This excerpt taken from the GPS 10-Q filed Jun 9, 2009.
11.3 Disaster Avoidance
As to those Supplier Service Locations (other than Gap Sites), Supplier shall maintain disaster avoidance procedures designed to safeguard the Gap Data and the availability of the Services, throughout the Term. Such disaster avoidance procedures include, but are not limited to, the following:
A. Physical Security
Access to Supplier Service Locations shall be strictly controlled by Supplier. An electronic badge system or other appropriate systems will be maintained and utilized by Supplier to control access to Supplier Service Locations. *. In addition, Supplier shall, on a twenty-four (24) hours a day, seven (7) days a week basis, monitor Supplier Service Locations access. Supplier shall also (to the extent such acts do not violate any union agreement) maintain, to the extent Supplier deems necessary, operational video cameras to monitor the main entrance, parking facilities, and critical areas within Supplier Service Locations twenty-four (24) hours a day, seven (7) days a week.
B. Fire Protection
As to Supplier Data Center(s), fire detection, containment, and fire suppression systems and processes shall meet Supplier, Industrial Risk Insurers (IRI), and National Fire Protection Association (NFPA) requirements and shall be regularly reviewed and updated.
C. Power Supply
As to Supplier Data Center(s), Supplier shall maintain two levels of power backup designed to provide uninterrupted operation of Supplier Data Center(s) and equipment located in such Supplier Data Center(s) in the event of a loss of power. Supplier Data Center(s) will also have EPS generation as a second source of backup power.
D. Equipment/Air Conditioning
As to Supplier Data Center(s), Supplier shall maintain two (2) levels of protection against loss of cooling, including a primary backup system and a secondary backup system that shall be capable of providing continuous cooling during a power outage.
E. Hardware and Software Changes
Supplier shall strictly comply with the Change Management procedures as set forth in Section 5 (Change Management) of Exhibit A.2 (Cross Functional Services), and shall ensure that Supplier Personnel are familiar with such procedures and that such procedures are used for both hardware and software Changes.
As to the Gap Data Centers occupied by Supplier, Supplier shall be vigilant of the Disaster avoidance services and systems provided by Gap or third party suppliers on behalf of Gap; and report in writing to Gap issues known by Supplier to create a physical risk to the Data Center of the personnel working therein.
Gap Confidential and Proprietary Information