A V A N S E

Loading

Outsourcing of information technology services

Avanse Financial Services Limited ("Avanse"), an NBFC regulated by the Reserve Bank of India (RBI) may, subject to extant regulations, outsource its certain Information Technology (IT) and IT enabled Services (ITeS) activities to the service provider/s. While undertaking the outsourcing of IT and ITeS from Avanse, service provider/s shall be deemed to have read and accepted the below mentioned IT Outsourcing Terms & Conditions ("T&Cs"). The T&Cs are framed in view of directions issued by the RBI - Master Direction on Outsourcing of Information Technology Services dated April 10, 2023 ("RBI Master Direction"), and as such the service provider/s shall follow the T&Cs to the extent relevant to their activity.

Outsourcing Terms and Conditions ("T&Cs"):
This Schedule shall form an integral part of the IT Outsourcing Agreement ("Agreement").

Definitions:

  • Outsourcing:
    Outsourcing is defined as the NBFC's use of a third party (either an affiliated entity within a corporate group or an entity that is external to the corporate group) to perform activities on a continuing basis ("Continuing basis" includes agreements for a limited period) that would normally be undertaken by the NBFC itself, now or in the future.
  • Material Outsourcing:
    1. if disrupted or compromised shall have the potential to significantly impact the RE's business operations; or
    2. may have a material impact on RE's customers in the event of any unauthorized access, loss, or theft of customer information.
  • Outsourcing of IT Services shall include outsourcing of the following activities:
    1. IT infrastructure management, maintenance and support (hardware, software or firmware);
    2. Network and security solutions, maintenance (hardware, software or firmware);
    3. Application Development, Maintenance and Testing; Application Service Providers (ASPs) including ATM Switch ASPs;
    4. Services and operations related to Data Centres;
    5. Cloud Computing Services;
    6. Managed Security Services; and
    7. Management of IT infrastructure and technology services associated with payment system ecosystem.
  • Service Provider:

    The provider of IT or IT enabled services including entities related to the RE or those which belong to the same group or conglomerate to which the RE belongs. Appendix III provides an indicative (but not exhaustive) list of a) Services/ Activities not considered under "Outsourcing of IT Services" for the purpose of the RBI Master Direction and b) Vendors / Entities who are not considered as Third-Party Service Provider (TPSP) for the purpose of the RBI Master Direction.

Terms & Conditions for Outsourcing activities:
Any activity outsourced by Avanse to the Service Provider shall be subject to the following general terms and conditions:

