INFORMATION SYSTEMS AUDIT AND CONTROL ASSOCIATION, INC.

CHAPTER AFFILIATION AGREEMENT

This Chapter Affiliation Agreement (“Agreement”) is made as of 01 March 2018 (“Effective Date”), by and between the Information
Systems Audit and Control Association, Inc. (“ISACA”), a California not-for-profit corporation and Information Systems Audit and
Control Association London Chapter based in United Kingdom (each a “Party” and collectively the “Parties”) as of the Effective Date.
WHEREAS, ISACA is a global provider of knowledge, certifications, communications, community, advocacy and education on
information systems (“IS”) assurance and security, enterprise governance and management of information technology (“IT”), and IT-
related risks and compliance.
WHEREAS, the chapter is an independent chapter of ISACA, engaged in the promotion of the education of its members for the
improvement and development of their capabilities relating to the auditing of, management consulting in, or direct management of
the fields of IT governance, IS audit, security, control and assurance (“Chapter”).
WHEREAS, the Parties desire to collaborate to pursue their mutual objectives within the Territory (as defined below) and wish to set
forth herein the terms and conditions under which the Chapter is affiliated with ISACA.
NOW, THEREFORE, in consideration of the mutual promises set forth herein, and for other good and valuable considerations, the
receipt and sufficiency of which are hereby acknowledged, the Parties hereto agree as follows:
I. DEFINITIONS
A. “Chapter’s Bank Account” shall have the meaning assigned to such term in paragraph I. (Chapter’s Bank Account) of
Clause VIII. (Chapter’s Duties) of this Agreement.
B. “Chapter’s Bylaws” means the Chapter’s bylaws.
C. “Chapter Information Repository” means the portion of ISACA’s website or other repository of information for Chapters,
as designated by ISACA to the Chapters.
D. “Chapter’s Organization Documents” means the Chapter’s articles of incorporation, operating agreement or other
organizational documents.
E. “Claim” shall have the meaning assigned to such term in Clause XIII. (Indemnification) of this Agreement.
F. “Confidential Information” means all information and know-how, whether or not in writing or other physical form, of a
private, secret or confidential nature concerning ISACA’s business or financial affairs, regardless of whether such
information is protected under patent, trademark, copyright or other areas of law, and regardless of whether such
information was developed entirely by ISACA or through the cooperative efforts of ISACA and Chapter, or ISACA and any
third party. “Confidential Information” shall include, but not be limited to: (a) the names and any information of and/or
relating to ISACA’s past, present and prospective customers and suppliers; (b) the prices and other terms upon which
ISACA sells or has sold its products or at which it buys or has bought materials or services; (c) ISACA’s customer and
member files, however maintained, including the identity of individuals or entities likely to become customers and/or
members; (d) information concerning ISACA’s relations with its employees, including salaries, job classifications, and skill
levels; (e) information concerning ISACA’s manner of operations (including, but not limited to, pricing strategies),
inventions, formulas, technical information, concepts, test results, market research data, policy and procedure manuals,
plans (including, but not limited to, business or marketing plans and similar documents), processes, or other similar data
of any kind, nature, or description (including, but not limited to, computer hardware or software programs and all data
contained therein); and (f) if not already included in one or more of subparagraphs (a) through (e), any and all trade
secrets of ISACA.
G. “Data Protection Legislation” means any applicable law regarding privacy, data protection, information security
obligations and/or the processing of Personal Data.
H. “ISACA’s Articles of Incorporation” means ISACA’s Amended and Restated Articles of Incorporation, which are available
on the ISACA website and upon request from ISACA, and incorporated herein by reference.
I. “ISACA’s Bylaws” means ISACA’s Amended and Restated Bylaws, which are available on the ISACA website and upon
request from ISACA, and incorporated herein by reference.
J. “ISACA Corporate Identity” means the ISACA and Information Systems Audit and Control Association name and
trademark and the current ISACA Chapter logo attached as Exhibit “A” or otherwise later designated by ISACA.
K. “ISACA Indemnified Parties” shall have the meaning assigned to such term in Clause XIII. (Indemnification) of this
Agreement.
1.
 L. “ISACA’s Intellectual Property” means (i) all ISACA Trademarks, domain names, social media, blog, or other online
platform user or account names; (ii) all ISACA content including exams, educational materials, books, and other
publications whether in print, electronic, or other form; (iii) ISACA’s Proprietary Information; (iv) any works of authorship,
expressions, designs, and design registrations, whether or not copyrightable, including copyrights and copyrightable
works, software and firmware, mobile applications, hosted applications and platforms, application programming
interfaces, architecture, files, records, schematics, data, data files, and databases and other specifications and
documentation; (v) Trade Secrets; and (vi) any and all other intellectual property rights, and all rights, interests, and
protections that are associated with, equivalent or similar to, or required for the exercise of, any of the foregoing,
however arising, in each case whether registered or unregistered and including all registrations and applications for, and
renewals or extensions of, these rights or forms of protection under the laws of any jurisdiction, in any part of the world,
which are owned by ISACA.
M. “ISACA Member” shall have the meaning assigned to such term in Clause V. (Membership) of this Agreement.
N. “ISACA’s Policies and Procedures” means all ISACA Board-approved chapter-related policies, procedures, handbooks, or
other written guidance heretofore or hereafter promulgated by ISACA, all of which are available on ISACA’s Chapter
Information Repository, and which are incorporated herein by reference.
O. “ISACA’s Trademarks” means Information Systems Audit and Control Association, ISACA, COBIT, CISA, CISM, CGEIT,
CRISC, Cybersecurity Nexus CSX, and other Trademarks owned by ISACA, including but not limited to the trademarks
listed in Exhibit “B”.
P. “Membership Roster” means ISACA’s list of ISACA Members that are also members of the Chapter.
Q. “Minimum Performance Standards” means the minimum service and administrative standards that must be met by
Chapter in accordance with paragraph A. (Chapter’s Performance Standards) of Clause VIII. (Chapter’s Duties) of this
Agreement and ISACA’s Policies and Procedures.
R. “Personal Data” means any information or data that alone or together with any other information relates to an identified
or identifiable natural person, or data considered to be personal data or personal information as defined under applicable
Data Protection Legislation including, but not limited to, the personal identifiable information contained in the
Membership Roster.
S. “Proprietary Information” means all proprietary information and materials provided by ISACA to Chapter during the
Term of this Agreement, including ISACA’s publications, exams, conferences, training programs and research created as
education and reference resources for board of directors, executive management, IT management and IT control
professionals.
T. “Term” shall have the meaning assigned to such term in paragraph D. (Term and Termination) of Clause III. (Grant of
Authorization to Chapter) of this Agreement.
U. “Territory” means the city of London, located in the United Kingdom.
V. “Trademarks” means all rights in and to U.S. and foreign trademarks, service marks, trade dress, trade names, brand
names, logos, corporate names, and domain names and other similar designations of source, sponsorship, association or
origin, together with the goodwill symbolized by any of the foregoing, in each case whether registered or unregistered
and including all registrations and applications for, and renewals or extensions of, these rights and all similar or equivalent
rights or forms of protection in any part of the world.
II. MUTUAL RECOGNITION AND PARTICIPATION
Each Party represents, warrants and covenants to the other that: (i) the execution, delivery and performance of this Agreement
is within such Party’s authority; (ii) its legal representative has the necessary authority to bind such Party under the terms hereof,
and such authority has not been revoked, modified, amended or rescinded in any manner and remains in full force and effect on
the Effective Date; (iii) the execution, delivery and performance of this Agreement has been duly authorized by all necessary
corporate action on such Party’s part; and (iv) the execution, delivery and performance of this Agreement does not and shall not
contravene or constitute a default under, and is not and shall not be inconsistent with, any applicable law, regulation, or court or
governmental judgment decree or order, or any agreement applicable to such Party; and once validly executed and delivered by
each Party, is a valid and legal obligation of such Party in accordance with its terms.
Furthermore, the Chapter warrants and agrees that:
A. Permits and licenses. Chapter warrants that to the extent required under the applicable law in the Territory, it has obtained
any and all permits, licenses and other governmental approvals required to act as a chapter of ISACA in the Territory.

