MEMORANDUM OF UNDERSTANDING – SERVICES
Attorney-General’s Department
and
[THE AGENCY]
FOR PARTICIPATION AS A DATA HOLDING AGENCY IN THE
NATIONAL FACIAL BIOMETRIC MATCHING CAPABILITY
Version 5.0 (10 October 2016)
This MOU is intended to operate in conjunction with the Interagency Data Sharing Arrangement
Template and Access Policy documents AGD has provided/will provide for the Face Verification
Service and Face Identification Service. The template is intended to form the basis for arrangements
and negotiation between Commonwealth entities only.
MOU for Data Holding Agencies
Table of Contents
Part A – Background ............................................................................................................................. 2
1.
Parties ......................................................................................................................................... 2
2.
Context ........................................................................................................................................ 2
Part B – Interpretation .......................................................................................................................... 3
3.
Interpretation ............................................................................................................................... 3
4.
Definitions .................................................................................................................................... 3
Part C – Term and Termination, Compliance and Governance ........................................................ 6
5.
Term ............................................................................................................................................ 6
6.
Termination of this MOU ............................................................................................................. 7
7.
Compliance ................................................................................................................................. 7
Part D – Access to Services ................................................................................................................. 8
8.
Services....................................................................................................................................... 8
9.
Terms of access to service ......................................................................................................... 8
10.
Security ................................................................................................................................... 8
11.
Remediation ............................................................................................................................ 9
Part E - Service Requirements ............................................................................................................. 9
12.
AGD General Service Levels .................................................................................................. 9
13.
The Agency’s Commitments to AGD as a Data Holding Agency ......................................... 10
14.
AGD’s access to resolve technical issues ............................................................................ 10
15.
Management of the Agency’s use of the Services ................................................................ 11
16.
Interactions with the public .................................................................................................... 11
17.
Understanding on costs and charges ................................................................................... 11
18.
Understanding on Data Holding Agency imposed costs and charges .................................. 12
Part F – The Agency’s Use of its own Data Source(s) through the Interoperability Hub ............ 12
19.
Control of Nominated Users .................................................................................................. 12
20.
Appointment of Nominated Users ......................................................................................... 12
21.
Management of Nominated Users ........................................................................................ 13
22.
Termination of Nominated Users .......................................................................................... 13
Part G – Disputes, Suspension and Termination ............................................................................ 14
23.
Dispute Resolution ................................................................................................................ 14
24.
Suspension of service ........................................................................................................... 14
25.
Termination of service ........................................................................................................... 15
26.
Opportunity for the Agency to Respond ................................................................................ 16
Part H – Miscellaneous ....................................................................................................................... 16
27.
Limit of AGD’s Responsibility ................................................................................................ 16
28.
Intervening Event .................................................................................................................. 16
29.
Subcontracting and AGD Service Providers ......................................................................... 17
30.
Notices .................................................................................................................................. 17
31.
Confidentiality ........................................................................................................................ 17
32.
Variation ................................................................................................................................ 17
Part I – Execution ................................................................................................................................ 18
Schedule 1 – Internal Access Permissions & Estimated Transaction Quotas ............................... 1
Schedule 2 – Nominated User Quotas, Roles and User-level Access Permissions ...................... 1
Schedule 3 – Principal Client Administrator ...................................................................................... 1
Schedule 4 – Data Holding Agency Service Levels ........................................................................... 1
Schedule 5 – AGD Service Levels ....................................................................................................... 1
Schedule 6 – Statement of Legislative Compliance .......................................................................... 1
Schedule 7 – Contact Information ....................................................................................................... 1
Schedule 8 – Nominated User Registry Requirements ..................................................................... 1
Schedule 9 – Compliance Statement .................................................................................................. 1
Schedule 10 – Variation Request Form .............................................................................................. 1
1
Part A – Background
1. Parties
This Memorandum of Understanding (MOU) is made between the following agencies (the Parties):
Commonwealth of Australia acting through and represented by the Attorney-General’s
Department ABN 92 661 124 436 (AGD)
Commonwealth of Australia acting through and represented by the [Insert name] [ABN] (the
Agency)
2. Context
2.1. This document (the MOU) sets out the understanding between AGD and the Agency in
relation to:
2.1.1.providing Identity Information held by the Agency to Requesting Agencies through the
Interoperability Hub.
2.1.2.terms on which the Agency will access and use its own Data Source(s) through the
Services provided via the Interoperability Hub.
2.1.3.the Agency’s compliance with safeguards contained in applicable legislation when using
and managing data obtained through the Services provided via the Interoperability Hub.
2.2. This MOU is intended to operate and be interpreted in conjunction with:
2.2.1.the Access Policy for the FVS, and
2.2.2.FVS IDSA(s) the Agency has entered into.
2.3. There is no intention for this MOU to create a legal relationship between the Parties; it does
not create legally binding obligations on the Parties.
2.4. The Agency acknowledges the Services it will access through the Interoperability Hub are
designed to assist and complement the Agency’s existing processes and procedures for
verifying a person’s identity.
2.5. The Agency understands:
2.5.1.Identity Information may contain Personal Information and Sensitive Information,
2.5.2.it is responsible for any decisions it makes based on the Identity Information it receives
through the Services, and
2.5.3.information received through the Interoperability Hub is not intended to be used as the
sole basis for the Agency to make a decision about an individual’s entitlement to a
service, a product, an outcome, or the applicability of a law or policy to an individual.
2
Part B – Interpretation
3. Interpretation
3.1. The Schedules to this MOU form an integral part of the MOU and are subject to its provisions
unless specified otherwise. In the event of any inconsistency between the Schedules or any
other attachments and the MOU, the terms of the MOU will prevail.
4. Definitions
In this MOU, capitalised terms have the meaning given below.
Access Policy means a documented set of requirements approved by [Governing Body] that a
Participant will comply with in order to access a service facilitated by the Interoperability Hub.
<Drafting note: For Agencies using this template in August 2016, the relevant Governing
Body will be “Programme Advisory Committee”>
Administration Facility means a service provided through the Portal that enables Client
Administrators to add, manage (including password reset, access support, and access re-justification)
and remove Nominated Users.
Client Administrator means an Employee of a Participant specified in this MOU whose user account