  • The Service Provider shall,
    1. adhere to all the applicable laws, rules, regulations, conditions of approval related to licensing or registration, guidelines and/or directives, as may be amended from time to time, issued to and/or applicable to Avanse as well as the Service Provider, by a statutory or regulatory authority as may be applicable from time to time, with respect to the Services and other subject matter hereof;
    2. act with all reasonable diligence, in good faith, observe all instructions of Avanse from time to time and shall follow fair practices to maintain privacy, consumer and prudential laws;
    3. not carry out any activity that would result in internal control, business conduct or reputation of Avanse being compromised or weakened;
    4. not conduct business on its own behalf, inconsistent with the overall strategic goals of Avanse;
    5. have adequate financial capacity to fulfil obligations and/ or to provide remedies to Avanse in the event of technology failure, fraud, error on part of the Service Provider;
    6. not assign or subcontract any of its responsibilities contained in the Agreement to any agent, sub-agent or sub-contractor without prior written permission of AVANSE, which AVANSE may deny at its absolute discretion and if AVANSE gives such prior written permission, it shall not be construed as waiver of any accrued rights and/or liabilities and the Service Provider shall be fully responsible for all its and omissions of its contractors, sub-contractors or agents. Irrespective of the prior approval given by Avanse, it is further clarified that the Service Provider shall be contractually liable for the performance of and risk management practices of its sub-contractors. The Service Provider shall ensure that prior to the engagement of the sub-contractor, the Service Provider undertakes thorough due diligence of the sub-contractor (if any) including but not limited to assessment of financial creditworthiness, operations, risk management practices etc.
    7. The agreement in respect of services shall be on Principal-to-Principal basis.
    8. report all cyber incidents to AVANSE without any undue delay, so that such cyber incidents are reported by AVANSE to RBI within 6 hours of detection by the Service Provider.
    9. provide details of all the data to AVANSE (data related to AVANSE and its customers) which has been captured, processed and stored by the Service Provider;
    10. store the data only in India as per extant regulatory requirements;
    11. ensure adequate safeguards are in place to store all the data pertaining to AVANSE, in a manner, so as to be able to isolate AVANSE's information, documents, records and other assets;
    12. provide information in relation to the third parties (in the supply chain) engaged by the Service Provider to AVANSE and AVANSE shall have the right to seek such information as and when necessary;
    13. enter into suitable back-to-back arrangements with the original equipment manufacturers, as may be required;
    14. ensure that they have adequate safeguards to ensure that there is no combining/co-mingling of information, documents, records and assets of Avanse in case the Service Provider is acting as an outsourcing agent for multiple entities.
    15. forthwith report to AVANSE without undue delay, details regarding occurrence of any incidents that may constitute a "material adverse event" (including but not limited to cyber incidents, data breaches, denial of service, service unavailability, etc.) in order to enable AVANSE to take prompt risk mitigation measures and ensure compliance with statutory and regulatory guidelines.
    16. comply with the requirements and provisions of the RBI - Master Direction on Outsourcing of Information Technology Services dated April 10, 2023, as may be amended from time to time.
    17. ensure compliance with the provisions of the Information Technology Act, 2000 and other applicable legal requirements and standards, as may be applicable respectively, to protect the customer data of AVANSE;
    18. strictly adhere to internal guidelines, policies and standards as may be issued by Avanse from time to time that are duly shared with the Service Provider;
    19. ensure reasonable standards of care and skill in discharging the Services in terms of the Agreement.
    20. put in place appropriate procedures and policies to restrict its employees, consultants or other agents from causing breach under the Agreement. It shall promptly notify Avanse of any such breach;
    21. the Service Provider shall be under an obligation to co-operate with the relevant authorities in the event of insolvency / resolution of AVANSE.
    22. provide such suitably qualified, experienced and competent Personnel and sub-contractors as may reasonably be required for the performance of the Services. If so requested by AVANSE, the Service Provider shall provide evidence of the previous experience, qualifications and competence of any Personnel engaged in the performance of such Services. Further, the Service Provider shall identify skilled resources who provide core services as "essential personnel" to ensure that such essential personnel with back-up arrangements necessary to operate critical functions can work on-site during exigencies (including pandemic situations);
  • Confidentiality and Secrecy
    1. The Service Provider recognises that in the course of the transactions envisaged by the Agreement, it may be privy to certain confidential information (regardless of whether such information is expressly marked or designated as "confidential" or "proprietary") relating to AVANSE and its businesses including legal, financial, technical, commercial, marketing and business related records, data, documents, reports, etc., client information, the terms of the Agreement and the details of the negotiations between the Parties (the "Information"). The Service Provider agrees that:
      1. it shall keep all Information and other materials passing from AVANSE to the Service Provider confidential and shall not, without the prior written consent of AVANSE, divulge such Information to any other person or use such Information other than for the purposes of carrying out the Agreement.
      2. it shall take all steps as may be reasonably necessary to protect the integrity of the Information and to ensure against any unauthorized disclosure thereof;