2.
 B. Chapter’s Organization Documents. Chapter warrants that Chapter’s Organization Documents are, and shall remain during
the term of this Agreement, consistent in all material respects with applicable law, ISACA’s Articles of Incorporation, ISACA’s
Bylaws and ISACA’s Policies and Procedures.
C. ISACA’s Policies and Procedures. Chapter warrants that it has been provided with access to the Chapter Information
Repository and is familiarized with ISACA’s Policies and Procedures posted therein and agrees that, to the extent permitted
under applicable law, it will fully comply with all the requirements set forth in ISACA’s Policies and Procedures.
D. Corporate Entity. Chapter warrants that to the extent permissible under the applicable law in the Territory, on the Effective
Date, or within six (6) months thereafter, Chapter has established and operates itself as a corporate entity under the
applicable law in the Territory.
III. GRANT OF AUTHORIZATION TO CHAPTER
A. Charter. During the Term, ISACA hereby grants to Chapter authorization to be an independent chapter of ISACA (“Charter”).
B. No Payment. The Parties agree that no fee shall be paid by Chapter to ISACA during the Term (as defined below), as a result
of the granting of an authorization to be a chapter of ISACA.
C. Territory. Chapter shall act as an ISACA chapter in its approved Territory. The Parties acknowledge that ISACA may, in its
sole discretion, designate other chapters within the same Territory.
D. Term and Termination. The term of this Agreement shall commence on the Effective Date and shall continue until the
Chapter’s Charter is revoked by ISACA or surrendered by Chapter as set forth in Clause XV (Termination) (“Term”).
E. Chapter’s Objective. The main objectives of the Chapter are to, within the Territory:
i. Align with ISACA’s global strategies to advance its purpose and promise.
ii. Promote the education of, and help expand the knowledge and skills of its members and their related organizations
in the interrelated fields of information systems governance, security, audit and assurance.
iii. Encourage an open exchange of information systems governance, security, audit and assurance techniques,
approaches, and problem solving by its members and their related organizations.
iv. Promote adequate communication to keep members abreast of current events in information systems governance,
security, audit and assurance that can be of benefit to members and their related organizations.
v. Communicate the importance of establishing controls necessary to ensure proper information systems governance,
security, audit and assurance the effective organization and utilization of IT resources.
vi. Engage with other related organizations, including ISACA and other chapters, to further ISACA’s purpose and
promise.
F. Authorized Chapter’s Activities. During the term, Chapter is authorized to conduct all authorized activities within the
Territory that are or could be required or convenient to fulfill its objectives as an ISACA chapter, to the extent such activities
are consistent with the mission and purpose of ISACA and they comply with the authorized chapter activities as outlined in
ISACA’s Policies and Procedures.
IV. RELATIONSHIP BETWEEN THE PARTIES
In accordance with ISACA’s Bylaws, the Chapter shall be fully and solely responsible for its own legal and financial affairs, and shall
use commercially reasonable efforts to carry at all times adequate insurance coverage to insure the risk associated with the
Chapter’s activities and shall hold ISACA harmless from any lawsuits, damages, other expenses or liabilities, arising out of the
activities of the Chapter.
The relationship of ISACA and Chapter to each other is that of independent contractors. Chapter is solely responsible for managing
its own affairs and making any and all decisions required for such purposes. Each Party is solely responsible for its own taxes,
withholdings, and other similar statutory obligations and will bear its own costs and expenses incurred in connection with this
Agreement. To the extent that ISACA provides Chapter the opportunity to file taxes jointly with ISACA, this is done as a courtesy
only. Chapter does this at its own risk, and ISACA assumes no responsibility for such filing.
Nothing herein shall create any association, joint venture, partnership, franchise or agency relationship of any kind between the
Parties. Unless expressly agreed to in writing by the Parties, neither Party is authorized to bind or incur any liability, obligation or
expense on behalf of the other, and Chapter shall not represent to any third party that it is an agent of ISACA. Further, Chapter
acknowledges and agrees that any others retained by Chapter to assist it shall not be deemed to have been engaged by, or to
have an employment, a services relationship, or any other relationship with ISACA.