enables performance of administrative functions. These functions include, but are not limited to,
Nominated User creation and approval, reauthorisation, audit reporting and outage management.
Compliance Statement means the information and evidence the Agency provides in response to the
items in Schedule 9 – Compliance Statement.
Data Holding Agency means a Participant receiving and responding to a Query from a Requesting
Agency with which it has entered into a data sharing arrangement for the Services provided by the
Interoperability Hub.
Data Source means a database of Identity Information for a document type.
Dispute means a difference of opinion raised by a Party relating to an operative provision of this
MOU.
Effective Date means the date in paragraph 5.1.
Employee is an individual who works under a contract of employment (whether oral or written,
express or implied) and who has responsibilities and duties to a Party.
Estimated Peak Transaction Volume means the total number of Transactions in a Financial Year
the Agency estimates it will submit to its own Data Source(s), as set out in Column D of each table in
Part B of Schedule 1.
Estimated Transaction Quota means the total number of Transactions in a Financial Year the
Agency estimates it will submit to its own Data Source(s), as set out in Column C of each table in Part
B of Schedule 1.
Executive Management means Employees of the Parties who directly supervise or are superior to
the Senior Representatives.
Facial Image(s) includes digital photographs, live capture images, scanned photographs and other
technical information related to those images (such as the time and date of capture and data capture
standards used).
3
Face Verification Service (FVS) means the identity matching service and its three functions
(Retrieve, Match and Search) that enable biographical data or a facial image associated with an
individual to be compared, on a one-to-one basis, against an image held on a specific government
record associated with that same individual.
Financial Year means the period starting 1 July and ending 30 June the following year.
FVS IDSA means an Interagency Data Sharing Arrangement entered into by the Agency and another
Participant using the FVS IDSA Template.
FVS IDSA Template means the version of the template FVS Interagency Data Sharing Arrangement
(IDSA) most recently approved by [Governing Body] before the execution of this MOU.
<Drafting note: For Agencies using this template in August 2016, the relevant Governing
Body will be “Programme Advisory Committee”>
Hub Operator means the Attorney-General’s Department or an entity contracted by the AttorneyGeneral’s Department to manage services on its behalf.
Identity Information includes, but is not limited to, an individual’s facial images, government related
identifiers, and other biographical or biometric information.
Identity Matching Services Administrator (IDMS Administrator) means AGD employees
responsible for managing the Interoperability Hub and its Services.
Identity Matching Services Team (IDMS Team) means AGD employees responsible for the policy
development and management of the Interoperability Hub and its Services.
Image Matching means the automated process of comparing two images to determine whether they
are of the same person, using a facial recognition engine.
Interoperability Hub means the technical system that provides a mechanism for the secure and
auditable transmission of facial images and associated information between agencies or entities
participating in the National Facial Biometric Matching Capability.
Intervening Event means a situation or circumstance described in paragraph 28.1.
ITIL means information technology infrastructure library.
Match means the function of the FVS that allows a Nominated User to submit a person’s facial image
and required biographic details to a Data Holding Agency’s Data Source(s) to confirm whether it
matches the person’s record.
National Facial Biometric Matching Capability (NFBMC) means the infrastructure, legislative and
governance arrangements that support the sharing and matching of Identity Information.
Nominated User means either a person who is an Employee of the Agency or an information
technology system of the Agency.
Nominated User Quota means the total number of the Agency’s Nominated Users that may access a
Data Source in a Financial Year as specified in Column C of each table in Schedule 2 – Nominated
User Quotas, Roles and User-level Access Permissions.
Outage means an occurrence within AGD or the Agency’s information and communications
technology environment that results in the partial or complete cessation of the Services.
Participant means an agency, organisation or entity that connects to the Interoperability Hub.
4
Personal Information has the same meaning as in the Privacy Act.
Portal means the user interface associated with the Interoperability Hub that allows Nominated Users
to access the Services or perform administrative functions.
Post-Incident Report (PIR) means a report relating to the Interoperability Hub or the Services
containing recommendations to mitigate risks and minimise vulnerabilities identified by a potential or
actual security breach.
Principal Client Administrator is an Employee of the Agency who has the power to appoint the
Agency’s Client Administrators and Nominated Users and is appointed by the Agency under this
MOU.
Privacy Act means the Privacy Act 1988 (Cth).
Production Environment means the information technology environment used to deploy the
production version of the Interoperability Hub and Portal that allows Nominated Users to run
Transactions and perform administrative functions.
Query means Identity Information submitted by a Participant either through the Portal or by a systemto-system connection that is intended to be compared against the Identity Information held in a Data
Source.
Re-authorise means a management process by which a Client Administrator satisfies themselves
that a Nominated User meets the requirements of paragraph 20.1, either upon a change of Role or at
regular intervals for a continuing Nominated User.
Representative means, in relation to an Agency, the person specified as a Representative for that
Agency in Schedule 7 – Contact Information or as otherwise notified by a Party to the other Agency
from time to time.
Requesting Agency means a Participant that submits a Query to a Data Holding Agency with which
it has entered into an interagency data sharing arrangement for the Services provided through the
Interoperability Hub.
Response means Identity Information or a system response (including but not limited to a Yes/No
Flag or an ‘error message’) provided from the Data Holding Agency via the Interoperability Hub to the
Requesting Agency either through the Portal or by a System-to-system connection.
Retrieve means the function of the FVS that allows a Nominated User to submit a person’s
biographic details to a Data Holding Agency’s Data Source(s) to retrieve either that person’s Facial
Image, that person’s biographic details, or both.
Role means a category of Nominated User(s) specified by the Agency in Column A of all tables in
Schedule 2.
Sandpit Environment means a shared information technology environment between AGD, the Hub
Operator and the Agency used for initial integration testing with the Interoperability Hub by the Agency
to test the Agency’s application with the services provided by the Interoperability Hub.
Search means the function of the FVS that allows a Nominated User to submit a person’s biographic
details and Facial Image to the Data Holding Agency’s Data Source(s) to verify that person’s record.
Security Risk Management Plan means a document relating to the Services and/or connection to
the Interoperability Hub which identifies security risks and appropriate mitigation measures for
information technology systems, determines a risk tolerance threshold, and ensures consistent and
5
coordinated management of risks across a Participant. A security risk management plan is
undertaken in accordance with the information security management framework which is required by
the Australian Government information security management protocol of the Australian Government
Protective Security Policy Framework.
Senior Representative means, in relation to a Party, the person specified as a Senior
Representative for that Party in Schedule 7 – Contact Information or as otherwise notified by a party
to the other party from time to time.
Sensitive Information has the same meaning as in the Privacy Act.
Services means the Identity Matching services to be provided by AGD to the Agency, specified in
Item 8.
Suspension and Termination Framework means a document approved by [Governing Body] that
sets out the policy and principles for suspending access to the Interoperability Hub and its Services.
<Drafting note: For Agencies using this template in August 2016, the relevant Governing
Body will be “Programme Advisory Committee”>
System Configuration Items are externally configurable values set across the NFBMC for
Participants by IDMS Administrators.
System and User-Acceptance Testing (UAT) Environment means the IT environments used for
end-to-end integration testing, performance, and user-acceptance testing of the Interoperability Hub
which Participants will use to undertake the tests to ensure that the Interoperability Hub meets their
requirements.
System-to-system means Queries submitted by a Requesting Agency to a Data Holding Agency
through the Hub via a Requesting Agency information technology system, or third-party information
technology system used by a Requesting Agency.
Technical Specifications means a document available on a sharepoint site for the Interoperability
Hub, as updated from time to time by AGD in relation to either a single Data Source or multiple Data
Sources.
Transaction means both a Query and Response sent through the Interoperability Hub.
User Requirements means the characteristics, qualifications or other items specified by the Agency
for a Role in Column B of all tables in Schedule 2.
User-level Access Permissions means a subset of Identity Information a Nominated User with a
particular Role can access through the FVS as specified by the Agency in Column D of each table in
Schedule 2.
Part C – Term and Termination, Compliance and Governance
