 11.1. Within 1 week after the Agency conducts a PIR under paragraph 10.3, the Agency will submit a remediation plan to AGD which includes timeframes for implementing recommendations of the Post-Incident Report. 11.2. The Agency will use its best endeavours to remedy issues in conformity with the ITIL framework. 11.3. AGD is not responsible for any costs associated with carrying out the remediation plan. 11 Part E - Service Requirements 12. AGD General Service Levels 12.1. Response times 12.1.1. Transactions will generally be processed within the Interoperability Hub within 10 seconds. 12.1.2. AGD will use its best endeavours to process Queries and Responses. 12.2. Priority of requests 12.2.1. Queries will be actioned by the Interoperability Hub in three processing queues according to their priority. 12.2.2. AGD maintains its right to alter the order in which Transactions are resolved. 12.2.3. If an Intervening Event under paragraph 30.1 occurs, AGD will prioritise any Queries or Responses that may assist in resolving that event, and 12.2.4. AGD may perform rate limiting on Transactions if the capacity of the Interoperability Hub is compromised. 12.3. AGD will provide the Principal Client Administrator with information, specifications, documentation and data necessary for the Agency to use and provide Identity Information for the Services, which includes: 12.3.1. Guidance for Nominated Users on how to use the Interoperability Hub through the Portal and System-to-system interfaces (user guide) 12.3.2. System Configuration Items, and 12.3.3. Interoperability Hub or FVS Documentation. 12.4. AGD will provide the documents referred to in paragraph 12.3 (and any updates to them) on a sharepoint site for the Interoperability Hub, in relation to either a single Data Source or multiple Data Sources. All information hosted on the sharepoint site for the Interoperability Hub will be at a For-Official-Use-Only classification or lower. 12.5. The IDMS Team will notify the Agency’s Principal Client Administrator of: 12.5.1. any events or circumstances that are likely to result in a disruption to the Services, or any scheduled outages 12.5.2. updates to any documents in paragraph 12.3, and 12.5.3. any security breach other Participants have notified AGD of (under paragraph 10.1 or its equivalent in other Memoranda of Understanding to which AGD is a party) if AGD considers the security breach has, or may adversely affect, the security, privacy, reputation, stability or integrity of the Agency or its information technology systems. 12.6. AGD will ensure that the Services meet the standards set out in Schedule 5 – AGD Service Levels. 12 12.7. AGD commits to auditing the Hub Operator’s contractual obligations and AGD’s obligations under this MOU annually, by an entity that is independent of AGD. 12.7.1. For the avoidance of doubt, the audit in paragraph 12.7 will cover all activities of AGD under Item 15. . 12.8. AGD will deactivate the accounts of Nominated Users not Reauthorised when the period specified in sub-paragraph 23.2 expires. 13. AGD Service Levels to the Agency as a Requesting Agency 13.1. AGD may queue responses to, or Queries from, the Agency when: 13.1.1. the Agency exceeds their Estimated Transaction Quota, or Estimated Peak Transaction Volume for any Data Source it has access to under a FVS IDSA, or 13.1.2. AGD experiences an Intervening Event. 13.2. AGD may report the impact of the Agency’s Queries on the Interoperability Hub to the [Governing Body] when taking action under 12.2.4. <Drafting note: For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee”> 14. The Agency’s Commitments to AGD as a Data Holding Agency 14.1. The Agency will provide access to its Identity Information and Image Matching in accordance with the Service levels set out in Schedule 4 – Data Holding Agency Service Levels. 14.2. The provision of Services through the Interoperability Hub relies on the cooperation of all Participants. To this end, the Agency acknowledges that to generate value to all Participants, it will share its Identity Information to the maximum possible extent permissible by law. <Guidance note: the Placeholder is included so that the Template can, in the future, also apply to the Face Identification Services> 14.3. The Agency will participate in at least one disaster recovery exercise related to the Interoperability Hub per year. 14.4. The Agency acknowledges AGD is only required to provide Identity Information to a Requesting Agency for each Data Source as specified in the Technical Specifications. 15. The Agency’s Commitments to AGD as a Requesting Agency 15.1. The Agency acknowledges AGD will only provide the Identity Information in response to a Query that is specified in the User-level Access Permissions determined by each Data Holding Agency. 15.2. The Agency will use its best efforts to notify AGD of the expected number of its Queries and the date and time of any Queries that it proposes to make in bulk. 13 16. AGD’s access to resolve technical issues 16.1. The Agency acknowledges that to enable the provision of the Services and access to the Interoperability Hub, the IDMS Administrators will have all of the privileges and access granted to any Client Administrators under any data sharing arrangements the Agency enters into. 16.2. For the purposes of resolving technical issues with the Services or access to the Interoperability Hub (including but not limited to triaging technical faults or reproducing technical faults) the Agency permits IDMS Administrators to run Transactions against its Data Source(s), and disclose Queries, Responses or Transactions to the Hub Operator or relevant Participants. 16.3. Any access to Data Source(s) or disclosure for the purposes identified in paragraph 16.2 may only occur in the following circumstances: 16.3.1. The IDMS Administrators have been specifically requested to resolve a technical issue with access to the Interoperability Hub or the Services by a Participant. 16.3.2. Operation(s) the IDMS Administrators perform under paragraph 16.2 use either: 16.3.2.1. test data decided on with the Agency, or 16.3.2.2. Identity Information, where the individual to whom it relates has consented in writing to the operation to be performed under paragraph 16.2, and 16.3.3. 17. The relevant disclosure is made on a For-Official-Use-Only basis. Management of the Agency’s use of the Services 17.1. The Agency’s Principal Client Administrator will circulate any information AGD provides to them to their affected Nominated User(s). 17.2. The Agency will provide AGD with notification if the delivery of its Identity Information to a Requesting Agency or Agencies is likely to be delayed. 17.3. As soon as possible either before it occurs or afterwards, the Agency will notify the Hub Operator of an Outage by recording the Outage through the outage and notification functionality. 