3.
V. MEMBERSHIP
A. The terms and conditions of membership in ISACA shall be determined exclusively by ISACA.

B. Once ISACA grants Membership to an individual (“ISACA Member”) in the Territory, and the ISACA Member chooses the
Chapter that it wishes to affiliate with, the ISACA Member will be deemed a member of that Chapter.
C. In accordance with ISACA’s Bylaws, an ISACA Member may transfer its membership in Chapter to membership in another
ISACA chapter, from ISACA membership at large to member of the Chapter, or from member of the Chapter to member of
ISACA at large in line with the qualifications set forth in ISACA’s Bylaws and as set forth by ISACA’s Board of Directors.
D. No individual that is not an ISACA Member may be a member of a Chapter.
E. Termination or revocation of membership by ISACA, for whatever reason, shall automatically terminate membership in the
Chapter.
F. Chapter shall be obliged to abide by all membership related requirements set forth by ISACA’s Board of Directors in ISACA’s
Policies and Procedures, including those set forth in its Membership Processing Policy.
The Parties shall work jointly on membership growth, management and retention, and ISACA shall provide Chapter with guidance
and support on the topic which shall be posted in ISACA’s Chapter Information Repository.
VI. CHAPTER DUES, FEES AND REMITTANCES
In accordance with ISACA’s Bylaws, dues and fees for members of Chapter shall be set at the discretion of Chapter, but such dues
and fees must be paid directly to ISACA. ISACA shall remit to Chapter the applicable Chapter dues collected as set forth in the
ISACA Bylaws or as agreed to by the parties. Chapter acknowledges that ISACA’s Policies and Procedures set forth further details
and obligations related to payments, reimbursement and exchange of information between ISACA and Chapter in relation to dues,
fees and remittances and agrees to abide by such provisions.
VII. CHAPTER’S BENEFITS
Subject to the terms and conditions set forth in this Agreement and in ISACA’s Policies and Procedures, Chapter shall be entitled
to the following rights and benefits:
A. Programs and Activities. Subject to the Chapters’ events guidelines set forth in ISACA’s Policies and Procedures, Chapter
may request support from ISACA in its effort to conduct Chapter programs and activities, which support, and the scope of
such support, shall be granted by ISACA in ISACA’s sole discretion. Chapter shall use the materials provided by ISACA, if any,
and ISACA’s Intellectual Property, where the Chapter is so authorized, in accordance with ISACA’s guidelines and instructions
and shall apply its best efforts to ensure that the events, seminars and workshops are of the highest quality with respect to
content, materials, logistical preparation, and otherwise.
B. Hosted Web Site. ISACA shall provide Chapter with the option to maintain a hosted web site that is designed by ISACA and
customized by Chapter, as described in ISACA’s Policies and Procedures.
C. Use of ISACA’s Corporate Identity. Chapter shall be entitled to use ISACA’s Corporate Identity subject to ISACA’s Policies and
Procedures, in order to improve the recognition of ISACA in the Territory and to increase brand awareness, including: (i)
ISACA’s corporate design templates; (ii) general information about ISACA, including research, standards, certification exams,
(ii) a hosted web site; (iii) corporate email communications; (iv) ISACA’s marketing materials as furnished by ISACA; in the
understanding that the use by Chapter of these materials and tools is optional for Chapter.
D. Chapter Leadership Conferences. In accordance with ISACA’s Bylaws, Chapter leaders shall meet on a periodic basis in
accordance with the guidelines adopted by ISACA’s Board of Directors. Subject to the guidelines set forth in ISACA’s Policies
and Procedures, ISACA shall support and promote leadership conferences, which are designed as networking and educational
opportunities for Chapter leaders and serve as a forum for the exchange of ideas on a regional and global basis.
VIII. CHAPTER’S DUTIES
A. Chapter’s Performance Standards. The Minimum Performance Standards a Chapter must meet in order to maintain a
Charter, are the following:
i. Conduct at least 4 (four) Chapter board meetings annually, at which Chapter members are invited to attend.
ii. Conduct or co-host at least 4 (four) educational events annually.
iii. On at least an annual basis, provide or make available to members of Chapter reports of all activities, revenue and
expenditures.

4.
 iv. Review Chapter’s Organizational Documents and Bylaws at least annually and ensure that they are consistent in all
material respects with ISACA’s Articles of Incorporation and ISACA’s Bylaws.
v. Within six (6) months of the Effective Date, Chapter must have established and operate itself as a corporate entity
under the applicable law in the Territory.
vi. Hold elections in accordance with the Chapter Bylaws for board members and officers of the Chapter, which
elections must occur at least every two (2) years.
vii. Submit to ISACA the written reports required under this Agreement and ISACA’s Policies and Procedures.
viii. Be responsive to ISACA, ISACA staff, and Chapter member inquires and communications.
ix. Participate in and/or publicize ISACA’s activities and programs, including but not limited to, certification programs,
social media, association conferences and leadership conferences, as reasonably requested by ISACA.
x. Provide all Chapter event information to ISACA as set forth in ISACA’s Policies and Procedures or otherwise
reasonably requested by ISACA.
To the extent that meeting any of the Minimum Performance Standards is prohibited under the law applicable in the Territory
(“Prohibited Obligation”): (1) Chapter will be excused from compliance with such Minimum Performance Standard, but only
to the extent prohibited under the law applicable in the Territory, and (2) such non-compliance with the Prohibited Obligation
shall not be deemed to be a breach of this Agreement so long as the Chapter works with ISACA in good faith to achieve the
intent of the Prohibited Obligation as permitted by the law applicable in the Territory.
B. Chapter’s Organization Documents. In accordance with ISACA’s Bylaws, the Chapter’s Organizational Documents and Bylaws
are and shall remain consistent in all material respects with ISACA’s Articles of Incorporation and ISACA’s Bylaws and with
ISACA’s Policies and Procedures. Chapter shall conduct its activities at all times in accordance with Chapter’s Organizational
Documents and Bylaws. Chapter agrees that it shall not amend Chapter’s Organizational Documents or Bylaws (including the
change of the corporate name of Chapter) without the written permission of ISACA and that such amendment may not
contravene in any material respect ISACA’s Articles of Incorporation or ISACA’s Bylaws or ISACA’s Policies and Procedures.
Chapter shall notify ISACA in writing of any such proposed amendment and send ISACA a copy of the proposed amended
Chapter’s Organizational Documents or Bylaws in English indicating which provisions are proposed to be changed.
C. Compliance with ISACA’s Policies and Procedures. Chapter acknowledges and agrees that:
i. Each chapter leader has been provided with access to the Chapter Information Repository and prior to the entering into
of this Agreement it reviewed and is familiarized with ISACA’s Policies and Procedures published therein, which are
incorporated herein by reference.
ii. ISACA shall be entitled to modify and update ISACA’s Policies and Procedures from time-to-time, including to address
new issues or to reflect changes in ISACA’s practices or in the applicable law. ISACA will notify the Chapter of material
changes to ISACA’s Policies and Procedures by posting the changes or most recent version of the corresponding
provisions of ISACA’s Policies and Procedures in ISACA’s Chapter Information Repository and/or by sending an
informative email communication to then-current President of the Chapter, together with information about the
changes from the previous version; in the understanding that Chapter shall be obliged to comply with the revised version
of ISACA’s Policies and Procedures as of the date in which it is posted in ISACA’s Chapter Information Repository, and to
the extent permissible under the law applicable in the Territory.
D. Compliance with Applicable Laws. Chapter warrants that it is in full compliance with all applicable laws, regulations and
other legal standards that may affect its performance under this Agreement, and shall remain in full compliance with, and
otherwise conduct its activities at all times in accordance with, all applicable law, regulations and other legal standards.
Further, Chapter warrants that it shall maintain at all times all permits, licenses and other governmental approvals that may
be required in the Territory in connection with its performance under this Agreement. Chapter warrants that it shall make
all required filings, such as annual corporate reports and tax filings that may affect its corporate or tax status.
E. Maintenance of Records and ISACA’s Right to Audit. In accordance with ISACA’s Bylaws, Chapter shall keep adequate and
correct books and records of account including records related to its corporate, accounting and tax status. Chapter shall also
maintain records related to all its programs, activities, events and operations. All books and records shall be maintained by
Chapter during the term of this Agreement and for a period of 5 (five) years after its termination, unless required to maintain
them for a longer period under applicable law. Chapter agrees that all books and records and its system of accounting shall
be in accordance with accounting principles which are generally accepted in the Territory. Chapter shall forward to ISACA
any adverse notices or other correspondence received from any governmental agency with respect to Chapter’s compliance
with law.