      3. The Service Provider, it's employees, agents, and subcontractors shall treat all records and information containing personal Information acquired or generated as a result of the Agreement in strict confidence and with the care and security required to ensure they are not disclosed or made known to any person except in accordance with the Agreement and shall promptly inform AVANSE of any potential or accidental disclosure of the Information and take all steps, together with AVANSE, to retrieve and protect the said Information;
      4. It shall inform AVANSE immediately upon it becoming aware of any unauthorized access, collection, use, disclosure or destruction of records and information containing personal Information relating to the Agreement.
      5. It shall ensure that the personnel and all its employees and/or representatives who are given access to the Information shall at all times be bound by legally valid and written non-disclosure obligations under their employment contracts; and
      6. It shall limit access to all Information on need-to-know basis, to only those of Service Provider's personnel, agents and representatives who need to know such information for carrying out AVANSE obligations for the purposes of carrying out the Agreement.
      7. It shall use the Information only for the purpose for which it was provided and not profit from the same in an unauthorized manner to the exclusion of AVANSE.
    2. All the Confidentiality obligations applicable to the Service Provider under the Agreement, shall be made applicable to all the employees, affiliates, agents, representatives, advisers, consultants, or such other persons with whom such Information is shared by the Service Provider. Upon expiry or termination of the Agreement, the Service Provider shall return to AVANSE all Information received by it or destroy all such Information and certify in writing to such destruction. In case any information is retained by the Service Provider, a non-disclosure agreement will be entered into by the Parties with respect to such information.
    3. The Service Provider shall ensure that, other than in the course of and for the purpose of rendering services to AVANSE, the Information will not be copied, reproduced, reengineered, reverse engineered or transmitted by any means and in any form whatsoever (including in an externally accessible computer or electronic information retrieval system) by the Service Provider or its representatives without the prior written permission of AVANSE.
    4. The Service Provider shall maintain the confidentiality of the Information by exercising no lesser security and control measures and degree of care than those which the Service Provider applies to its own confidential information.
    5. The Service Provider shall fully indemnify AVANSE for any loss, damage caused due to breach and/or leakage of confidential Information of AVANSE and/or violation of any applicable laws.
    6. AVANSE shall have the right to review and monitor the security practices and control processes of the Service Provider on a regular basis and may require the Service Provider to disclose any security breaches.
    7. The obligations contained in this Section shall not apply to any part of the Information in the case where that part of the Information that is or has become public (other than by breach of the Agreement) and shall not restrict any disclosure by the Service Provider required by law or by any court of competent jurisdiction, any enquiry or investigation by any governmental, official or regulatory body which is lawfully entitled to require any such disclosure, provided that, so far as it is lawful and practical to do so prior to such disclosure, the Service Provider when subject to such disclosure shall promptly notify AVANSE of such requirement with a view to providing the opportunity for AVANSE to contest such disclosure or otherwise to agree the timing and content of such disclosure.
    8. The obligations contained in this Section shall continue to apply after the termination or expiry of the Agreement.
    9. The Service Provider shall, on written demand of AVANSE immediately return Information together with any copies in its possession.
    10. The Service Provider acknowledges that in the event of any breach or threatened breach of this Section by the Service Provider/its employees/agents/sub-contractors, monetary damages may not be an adequate remedy, and therefore, Avanse shall be entitled to injunctive relief to restrain the Service Provider/its employees/agents/sub-contractors from any such breach, actual or threatened.
  • Data Protection
    1. The Service Provider (and shall procure that the Service Provider's personnel) shall comply with all Data Protection Legislation and such compliance shall include, but not be limited to, maintaining a valid and up to date registration or notification (where applicable) under the Data Protection Legislation.
    2. For the purpose of the Agreement,
      1. "Data Protection Legislation" means the legislation and regulations relating to the protection of Personal Data and processing, storage, usage, collection and/or application of Personal Data or privacy of an individual including (without limitation):
        1. the Information Technology Act, 2000 (as amended from time to time), including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("Privacy Rules"), the Indian Computer Emergency Response Team ("CERT-In") Direction on Cyber Security Incident Reporting dated April 28, 2022 ("CERT-In Directions") and personal data privacy and protection laws (including Digital Personal Data Protection Act, 2023 and rules prescribed thereunder) that will supersede the present laws in future ;
        2. all other industry guidelines (whether statutory or non-statutory) or codes of conduct relating to the protection of Personal Data and processing, storage, usage, collection and/or application of Personal Data or privacy of an individual issued by any regulator to Avanse; and
        3. any other applicable law solely relating to the protection of Personal Data and processing, storage, usage, collection and/or application of Personal Data or privacy of an individual.
      2. "Personal Data" shall have the same meaning as ascribed to the term "Personal Data or Information" and/or "Sensitive Personal Data or Information" under the applicable Data Protection Legislation (as amended from time to time).
    3. The Service Provider shall only undertake the processing of Personal Data:
      1. reasonably required in connection with the performance of its obligations under the Agreement; and
      2. in accordance with the Avanse's written instructions, and,
      3. shall comply with all reasonable procedures and processes notified by Avanse from time to time.