18. Interactions with the public 18.1. The Agency will: 18.1.1. respond to any enquiries or complaints by members of the public relating to the Identity Information provided to users of the Services 18.1.2. provide an accessible process for members of the public to correct any information held by the Data Holding Agency, and 18.1.3. review decisions relating to privacy, in accordance with its own procedures. 14 18.2. The Agency acknowledges that AGD is the central point of contact for any public enquiries about the Interoperability Hub and the Agency will cooperate with AGD when AGD undertakes any coordination necessary for public statements. 19. Understanding on costs and charges 19.1. The Agency is responsible for its own technical links and system-to system interface with the Interoperability Hub and associated costs, and for the provision of management information on the performance of its Services under the Interoperability Hub. 19.2. Subject to 19.3, the Agency acknowledges that AGD reserves the right to introduce charges to Participants to recover costs of the Services and access to the Interoperability Hub. 19.3. AGD will not charge the Agency for access to the Interoperability Hub in its capacity as a Data Holding Agency. 19.4. AGD is the sole biller. AGD may bill Participants for Transactions relating to the Services conducted through the Interoperability Hub. 19.5. Any charges made or billing for Services under paragraphs 19.2 or 19.3 will be implemented through a variation to this MOU under Item 34. . For the avoidance of doubt, any such variation will be agreed by AGD and the Agency before any charging or billing occurs. 20. Understanding on Data Holding Agency imposed costs and charges 20.1. The Agency may authorise AGD to collect any charges it imposes on Requesting Agencies accessing its Data Source(s) under the terms of any FVS IDSA, when: 20.1.1. The Agency requests AGD to do so in writing, and 20.1.2. A Requesting Agency has assented to charging arrangements with the Agency under an FVS IDSA. Part F – The Agency’s Use of its own Data Source(s) through the Interoperability Hub 21. Control of Nominated Users 21.1. The Agency will only submit Queries for the Services through its Nominated Users. 21.2. The Principal Client Administrator and a Client Administrator have the power to appoint Nominated Users, terminate Nominated Users and change the Role of a Nominated User through the Administration Facility. 21.3. The Agency will notify AGD of its Principal Client Administrator(s) and any change to the identity or contact details of that Principal Client Administrator(s). 21.4. The notification in paragraph 21.3 should be given either on the Effective Date or as soon as practicable, and contain all of the information in Schedule 3 – Principal Client Administrator. 15 21.5. The Principal Client Administrator: 22. 21.5.1. has the power to appoint a Client Administrator, and 21.5.2. is responsible for ensuring a Client Administrator complies with the obligations in Items 22. , 23. and 24. . Appointment of Nominated Users 22.1. An appointment or change to Role under paragraph 21.2 may only occur when all of the applicable conditions are met: 22.1.1. If the Nominated User is a person: 22.1.1.1. that person has undergone training that meets the requirements of the Access Policy, and 22.1.1.2. there is a reasonable need for the person to use the Services to perform his or her employment duties. 22.1.2. If the Nominated User is an information technology system: 22.1.2.1. that information technology system has a current security accreditation under each interagency data sharing Arrangement the Agency has entered into, and 22.1.2.2. there is a reasonable need to use the Services to perform operations required by the Agency. 22.1.3. A Client Administrator is satisfied the appointment does not cause the Agency to exceed any Nominated User Quota. 22.1.4. A Client Administrator is satisfied the appointment does not cause the Agency to exceed any sub-quota of Nominated Users that may be assigned to each Role as specified in Column C of each table contained in Schedule 2 – Nominated User Quotas, Roles and User-level Access Permissions. 22.1.5. A Client Administrator has checked that the person meets the User Requirements when assigning a Role under sub-paragraph 22.2.1, and 22.1.6. Based on the check conducted in sub-paragraph 22.1.5, a Client Administrator is satisfied that the Role and User-level Access Permissions assigned to that Nominated User is appropriate. 22.2. Prior to each Nominated User accessing any Data Source of the Agency, a Client Administrator will assign to that Nominated User: 22.2.1. a single Role from the available Roles in each table contained in Schedule 2 – Nominated User Quotas, Roles and User-level Access Permissions, and 22.2.2. the User-level Access Permissions associated with the Role assigned under paragraph 22.2.1, as specified in Column B of Schedule 2 – Nominated User Quotas, Roles and User-level Access Permissions. 16 23. Management of Nominated Users 23.1. The Agency undertakes to establish and maintain a Nominated User Registry. 23.2. The Agency’s Client Administrator will re-authorise a Nominated User(s) access to the FVS or Administration Facility once every 180 days. The purpose of this requirement is to introduce a mechanism to ensure only users who currently require access to the Interoperability Hub have it 24. Termination of Nominated Users 24.1. If the requirements contained in paragraph 22.1 are no longer met, the Agency’s Client Administrator will: 24.1.1. terminate a Nominated User by removing a person or information technology system from the Nominated User Registry, and 24.1.2. remove access to the Services for that Nominated User as soon as practicable, or request AGD to remove access to the Services as soon as practicable on their behalf. Part G – Disputes, Suspension and Termination 25. Dispute Resolution 25.1. The provision of Services through the Interoperability Hub relies on the cooperation of all Participants. To this end, the Parties will consult fully with each other, other Participants, the IDMS Team, IDMS Administrators, Representatives and any other affected party to resolve any issue in connection with the Interoperability Hub or this MOU. 25.2. In the event that issues are not resolved within a reasonable period of time through the consultation required by paragraph 25.1, the Parties are taken to be in Dispute over the relevant issue. 25.3. A Party to a Dispute may at any time, by written notice to the other Party, request that the Dispute be referred for resolution by their respective Executive Management. Within 7 days of such a request being made, each Representative, by written notice to the other Party, will: 25.3.1. nominate a member of its Executive Management with authority to settle the Dispute to represent the Party in discussions 25.3.2. ensure that the nominated member of its Executive Management is reasonably available to discuss the Dispute and nominate a range of times and venues at which its nominated member is able to engage in discussions, and 25.3.3. provide a written summary of the facts and issues that the Party has identified as relevant to the Dispute, and any other information that will assist in discussions to resolve the Dispute. 