5.
 Further, also in accordance with ISACA’s Bylaws: (i) Chapter shall keep minutes of the proceeding of its board of directors and
committees, (ii) Chapter shall keep adequate and correct books and records of account, and (ii) ISACA shall have the right to
audit all books and records of Chapter. In this context, upon the written request of ISACA and at ISACA’s expense, Chapter
shall permit ISACA or ISACA's designated agent to review all books and records of Chapter. Alternatively, as directed by
ISACA, Chapter shall send to ISACA copies of the required information.
F. Chapter’s Reporting Obligations. Chapter shall be obliged to complete and submit to ISACA the reports set forth in ISACA’s
Policies and Procedures, within the timelines and in the formats set forth therein, summarizing its programs, activities and
operations and schedule of upcoming meetings, conferences and seminars, as well as information related to its budget,
external audit and financial statements. Chapter agrees that promptly after it learns of any lawsuit, claim or regulatory action
against Chapter or any of its officers (with respect to their role as Chapter’s officers), it shall promptly notify ISACA thereof in
writing.
G. External Chapter Financial Review. Chapter agrees to conduct an annual external audit or review of Chapter’s finances by a
qualified independent financial expert; which must comply with the requirements set forth in ISACA’s Policies and Procedures
and with applicable law and provide the results of such audit to ISACA. If conducting such an audit creates undue financial
burden for Chapter, such Chapter may request that it be permitted to instead conduct a review or compilation, such
permission to be granted at ISACA’s discretion.
H. Restricted Chapter’s Activities. Chapter is prohibited from conducting any activity that is not consistent with the mission and
purpose of ISACA and with the objectives of the Chapter. Chapter’s prohibited activities are set forth in ISACA’s Policies and
Procedures, and include, but are not limited to: (i) promoting or endorsing a competing event or activity in breach of the
guidelines set forth in ISACA’s Policies and Procedures; (ii) developing and implementing competing certifications or to enter
into any contractual relationship with any party that provides competing certifications; (iii) contacting local media in breach
of the guidelines set forth in ISACA’s Policies and Procedures; (iv) to acquire shares, interest or participation in other
companies whether for-profit or not-for-profit, local or foreign, whether through their incorporation or by acquisition in
others already incorporated without ISACA’s express prior written approval.
I. Chapter’s Bank Account. Chapter shall open and maintain during the term of this Agreement a bank account with a local
credit institution in the name of Chapter that will be used to deposit all funds received from ISACA in accordance with Clause
VI. (Chapter Dues and Fees and Remittances) above (the “Chapter’s Bank Account”). The Chapter shall manage the Chapter’s
Bank Account as specified in ISACA’s Policies and Procedures.
IX. ISACA’S INTELLECTUAL PROPERTY
A. Limited License. In accordance with ISACA’s authorization to Chapter to be an independent chapter within the Territory,
Chapter is hereby granted a royalty-free, limited, revocable, non-exclusive license to use ISACA’s Corporate Identity, in or in
connection with Chapter’s name, acronym and logo and for other official Chapter-related purposes, solely for the purposes
of identifying Chapter as a chapter of ISACA in connection with the activities authorized under this Agreement, and subject
to the terms and conditions of this Agreement and ISACA’s Policies and Procedures.
B. Chapter’s acknowledgments and prohibited acts. Chapter acknowledges and agrees that:
i. ISACA’s Intellectual Property is and shall remain at all times the sole and exclusive property of ISACA. ISACA’s
Intellectual Property may be used by Chapter if and only if such use is made pursuant to the terms and conditions of
this Agreement or other written permission from ISACA. Chapter may not challenge ISACA’s rights in ISACA’s
Intellectual Property in the Territory or in any territory or jurisdiction worldwide. Any failure by Chapter to comply
with the terms and conditions contained herein, whether willful or negligent, may result in the immediate suspension
or revocation of this license, in whole or in part, by ISACA. Failure to comply, whether willful or negligent, also may
result in the revocation of the Charter of Chapter by ISACA. The interpretation and enforcement (or lack thereof) of
these terms and conditions, and compliance therewith, shall be made by ISACA in its sole discretion.
ii. ISACA’s logo and all Chapter logos supplied by ISACA may not be revised or altered in any way, and must be displayed
in the same form as produced by ISACA. ISACA’s Trademarks may not be used in conjunction with any other trademark,
service mark, or other mark without the express prior written approval of ISACA.
iii. Chapter cannot modify or create any derivative works from ISACA’s Intellectual Property or any part thereof; in the
understanding that if Chapter, in breach of this provision, creates any derivative works, any and all intellectual property
rights to such derivate works inure to and shall be the sole and exclusive property of ISACA.
iv. Chapter cannot directly or through any third-party register, or apply to register, ISACA’s Marks or anything
incorporating or confusingly similar to ISACA’s Trademarks as a trademark, trade name, company name, domain name,
social media, blog or other online platform handle or account name, or app name (“Prohibited Registration”) without

6.
 the express prior written approval of ISACA. To the extent that Chapter applies for or registers a Prohibited
Registration, Chapter shall immediately take all necessary steps to transfer ownership and control of such Prohibited
Registration to ISACA, at Chapter’s expense. ISACA acknowledges that Chapter owns or controls the domain names
listed on Exhibit “C” and approves the use of such domain names during the Term and subject to the requirements of
this Agreement (“Approved Domains”). Chapter agrees that if it uses any Approved Domains in violation of this
Agreement, that Chapter will immediately relinquish and transfer such Approved Domain to ISACA’s ownership and
control or delete such Approved Domain upon ISACA’s request.
v. ISACA’s Corporate Identity must be used by Chapter in a professional manner and solely for official Chapter-related
purposes. Chapter shall not sub-license ISACA’s Corporate Identity or permit any third party to use ISACA’s Corporate
Identity without ISACA's express prior written approval. Chapter shall not sell or distribute ISACA’s Intellectual
Property without ISACA's express prior written approval. ISACA’s Corporate Identity may not be used for individual
personal or professional gain or other private benefit, and ISACA’s Corporate Identity may not be used in any manner
that, in the sole discretion of ISACA, discredits ISACA or tarnishes its reputation and goodwill; is false or misleading;
violates the rights of others; violates any law, regulation or other public policy; or mischaracterizes the relationship
between ISACA and Chapter, including but not limited to the fact that Chapter is a separate and distinct legal entity
from ISACA.
vi. Chapter shall maintain the confidentiality of the Membership Roster and shall not sell, trade, transmit, or otherwise
disseminate Personal Data of its members, in whole or in part, to any third party without the express prior written
approval of ISACA.
vii. In any authorized use by Chapter of the Intellectual Property, Chapter shall ensure that the applicable trademark and
copyright notices are used pursuant to the requirements of United States law, the laws of the Territory, any other
applicable law and ISACA’s Policies and Procedures.
viii. Chapter acknowledges that ISACA’s Policies and Procedures establish specific additional guidelines governing the use
of ISACA’s Intellectual Property by Chapter, and Chapter agrees to abide by such provisions, which include
requirements on: (a) the use of ISACA’s Trademarks in Chapter’s printed materials and/or on Chapter’s website; (b)
the use of ISACA’s Trademarks by individuals; (b) the use of Copyright and Reservation of Rights Statements; (c)
guidelines for the translation of ISACA’s Intellectual Property into non-English languages; and (d) guidelines for other
usages of ISACA’s Trademarks.
ix. In the event that Chapter learns of any infringement or possible infringement of ISACA’s Intellectual Property or that
they are otherwise threatened or opposed by a third party, Chapter shall promptly notify ISACA thereof in writing.
x. ISACA reserves the right to prohibit use of any of ISACA’s Intellectual Property, as well as to impose other sanctions, if
it determines, in its sole discretion, that Chapter’s usage thereof is not in strict accordance with the terms and
conditions of this limited and revocable license. Any use of ISACA’s Intellectual Property shall inure to ISACA and create
no rights for Chapter in or to ISACA’s Intellectual Property or its use beyond the terms of the applicable license. All
rights of usage of ISACA’s Corporate Identity or other ISACA Intellectual Property by Chapter shall terminate
immediately upon the revocation, surrender or other termination of this Agreement.
xi. Chapter's obligations to protect ISACA’s Intellectual Property shall survive the revocation, surrender or other
termination of this Agreement.
X. CONFIDENTIAL INFORMATION
The Parties shall maintain the confidentiality of the Confidential Information of the other Party and neither Party shall use or
disclose Confidential Information obtained from the other Party, except as may be required under this Agreement, without the
prior written consent of the corresponding Party. Parties agree not to make copies of, discuss, disclose or otherwise disseminate,
or assist or permit others to copy, discuss, disclose or otherwise disseminate, any Confidential Information and not to use the
Confidential Information for any purpose whatsoever except to carry out its obligations under this Agreement. The obligation of
confidentiality shall not apply to any information that: (i) is or through no fault of the receiving Party becomes publicly known; (ii)
is known to the receiving Party prior to disclosure by the other Party as shown by documentary evidence; (iii) is independently
developed by an employee or agent of the receiving Party who did not have any direct or indirect access to the Confidential
Information; or (iv) is required to be disclosed by applicable law or by order of a court of competent jurisdiction. Each Party shall
take all reasonable steps to safeguard the Confidential Information and protect it from disclosure, misuse, loss or theft. Each
party's confidentiality obligations under this Section shall survive any revocation, surrender or other termination of this
Agreement.
XI. PROCESSING OF ISACA’s PERSONAL DATA