5. Term
5.1. This MOU will be effective from the date both Parties’ representatives have signed in Part I.
5.2. This MOU will continue from the Effective Date until terminated through the process in
Item 6.
6
6. Termination of this MOU
6.1. A Party may withdraw from this MOU by giving not less than 45 days’ notice, in writing, to the
other Party.
6.2. After the period in paragraph 6.1, this MOU will be terminated.
7. Compliance
7.1. The Agency acknowledges the importance of ensuring compliance with requirements to
maintain and enhance the integrity of the Interoperability Hub.
7.2. The Agency will complete a Compliance Statement and submit it to AGD for consideration by
the [Governing Body] that:
7.2.1.documents any breaches of the service levels in Part E - Service Requirements and
Schedule 4 – Data Holding Agency Service Levels, and
7.2.2.is signed off by its Senior Representative.
7.3. The Agency will submit the Compliance Statement in paragraph 7.2:
7.3.1.by the end of the month of March each year, or
7.3.2.if outstanding on 1 April, at the request of AGD after consultation with the Agency.
<Drafting note: For Agencies using this template in August 2016, the relevant Governing
Body will be “Programme Advisory Committee”>
7.4. The Agency will ensure that, at a minimum, its Compliance Statement will contain information
that provides evidence of:
7.4.1.its use of and/or or service provision to the Interoperability Hub being in accordance
with:
7.4.1.1.
this MOU
7.4.1.2.
the Access Policy relevant to the Services it uses, and
7.4.2.technical, privacy and security safeguards working effectively to protect the integrity of
the Interoperability Hub and the Services.
7.5. Each Compliance Statement will cover a 12 month period beginning in February of the
previous year and ending in February of the year in which a Compliance Statement is
required to be submitted to AGD under paragraph 7.3.
<Guidance note: For example, a Compliance Statement delivered to AGD in March
2017 would provide evidence of compliance for the period between February 2016
and February 2017>
7.6. The Agency will provide recommendations that may be made to it in relation to its use of
and/or service provision to the Interoperability Hub to the [Governing Body] as information
becomes available. This information may come from reports to the Agency from areas such
as:
7.6.1.audits of the Office of the Australian Information Commissioner
7.6.2.review bodies of state/territories, and
7
7.6.3.other audits or reviews.
<Drafting note: For Agencies using this template in August 2016, the relevant
Governing Body will be “Programme Advisory Committee”>
Part D – Access to Services
8. Services
8.1. AGD proposes to allow the Agency to share Identity Information via the Interoperability Hub
for:
8.1.1.the Face Verification Service, and
8.1.2. [Place holder for other Services].
<Guidance note: the Placeholder is included so that the Template can, in the future,
also apply to the Face Identification Services. Delete ‘and sub-paragraph 8.1.2’ if FIS
not used>
9. Terms of access to service
9.1. From the Effective Date, AGD permits the Agency to test its connection to the Portal and the
Interoperability Hub in the Sandpit Environment.
9.2. Once approved by the IDMS Team, the Agency will have access to the Production
Environment.
9.3. AGD will allow the Agency to maintain its access to, the Production, User-Acceptance
Testing or System Integration Testing Environments if:
9.3.1.the Agency notifies AGD of material changes to, or termination of each FVS IDSA the
Agency is a party to, and
9.3.2.AGD [and the Governing Body] is, or remains, satisfied that:
<Guidance Note: the Governing Body can be specified once Governance
arrangements are settled. For Agencies using this template in August 2016, the
relevant Governing Body will be “Programme Advisory Committee”>
9.3.2.1.
all requirements of the Access Policy for the Services have been met by the
Agency
9.3.2.2.
10.
the Agency has met its responsibilities under this MOU.
Security
10.1. The Agency will notify AGD within 48 hours when:
10.1.1. it is aware of a security breach that affects the NFBMC or the Services
10.1.2. the Agency suspects there is a security breach that may affect the NFBMC or the
Services.
10.2. For the purposes of paragraph 10.1, a security breach includes situations related to the
NFBMC or the Services where:
8
10.2.1. an Agency loses, or loses control over, Identity Information, and
10.2.2. Identity Information is not disclosed consistently with the terms of any FVS IDSA.
10.3. After the notification in paragraph 10.1, the Agency will complete a Post-Incident Report
(PIR) within 2 weeks of the relevant security breach.
10.4. The Agency will send the Post-Incident Report and any recommendations to AGD, and each
Requesting Agency accessing the affected Data Source(s).
11.
Remediation
11.1. Within 1 week after the Agency conducts a PIR under paragraph 10.3, the Agency will
submit a remediation plan to AGD which includes timeframes for implementing
recommendations of the Post-Incident Report.
11.2. The Agency will use its best endeavours to remedy issues in conformity with the ITIL
framework.
11.3. AGD is not responsible for any costs associated with carrying out the remediation plan.
Part E - Service Requirements
12.
AGD General Service Levels
12.1. Response times
12.1.1. Transactions will generally be processed within the Interoperability Hub within 10
seconds.
12.1.2. AGD will use its best endeavours to process Queries.
12.2. Priority of requests
12.2.1. Queries will be actioned by the Interoperability Hub in three processing queues
according to their priority.
12.2.2. AGD maintains its right to alter the order in which Transactions are resolved.
12.2.3. If an Intervening Event under paragraph 28.1 occurs, AGD will prioritise any Queries
or Responses that may assist in resolving that event, and
12.2.4. AGD may perform rate limiting on Transactions if the capacity of the Interoperability
Hub is compromised.
12.3. AGD will provide the Principal Client Administrator with information, specifications,
documentation and data necessary for the Agency to provide Identity Information for the
Services, which includes:
12.3.1. Guidance for Nominated Users on how to use the Interoperability Hub through the
Portal and System-to-system interfaces (user guide)
12.3.2. System Configuration Items, and
12.3.3. Interoperability Hub or FVS Documentation.
9
12.4. AGD will provide the documents referred to in paragraph 12.3 (and any updates to them) on
a sharepoint site for the Interoperability Hub, in relation to either a single Data Source or
multiple Data Sources. All information hosted on the sharepoint site for the Interoperability
Hub will be at a For-Official-Use-Only classification or lower.
12.5. The IDMS Team will notify the Agency Party’s Principal Client Administrator of:
12.5.1. any events or circumstances that are likely to result in a disruption to the Services, or
any scheduled outages
12.5.2. updates to any documents in paragraph 12.3, and
12.5.3. any security breach other Participants have notified AGD of (under paragraph 10.1 or
its equivalent in other Memoranda of Understanding to which AGD is a party) if AGD
considers the security breach has, or may adversely affect, the security, privacy,
reputation, stability or integrity of the Agency or its information technology systems.
12.6. AGD will ensure that the Services meet the standards set out in Schedule 5 – AGD Service
Levels.
12.7. AGD commits to auditing the Hub Operator’s contractual obligations and AGD’s obligations
under this MOU annually, by an entity that is independent of AGD.
12.7.1. For the avoidance of doubt, the audit in paragraph 12.7 will cover all activities of AGD
under Item 14.
12.8. AGD will deactivate the accounts of Nominated Users not Reauthorised when the period
specified in sub-paragraph 21.2.1 expires.
13.
The Agency’s Commitments to AGD as a Data Holding Agency
13.1. The Agency will provide access to its Identity Information and Image Matching in
accordance with the Service levels set out in Schedule 4 – Data Holding Agency Service
Levels.
13.2. The provision of Services through the Interoperability Hub relies on the cooperation of all
Participants. To this end, the Agency acknowledges that to generate value to all
Participants, it will share its Identity Information to the maximum possible extent permissible
by law.
<Guidance note: the Placeholder is included so that the Template can, in the future,
also apply to the Face Identification Services>
13.3. The Agency will participate in at least one disaster recovery exercise related to the
Interoperability Hub per year.
13.4. The Agency acknowledges AGD is only required to provide Identity Information to a
Requesting Agency for each Data Source as specified in the Technical Specifications.
14.
AGD’s access to resolve technical issues
14.1. The Agency acknowledges that to enable the provision of the Services and access to the
Interoperability Hub, the IDMS Administrators will have all of the privileges and access
granted to any Client Administrators under any data sharing arrangements the Agency
enters into.
10
14.2. For the purposes of resolving technical issues with the Services or access to the
Interoperability Hub (including but not limited to triaging technical faults or reproducing
technical faults) the Agency permits IDMS Administrators to run Transactions against its
Data Source(s), and disclose Queries, Responses or Transactions to the Hub Operator or
relevant Participants.
14.3. Any access to Data Source(s) or disclosure for the purposes identified in 14.2 may only
occur in the following circumstances:
14.3.1. the IDMS Administrators have been specifically requested to resolve a technical issue
with access to the Interoperability Hub or the Services by a Participant,
14.3.2. operation(s) the IDMS Administrators perform under paragraph 14.2 use either:
14.3.2.1.
test data agreed with the Agency, or
14.3.2.2.
Identity Information, where the individual to whom it relates has consented in
writing to the operation to be performed under paragraph 14.2,
14.3.3. The relevant disclosure is made on a For-Official-Use-Only basis.
15.
Management of the Agency’s use of the Services
15.1. The Agency’s Principal Client Administrator will circulate any information AGD provides to