17 25.4. Nominated members of the Executive Management will make all reasonable efforts to engage in and progress discussions, and endeavour, in good faith, to resolve the Dispute. 25.5. In resolving any Dispute in accordance with the procedures in paragraphs 25.1 or 25.3 either Party may (at its own cost) engage an independent mediator or facilitator to assist in discussions at any stage. 26. Suspension of service 26.1. AGD has the right to suspend the access of the Agency or a Nominated User of the Agency to the Services or the Interoperability Hub in the event that any of the following occurs: 26.1.1. AGD becomes aware through a Compliance Statement referred to in Item 6.1, or is notified by either the Agency or [Governing Body] that one or more of the requirements or the timeframes in which the requirements are to be done in Part D – Access to Services and Part E - Service Requirements are not met, or are no longer met. <Drafting note: For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee”> 26.1.2. A Data Holding Agency makes a written request for AGD to suspend the Agency. 26.1.3. AGD considers on reasonable grounds that the Agency’s access to the Interoperability Hub, or the Services provided through it, has the potential to cause an adverse effect on the security, privacy, reputation, stability or integrity of the Services. 26.2. If AGD decides to exercise its right to suspend the Agency under 26.1, AGD will suspend a Party’s access to the Services for a period: 26.2.1. recommended to it by [the Governing Body ], or 26.2.2. that it determines is appropriate. <Drafting note: For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee”> 26.3. AGD will apply the Suspension and Termination Framework to determine an appropriate suspension period under sub-paragraph 26.2.2. 26.4. During the period of any suspension AGD and the Agency will work cooperatively to cease, remedy or ameliorate any activity or circumstances which lead to the suspension being imposed or continued. 27. Termination of service 27.1. AGD has the right to terminate the access of the Agency or a Nominated User of the Agency to any or all of: one or more Data Sources, the Services, or the Interoperability Hub, in the event that one or more of the following occurs: 27.1.1. AGD becomes aware through a Compliance Statement referred to in Item 6.1, or is notified by either the Agency or [Governing Body] that the one or more of the 18 requirements or the timeframes in which the requirements are to be done in Part D – Access to Services are not met, or are no longer met. <Drafting note: For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee”> 27.1.2. AGD previously suspended the Agency or its Nominated User under Item 26. . 27.1.3. In AGD’s opinion, the Agency’s or its Nominated User’s use of the Interoperability Hub or the Services: 27.1.3.1. causes, or may cause, severe and prolonged disruption to other users of the FVS or the Interoperability Hub, or 27.1.3.2. results, or may result in, in an unacceptable level of risk to the security of the Interoperability Hub. 27.2. AGD will terminate a Party’s access to one or more Data Sources, the Services, or the Interoperability Hub: 27.2.1. to implement a recommendation made to it by [Governing Body] <Guidance note: this may occur if, for example, the Governing Body/Board determines the Party has not addressed recommendations of an audit, it receives a complaint from a Privacy regulator or oversight body that remains unaddressed.> <Drafting note: For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee”> 28. 27.2.2. on request of a Data Holding Agency, or 27.2.3. if AGD decides to exercise its right to terminate paragraph 27.1. Opportunity for the Agency to Respond 28.1. Before termination or suspension under paragraphs 26.2 or 27.2, AGD will: 28.1.1. where practicable, provide reasonable advance notice of its intention to Suspend or Terminate and the reasons for its decision to Suspend or Terminate, and 28.1.2. offer the Agency the opportunity to respond with a statement that contains evidence of how the Agency will cease, remedy or ameliorate any activity or circumstances which enables AGD to take action under paragraphs 26.2 or 27.2. 28.2. The Agency will ensure its statement in sub-paragraph 28.1.2 is sent to AGD as soon as practicable after being provided with the advance notice in sub-paragraph 28.1.1. 28.3. If the statement in sub-paragraph 28.1.2 is not received within 7 business days, or AGD is not satisfied with the response, AGD is entitled to proceed with suspension or termination under paragraphs 26.2 or 27.2. 19 Part H – Miscellaneous 29. Limit of AGD’s Responsibility 29.1. The Interoperability Hub and the Services provided through it are the result of cooperative endeavour between many entities, including Participants. Accordingly, the Agency acknowledges that its access to, and the exchange of Identity Information via the Interoperability Hub is on an as-is basis. 29.2. The Interoperability Hub relies on the cooperation and best efforts of all Participants. The Agency will utilise its best efforts towards the co-operative endeavour. 29.3. Both Agencies understand they will not hold each other either wholly or partially responsible for any act or omission, system fault or error that may be related to: 30. 29.3.1. use, access or sharing of Identity Information via the Interoperability Hub 29.3.2. termination or suspension of the Services, and 29.3.3. connecting information technology systems to the Interoperability Hub. Intervening Event 30.1. Where an event occurs which is out of that Party’s control (an Intervening Event), the Party will be excused from fulfilling its responsibilities under this MOU. This includes, but is not limited to, force majeure, a national security event, terrorist activity, natural disasters, acts of war, riots and strikes outside that party's agency. 30.2. Without limiting paragraph 30.1, a Party will be excused from performing its responsibilities under this MOU to the extent that it is prevented from doing so by: 30.2.1. a Government policy decision, or 30.2.2. a default of one of a Party’s external service providers, provided that the Party exercises all reasonable measures to mitigate the effect of that default. 30.3. Where circumstances described in paragraphs 30.1 or 30.2 arise, the affected party will give notice to the other party as soon as possible, and the parties agree to negotiate in good faith to minimise the impact of any delay on the Services. 31. Subcontracting and AGD Service Providers 31.1. Both AGD and the Agency may outsource or subcontract any aspect of their connection to the Interoperability Hub to one or more external service providers. 31.2. Where requested by each other, the Parties will: 31.2.1. promptly provide all reasonable assistance to enable the other Party to comply with its obligations under its contracts with its external service providers, and 31.2.2. cooperate with the other Party’s external service providers as reasonably required to enable the AGD service provider to provide the Services. 