7.
 Chapter acknowledges that in accordance with this Agreement and in order for it to achieve its objectives as an ISACA Chapter, it
will receive, have access to or otherwise acquire Personal Data from or on behalf of ISACA, its members, or others, and agrees
that:
i. Chapter shall only store or process Personal Data for Chapter-related purposes and in accordance with this Agreement,
ISACA’s Data Privacy and Security Policy included in ISACA’s Policies and Procedures and/or with additional written
instructions received from time-to-time from ISACA.
ii. Chapter’s access to Personal Data from ISACA is limited to the Chapter’s positions defined by ISACA, and Chapter shall
take all reasonable steps to ensure that such individuals are appropriately trained in the handling and secure
processing of Personal Data.
iii. Chapter shall not modify, amend or alter the content of Personal Data obtained from ISACA.
iv. Chapter shall not transfer, disclose or permit the disclosure of any Personal Data obtained from ISACA, to any third
party, unless specifically authorized to do so in writing by ISACA or otherwise required to perform its obligations under
this Agreement.
v. Chapter shall implement appropriate technical and organizational measures to protect ISACA’s Personal Data against
unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These
measures shall be in accordance with applicable industry standards and take into account the harm which might result
from unauthorized or unlawful processing or accidental loss, destruction or damage to the Personal Data and to the
nature of the Personal Data which is to be protected.
vi. Chapter shall process Personal Data from ISACA in accordance with the Data Protection Legislation and shall not do or
permit anything to be done which might cause ISACA in any way to be in breach of the Data Protection Legislation.
vii. Chapter shall notify ISACA about: (a) any legally binding request for disclosure of Personal Data by a governmental
agency; (b) any accidental or unauthorized access; and (c) any request received directly from a data subject (without
responding directly to that request unless it has been otherwise authorized to do so).
viii. Chapter shall cooperate with ISACA to enable it to comply with any exercise of rights by a data subject under applicable
Data Protection Legislation in respect to that data subject’s Personal Data or comply with any assessment, enquiry,
notice or investigation under applicable Data Protection Legislation by any governmental authority.
ix. Chapter shall establish written guidelines to ensure compliance with the data security and privacy obligations of its
jurisdiction, including creating internal and external privacy policies, which policies shall comply with applicable Data
Protection Legislation, rules and regulations. Chapter must provide those written guidelines and policies to ISACA upon
request.
XII. FOREIGN CORRUPT PRACTICES ACT
Mindful of the principles of the United States Foreign Corrupt Practices Act (“FCPA”) and other national and international anti-
bribery legislation, as applicable, Chapter certifies, warrants, and represents that it, its subcontractors, agents, or other similar
parties retained directly or indirectly, acting in any capacity, will not make, authorize or offer any payment or give, authorize the
giving of, or offer anything of value, directly or indirectly, with respect hereto or otherwise:
i. To any official or employee of any government, state-owned enterprise or international organization,
ii. To any person acting in an official capacity for or on behalf of any government, state-owned enterprise or international
organization, and
iii. To any political party or to any person known to be a candidate for any office in any government, in order to (a)
influence any act or decision in any such person’s official capacity, (b) induce any such person to violate his lawful duty,
or (c) induce any such person to use his influence with any government or instrumentality thereof to affect or influence
any act or decision of such government or instrumentality, for the purpose of obtaining or retaining business or
directing business to any person, or to secure any improper advantage. Further, without limiting the foregoing, Chapter
agrees to comply with the requirements of the FCPA and to similar regulations applicable in other applicable
jurisdictions.
XIII. INDEMNIFICATION
A. Chapter shall indemnify, hold harmless, and defend ISACA and its parent, officers, directors, partners, members,
shareholders, employees, agents, affiliates, successors and permitted assigns (“ISACA Indemnified Parties”) against any and
all losses, damages, liabilities, deficiencies, claims, actions, lawsuits, judgments, settlements, interest, awards, penalties,
fines, costs, or expenses of whatever kind, including reasonable attorneys' fees, fees, and the costs of enforcing any right to