them to their affected Nominated User(s).
15.2. The Agency will provide AGD with notifications if the delivery of its Identity Information to
Requesting Agencies is likely to be delayed.
15.3. As soon as possible either before it occurs or afterwards, the Agency will notify the Hub
Operator of an Outage by recording the Outage through the outage and notification
functionality.
16.
Interactions with the public
16.1. The Agency will:
16.1.1. respond to any enquiries or complaints by members of the public relating to the
Identity Information provided to users of the Services
16.1.2. provide an accessible process for members of the public to correct any information
held by the Data Holding Agency, and
16.1.3. review decisions relating to privacy, in accordance with its own procedures.
16.2. The Agency acknowledges that AGD is the central point of contact for any public enquiries
about the Interoperability Hub and the Agency will cooperate with AGD when AGD
undertakes any coordination necessary for public statements.
17.
Understanding on costs and charges
17.1. The Agency is responsible for its own technical links and System-to system interface with
the Interoperability Hub and associated costs, and for the provision of management
information on the performance of its Services under the Interoperability Hub.
17.2. Subject to 17.3, the Agency acknowledges that AGD reserves the right to introduce charges
to Participants to recover costs of the Services and access to the Interoperability Hub.
11
17.3. AGD will not charge the Agency for access to the Interoperability Hub.
17.4. AGD is the sole biller. AGD may bill Participants for Transactions relating to the Services
conducted through the Interoperability Hub.
17.5. Any charges made or billing for Services under paragraphs 17.2 or 17.3 will be implemented
through a variation to this MOU under Item 32. For the avoidance of doubt, any such
variation will be agreed by AGD and the Agency before any charging or billing occurs.
18.
Understanding on Data Holding Agency imposed costs and charges
18.1. The Agency may authorise AGD to collect any charges it imposes on Requesting Agencies
accessing its Data Source(s) under the terms of any FVS IDSA, when:
18.1.1. The Agency requests AGD to do so in writing, and
18.1.2. A Requesting Agency has assented to charging arrangements with the Agency under
an FVS IDSA.
Part F – The Agency’s Use of its own Data Source(s) through the
Interoperability Hub
19.
Control of Nominated Users
19.1. The Agency agrees it will only submit Queries for the Services through its Nominated Users.
19.2. The Principal Client Administrator and a Client Administrator have the power to appoint
Nominated Users, terminate Nominated Users and change the Role of a Nominated User
through the Administration Facility.
19.3. The Agency will notify AGD of its Principal Client Administrator(s) and any change to the
identity or contact details of that Principal Client Administrator(s).
19.4. The notification in paragraph 19.3 should be given either on the Effective Date or as soon as
practicable, and contain all of the information in Schedule 3 – Principal Client Administrator.
19.5. The Principal Client Administrator:
19.5.1. has the power to appoint a Client Administrator, and
19.5.2. is responsible for ensuring a Client Administrator complies with the obligations in
Items 20, 21 and 22.
20.
Appointment of Nominated Users
20.1. An appointment or change to Role under paragraph 19.2 may only occur when all of the
applicable conditions are met:
20.1.1. If the Nominated User is a person:
20.1.1.1.
that person has undergone training that meets the requirements of the
Access Policy, and
12
20.1.1.2.
there is a reasonable need for the person to use the Services to perform his
or her employment duties.
20.1.2. If the Nominated User is an information technology system:
20.1.2.1.
that information technology system has a current security accreditation under
each interagency data sharing Arrangement the Agency has entered into, and
20.1.2.2.
there is a reasonable need to use the Services to perform operations
required by the Agency.
20.1.3. A Client Administrator is satisfied the appointment does not cause the Agency to
exceed any Nominated User Quota.
20.1.4. A Client Administrator is satisfied the appointment does not cause the Agency to
exceed any sub-quota of Nominated Users that may be assigned to each Role as
specified in Column C of each table contained in Schedule 2 – Nominated User Quotas,
Roles and User-level Access Permissions.
20.1.5. A Client Administrator has checked that the person meets the User Requirements
when assigning a Role under sub-paragraph 20.2.1, and
20.1.6. Based on the check conducted in sub-paragraph 20.1.5, a Client Administrator is
satisfied that the Role and User-level Access Permissions assigned to that Nominated
User is appropriate.
20.2. Prior to each Nominated User accessing any Data Source of the Agency, a Client
Administrator will assign to that Nominated User:
20.2.1. a single Role from the available Roles in each table contained in Schedule 2 –
Nominated User Quotas, Roles and User-level Access Permissions, and
20.2.2. the User-level Access Permissions associated with the Role assigned under
paragraph 20.2.1, as specified in Column B of Schedule 2 – Nominated User Quotas,
Roles and User-level Access Permissions.
21.
Management of Nominated Users
21.1. The Agency undertakes to establish and maintain a Nominated User Registry.
21.2. The Agency’s Client Administrator will:
21.2.1. re-authorise a Nominated User(s) access to:
21.2.1.1.
the FVS or Administration Facility once every 180 days.
<The purpose of this requirement is to introduce a mechanism to ensure only users
who currently require access to the Interoperability Hub have it>
22.
Termination of Nominated Users
22.1. If the requirements contained in paragraph 20.1 are no longer met, the Agency’s Client
Administrator will:
22.1.1. terminate a Nominated User by removing a person or information technology system
from the Nominated User Registry, and
13
22.1.2. remove access to the Services for that Nominated User as soon as practicable, or
request AGD to remove access to the Services as soon as practicable on their behalf.
Part G – Disputes, Suspension and Termination
23.
Dispute Resolution
23.1. The provision of Services through the Interoperability Hub relies on the cooperation of all
Participants. To this end, the Agencies will consult fully with each other, other Participants,
the IDMS Team, IDMS Administrators, Representatives and any other affected party to
resolve any issue in connection with the Interoperability Hub or this MOU.
23.2. In the event that issues are not resolved within a reasonable period of time through the
consultation required by paragraph 23.1, the Parties are taken to be in Dispute over the
relevant issue.
23.3. A Party to a Dispute may at any time, by written notice to the other Party, request that the
Dispute be referred for resolution by their respective Executive Management. Within 7 days
of such a request being made, each Representative, by written notice to the other Party, will:
23.3.1. nominate a member of its Executive Management with authority to settle the Dispute
to represent the Party in discussions
23.3.2. ensure that the nominated member of its Executive Management is reasonably
available to discuss the Dispute and nominate a range of times and venues at which its
nominated member is able to engage in discussions, and
23.3.3. provide a written summary of the facts and issues that the Party has identified as
relevant to the Dispute, and any other information that will assist in discussions to
resolve the Dispute.
23.4. Nominated members of the Executive Management will make all reasonable efforts to
engage in and progress discussions, and endeavour, in good faith, to resolve the Dispute.
23.5. In resolving any Dispute in accordance with the procedures in paragraphs 23.1 or 23.3
either Party may (at its own cost) engage an independent mediator or facilitator to assist in
discussions at any stage.
24.
Suspension of service
24.1. AGD has the right to suspend the access of the Agency or a Nominated User of the Agency
to the Services or the Interoperability Hub in the event that any of the following occurs:
24.1.1. AGD becomes aware through a Compliance Statement referred to in Item 7, or is
notified by either the Agency or [Governing Body] that one or more of the requirements
or the timeframes in which the requirements are to be done in Part D – Access to
Services and Part E - Service Requirements are not met, or are no longer met.
<Drafting note: For Agencies using this template in August 2016, the relevant
Governing Body will be “Programme Advisory Committee”>
24.1.2. A Data Holding Agency makes a written request for AGD to suspend the Agency.
14
24.1.3. AGD considers on reasonable grounds that the Agency’s access to the
Interoperability Hub, or the Services provided through it, has the potential to cause an
adverse effect on the security, privacy, reputation, stability or integrity of the Services.
24.2. If AGD decides to exercise its right to suspend the Agency under 24.1, AGD will suspend a
Party’s access to the Services for a period:
24.2.1. recommended to it by [the Governing Body ], or
24.2.2. that it determines is appropriate.
<Drafting note: For Agencies using this template in August 2016, the relevant
Governing Body will be “Programme Advisory Committee”>
24.3. AGD will apply the Suspension and Termination Framework to determine an appropriate
suspension period under sub-paragraph 24.2.2.
24.4. During the period of any suspension AGD and the Agency will work cooperatively to cease,
remedy or ameliorate any activity or circumstances which lead to the suspension being
imposed or continued.
25.
Termination of service
25.1. AGD has the right to terminate the access of the Agency or a Nominated User of the Agency
to any or all of: one or more Data Sources, the Services, or the Interoperability Hub, in the
event that one or more of the following occurs:
25.1.1. AGD becomes aware through a Compliance Statement referred to in Item 7, or is
notified by either the Agency or [Governing Body] that the one or more of the
requirements or the timeframes in which the requirements are to be done in Part D –