20 32. Notices 32.1. Where notices, statements, reports or information are required to be sent or communicated to either of the Parties or other Participants, notices should be actioned or sent to a person in accordance with the contact protocol contained in Schedule 7 – Contact Information. 32.2. Notices can be effected by electronic mail, and is the preferred method of communication. 32.3. Unless otherwise specified, notices will be provided: 33. 32.3.1. where the notification is to occur after an event, within 3 business days after that event, or 32.3.2. where the notification is to occur before an event, 5 business days before an event occurring, as appropriate. Confidentiality 33.1. This document will be handled by the Parties in accordance with its security classification. 33.2. Except where disclosure is required by law or is otherwise in accordance with Commonwealth policy, a Party will not distribute this MOU without the prior agreement of the other Party. 34. Variation 34.1. Subject to paragraph 34.2, the terms of this MOU, including the forms contained in the Schedules, can be varied with the written agreement of the Parties. 34.2. A variation to this MOU will only be effective to the extent: 34.2.1. it is consistent with the Access Policy of the Services, and 34.2.2. the proposed variation is provided to the other Party in the form specified in Schedule 10 – Variation Request Form. 21 Part I – Execution This MOU is entered into by the Parties indicated below. Signed for, and on behalf of, the Commonwealth of Australia by [Insert Name], Assistant Secretary, National Security Division, Attorney-General’s Department, in the presence of: ………………………………. signature of representative ………………………………. ………………………………. witness name signature of witness Date Signed for, and on behalf of, the Commonwealth of Australia by [name], [position], [branch], [Department], in the presence of: . ………………………………. signature of representative ………………………………. witness name ………………………………. signature of witness Date 22 Schedule 1 – Internal Access Permissions & Transaction Quotas <Guidance: This template document provides an example of how a data source could be included in the scope of the Arrangement in Schedules 1 and 2. Multiple data sources can be accommodated under this Arrangement by adding additional information tables in Schedules 1 and 2> Part A. Data Holding Agency’s internal Access Permissions <Guidance on content in column D: The total scope of biographic details, biographic alias information and document details for each Data Source will be available from AGD or the Data Holding Agency.> <Guidance on content in column D: For Nominated Users using the Portal, biographic details, biographic alias information and document details are supplied in their entirety and a subset cannot be requested.> <Guidance on content in column D: For System-to-system transactions performed by Nominated Users, a subset of biographic details, biographic alias information and/or document detail information can be requested.> Face Verification Service (A) Data Source number (B) the Agency Data Source to be shared through FVS (C) FVS Function (D) Agency-level Access Permissions: Type of information the Agency can provide in response to Queries conducted by its Nominated Users * optional response [the Agency to select option(s) by checking boxes/ insert details] 1. Retrieve Biometrics (facial image) ☐ Biometrics (facial image) <Guidance: Check the box to request Biometrics (facial image)> Biographic details ☐ Biographic details, including: [insert] [the Agency to insert Data Source 1] <Drafting Note: For example, the data source might be ‘Citizenship Certificate’> < Guidance: Check the box to request biographic details, and identify which biographic details are required (for example: Citizenship Certificate Document Status; Citizenship Status; Family Name; Given Name(s); Date of Birth; Sex; Country of Birth; Place of Birth; Deceased Indicator)> Biographic alias ☐ Biographic alias information not required ☐ Notification Only < Guidance: check the Notification only box to be advised that alias information exists> ☐ Alias Information, including: [insert] <Guidance: check the alias information box to receive the alias information, and identify which biographic details are required (for example: Family Name; Given Name(s); Date of Birth; Sex) > Document details ☐ Document details including: [insert] < Guidance: Check the box to request additional document details, and identify which details are required (for example Visa Grant Number, Visa Class, Visa Subclass, Visa Status, Visa Grant Date)> 1 Face Verification Service (A) Data Source number (B) the Agency Data Source to be shared through FVS (C) FVS Function Match (D) Agency-level Access Permissions: Type of information the Agency can provide in response to Queries conducted by its Nominated Users * optional response [the Agency to select option(s) by checking boxes/ insert details] ☐ Flag only: Yes/No Response <Guidance: Check this box to receive a flag indicating match or no-match > __________________________________________ ☐ Flag: Yes/No Response and further information <Check this box to receive the match notification and all of, or a subset of, the Biometrics (facial image), Biographic details, Biographic alias and Document details for a Yes Response, as indicated by checking the boxes below. Biometrics (facial image) ☐ Biometrics (facial image) Biographic details ☐ Biographic details, including: [insert] Biographic alias ☐ Biographic alias information not required ☐ Notification Only ☐ Alias Information, including: [insert] Document details ☐ Document details including: [insert] Search [the Agency to select option(s) by checking boxes/ insert details] ☐ Flag only: Yes/No Response __________________________________________ ☐ Flag: Yes/No Response and further information Biometrics (facial image) ☐ Biometrics (facial image) Biographic details ☐ Biographic details, including: [insert] Biographic alias ☐ Biographic alias information not required ☐ Notification Only ☐ Alias Information, including: [insert] Document details ☐ Document details including: [insert] <Drafting Note: The Agency will insert additional rows (following the format above) for every Data Source the Agency provides access to under this MOU> <The Agency will insert an additional table (following the format above) for each Service entered into after the Effective Date> 2 Part B. Estimated Transaction Quotas <Guidance: This information will assist the AGD to ascertain the level of technical and other resources needed to provide the capacity required to accommodate the expected number of transactions to be conducted on the Data Holding Agency’s own Data> Face Verification Service (A) Data Source number 1. (B) Data source to be shared through FVS [The Agency to insert Data Source 1] < For example, the data source might be ‘Passport Images’> (C) Estimated Transaction