8.
 indemnification under this Agreement and the cost of pursuing any insurance providers, incurred by the ISACA Indemnified
Parties, arising out of or relating to any claim of a third party (“Claim”):
i. Arising out of any act or omission of the Chapter or any of its subsidiaries, affiliates, related entities, partners, officers,
directors, employees, members, shareholders or agents.
ii. Relating to a breach or non-fulfillment of any representation, warranty, or covenant in this Agreement by Chapter.
iii. Relating to any failure by Chapter, or any of its subsidiaries, affiliates, related entities, partners, officers, directors,
employees, members, shareholders or agents to comply with any applicable law, regulation, court or governmental
order.
iv. Alleging or related to any bodily injury, death of any individual or damage to real or tangible personal property caused
by the acts or omissions of Chapter or any of its subsidiaries, affiliates, related entities, partners, officers, directors,
employees, members, shareholders or agents.
v. Alleging that the Chapter breached its agreement with a third party.
vi. Alleging that Chapter is infringing or violating any third party’s intellectual property or other third party right.
Chapter shall promptly notify ISACA upon receipt of any Claim and shall grant to ISACA the sole conduct of the defense to any
Claim. This indemnity shall require Chapter to provide payment to ISACA of costs and expenses as they occur. The provisions
of this Section shall survive the revocation or surrender of the charter or other termination of this Agreement.
B. ISACA shall indemnify, hold harmless, and defend Chapter and its officers, directors, partners, members, shareholders,
employees, agents, affiliates, successors and permitted assigns ("Chapter Indemnified Parties") against any and all losses,
damages, liabilities, deficiencies, claims, actions, lawsuits, judgments, settlements, interest, awards, penalties, fines, costs, or
expenses of whatever kind, including reasonable attorneys' fees, fees, and the costs of enforcing any right to indemnification
under this Agreement and the cost of pursuing any insurance providers, incurred by the Chapter Indemnified Parties, arising
out of or relating to any claim of a third party ("Claim"):
i. Arising out of any act or omission of ISACA or any of its subsidiaries, affiliates, related entities, partners, officers,
directors, employees, members, shareholders or agents.
ii. Relating to a breach or non-fulfillment of any representation, warranty, or covenant in this Agreement by ISACA.
iii. Relating to any failure by ISACA, or any of its subsidiaries, affiliates, related entities, partners, officers, directors,
employees, members, shareholders or agents to comply with any applicable law, regulation, court or governmental
order.
iv. Alleging or related to any bodily injury, death of any individual or damage to real or tangible personal property caused
by the acts or omissions of ISACA or any of its subsidiaries, affiliates, related entities, partners, officers, directors,
employees, members, shareholders or agents.
v. Alleging that the ISACA breached its agreement with a third party.
vi. Alleging that ISACA is infringing or violating any third party’s intellectual property or other third party right.
XIV. LIMITATION OF LIABILITY
TO THE EXTENT PERMISSIBLE BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY OR ANY OF ITS DIRECTORS, OFFICERS,
EMPLOYEES OR AGENTS SHALL BE LIABLE, BEFORE THE OTHER PARTY, UNDER ANY THEORY OF TORT, CONTRACT, STRICT
LIABILITY OR OTHER LEGAL THEORY, FOR ANY LOST PROFITS, LOSS OF DATA, EXEMPLARY, PUNITIVE, SPECIAL, INCIDENTAL,
INDIRECT OR CONSEQUENTIAL DAMAGES, EACH OF WHICH IS HEREBY EXCLUDED BY AGREEMENT OF THE PARTIES
REGARDLESS OF WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
IN NO EVENT SHALL THE COMBINED MAXIMUM LIABILITY OF A PARTY ARISING OUT OF OR RELATING TO THIS AGREEMENT
SHALL EXCEED ONE MILLION UNITED STATES DOLLARS ($1,000,000 USD). NO ACTION, REGARDLESS OF FORM, ARISING FROM
OR RELATING TO THIS AGREEMENT MAY BE BROUGHT BY CHAPTER MORE THAN ONE YEAR AFTER CHAPTER BECOMES AWARE
THAT SUCH ACTION HAS ACCRUED. THE FOREGOING REPRESENTS AN EXPRESS ALLOCATION OF RISK BETWEEN THE PARTIES.
ISACA REVOCATION OF THE CHARTER AND TERMINATION OF THIS AGREEMENT SHALL NOT MAKE ISACA LIABLE FOR
COMPENSATION, REIMBURSEMENT, REFUNDS, OR DAMAGES OR LOST PROFITS, SALES OR GOODWILL.
XV. TERMINATION
This Agreement may be terminated as follows:

9.
 A. Revocation of Charter. In accordance with ISACA’s Bylaws, a Chapter Charter may be revoked by the approval of two-third
of the members of the Board of Directors of ISACA if according to their findings, a Chapter is in non-compliance with any
Chapter’s obligations under this Agreement including but not limited to the Minimum Performance Standards, ISACA’s
Articles of Incorporation and ISACA’s Bylaws or ISACA’s Policies and Procedures, provided that the Chapter is provided an
opportunity to remedy the non-compliance within a reasonable time. The Parties acknowledge and agree that the specific
provisions and rules related to the remediation and revocation process are those prescribed by ISACA’s Board of Directors
and established in ISACA’s Policies and Procedures. The decision made by ISACA’s Board shall be final and shall cancel all
rights, interests or privileges of the Chapter in ISACA’s services or resources and shall terminate this Agreement.
B. Surrender of Charter. Chapter may surrender its Charter by delivering to ISACA written notice of its intention to do so no
less than (2) two months prior to the effective date of such surrender, upon which effective date, this Agreement will
terminate.
C. Consequence of Termination. Upon termination of this Agreement: (i) Chapter shall immediately cease use of ISACA’s
Intellectual Property and to present itself as a Chapter of ISACA; (ii) each Party shall make no further use of the Confidential
Information and Chapter shall immediately cease the processing of ISACA’s Personal Data; (iii) each Party shall, if requested
in writing, within two (2) weeks deliver to the other Party all Confidential Information and Personal Data of such Party (and
all copies thereof) in its possession or, in accordance with the instructions of such Party, destroy any or all of the disclosing
party’s Confidential Information and Personal Data; yet the receiving Party shall not be required to delete information from
any routine backup system and the receiving Party will be permitted to retain any information as required by applicable law,
rule or regulation or judicial proceeding; and (iv) the Chapter’s ability to exercise any rights under this Agreement shall
immediately terminate and all rights, interests or privileges of the Chapter in the services or resources of ISACA shall be
cancelled.
XVI. GENERAL PROVISIONS

A. Country-Specific Exhibit. Mindful of the global nature of ISACA and that the laws applicable in the multiple jurisdictions where
ISACA’s chapters are located vary from one to the other, if the Parties have agreed to amend certain specific provisions of
this Agreement in order to render them valid, legal and enforceable in the Territory, these amendments will be listed in
Exhibit “D” hereto, in the understanding that all other terms and conditions of this Agreement shall remain unchanged and
in full force and effect.
B. Language. This Agreement is drafted in English with the consent of the Parties. Versions in any other language will not be
binding on any Party hereto. All communications and documentation furnished under this Agreement shall be in English.
C. Assignment. The Parties agree that: (i) ISACA is authorized at any time to assign this Agreement and its rights and obligations
partially or entirely to any party by informing Chapter in writing; and (ii) Chapter is not authorized to assign this Agreement
or the rights and obligations arising out of this Agreement to any third party without the express prior written consent of
ISACA.
D. Subcontractors. The Parties shall be entitled to hire subcontractors if required to fulfill their obligations under this
Agreement, in the understanding that the Party hiring the subcontractor shall remain as solely responsible before the other
Party for any and all acts or omissions of any such subcontractor executing any or part of the subcontracted obligations.
E. Heirs, Successors and Assigns. This Agreement shall be binding upon and inure to the benefit of each party, its subsidiaries,
affiliates, related entities, partners, agents, officers, directors, employees, heirs, successors, and assigns, without regard to
whether it is expressly acknowledged in any instrument of succession or assignment.
F. Severability. If any provision of this Agreement or the application of any such provision to any person or circumstance: (i)
shall be declared to be invalid, unenforceable or void, or (ii) if Chapter is restricted under the applicable law in the Territory
to comply with a particular provision; such circumstance shall not have the effect of invalidating or voiding the remainder of
this Agreement, it being the intent and agreement of the Parties to work together, in good faith, to amend the corresponding
provision to the extent necessary to render it valid, legal and enforceable while preserving its intent or, if such modification
is not possible, by substituting therefor another provision that is valid, legal and enforceable so as to materially effectuate
the Parties’ intent.
G. Entire Agreement. This Agreement (including without limitation the Exhibits hereto) constitutes the entire agreement and
understanding between the Parties and supersedes all prior and contemporaneous agreements, whether oral or written with
regard to the subject matter herein. It may not be amended or modified except in a writing signed by each Party.
H. Further Assurances. Each Party shall take all actions as may be reasonably necessary (including, without limitation, the
execution of any further instruments and documents) in order to carry out the provisions and purposes of this Agreement.