Access to Services are not met, or are no longer met.
<Drafting note: For Agencies using this template in August 2016, the relevant
Governing Body will be “Programme Advisory Committee”>
25.1.2. AGD previously suspended the Agency or its Nominated User under Item 24.
25.1.3. In AGD’s opinion, the Agency’s or its Nominated User’s use of the Interoperability
Hub or the Services:
25.1.3.1.
causes, or may cause, severe and prolonged disruption to other users of the
FVS or the Interoperability Hub, or
25.1.3.2.
results, or may result in, in an unacceptable level of risk to the security of the
Interoperability Hub.
25.2. AGD will terminate a Party’s access to one or more Data Sources, the Services, or the
Interoperability Hub:
25.2.1. to implement a recommendation made to it by [Governing Body], or
<Guidance: this may occur if, for example, the Governing Body/Board determines the
Agency has not addressed recommendations of an audit, it receives a complaint from
a Privacy regulator or oversight body that remains unaddressed>
<Drafting note: For Agencies using this template in August 2016, the relevant
Governing Body will be “Programme Advisory Committee”>
15
25.2.2. on request of a Data Holding Agency
25.2.3. if AGD decides to exercise its right to terminate under paragraph 25.1.
26.
Opportunity for the Agency to Respond
26.1. Before termination or suspension under paragraphs 24.2 or 25.2, AGD will:
26.1.1. where practicable, provide reasonable advance notice of its intention to Suspend or
Terminate and the reasons for its decision to Suspend or Terminate, or
26.1.2. offer the Agency the opportunity to respond with a statement that contains evidence
of how the Agency will cease, remedy or ameliorate any activity or circumstances which
enables AGD to take action under paragraphs 24.2 or 25.2.
26.2. The Agency will ensure its statement in sub-paragraph 26.1.2 is sent to AGD as soon as
practicable after being provided with the advance notice in sub-paragraph 26.1.1.
26.3. If the statement in sub-paragraph 26.1.2 is not received within 7 business days, or AGD is
not satisfied with the response, AGD is entitled to proceed with suspension or termination
under paragraphs 24.2 or 25.2.
Part H – Miscellaneous
27.
Limit of AGD’s Responsibility
27.1. The Interoperability Hub and the Services provided through it are the result of co-operative
endeavour between many entities, including Participants. Accordingly, the Agency
acknowledges that its access to, and the exchange of Identity Information via the
Interoperability Hub is on an as-is basis.
27.2. The Interoperability Hub relies on the cooperation and best efforts of all Participants. The
Agency will utilise its best efforts towards the co-operative endeavour.
27.3. Both Agencies understand they will not hold each other either wholly or partially responsible
for any act or omission, system fault or error that may be related to:
27.3.1. use, access or sharing of Identity Information via the Interoperability Hub
27.3.2. termination or suspension of the Services, and
27.3.3. connecting any information technology systems to the Interoperability Hub.
28.
Intervening Event
28.1. Where an event occurs which is out of that Party’s control (an Intervening Event), the Party
will be excused from fulfilling its responsibilities under this MOU. This includes, but is not
limited to, force majeure, a national security event, terrorist activity, natural disasters, acts of
war, riots and strikes outside that party's Agency.
28.2. Without limiting paragraph 28.1, a Party will be excused from performing its responsibilities
under this MOU to the extent that it is prevented from doing so by:
28.2.1. a Government policy decision, or
28.2.2. a default of one of a Party’s external service providers, provided that the Party
exercises all reasonable measures to mitigate the effect of that default.
16
28.3. Where circumstances described in paragraphs 28.1 or 28.2 arise, the affected party will give
notice to the other party as soon as possible, and the parties agree to negotiate in good faith
to minimise the impact of any delay on the Services.
29.
Subcontracting and AGD Service Providers
29.1. Both AGD and the Agency may outsource or subcontract any aspect of their connection to
the Interoperability Hub to one or more external service providers.
29.2. Where requested by each other, the Parties will:
29.2.1. promptly provide all reasonable assistance to enable the other Party to comply with
its obligations under its contracts with its external service providers, and
29.2.2. cooperate with the other Party’s external service providers as reasonably required to
enable the AGD service provider to provide the Services.
30.
Notices
30.1. Where notices, statements, reports or information are required to be sent or communicated
to either of the Parties or other Participants, notices should be actioned or sent to a person
in accordance with the contact protocol contained in Schedule 7 – Contact Information.
30.2. Notices can be effected by electronic mail, and is the preferred method of communication.
30.3. Unless otherwise specified, notices will be provided:
30.3.1. where the notification is to occur after an event, within 3 business days after that
event, or
30.3.2. where the notification is to occur before an event, 5 business days before an event
occurring, as appropriate.
31.
Confidentiality
31.1. This document will be handled by the Parties in accordance with its security classification.
31.2. Except where disclosure is required by law or is otherwise in accordance with
Commonwealth policy, a Party will not distribute this MOU without the prior agreement of the
other Party.
32.
Variation
32.1. Subject to paragraph 32.2, the terms of this MOU, including the forms contained in the
Schedules, can be varied by the written agreement of the Parties.
32.2. A variation to this MOU will only be effective to the extent:
32.2.1. it is consistent with the Access Policy of the Services, and
32.2.2. the proposed variation is provided to the other Party in the form specified in Schedule
10 – Variation Request Form.
17
Part I – Execution
This MOU is entered into by the Parties indicated below.
Signed for, and on behalf of, the Commonwealth of Australia
by [Insert Name], Assistant Secretary, National Security
Division, Attorney-General’s Department, in the presence of:
……………………………….
signature of representative
……………………………….
……………………………….
signature of witness
witness name
Date
Signed for, and on behalf of, the Commonwealth of Australia
by [name], [position], [branch], [Department], in the presence
of:
……………………………….
signature of representative
……………………………….
……………………………….
signature of witness
witness name
Date
18
Schedule 1 – Internal Access Permissions & Estimated Transaction
Quotas
<Guidance: This template document provides an example of how a data source could be included in the scope of the
Arrangement in Schedules 1 and 2. Multiple data sources can be accommodated under this Arrangement by adding additional
information tables in Schedules 1 and 2>
Part A. Data Holding Agency’s internal Access Permissions
<Guidance on content in Column D: The total scope of biographic details, biographic alias information and document details for
each Data Source will be available from AGD or the Data Holding Agency.>
<Guidance on content in Column D: For Nominated Users using the Portal, biographic details, biographic alias information and
document details are supplied in their entirety and a subset cannot be requested.>
<Guidance on content in Column D: For System-to-system transactions performed by Nominated Users, a subset of biographic
details, biographic alias information and/or document detail information can be requested.>
Face Verification Service
(A) Data (B) the Agency’s
Source
Data Source to
number
be shared
through FVS
(C) FVS Function
(D) Agency-level Access Permissions: Type
of information the Agency can provide in
response to Queries conducted by its
Nominated Users
* optional response
1
Face Verification Service
(A) Data (B) the Agency’s
Source
Data Source to
number
be shared
through FVS
(C) FVS Function
(D) Agency-level Access Permissions: Type
of information the Agency can provide in
response to Queries conducted by its
Nominated Users
* optional response
[the Agency to select option(s) by checking boxes/
insert details]
1.
Retrieve
Biometrics (facial image)
☐
Biometrics (facial image)
<Guidance: Check the box to request Biometrics
(facial image)>
Biographic details
☐ Biographic details, including:
[insert]
[the Agency to insert
Data Source 1]
<Drafting Note: For
example, the data
source might be
‘Passport Images’>
< Guidance: Check the box to request biographic
details, and identify which biographic details are
required (for example: Citizenship Certificate
Document Status; Citizenship Status; Family Name;
Given Name(s); Date of Birth; Sex; Country of Birth;
Place of Birth; Deceased Indicator)>
Biographic alias
☐ Biographic alias information not
required
☐ Notification Only
< Guidance: check the Notification only box to be
advised that alias information exists>
☐ Alias Information, including:
[insert]
<Guidance: check the alias information box to receive
the alias information, and identify which biographic
details are required (for example: Family Name; Given
Name(s); Date of Birth; Sex) >
Document details
☐ Document details including:
[insert]
< Guidance: Check the box to request additional
document details, and identify which details are
required (for example Visa Grant Number, Visa Class,
Visa Subclass, Visa Status, Visa Grant Date)>
2
Face Verification Service
(A) Data (B) the Agency’s
Source
Data Source to
number
be shared
through FVS
(C) FVS Function
(D) Agency-level Access Permissions: Type
of information the Agency can provide in
response to Queries conducted by its
Nominated Users
* optional response
[the Agency to select option(s) by checking boxes/
insert details]
☐
Match
Flag only: Yes/No Response
<Guidance: Check this box to receive a flag indicating
match or no-match >
___________________________________
_______
☐
Flag: Yes/No Response and further
information
<Check this box to receive the match notification and
all of, or a subset of, the Biometrics (facial image),
Biographic details, Biographic alias and Document
details for a Yes Response, as indicated by checking