Quota per Financial Year (D) Estimated Peak Transaction Volume and period <Guidance: Parties should negotiate and consider the infrastructure and costs implied by the Transaction Quota> <Guidance: The Total number of Transactions in this column cannot exceed the Transaction Quota in column (C) for the Data Source> [the Agency to insert] [the Agency to insert volume] <Example 10,000 <Guidance: For example 100 requests> requests> [the Agency to insert time period, if relevant] < For example Every Friday> <Guidance: this would be within quota - 52 x100 peak requests, = 5200: there would be 4,800 off-peak requests remaining> <Drafting Note: The Agency should insert additional rows (following the format above) for every Data Source the Agency provides access to under this MOU> <Drafting Note: There should be a separate table for each Service under this MOU – The Agency should insert an additional table (following the format above) for each Service entered into after the Effective Date> 3 Schedule 2 – Nominated User Quotas, Roles and User-level Access Permissions Face Verification Service Data Source 1: [the Agency to insert Data Source 1] <Drafting Note: This refers to Row number 1 of the Table in Part A of Schedule 1, so the data source would be ‘Passport Images’> Role <Guidance: The Agency may choose the name of the Role. Each Role may only be assigned query or administrative permission which are mutually exclusive.> (B) User requirements <Guidance Parties should negotiate what requirements are appropriate and discuss with AGD how these can be incorporated into Technical Specifications> (C)Nominated User Subquota <Guidance: The Total number of Nominated Users in this column cannot exceed the Nominated User Quota below> (D) User-level Access Permissions <Guidance: With the exception of the Administration facility, the type of information provided in response can only be equal to, or a subset of, the Agency Level Access Permissions for the Data Source, as recorded in Schedule 1,Part A Column D> <Guidance: Refer to explanations and guidance in Schedule 1, Table A> <Guidance: Content below is for example purposes only> <Guidance: Parties should specify in this column whether the Role is required to be a person or an information technology system> [The Agency to insert] <Example: Senior Investigator> <Example: Query Role> [The Agency to insert] [The Agency to insert] <Example: Level of security clearance Training requirements Other requirements> <Guidance: Example 10 Nominated Users> [the Agency to select option(s) by checking boxes/ insert details] Retrieve ☒ Access ☐ No Access [the Agency to select option(s) by checking boxes/ insert details] Biometrics (facial image) ☐ Biometrics (facial image) Biographic details ☐ Biographic details, including: [insert] Biographic alias ☐ Biographic alias information not required ☐ Notification Only ☐ Alias Information, including: [insert] [The Agency to insert Access Method] <Example: Direct access to the Portal> Document details ☐ Document details including: [insert] Match ☒ Access ☐ No Access ☐ Flag only: Yes/No Response ______________________________________ ☐ Flag: Yes/No Response and further information Biometrics (facial image) ☐ Biometrics (facial image) Biographic details ☐ Biographic details, including: [insert] Biographic alias ☐ Biographic alias information not required ☐ Notification Only ☐ Alias Information, including: [insert] 1 Face Verification Service Document details ☐ Document details including: [insert] Search ☒ Access ☐ No Access ☐ No Access ☐ Flag only: Yes/No Response ______________________________________ ☐ Flag: Yes/No Response and further information Biometrics (facial image) ☐ Biometrics (facial image) Biographic details ☐ Biographic details, including: [insert] Biographic alias ☐ Biographic alias information not required ☐ Notification Only ☐ Alias Information, including: [insert] Document details ☐ Document details including: [insert] Administration ☐ Access ☒ No Access <Guidance: The Role example provided can only have query access permissions. Administration permissions and query permissions are mutually exclusive.> [The Agency to insert] <Example: User Administrator> <Example: Administration Role> [The Agency to insert <Example: Example: Level of security clearance Training requirements Other requirements> [The Agency to insert Access Method] [The Agency to insert] <Example: 9 Nominated Users> Retrieve ☐ Access ☒ No Access <Guidance: The Role example provided can only have administration access permissions. Administration permissions and query permissions are mutually exclusive.> Match ☐ Access ☒ No Access Search ☐ Access 2 Face Verification Service ☒ No Access Administration ☒ Access ☐ No Access <AGD recommends that use of the Standard User Administration, Standard Audit and Standard System Administration subsets of access. A Role can be assigned one or more of the pre-defined administration options. To create fully customisable administration roles with tailored access, Custom Administration should be selected, specifying the permissions required> ☒ Standard User Administration access Find User Create User Manage User Manage User Account Manage User Roles Manage User Access Unlock User Account Reset user Password Disable User Account Deactivate User Account Activate user Account Manage User Certificate View User Recent Activity View User Notes Add User Note Reauthorise Users View Outages ☐ Standard Audit access Can Audit User Activity Can Audit Transactions Can Audit Transaction History View Outages ☐ Standard System Administrator access View Outages Manage Outage ☐ Custom Administration: including: [insert] Nominated User Quota: [The Agency to insert] <Guidance: The Nominated User Quota should be the sum of the Nominated Users specified in Column C> <Example: “80 Nominated Users”> <Drafting Note: The Agency will insert additional tables (following the format above) for each of its own Data Sources the Agency will use, and for each Data Source used for a Service under this MOU> 3 Schedule 3 – Principal Client Administrator Full Name: ____________________________________________________________________ Position held within Agency: __________________________________________ Email: ________________________________________________________________________ Date appointed/to be appointed as Principal Client Administrator: _____________________ 1 Schedule 4 – Data Holding Agency Service Levels For the purposes of this Schedule, core support hours means the hours stated in Table 4 of this Schedule. Availability 1. The Agency will provide, at a minimum, the following level of availability during core support hours: 1.1. Production Environment will be available 99.50% per month, and 1.2. UAT Environment will be available 99.00% per month. 2. For the purposes of this Schedule: 2.1. Excluding pre-negotiated and scheduled maintenance periods, the inability to process Transactions for a Service as a result of a disruption to the Agency’s information and communication technology will result in a 100% Service Availability Outage for the duration of the disruption. 