      4. solely and exclusively for the purposes for which the Personal Data, or access to it, is provided pursuant to the Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Personal Data for the Service Provider's own purposes or for the benefit of anyone other than Avanse.
    4. Avanse hereby instructs the Service Provider to take such steps in the processing of Personal Data on behalf of Avanse as are reasonably necessary for their performance of the Service Provider's obligations under the Agreement.
    5. The Service Provider shall not process or transfer any Personal Data outside India without the prior written consent of Avanse.
    6. The Service Provider shall at all times have appropriate technical and organisational measures in place acceptable to Avanse:
      1. To prevent unauthorised or unlawful, access, alteration, destruction, cloning, skimming, disclosure, dissemination, or processing of any Personal Data;
      2. To protect any Personal Data against accidental loss, destruction or damage;
      3. To ensure the reliability of its personnel having access to the Personal Data and ensure that Personal Data is only disclosed to the personnel who have a need to know such information to perform the Services and other obligations under the Agreement;
      4. On Avanse's reasonable request, the Service Provider will:
        1. provide a detailed, written description of the measures undertaken by the Service Provider and the Service Provider's compliance with those measures; and
        2. allow Avanse access to the Service Provider's premises to inspect its procedures for the processing of Personal Data;
      5. If the Service Provider receives a request from any person for access to Personal Data or any other request relating to Avanse's obligations under the Data Protection Legislation the Service Provider shall:
        1. immediately notify Avanse (no later than 24 hours); and
        2. provide full co-operation and assistance to Avanse in relation to any such complaint or request including, without limitation:
          1. provide Avanse with full details of any such request;
          2. provide Avanse with any Personal Data it holds in relation to any person in a form specified by Avanse and within 2 days (or as per the timelines agreed to under the Agreement) of receipt of the request from any person or as otherwise stipulated by Avanse; and
          3. comply with the data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with explicit authorisation to do so from Avanse;
        3. The Service Provider shall:
          1. immediately provide Avanse with full details of any complaint or allegation that it is not complying with the Data Protection Legislation; and
          2. assist Avanse in taking any action that Avanse deems appropriate to deal with such complaint or allegation including without limitation immediately providing Avanse with any Personal Data it holds in relation to any person.
    7. Upon written request of Avanse, at any time during the tenure of the Agreement or upon its termination as per the provisions of the Agreement, the Service Provider shall, at the option and/or request of Avanse:
      1. Promptly return all customer data, Personal Data and Confidential Information (or part thereof required in such request) (including copies) to Avanse.
      2. Destroy that Confidential Information (including copies) in manner specified by Avanse and promptly certify to Avanse in writing it has done so;
      3. The Service Provider shall not have right of lien over any of the documents/data or any other property of Avanse which is in the possession of the Service Provider, for any reason whatsoever.
      4. Return forthwith all materials, documents, etc. received from Avanse.
    8. If the Service Provider becomes aware of a breach or a potential breach of security, it must immediately:
      1. Notify Avanse of such breach or potential breach (no later than 6 hours)
      2. Identify the cause
      3. Do all within its power to remedy any breach and its consequences
      4. Ensure that any potential breach does not become any actual breach
      5. Provide Avanse with a report detailing the cause of and procedure for correcting the breach or potential breach within five (5) days (or as per the timelines agreed to under the Agreement) of occurrence of such breach.
      6. Undertake such remedial action (including assistance for any notifications, investigations, credit monitoring) as Avanse may reasonably direct at Service Provider's sole cost.
    9. The Service Provider agrees to indemnify and, at Avanse's option, defend Avanse, its affiliates, and each of their respective directors, officers, managers, employees, members, shareholders and agents and all of their respective successors and permitted assigns (collectively, the "Avanse's Personnel";), against, and to hold Avanse's Personnel harmless from, any and all judgments, expenses, fines, penalties, or other losses which may be suffered by, imposed on, or incurred by any of Avanse's Personnel as a result of any third party claims arising from: (a) any breach of this Data Protection Clause by the Service Provider or its agents, subcontractors or employees and (b) the Service Provider's violation of any Data Protection Legislation, and any privacy policies posted in accordance with such Data Protection Legislation.
    10. Any limitations of liability set forth in the Agreement, whether related to types of damages or caps on damages, shall not apply to breaches of the Service Provider's representations, warranties, covenants and indemnifications obligations under this Data Protection Clause.
  • Right to Inspection, Audit and Visitorial Rights
    1. The Service Provider shall maintain its regular books of accounts, records, and any other information in respect of the Services and relevant to the outsourced activity. The Service Provider shall provide to AVANSE, its management, its auditors (internal & external) and/or its regulators, agents appointed to act on behalf of AVANSE, competent authorities authorised under law, or any other person authorized by it, unrestricted and effective access to the Service Provider's relevant business premises, operations/business records, logs, alerts, access and network controls, configurations, monitoring mechanisms, data encryption systems, data for the purposes of performing and conducting audits / inspection, spot checks and to obtain such copies of any audit or review reports and findings made on the Service Provider (including its sub-contractors). AVANSE shall provide 24 (Twenty-Four) hours written notice to the Service Provider for conducting such audit.