the boxes below.
Biometrics (facial image)
☐ Biometrics (facial image)
Biographic details
☐ Biographic details, including:
[insert]
Biographic alias
☐ Biographic alias information not
required
☐ Notification Only
☐ Alias Information, including:
[insert]
Document details
☐ Document details including:
[insert]
Search
[the Agency to select option(s) by checking boxes/
insert details]
☐
Flag only: Yes/No Response
__________________________________________
☐
Flag: Yes/No Response and further information
Biometrics (facial image)
☐ Biometrics (facial image)
Biographic details
☐ Biographic details, including:
[insert]
Biographic alias
☐ Biographic alias information not required
☐ Notification Only
☐ Alias Information, including:
[insert]
Document details
☐ Document details including:
[insert]
3
<Drafting Note: The Agency will insert additional rows (following the format above) for every Data Source of its own the Agency
will use under this MOU>
<The Agency will insert an additional table (following the format above) for each Service entered into after the Effective Date>
4
Part B. Estimated Transaction Quotas
<Guidance: This information will assist the AGD to ascertain the level of technical and other resources needed to provide the
capacity required to accommodate the expected number of transactions to be conducted on the Data Holding Agency’s own
Data>
Face Verification Service
(A) Data
(B) Data source to
Source
be shared through
number
FVS
(C) Estimated
Transaction Quota
per Financial Year
<Guidance: Parties
should negotiate and
consider the infrastructure
and costs implied by the
Transaction Quota>
1.
[The Agency to insert
Data Source 1]
< For example, the data
source might be ‘Passport
Images’>
(D) Estimated Peak Transaction
Volume and period
<Guidance: The Total number of
Transactions in this Column cannot exceed
the Transaction Quota in Column (C) for the
Data Source>
[the Agency to insert]
[the Agency to insert volume]
<Example 10,000
requests>
<Guidance: For example 100 requests>
[the Agency to insert time period, if relevant]
< For example Every Friday>
<Guidance: this would be within quota - 52
x100 peak requests, = 5200: there would be
4,800 off-peak requests remaining>
<Drafting Note: The Agency will insert additional rows (following the format above) for every Data Source the Agency provides
access to under this MOU>
<Drafting Note: There should be a separate table for each Service under this MOU – The Agency will insert an additional table
(following the format above) for each Service entered into after the Effective Date>
5
Schedule 2 – Nominated User Quotas, Roles and User-level Access
Permissions
Face Verification Service
Data Source 1: [The Agency to insert Data Source 1]
<Drafting Note: This refers to Row number 1 of the Table in Part A of Schedule 1, so the data source would be ‘Passport Images’>
Role
<Guidance:
The Agency
may choose
the name of
the Role.
Each Role
may only be
assigned
query or
administrative
permission
which are
mutually
exclusive.>
[The Agency
to insert]
<Example:
Senior
Investigator>
<Example:
Query Role>
(B) User
requirements
<Guidance Parties
should negotiate
what requirements
are appropriate and
discuss with AGD
how these can be
incorporated into
Technical
Specifications>
<Guidance: Parties
should specify in this
Column whether the
Role is required to
be a person or an
information
technology system>
(C)Nominat
ed User
Sub-quota
<Guidance:
The Total
number of
Nominated
Users in this
Column cannot
exceed the
Nominated
User Quota
below>
[The Agency to
insert]
[The Agency to
insert]
<Example:
Level of security
clearance
Training
requirements
Other requirements>
<Guidance:
Example 10
Nominated
Users>
(D) User-level Access Permissions
<Guidance: With the exception of the Administration facility, the type of
information provided in response can only be equal to, or a subset of, the
Agency Level Access Permissions for the Data Source, as recorded in
Schedule 1,Part A Column D>
<Guidance: Refer to explanations and guidance in Schedule 1, Table A>
<Guidance: Content below is for example purposes only>
[the Agency to
select option(s)
by checking
boxes/ insert
details]
Retrieve
☒
Access
☐
No Access
[the Agency to select option(s) by checking boxes/
insert details]
Biometrics (facial image)
☐
Biometrics (facial image)
Biographic details
☐ Biographic details, including:
[insert]
Biographic alias
☐ Biographic alias information not required
☐ Notification Only
☐ Alias Information, including:
[insert]
[The Agency to
insert Access
Method]
<Example: Direct
access to the Portal>
Document details
☐ Document details including:
[insert]
Match
☒
Access
☐
No Access
☐ Flag only: Yes/No Response
______________________________________
☐
Flag: Yes/No Response and further
information
Biometrics (facial image)
☐ Biometrics (facial image)
Biographic details
☐ Biographic details, including:
[insert]
Biographic alias
☐ Biographic alias information not required
☐ Notification Only
☐ Alias Information, including:
[insert]
Document details
☐ Document details including:
[insert]
1
Search
☒
Access
☐
No Access
☐
No Access
☐
Flag only: Yes/No Response
______________________________________
☐
Flag: Yes/No Response and further
information
Biometrics (facial image)
☐ Biometrics (facial image)
Biographic details
☐ Biographic details, including:
[insert]
Biographic alias
☐ Biographic alias information not required
☐ Notification Only
☐ Alias Information, including:
[insert]
Document details
☐ Document details including:
[insert]
Administration
☐
Access
☒
No Access
<Guidance: The
Role example
provided can
only have query
access
permissions.
Administration
permissions
and query
permissions are
mutually
exclusive.>
[The Agency
to insert]
<Example:
User
Administrator>
<Example:
Administration
Role>
[The Agency to
insert
<Example:
Example:
Level of security
clearance
Training
requirements
Other requirements>
[The Agency to
insert Access
Method]
[The Agency to
insert]
<Example: 9
Nominated
Users>
Retrieve
☐
Access
☒
No Access
<Guidance: The
Role example
provided can
only have
administration
access
permissions.
Administration
permissions
and query
permissions are
mutually
exclusive.>
Match
☐
Access
☒
No Access
Search
☐
Access
☒
No Access
2
Administration
☒
Access
☐
No Access
<AGD recommends that use of the Standard User
Administration, Standard Audit and Standard
System Administration subsets of access. A Role
can be assigned one or more of the pre-defined
administration options. To create fully customisable
administration roles with tailored access, Custom
Administration should be selected, specifying the
permissions required>
☒ Standard User Administration access
Find User
Create User
Manage User
Manage User Account
Manage User Roles
Manage User Access
Unlock User Account
Reset user Password
Disable User Account
Deactivate User Account
Activate user Account
Manage User Certificate
View User Recent Activity
View User Notes
Add User Note
Reauthorise Users
View Outages
☐ Standard Audit access
Can Audit User Activity
Can Audit Transactions
Can Audit Transaction History
View Outages
☐ Standard System Administrator access
View Outages
Manage Outage
☐ Custom Administration: including:
[insert]
Nominated User Quota: [The Agency to insert]
<Guidance: The Nominated User Quota should be the sum of the Nominated Users specified in Column C>
<Example: “80 Nominated Users”>
<Drafting Note: The Agency will insert additional tables (following the format above) for each of its own Data Sources the
Agency will use, and for each Data Source used for a Service under this MOU>
3
Schedule 3 – Principal Client Administrator
Full Name: ____________________________________________________________________
Position held within the Agency: __________________________________________
Email: ________________________________________________________________________
Date appointed/to be appointed as Principal Client Administrator: _____________________
1
Schedule 4 – Data Holding Agency Service Levels
For the purposes of this Schedule, core support hours means the hours stated in Table 4 of this
Schedule.
Availability
1. The Agency will provide, at a minimum, the following level of availability during core support
hours:
1.1.
Production Environment will be available 99.50% per month, and
1.2.
UAT Environment will be available 99.00% per month.
2. For the purposes of this Schedule:
2.1.
Excluding pre-negotiated and scheduled maintenance periods, the inability to process
Transactions for a Service as a result of a disruption to the Agency’s information and
communication technology will result in a 100% Service Availability Outage for the
duration of the disruption.
2.2.
Availability (%) is equal to Service Hours - Outage time X 100 / Service Hours.
Performance
3. The Agency’s Production Environment is designed to consistently perform its intended and
required functions, meeting the availability requirements. The Agency’s Services aim to have no
more than five incidents resulting in unscheduled outages per year within core support hours.
Face Verification Service (FVS)
Specification
Service Hours
Service Level
24 hours a day, 7 days a week
Service Reliability
≤ 5 incidents per year (rolling 12 month period)
Transaction Response
Retrieve, Match and Search Functions ≤ 10 seconds per
Query, 95% on average in any one calendar month during
core support hours*
Service Capacity
Transaction Concurrency
70,000 Queries per day
10 Queries per second#
<Drafting Note: AGD is prepared to negotiate the items in green highlight with the Data Holding
Agency>
* transaction response times are measured as the interval between the entry and exit of a Query and
Response through the Agency-specific information and communication technology infrastructure, and
# as
far as practicable, scheduled maintenance affecting the Services will be conducted between:
1.1.1.10.00PM - 7.00AM AEST/AEDT Business Days
1.1.2.1.00PM and 12.00 midnight AEST/AEDT Saturdays and
1.1.3.12.01AM - 11.59PM AEST/AEDT Sundays.
1
Resolution Times
4. The Agency is responsible for ensuring that incident resolution conforms to the impact, urgency
and priority levels stated in Table 2: Interoperability Hub Impact, Urgency and Priority Levels.
Table 1: Holding Agency Impact, Urgency and Priority Levels
Level
Impact
Considerations
Considers the business impact (service degradation) upon:

Urgency
Requesting Agencies
The speed that Incidents are expected to be resolved:

High
An Incident preventing a Requesting Agency from processing the Agency’s
Transactions.
The Agency’s system is producing multiple transaction error flags to one or
more Requesting Agencies

Medium
An incident has occurred that has a minor impact on operations during core
support hours. Transaction processing continues.

Low
An Incident where a work-around is available and impact is mostly invisible
to all Participants or impacts only a single Nominated User.
Priority
In accordance with ITIL principles, service levels are based on the priority of the
Incident as derived from impact and urgency metrics shown in Table 2: ‘Priority Level
Derived from Impact and Urgency Levels.’
A single Priority Level should be assigned to each Incident at any point in time,
derived from the following scale:

P1 – N/A

P2 – High

P3 – Medium

P4 – Low
Table 2: Priority Levels Derived from Impact and Urgency Levels
PRIORITY
URGENCY
(to be assigned)
Critical
Requesting Agencies
Single Nominated User incident,
password reset
High
Medium
Low
P2
P3
P4
P4
2
4.1.
The Services will conform to the priorities, response and resolution times stated in the
Table 3: Response and Resolution Times.
4.2.
The Agency will confirm the priority level at the time the incident is logged, in consultation
with the incident originator.
4.3.
All Incidents will be logged by the Agency’s Client Administrators via the Administration
Facility, or email, to the Hub Operator.
4.4.
The Agency will notify the Hub Operator throughout the resolution period in accordance
with Table 3: Response and Resolution Times.
Table 3: Response and Resolution Times
Production Environments
Resolution Time
Priority
Response Time
P2
30 minutes
8 hours
Every 60 minutes
P3
2 business hours
18 business hours
Every 9 business hours
(includes response times)
Update Time
All other Environments
Priority
Response Time
Resolution Time
Update Time
(includes response times)
P2
60 minutes
16 hours
Every 90 minutes
P3
4 business hours
24 business hours
Every 9 business hours
P4
9 business hours
72 business hours
As agreed
Service Desk
5. The Agency will provide a Service Support Desk on the basis of the following:
Table 4: Service Desk Hours of Operation
Support Type
Support Hours
Monday to Friday (5 days)
Core Support Hours
8:30am to 5:30pm (AEST / AEDT)
excluding National and ACT Public Holidays
Ph: [00] [0000] [0000]
Contact Details
Email: [insert]
3
Transaction Records
The Agency will maintain transaction records containing the following information for each
Transaction conducted on its own Data Source(s):
Information available for the Agency to
Information the Agency will need to
download by exporting data from the
generate, or have recorded through existing
Administrative Facility of the Portal
business practices
Date and time of transaction in AEST
Purpose of transaction
FVS function accessed (eg
Whether any Identity Information received
Retrieve/Match/Search)
was disclosed to a Third Party
Unique User ID (username)
How any Identity information received was
retained/destroyed
Transaction Group ID
System Name (eg Portal)
Status of Transaction (e.g. Received, with
Holding Agency, Returned, Delivered,
Removed)
State (eg Success, Failure)
A report containing the number of instances
the FVS was accessed by each Nominated
User
<Guidance note: The Agency may wish to consider whether it will keep records relating to: Message
State Code (eg Validation, Error, Timeout Error, Inconsistent Message State), Message State
Message(message provided back from Holding Agency on transaction) and MD5# of image used in a
Query, if any)>
Destruction of Queries
After providing a Response to a Query received via the Interoperability Hub, the Data Holding Agency
will destroy the Query as soon as practicable.
4
Schedule 5 – AGD Service Levels
For the purposes of this Schedule, core support hours means the hours stated in Table 5 of this
Schedule.
Reporting
1. AGD has the right, but is under no obligation, to report to [Governing Body] if it reasonably
suspects any of its requirements under Part E - Service Requirements are no longer being met.
2. AGD will provide the Agency with a mechanism to report Outages available through the Portal
(the outages and notification functionality) in the Administration Facility.
Availability
3. The Interoperability Hub Environments will provide, at a minimum, the following level of availability
during core support hours:
3.1.
Production Environment will be available 99.50% per month, and
3.2.
SIT/UAT Environments and the Development Environment will be available 99.00% per
month.
4. For the purposes of this Schedule:
4.1.
Excluding pre-negotiated and scheduled maintenance periods, the inability to process
Transactions for a Service as a result of a disruption to AGD’s information and
communication technology will result in a 100% Service Availability Outage for the
duration of the disruption.
4.2.
Availability (%) is equal to Service Hours - Outage time X 100 / Service Hours.
Performance
5. The Production Environment for the Interoperability Hub is to consistently perform its intended
and required functions, meeting the availability requirements. The Interoperability Hub aims to
have no more than five incidents resulting in unscheduled outages per year within core support
hours.
Expiry periods
6. The following activities and enabling documents issued by AGD that are necessary to use or
access the Services will expire after the time periods listed in Column B of table 1.
Table 1: Expiry Periods
A. Activity/Document
User Creation Request
B. Will expire
[X] after
Initiating
event
5 business days
Digital Certificate
5 business days
User Certificate
2 years
C. Initiating event
[the Agency] submits User
Creation Request through the
Portal
AGD notifies Nominated User
of their or its Digital Certificate
After AGD issues User
Certificate on date published
in System Configuration Items
1
Root Certificate Authority
Expiry
5 years
After AGD issues Root
Certificate Authority on date
published in System
Configuration Items
Resolution Times
7. The Hub Operator is responsible for ensuring that incident resolution conforms to the impact,
urgency and priority levels stated in Table 2: Interoperability Hub Impact, Urgency and Priority
Levels.
Table 2: Interoperability Hub Impact, Urgency and Priority Levels
Level
Impact
Considerations
Considers the business impact (service degradation) upon:



Urgency
Holding Agencies
Requesting Agencies
Interoperability Hub applications and infrastructure
 AGD
The speed that Incidents are expected to be resolved:

Critical
Any incident causing an outage of the Interoperability Hub

High
An Incident preventing a Requesting Agency from accessing the
Interoperability Hub or processing Transactions.
The system is producing multiple transaction error flags to one or more
Requesting Agencies

Medium
An incident has occurred that has a minor impact on operations during core
support hours. Transaction processing continues.

Low
An Incident where a work-around is available and impact is mostly invisible
to all Participants or impacts only a single Nominated User.
Priority
In accordance with ITIL principles, service levels are based on the priority of the
Incident as derived from impact and urgency metrics shown in Table 3: ‘Priority Level
Derived from Impact and Urgency Levels.’
A single Priority Level should be assigned to each Incident at any point in time,
derived from the following scale:

P1 – Critical (highest priority)