2.2. Availability (%) is equal to Service Hours - Outage time X 100 / Service Hours. Performance 3. The Agency’s Production Environment is designed to consistently perform its intended and required functions, meeting the availability requirements. The Agency’s Services aim to have no more than five incidents resulting in unscheduled outages per year within core support hours. Face Verification Service (FVS) Specification Service Level Service Hours 24 hours a day, 7 days a week Service Reliability ≤ 5 incidents per year (rolling 12 month period) Transaction Response Retrieve, Match and Search Functions ≤ 10 seconds per Query, 95% on average in any one calendar month during core support hours* Service Capacity 70,000 Queries per day Transaction Concurrency 10 Queries per second# <Drafting Note: AGD is prepared to negotiate the items in green highlight with the Data Holding Agency> * transaction response times are measured as the interval between the entry and exit of a Query and Response through the Agency-specific information and communication technology infrastructure, and # as far as practicable, scheduled maintenance affecting the Services will be conducted between: 10.00PM - 7.00AM AEST/AEDT Business Days 1 1.00PM and 12.00 midnight AEST/AEDT Saturdays and 12.01AM - 11.59PM AEST/AEDT Sundays. Resolution Times 4. The Agency is responsible for ensuring that incident resolution conforms to the impact, urgency and priority levels stated in Table 2: Interoperability Hub Impact, Urgency and Priority Levels. Table 1: Holding Agency Impact, Urgency and Priority Levels Level Considerations Impact Considers the business impact (service degradation) upon: Urgency Requesting Agencies The speed that Incidents are expected to be resolved: High An Incident preventing a Requesting Agency from processing the Agency’s Transactions. The Agency’s system is producing multiple transaction error flags to one or more Requesting Agencies Medium An incident has occurred that has a minor impact on operations during core support hours. Transaction processing continues. Low An Incident where a work-around is available and impact is mostly invisible to all Participants or impacts only a single Nominated User. Priority In accordance with ITIL principles, service levels are based on the priority of the Incident as derived from impact and urgency metrics shown in Table 2: ‘Priority Level Derived from Impact and Urgency Levels.’ A single Priority Level should be assigned to each Incident at any point in time, derived from the following scale: P1 – N/A P2 – High P3 – Medium P4 – Low 2 Table 2: Priority Levels Derived from Impact and Urgency Levels PRIORITY URGENCY (to be assigned) Critical Requesting Agencies High Medium Low P2 P3 P4 Single Nominated User incident, password reset P4 4.1. The Services will conform to the priorities, response and resolution times stated in the Table 3: Response and Resolution Times. 4.2. The Agency will confirm the priority level at the time the incident is logged, in consultation with the incident originator. 4.3. All Incidents will be logged by the Agency’s Client Administrators via the Administration Facility, or email, to the Hub Operator. 4.4. The Agency will notify the Hub Operator throughout the resolution period in accordance with Table 3: Response and Resolution Times. Table 3: Response and Resolution Times Production Environments Resolution Time Priority Response Time Update Time (includes response times) P2 30 minutes 8 hours Every 60 minutes P3 2 business hours 18 business hours Every 9 business hours Resolution Time Update Time All other Environments Priority Response Time (includes response times) P2 60 minutes 16 hours Every 90 minutes P3 4 business hours 24 business hours Every 9 business hours P4 9 business hours 72 business hours As mutually agreed Service Desk 5. The Agency will provide a Service Support Desk on the basis of the following: 3 Table 4: Service Desk Hours of Operation Support Type Support Hours Monday to Friday (5 days) Core Support Hours 8:30am to 5:30pm (AEST / AEDT) excluding National and ACT Public Holidays Ph: [00] [0000] [0000] Contact Details Email: [insert] Transaction Records The Agency will maintain transaction records containing the following information for each Transaction conducted on its own Data Source(s): Information available for the Agency to download by exporting data from the Administrative Facility of the Portal Date and time of transaction in AEST FVS function accessed (eg Retrieve/Match/Search) Information the Agency will need to generate, or have recorded through existing business practices Purpose of transaction Whether any Identity Information received was disclosed to a Third Party Agency Unique User ID (username) How any Identity information received was retained/destroyed Transaction Group ID System Name (eg Portal) Status of Transaction (e.g. Received, with Holding Agency, Returned, Delivered, Removed) State (eg Success, Failure) A report containing the number of instances the FVS was accessed by each Nominated User <Guidance note: The Agency may wish to consider whether it will keep records relating to: Message State Code (eg Validation, Error, Timeout Error, Inconsistent Message State), Message State Message(message provided back from Holding Agency on transaction) and MD5# of image used in a Query, if any)> Destruction of Queries After providing a Response to a Query received via the Interoperability Hub, the Data Holding Agency will destroy the Query as soon as practicable. 4 Schedule 5 – AGD Service Levels For the purposes of this Schedule, core support hours means the hours stated in Table 5 of this Schedule. Reporting 1. AGD has the right, but is under no obligation, to report to [Governing Body] if it reasonably suspects any of its requirements under Part E - Service Requirements are no longer being met. 2. AGD will provide the Agency with a mechanism to report Outages available through the Portal (the outages and notification functionality) in the Administration Facility. Availability 3. The Interoperability Hub Environments will provide, at a minimum, the following level of availability during core support hours: 3.1. Production Environment will be available 99.50% per month, and 3.2. SIT/UAT Environments and the Development Environment will be available 99.00% per month. 