    2. The Service Provider shall, upon such prior written notice from AVANSE, maintain and provide access to the records, documents and other information required to meet AVANSE's audit requirements with respect to the Services under the Agreement.
    3. Notwithstanding anything mentioned elsewhere in the Agreement, RBI, its officers, employees or other persons authorised by it, shall have the right to cause an inspection of the Service Provider and/or any of its sub-contractors, its books of accounts, records and all other data/information as may be required for undertaking such inspection by the RBI. Further, the RBI and/or any persons authorized by it, shall have the right to access the IT infrastructure, applications, data, documents, and such other necessary information of AVANSE which has been given to, stored, and/or processed by the Service Provider and/or its sub-contractors in relation and as applicable to the Services under the Agreement.
    4. The Service Provider agrees and acknowledges that AVANSE shall be entitled to conduct a continuous monitoring and assessment of the Service Provider (including its incident response and resilience preparedness and testing) so as to take any necessary corrective measures immediately.
    5. AVANSE shall conduct a review on the financial and operational condition of the Service Provider to assess the Service Provider's ability to continue to meet its outsourcing of IT services obligations, at a periodic interval as agreed between the parties under the Agreement. Such due diligence reviews shall highlight any deterioration or breach in performance standards, confidentiality, and security, and in operational resilience preparedness.
  • Business Continuity
    1. The Service Provider has and will document, maintain and test throughout the term of the Agreement a business continuity, disaster recovery, and backup capabilities and facilities ("BCP") to enable it to recover and resume the Services provided by it to Avanse under the Agreement within 1 (one) Business Day (or as per the timelines agreed to under the Agreement) from the occurrence of an event/ incident which disrupts or has a significant impact on the performance of the services by the Service Provider ("Interruption Event"). The Service Provider hereby confirms that it has tested its BCP and will continue to conduct sufficient ongoing verification and testing for the BCP and recovery and resumption of services. The Service Provider will update its BCP at least annually. Avanse at its discretion may cause the Service Provider to undertake joint testing and recovery exercises.
    2. The Service Provider will promptly notify Avanse of any actual, threatened, or anticipated Interruption Event and will cooperate fully with Avanse to minimize and remedy any such disruption and promptly restore and recover the Services. Further, the Service Provider acknowledges and agrees that upon the occurrence of an Interruption Event, Avanse has a right to intervene with appropriate measures to continue business operations/ services, without causing any break in the operations of Avanse and its Services. All cost and expenses incurred by Avanse in connection with the aforesaid right of intervention shall be borne by the Service Provider.
    3. The Service Provider further acknowledges and agrees that (a) the Service Provider shall at all times isolate Avanse's information, documents and records, and other assets; and (b) upon the occurrence of default by the Service Provider of its obligation under the Agreement or the occurrence of an Interruption Event, Avanse has a right in its sole discretion (and without prejudice to its other rights under the Agreement), to cause the removal (by deletion, destroying or rendering unusable or otherwise) from the possession of the Service Provider, all documents, records of transactions and information, in possession of the Service Provider pertaining to Avanse and/or any other asset of Avanse.
  • Termination of Agreement
    1. Both the parties shall have right to terminate the agreement as per the terms agreed between the Parties under the respective agreements. In case of any material breach of any of the terms & conditions of the agreement, the agreement shall be terminated with immediate effect at the option of the non-defaulting party and as more particularly mentioned under the respective agreements.
    2. AVANSE shall be entitled to publicize by displaying it at a prominent place in the branch and/or posting it on the website and/or informing the customers so as to ensure that the customers do not continue to deal with the Service Provider.
    3. The Service Provider shall ensure safe removal/destruction of all the data belonging to AVANSE and/or Information, hardware, and all records (digital and physical), as may be applicable.
    4. AVANSE shall be entitled to transfer the Services under the Agreement to another Service Provider, as may be necessary or desirable for AVANSE, determined in its sole discretion. It is further clarified that the Service Provider shall be legally obligated to fully cooperate with both AVANSE and such new service provider(s) in order to ensure a smooth transition. Further, the Service Provider agrees that it is prohibited from erasing, purging, revoking, altering, or changing any data during such transition period, unless specifically advised by AVANSE/regulator.
  • Cross Border Outsourcing (If Applicable)
    1. Avanse shall monitor government policies of the jurisdiction in which the Service Provider is based and the political, social, economic, and legal conditions on a continuous basis, as well as establish sound procedures for mitigating the country's risk. This includes, inter alia, having appropriate contingency and exit strategies in place. Further, it shall be ensured that the availability of records to Avanse and the RBI will not be affected even in case of liquidation of the Service Provider.
    2. The governing law of the arrangement shall be as mutually agreed between the Parties under the Agreement.
    3. Avanse and RBI shall have the right to direct and conduct an audit or inspection of the Service Provider based in a foreign jurisdiction.
    4. The Parties shall comply with all statutory requirements as well as regulations issued by the RBI from time to time.
  • Cloud Service Providers ? Cloud Computing Services (If Applicable)
    1. Service and Technology Architecture