P2 – High

P3 – Medium

P4 – Low
2
Table 3: Priority Levels Derived from Impact and Urgency Levels
URGENCY
(to be assigned)
Critical
High
Medium
Low
Interoperability Hub
P1
P1
P2
P3
Data Holding Agencies
P1
P1
P2
P3
P2
P3
P4
IMPACT
PRIORITY
Requesting Agencies
Single Nominated User
incident, password reset
P4
7.1.
The Services will conform to the priorities, response and resolution times stated in the
Table 4: Response and Resolution Times.
7.2.
The Hub Operator will confirm the priority level at the time the incident is logged, in
consultation with the incident originator.
7.3.
All Priority 1 Incidents will be logged by the Agency’s Client Administrators via the
Administration Facility, or email, to the Hub Operator.
7.4.
The Hub Operator will broadcast a status update to relevant Client Administrators of
Participants throughout the resolution period in accordance with Table 4: Response and
Resolution Times.
Table 4: Response and Resolution Times
Production Environments
Resolution Time
Priority
Response Time
P1
15 minutes
4 hours
Every 30 minutes
P2
30 minutes
8 hours
Every 60 minutes
P3
2 business hours
18 business hours
Every 9 business hours
(includes response times)
Update Time
All other Environments
Priority
Response Time
Resolution Time
Update Time
(includes response times)
P1
30 minutes
8 hours
Every 60 minutes
P2
60 minutes
16 hours
Every 90 minutes
P3
4 business hours
24 business hours
Every 9 business hours
P4
9 business hours
72 business hours
As agreed
3
Service Desk
8. AGD will provide a Service Support Desk on the basis of the following:
Table 5: Service Desk Hours of Operation
Support Type
Support Hours
Monday to Friday (5 days)
Core Support Hours
8:30am to 5:30pm (AEST / AEDT)
excluding National and ACT Public Holidays
Contact Details
Ph: 02 6141 3232
Email: [email protected]
4
Schedule 6 – Statement of Legislative Compliance
<Guidance: This schedule should include details of relevant portfolio legislation as well as, if applicable, the Privacy Act>
<Drafting note: Add additional rows to the tables as required>
Legislative basis for the Agency to use its own Identity Information via the Interoperability Hub
Use of Identity Information
Name of
legislation
Operative
provision
(section number)
Type of Identity
Information that
can be used (e.g.
facial image)
Permitted
purpose for use
(e.g. law
enforcement)
Persons to whom
use is permitted
(e.g. other
Commonwealth
agencies)
Limitations/
additional
requirements (if
any) (e.g.
reasonable belief
that use is
necessary)
Legislative basis for the Agency to ‘disclose’ Identity Information in a Response provided
through the Interoperability Hub
Name of
legislation
Operative
provision
(section number)
Type of Identity
Information that
can be disclosed
(e.g. facial image)
Permitted
purpose for
disclosure (e.g.
law enforcement)
Persons to whom
disclosure is
permitted (e.g.
other
Commonwealth
agencies)
Limitations/
additional
requirements (if
any) (e.g.
reasonable belief
that disclosure is
necessary)
Legislative basis for the Agency to ‘collect’ Identity Information from a Query provided
through the Interoperability Hub
Collecting Identity Information from a Requesting Agency through a Query
Name of
legislation
Operative
provision
(section number)
Type of Identity
Information that
can be collected
(e.g. facial image)
Permitted
purpose for
collection (e.g.
law enforcement)
Persons to whom
collection is
permitted (e.g.
other
Commonwealth
agencies)
Limitations/
additional
requirements (if
any) (e.g.
reasonable belief
that collection is
necessary)
1
Schedule 7 – Contact Information
General Contact Details:
The Agency
Contact information:
the Agency
[Address Line 1]
[Address Line 2]
[Address Line 3] [State] [Postcode]
Services Contact Officer:
{insert}
[position] < Drafting note: intended to be at APS 6/EL1 level>
[Branch]
[insert]@the Agency.gov.au
Representative:
{insert}
[position] < Drafting note: intended to be at EL2 level>
[Branch]
[insert]@the Agency.gov.au
Senior Representative:
{insert}
[position] < Drafting note: intended to be at SES Band 1 level>
[Branch]
[insert]@the Agency.gov.au
Attorney-General’s Department
Contact information:
Attorney-General’s Department
3-5 National Circuit
Barton ACT 2600
Ph: 02 6141 3232
[email protected]
Services Contact Officer:
{insert}
[position] <Drafting note: intended to be at APS 6/EL1 level>
[Branch]
Ph: 02 [insert]
[insert]@ag.gov.au
1
Representative:
{insert}
[position] < Drafting note: intended to be at EL2 level>
[Branch]
Ph: 02 [insert]
[insert]@ag.gov.au
Senior Representative:
{insert}
[position] < Drafting note: intended to be at SES Band 1 level>
[Branch]
Ph: 02 [insert]
[insert]@ag.gov.au
Contact Protocols
The Agency
AGD
Outages Notification
Interoperability Hub outage and
notification functionality
Interoperability Hub outage and
notification functionality
General Incidents:
[The Agency to insert contact]
[insert availability period]
Ph: [00] [0000-0000]
Email: [insert]
IDMS Team
[insert availability period]
Ph: [00] [0000-0000]
Email: [insert]
Critical Incidents
[The Agency to insert contact]
[insert availability period]
Ph: [00] [0000-0000]
Email: [insert]
Mobile: [insert]
IDMS Team Administrator
[insert availability period]
Ph: [Insert]
Email: [insert]
Mobile: [insert]
Urgent/Emergency Request/
Dispute Resolution
[The Agency to insert contact]
Ph: [insert]
Email: [insert]
Mobile: [insert]
IDMS Team Manager
Glenis Hunter
Ph: [insert]
Email: [insert]
Mobile: [insert]
<Guidance: A Agency can update its Contact Protocol details by written notice to the other Agency
under Item 32 of this MOU>
2
Schedule 8 – Nominated User Registry Requirements
<Guidance: For the avoidance of doubt, the Nominated User Registry will not be attached to this
MOU, as it will be updated regularly to meet operational requirements>
<Guidance: The Nominated User Registry is for record keeping and auditing purposes only as
indicated in this MOU. It will have limited internal distribution based on a need to know basis and will
not be made publicly available, including to AGD>
The Agency will maintain a Nominated User Registry containing the following information for each
Nominated User:
Unique User ID <Guidance: It is recommended that the Unique User ID is pseudonymous>
First name and surname (if applicable)
Position title (if applicable)
Role
User-Level Access Permissions
Date access commenced
Date access renewed
Period access was suspended and reason for suspension (if applicable)
Date access ceased and reason for cessation (if applicable)
Date Role changed and reason for change (if applicable)
Date Role previously changed
1
Schedule 9 – Compliance Statement
Compliance relating to the Agency’s use of the Services and Interoperability Hub
1.
Explain how the Agency ensures personnel are aware of privacy and security
obligations prior to using and whenever using the Face Verification Service (FVS).
Eg. What training is provided to personnel?
Are policies, guidelines updated/amended accordingly to reflect any changes to
privacy/security obligations?
2.
How does the Agency ensure the Agency’s personnel are aware that the FVS
does not make decisions about identity but provides support to make those
decisions?
Eg. What other processes are used to confirm someone’s identity apart from FVS matches?
How do you ensure that any decisions on identity are not based solely on the information
obtained from the FVS?
If there are exceptional instances where decisions on identity is based solely on the
information obtained from the FVS, what are the exceptional circumstances, how does the
Agency decide that it is an exceptional circumstance, and how does the Agency ensure that
decisions about what is an ‘exceptional circumstance’ are made uniformly?
3.
How does the Agency integrate the FVS into the Agency’s business processes
to ensure that handling complaints, responding to access to information requests and
reviews of decisions is in accordance with the Agency’s own procedures and any
Privacy Impact Assessment recommendations the Agency has accepted?
Eg. What does the Agency tell individuals or customers about their rights to question
decisions that may have involved FVS matches? Does the Agency’s staff know that
complaints are to be handled by the Agency?
4.
Confirm that the Agency’s connections with the Interoperability Hub are in
accordance with FVS technical requirements.
Eg. Are the FVS technical requirements in line with the requirements set out in the FVS
Access Policy, data sharing arrangements the Agency has entered into and the Services
MOU between the Agency and AGD?
5.
Explain the procedures the Agency use to promptly handle and report to the
IDMS Team any suspected or actual breaches of privacy or security.
Eg. What is your process if you were to identify any privacy or data security incidents that
occur in using the FVS?
6.
Have the Agency’s identity decision processes been audited or reviewed since
the Agency’s last Compliance Statement? If so, did the Agency report to the
[Governance Body] any recommendations made to the Agency on improving the
Agency’s operation of the FVS?
Eg. Audits/reviews and recommendations relating to the FVS were communicated to the
[Governance Body] on …
1
<Drafting note: For Agencies using this template in August 2016, the relevant Governing
Body will be “Programme Advisory Committee”>
7.
How does the Agency retain information in connection with the Agency’s use
of the FVS for compliance purposes and to fulfil privacy and record keeping
requirements including log transactions?
Eg. Are all FVS transactions logged and can the logs be viewed on request?
8.
How does the Agency destroy Identity Information received in Queries in
accordance with the Agency’s privacy requirements?
Eg. Once the Agency provides a Response, what technical processes does it use to ensure
the Query is destroyed? Within what timeframe will the Query be destroyed?
Signatories:
This Compliance Statement was made by the Agency on [date].
Signed by [name], [position], [branch], the
Agency, in the presence of:
……………………………….
signature of representative
……………………………….
witness name
……………………………….
signature of witness
2
Schedule 10 – Variation Request Form
This form will be used to record amendments to current arrangements, including
administrative, financial, technical and/or legislative aspects of the Head MOU, Identity
Information or Service Schedules. Please lodge this form through the relevant Services
Contact Officer.
Variation Request will apply to:
Variation Request #
Title
Date Request Entered Into
Variation Details
Agency Initiating Variation
Variation Title
the Agency

AGD

1. [Proposal: Description of the nature of variation request.
Document the variations that are required.]
2. [Services Defined]
3. [Additional Information]
Proposed Implementation
Date
Costs
The following costs (inclusive of GST) will be met by:
the Agency

AGD

Other Comments:
Variation Request Initiator:
1
Please sign below to acknowledge that the Variation Request Form is for assessment purposes only
and that submission does not guarantee the variation will go ahead (if initiator details are different
from the Services Contact Officer’s Details, please outline below).
Date:
Name:
Position:
Branch/Division/Department:
Email:
Ph:
Signatories:
This Variation was entered into by the Parties on [date]
Signed for, and on behalf of, the Commonwealth of
Australia by [name], Assistant Secretary, National
Security Division, Attorney-General’s Department, in
the presence of:
……………………………….
signature of representative
……………………………….
……………………………….
signature of witness
witness name
Signed by [name], [position], [branch],
[Department], in the presence of:
……………………………….
signature of representative
……………………………….
witness name
……………………………….
signature of witness
2