10.
I. Waiver. No Party hereto shall be deemed to have waived a right, power, or privilege provided for hereunder, unless such
waiver is made in writing, and signed by the Party against whom such waiver is sought.
J. Force Majeure. In the event that either Party should fail in whole or in part to fulfill its obligations under this writing as a
consequence of acts of God, fire, explosion, strikes, floods, earthquakes, pandemic, embargoes, war, terrorism, or riot, such
failure to perform shall not be considered a breach of this Agreement during the period of such disability.
K. Survival of Terms. The provisions of this Agreement which by their nature extend beyond the termination of this Agreement
will survive and remain in effect until all obligations are satisfied, specifically, Clauses IX. (ISACA’S INTELLECTUAL PROPERTY),
X. (CONFIDENTIAL INFORMATION) and XIII. (INDEMNIFICATION) hereof.
L. Dispute Resolution; Arbitration. To the extent permissible under applicable law, the Parties agree that they will attempt to
settle any dispute, claim or controversy arising out of this Agreement through consultation and negotiation in good faith and
the spirit of mutual cooperation. If those attempts fail, any dispute arising out of or relating to this Agreement will be resolved
by confidential binding arbitration before Judicial Arbitration and Mediation Services (JAMS) in Chicago, Illinois, in accordance
with the commercial arbitration rules then in effect of JAMS, and judgment on the award rendered in such arbitration may
be entered in any court having jurisdiction thereof. Nothing in this Section will prevent either Party from resorting to judicial
proceedings, if: (i) the claim or suit involves intellectual property rights, or (ii) interim relief from a court is necessary to
prevent serious and irreparable injury to that Party or to others.
M. Governing Law; Jurisdiction. To the extent permissible under applicable law: (i) this Agreement shall be governed by and
construed in accordance with the laws of the State of Illinois, United States of America, without giving effect to the principles
of conflicts of laws thereof; (ii) any action not subject to arbitration relating to this Agreement shall be instituted and
prosecuted in a court located in Cook County, Illinois, United States; (iii) the Parties hereby consent to the jurisdiction of any
federal or state court sitting in Cook County, Illinois; and (iv) Chapter specifically waives any right it may have or acquire to
sue ISACA in a country other than the United States or anywhere outside of Cook County, Illinois. ISACA may at its discretion,
initiate an action to enforce this Agreement in the Territory under the applicable law of the Territory.
N. Headings. The headings provided in the Agreement are for convenience only and will not be used in interpreting or construing
the Agreement.
O. Notice. Any notice provided for herein must be given in writing and shall be deemed to have been given when sent by
overnight courier or nationally recognized overnight courier or electronic mail to the Party’s address indicated below or to
such other address as may be later on designated in writing by such Party to the other Party to replace the current one.

If to ISACA If to Chapter

3701 West Algonquin Rd, Suite 1010 ISACA London Chapter

Rolling Meadows, Illinois 60008 c/o Kenneth Spence
U.S.A. 2 Hilliards Court
Attn: Legal Department Chester Business Park
contracts@isaca.org Chester
Cheshire
CH4 9PX

11.
IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed effective as of the Effective Date.

Information Systems Audit and Control Association, Information Systems Audit and Control Association
Inc. London Chapter

Signature Signature
Tara Wisniewski
Tara Wisniewski (Sep 23, 2018)

Name: Name:
Kenneth Roger Spence
Tara Wisniewski
Title: Title:
President
SVP Global Affairs
Date: Date:
6th September 2018
Sep 23, 2018
Designated email address: Designated email address:
twisniewski@isaca.org ken.r.spence@btinternet.com

12.
 EXHIBIT “A”
CHAPTER’S NAME, ACRONYM AND LOGO

Information Systems Audit and Control Association London Chapter

ISACA London Chapter

13.
 EXHIBIT “B”
LIST OF ISACA’S CHAPTER-SPECIFIC POLICIES and OVERALL TRADEMARKS
Available at www.isaca.org/chapterpolicies

14.
 EXHIBIT “C”
LIST OF CHAPTER’S APPROVED DOMAINS

www.isaca-london.org

Please contact chapters@isaca.org if you maintain another chapter-specific domain.

Sites hosted by ISACA do NOT need to be included in this list.

15.
 EXHIBIT “D”
COUNTRY-SPECIFIC EXHIBIT

UNITED KINGDOM

The Parties agree that the particular provisions of the Agreement set forth below shall be amended in order to render them valid,
legal and enforceable in the United Kingdom (jurisdiction where the Territory is located); in the understanding that all other terms and
conditions of the Agreement shall remain unchanged and in full force and effect.
Sections IX, XI, XII, XIV and XV of the Agreement shall read as follows (marked to show changes):

Section IX. ISACA’S INTELLECTUAL PROPERTY.

(…)
B. Chapter’s acknowledgments and prohibited acts. Chapter acknowledges and agrees that:

i. ISACA’s Intellectual Property is and shall remain at all times the sole and exclusive property of ISACA. ISACA’s
Intellectual Property may be used by Chapter if and only if such use is made pursuant to the terms and conditions of
this Agreement or other written permission from ISACA. Chapter may not challenge ISACA’s ownership rights in
ISACA’s Intellectual Property in the Territory or in any territory or jurisdiction worldwide. Any failure by Chapter to
comply with the terms and conditions contained herein, whether willful or negligent, may result in the immediate
suspension or revocation of this license, in whole or in part, by ISACA. Failure to comply, whether willful or negligent,
also may result in the revocation of the Charter of Chapter by ISACA. The interpretation and enforcement (or lack
thereof) of these terms and conditions, and compliance therewith, shall be made by ISACA in its sole discretion.

(…)
Section XI. PROCESSING OF ISACA’S PERSONAL DATA.