      With respect to the cloud computing services to be provided as a part of the Services under the Agreement, the Service Provider shall:

      1. ensure that the cloud systems comply with the best and industry standards of cloud security.
      2. ensure that the service and technology architecture supporting cloud-based applications is built in adherence to globally recognized architecture principles and standards;
      3. ensure that the technology architecture provided by the Service Provider shall provide for: (i) a secure container-based data management where encryption keys and hardware security modules are under the control of AVANSE; and (ii) a standard set of tools and processes to manage containers, images and releases; and
      4. ensure that the technology architecture of the Service Provider/provided by the Service Provider shall be resilient and shall enable smooth recovery in case of failure of any one or a combination of components across the cloud infrastructure with minimal impact on data/information security.
    2. Identity and Access Management

      With respect to the identity and access management requirements in relation to the cloud computing services, proposed to be provided as a part of the Services under the Agreement, the Service Provider shall:

      1. provide role-based access to cloud-based applications in a form and manner as required by AVANSE.
      2. ensure that stringent access controls, as applicable for on-premise applications, are established for identity and access management to cloud-based applications in a form and manner agreeable to AVANSE;
      3. ensure that segregation of duties and role conflict matrix are implemented for all kinds of user access and privileged-access roles in the cloud-hosted application irrespective of the cloud service model;
      4. ensure that access provisioning is governed by principles of "need to know" and "least privileges", in a manner as required by AVANSE;
      5. ensure that multi-factor authentication is implemented for access to cloud applications.
    3.  Security Controls

      With respect to the requirements pertaining to security controls in relation to the cloud computing services, proposed to be provided as a part of the Services under the Agreement, the Service Provider shall:

      1. ensure that the implementation of security controls in the cloud-based application achieves similar or higher degree of control objectives than those achieved in/ by an on-premise application;
      2. ensure (i) secure connection through appropriate deployment of network security resources and their configurations; (ii) appropriate and secure configurations, monitoring of the cloud assets utilised by AVANSE; and (iii) necessary procedures to authorise changes to cloud applications and related resources.
    4. Robust Monitoring and Surveillance

      The Service Provider shall, at all times during the term of the Agreement, ensure:

      1. that the Service Provider maintains an information security policy framework commensurate with its exposures to vulnerabilities and threat;
      2. that the Service Provider maintains its information/ cyber security capability with respect to changes in vulnerabilities and threats, including those resulting from changes to information assets or its business environment;
      3. that the nature and frequency of testing of controls by the Service Provider in respect of the Services is commensurate with the materiality of the Services and the threat environment;
      4. mechanisms are in place to assess the sub-contractors with regards to confidentiality, integrity and availability of the data being shared with the sub-contractors, wherever applicable;
      5. that appropriate integration of logs, events from the Service Provider into AVANSE's security operations center, wherever applicable and/ or retention of relevant logs in cloud is available for incident reporting and handling of incidents relating to services deployed on the cloud;
      6. continuous and regular updates of security-related software including upgrades, fixes, patches and service packs for protecting the application from advanced threats/ malware;
      7. that there is a well-governed and structured approach to manage threats and vulnerabilities supported by requisite industry-specific threat intelligence capabilities;
    5. The Service Provider agrees and undertakes to:
      1. put in place demonstrative capabilities for preparedness and readiness for cyber resilience as regards cloud services used by the Service Provider;
      2. Adopt robust incident responses and recovery practices and conduct disaster recovery (DR) drills at various levels of cloud services including with necessary stakeholders.
Base Lending Rate

We always aim to offer you competitive interest rates on your Avanse Education loan. The rate of interest on your loan is calculated as: Interest Rate = Avanse Base Rate + Spread.
Our current Base Rate is 14.55% (WEF 01.12.2024).

The Spread is floating and is based on analysis of overall credit and course profiling.

  • Rate of interest on student loan will be floating in nature.
  • Interest is calculated using Simple Interest Rate with Monthly rest.

This rate is subject to the terms and conditions of Avanse Financial Services Ltd.