4. For the purposes of this Schedule: 4.1. Excluding pre-negotiated and scheduled maintenance periods, the inability to process Transactions for a Service as a result of a disruption to a AGD’s information and communication technology will result in a 100% Service Availability Outage for the duration of the disruption 4.2. Availability (%) is equal to Service Hours - Outage time X 100 / Service Hours. Performance 5. The Production Environment for the Interoperability Hub is to consistently perform its intended and required functions, meeting the availability requirements. The Interoperability Hub aims to have no more than five incidents resulting in unscheduled outages per year within core support hours. Expiry periods 6. The following activities and enabling documents issued by AGD that are necessary to use or access the Services will expire after the time periods listed in column B of table 1. Table 1: Expiry Period Activity/Document User Creation Request Will expire [X] after Initiating event 5 business days Digital Certificate 5 business days User Certificate 2 years Initiating event [the Agency] submits User Creation Request through the Portal AGD notifies Nominated User of their or its Digital Certificate After AGD issues User Certificate on date published 1 Activity/Document Will expire [X] after Initiating event Root Certificate Authority Expiry 5 years Initiating event in System Configuration Items After AGD issues Root Certificate Authority on date published in System Configuration Items Resolution Times 7. The Hub Operator is responsible for ensuring that incident resolution conforms to the impact, urgency and priority levels stated in Table 2: Interoperability Hub Impact, Urgency and Priority Levels. Table 2: Interoperability Hub Impact, Urgency and Priority Levels Level Considerations Impact Considers the business impact (service degradation) upon: Urgency Holding Agencies Requesting Agencies Interoperability Hub applications and infrastructure AGD The speed that Incidents are expected to be resolved: Critical Any incident causing an outage of the Interoperability Hub High An Incident preventing a Requesting Agency from accessing the Interoperability Hub or processing Transactions. The system is producing multiple transaction error flags to one or more Requesting Agencies Medium An incident has occurred that has a minor impact on operations during core support hours. Transaction processing continues. Low An Incident where a work-around is available and impact is mostly invisible to all Participants or impacts only a single Nominated User. Priority In accordance with ITIL principles, service levels are based on the priority of the Incident as derived from impact and urgency metrics shown in Table 3: ‘Priority Level Derived from Impact and Urgency Levels.’ A single Priority Level should be assigned to each Incident at any point in time, 2 Level Considerations derived from the following scale: P1 – Critical (highest priority) P2 – High P3 – Medium P4 – Low Table 3: Priority Levels Derived from Impact and Urgency Levels PRIORITY URGENCY (to be assigned) Critical High Medium Low P1 P1 P2 P3 P1 P1 P2 P3 P2 P3 P4 Interoperability Hub Data Holding Agencies IMPACT Requesting Agencies Single Nominated User incident, password reset P4 7.1. The Services will conform to the priorities, response and resolution times stated in the Table 4: Response and Resolution Times. 7.2. The Hub Operator will confirm the priority level at the time the incident is logged, in consultation with the incident originator. 7.3. All Priority 1 Incidents will be logged by the Agency’s Client Administrators via the Administration Facility, or email, to the Hub Operator. 7.4. The Hub Operator will broadcast a status update to relevant Client Administrators of Participants throughout the resolution period in accordance with Table 4: Response and Resolution Times. Table 4: Response and Resolution Times Production Environments Resolution Time Priority Response Time Update Time (includes response times) P1 15 minutes 4 hours Every 30 minutes P2 30 minutes 8 hours Every 60 minutes P3 2 business hours 18 business hours Every 9 business hours 3 All other Environments Priority Response Time Resolution Time Update Time (includes response times) P1 30 minutes 8 hours Every 60 minutes P2 60 minutes 16 hours Every 90 minutes P3 4 business hours 24 business hours Every 9 business hours P4 9 business hours 72 business hours As mutually decided Service Desk 8. AGD will provide a Service Support Desk on the basis of the following: Table 5: Service Desk Hours of Operation Support Type Support Hours Monday to Friday (5 days) Core Support Hours 8:30am to 5:30pm (AEST / AEDT) excluding National and ACT Public Holidays Contact Details Ph: 02 6141 3232 Email: [email protected] 4 Schedule 6 – Statement of Legislative Compliance <Guidance: This schedule should include details of relevant portfolio legislation as well as, if applicable, the Privacy Act 1988> <Drafting note: Add additional rows to the tables as required> Legislative basis for the Agency to use its own Identity Information via the Interoperability Hub Use of Identity Information Name of legislation Operative provision (section number) Type of Identity Information that can be used (e.g. facial image) Permitted purpose for use (e.g. law enforcement) Persons to whom use is permitted (e.g. other Commonwealth agencies) Limitations/ additional requirements (if any) (e.g. reasonable belief that use is necessary) Legislative basis for the Agency to ‘disclose’ Identity Information in a Response provided through the Interoperability Hub Name of legislation Operative provision (section number) Type of Identity Information that can be disclosed (e.g. facial image) Permitted purpose for disclosure (e.g. law enforcement) Persons to whom disclosure is permitted (e.g. other Commonwealth agencies) Limitations/ additional requirements (if any) (e.g. reasonable belief that disclosure is necessary) Legislative basis for the Agency to ‘collect’ Identity Information from a Query provided through the Interoperability Hub Collecting Identity Information from a Requesting Agency through a Query Name of legislation Operative provision (section number) Type of Identity Information that can be collected (e.g. facial image) Permitted purpose for collection (e.g. law enforcement) Persons to whom collection is permitted (e.g. other Commonwealth agencies) Limitations/ additional requirements (if any) (e.g. reasonable belief that collection is necessary) 1 Schedule 7 – Contact Information General Contact Details: The Agency Contact information: the Agency [Address Line 1] [Address Line 2] [Address Line 3] [State] [Postcode] Services Contact Officer: {insert} [position] < Drafting note: intended to be at APS 6/EL1 level> [Branch] [insert]@the Agency.gov.au Representative: {insert} [position] < Drafting note: intended to be at EL2 level> [Branch] [insert]@the Agency.gov.au Senior Representative: {insert} [position] < Drafting note: intended to be at SES Band 1 level> [Branch] [insert]@the Agency.gov.au Attorney-General’s Department Contact information: Attorney-General’s Department 3-5 National Circuit Barton ACT 2600 Ph: 02 6141 3232 [email protected] Services Contact Officer: {insert} [position] <Drafting note: intended to be at APS 6/EL1 level> [Branch] 1 Ph: 02 [insert] [insert]@ag.gov.au Representative: {insert} [position] < Drafting note: intended to be at EL2 level> [Branch] Ph: 02 [insert] [insert]@ag.gov.au Senior Representative: {insert} [position] < Drafting note: intended to be at SES Band 1 level> [Branch] Ph: 02 [insert] [insert]@ag.gov.au Contact Protocols The Agency AGD Outages Notification Interoperability Hub outage and notification functionality Interoperability Hub outage and notification functionality General Incidents: [The Agency to insert contact] IDMS Team [insert availability period] [insert availability period] Ph: [00] [0000-0000] Ph: [00] [0000-0000] Email: [insert] Email: [insert] [The Agency to insert contact] IDMS Team Administrator [insert availability period] [insert availability period] Ph: [00] [0000-0000] Ph: [Insert] Email: [insert] Email: [insert] Mobile: [insert] Mobile: [insert] [The Agency to insert contact] IDMS Team Manager Ph: [insert] Glenis Hunter Email: [insert] Ph: [insert] Mobile: [insert] Email: [insert] Critical Incidents Urgent/Emergency Request/ Dispute Resolution Mobile: [insert] 2 <Guidance: A party can update its Contact Protocol details by written notice to the other party under Item 34. of this MOU> 3 Schedule 8 – Nominated User Registry Requirements <Guidance: For the avoidance of doubt, the Nominated User Registry will not be attached to this MOU, as it will be updated regularly to meet operational requirements> <Guidance: The Nominated User Registry is for record keeping and auditing purposes only as indicated in this MOU. It will have limited internal distribution based on a need to know basis and will not be made publicly available, including to AGD> The Agency will maintain a Nominated User Registry containing the following information for each Nominated User: Unique User ID <Guidance: It is recommended that the Unique User ID is pseudonymous> First name and surname (if applicable) Position title (if applicable) Role User-Level Access Permissions Date access commenced Date access renewed Period access was suspended and reason for suspension (if applicable) Date access ceased and reason for cessation (if applicable) Date Role changed and reason for change (if applicable) Date Role previously changed 1 Schedule 9 – Compliance Statement Compliance relating to the Agency’s use of the Services and Interoperability Hub 1. Explain how the Agency ensures personnel are aware of privacy and security obligations prior to using and whenever using the Face Verification Service (FVS). Eg. What training is provided to personnel? Are policies, guidelines updated/amended accordingly to reflect any changes to privacy/security obligations? 2. How does the Agency ensure the Agency’s personnel are aware that the FVS does not make decisions about identity but provides support to make those decisions? Eg. What other processes are used to confirm someone’s identity apart from FVS matches? How do you ensure that any decisions on identity are not based solely on the information obtained from the FVS? If there are exceptional instances where decisions on identity is based solely on the information obtained from the FVS, what are the exceptional circumstances, how does the Agency decide that it is an exceptional circumstance, and how does the Agency ensure that decisions about what is an ‘exceptional circumstance’ are made uniformly? 3. How does the Agency integrate the FVS into the Agency’s business processes to ensure that handling complaints, responding to access to information requests and reviews of decisions is in accordance with the Agency’s own procedures and any Privacy Impact Assessment recommendations the Agency has accepted? Eg. What does the Agency tell individuals or customers about their rights to question decisions that may have involved FVS matches? Does the Agency’s staff know that complaints are to be handled by the Agency? 4. Confirm that the Agency’s connections with the Interoperability Hub are in accordance with FVS technical requirements. Eg. Are the FVS technical requirements in line with the requirements set out in the FVS Access Policy, data sharing arrangements the Agency has entered into and the Services MOU between the Agency and AGD? 5. Explain the procedures the Agency uses to promptly handle and report to the IDMS Team suspected or actual breaches of privacy or security. Eg. What is your process if you were to identify any privacy or data security incidents that occur in using the FVS? 6. Have the Agency identity decision processes been audited or reviewed since the Agency’s last Compliance Statement? If so, did the Agency report to the [Governance Body] any recommendations made to the Agency on improving the Agency’s operation of the FVS? Eg. Audits/reviews and recommendations relating to the FVS were communicated to the [Governance Body] on … 1 <Drafting note: For Agencies using this template in August 2016, the relevant Governing Body will be “Programme Advisory Committee”> 7. How does the Agency retain information in connection with the Agency’s use of the FVS for audit and compliance purposes and to fulfil privacy and record keeping requirements including log transactions? Eg. Are all FVS transactions logged and can the logs be viewed on request? 8. How does the Agency destroy Identity Information received in Queries in accordance with the Agency’s privacy requirements? Eg. Once the Agency provides a Response, what technical processes does it use to ensure the Query is destroyed? Within what timeframe will the Query be destroyed? Signatories: This Compliance Statement was made by the Agency on [date]. Signed by [name], [position], [branch], the Agency, in the presence of: ………………………………. signature of representative ………………………………. witness name ………………………………. signature of witness 2 Schedule 10 – Variation Request Form This form will be used to record amendments to current arrangements, including administrative, financial, technical and/or legislative aspects of the Head MOU, Identity Information or Service Schedules. Please lodge this form through the relevant Services Contact Officer. Variation Request will apply to: Variation Request # Title Date Request Entered Into Variation Details Agency Initiating Variation Variation Title the Agency AGD 1. [Proposal: Description of the nature of variation request. Document the variations that are required.] 2. [Services Defined] 3. [Additional Information] Proposed Implementation Date Costs The following costs (inclusive of GST) will be met by: the Agency AGD Other Comments: 1 Variation Request Initiator: Please sign below to acknowledge that the Variation Request Form is for assessment purposes only and that submission does not guarantee the variation will go ahead (if initiator details are different from the Services Contact Officer’s Details, please outline below). Date: Name: Position: Branch/Division/Department: Email: Ph: Signatories: This Variation was entered into by the Parties on [date]. Signed for, and on behalf of, the Commonwealth of Australia by [name], Assistant Secretary, National Security Division, Attorney-General’s Department, in the presence of: ………………………………. signature of representative ………………………………. ………………………………. witness name signature of witness 2 Signed by [name], [position], [branch], [Department], in the presence of: ………………………………. signature of representative ………………………………. witness name ………………………………. signature of witness 3
© Copyright 2026 Paperzz