(…)

The following provisions shall apply from 25 May 2018:

Chapter acknowledges that in accordance with this Agreement and in order for it to achieve its objectives as an ISACA Chapter, it will
receive, have access to or otherwise acquire Personal Data from or on behalf of ISACA, its members, or others, and agrees that. The
parties acknowledge that, for the purposes of the Data Protection Legislation (and in particular the EU General Data Protection
Regulation as implemented into UK national law), ISACA is the data controller and Chapter is the data processor in respect of any
Personal Data that Chapter processes on behalf of ISACA pursuant to this Agreement. Chapter agrees in respect of its processing of
such Personal Data that :
i. Chapter shall only store or process Personal Data for Chapter-related purposes and in accordance with this Agreement,
ISACA’s Data Privacy and Security Policy included in ISACA’s Policies and Procedures and/or with additional written
instructions received from time-to-time from ISACA. Where Chapter is processing the Personal Data pursuant to
instructions of a general nature, it shall inform ISACA in advance of any proposed changes to the way it processes the
Personal Data pursuant to this Agreement, and ISACA shall have the right to object to such proposal. The subject
matter of the data processing under this Agreement is the performance of Chapter's rights and obligations under this
Agreement in order for it to achieve its objectives as an ISACA Chapter and the processing will be carried out for the
duration of this Agreement. The Personal Data relates to individuals connected with ISACA, its members or others. If
Chapter is required to process the Personal Data for any other purpose by European Union, Member State or UK
national law to which it is subject, Chapter will inform ISACA of such requirement prior to the processing unless that
law prohibits this on important grounds of public interest.

16.
 ii. Chapter’s access to Personal Data from ISACA is limited to the Chapter’s positions defined by ISACA, and Chapter shall
take all reasonable steps to ensure that such individuals are appropriately trained in the handling and secure
processing of Personal Data. Chapter shall ensure that such individuals are contractually bound to respect the
confidentiality of the Personal Data.
iii. Chapter shall not modify, amend or alter the content of Personal Data Obtained from ISACA
iv. Chapter shall not transfer, disclose or permit the disclosure of any Personal Data obtained from ISACA, to any third
party, unless specifically authorized to do so in writing by ISACA or otherwise required to perform its obligations under
this Agreement.
v. Chapter shall not transfer personal data which it processes in exercising its rights or performing its obligations under
this Agreement from a location in the EEA to a location outside the EEA without the prior written consent of ISACA.
vi. Chapter shall implement appropriate technical and organizational measures to protect ISACA’s Personal Data against
unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These
measures shall be in accordance with applicable industry standards and take into account the harm which might result
from unauthorized or unlawful processing or accidental loss, destruction or damage to the Personal Data and to the
nature of the Personal Data which is to be protected.
vii. Chapter shall process Personal Data from ISACA in accordance with the Data Protection Legislation and shall not do or
permit anything to be done which might cause ISACA in any way to be in breach of the Data Protection Legislation.
viii. Chapter shall notify ISACA promptly if, in Chapter's opinion, an instruction for the processing of Personal Data given
by ISACA infringes applicable Data Protection Legislation.
ix. Chapter shall notify ISACA about: (a) any legally binding request for disclosure of Personal Data by a governmental
agency; and (b) any accidental or unauthorized access, and (cb) any request received directly from a data subject
(without responding directly to that request unless it has been otherwise authorized to do so).
x. Chapter shall cooperate with ISACA to enable it to comply with any exercise of rights by a data subject under applicable
Data Protection Legislation in respect to that data subject’s Personal Data or comply with any assessment, enquiry,
notice or investigation under applicable Data Protection Legislation by any governmental authority.
xi. If Chapter becomes aware of any accidental, unauthorized or unlawful destruction, loss, alteration, or disclosure of, or
access to the Personal Data that is processed by or on behalf of ISACA in the course of Chapter exercising its rights and
performing its obligations under this Agreement (a "Security Breach"), it shall without undue delay and taking into
account the nature of the processing and information available to Chapter, notify ISACA and: (i) provide ISACA (as soon
as possible) with: (a) a detailed description of the Security Breach; (b) the type of data that was the Subject of the
Security Breach; and (c) the identity of each affected person, as soon as such information can be collected or otherwise
becomes available (as well as periodic updates to this information and any other information ISACA may reasonably
request relating to the Security Breach); (ii) take action immediately, at its own expense, to investigate the Security
Breach and to identify, prevent and mitigate the effects of the Security Breach and, with the prior written approval of
ISACA, to carry out any recovery or other action necessary to remedy the Security Breach; and (iii) not release or
publish any filing, communication, notice, press release, or report concerning the Security Breach without ISACA's prior
written approval (except where required to do so by law).
xii. Chapter shall, upon the written request of ISACA and taking into account the nature of the processing and the
information available to Chapter, use reasonable endeavours, at ISACA's cost and expense, to assist ISACA with its
obligations under the Data Protection Legislation to: (i) communicate Security Breaches to data subjects; (ii) carry out
data protection impact assessments of envisaged processing operations on the protection of the Personal Data; and
(iii) consult the applicable supervisory authority prior to processing where a data protection impact assessment
indicates that the processing would result in a high risk in the absence of measures taken by ISACA to mitigate the risk.
xiii. Chapter shall implement and maintain Personal Data retention and deletion procedures in compliance with the
requirements of the Data Protection Legislation and shall not retain any of the Personal Data for longer than is
necessary to perform its obligations under this Agreement.
xiv. Chapter shall establish written guidelines to ensure compliance with the data security and privacy obligations of its
jurisdiction, including creating internal and external privacy policies, which policies shall comply with applicable Data
Protection Legislation, rules and regulations. Chapter must provide those written guidelines and policies to ISACA upon
request.
xv. Chapter shall maintain written records of all processing activities carried out on behalf of ISACA containing the
information required by applicable Data Protection Legislation (including but not limited to the type of Personal Data
17.
 processed and the purposes for which they are processed). Chapter shall make these records available to ISACA and
supervisory authorities if and when required by such parties.
xvi. Chapter shall only authorize a third party to process the Personal Data provided that: (i) it obtains the prior written
consent of ISACA; (ii) the third party's contract is on terms which are substantially the same as those set out in this
Agreements as regards the processing of the Personal Data; and (iii) the third party's contract terminates automatically
on termination of this Agreement for any reason.
If the European Union or the UK lays down, or an applicable supervisory body adopts, standard contractual clauses for matters referred
to in Article 28(3) and Article 28(4) of the General Data Protection Regulation (as implemented in the UK) pursuant to Article 28(7) or
Article 28(8) of the General Data Protection Regulation (as implemented in the UK) (as appropriate) and ISACA notifies Chapter that it
wishes to incorporate any element of such contractual clauses into this Agreement, Chapter shall agree to changes necessary to
incorporate such elements in writing.

Section XII. FOREIGN CORRUPT PRACTICES ACT.

Mindful of the principles of the United States Foreign Corrupt Practices Act (“FCPA”) and other national and international anti-bribery
legislation, as applicable, (and in particular the UK Bribery Act 2010), Chapter certifies, warrants, and represents that it, its
subcontractors, agents, or other similar parties retained directly or indirectly, acting in any capacity, will:

A. comply with all applicable laws, statutes, regulations and codes relating to anti-bribery and anti-corruption including
but not limited to the FCPA and UK Bribery Act 2010,
B. have and maintain in place throughout the term of this Agreement adequate procedures to ensure compliance with
the UK Bribery Act 2010, and

C. not make, authorize or offer any payment or give, authorize the giving of, or offer anything of value, directly or
indirectly, with respect hereto or otherwise:
i. To any official or employee of any government, state-owned enterprise or international organization,

ii. To any person acting in an official capacity for or on behalf of any government, state-owned enterprise or
international organization, and

iii. To any political party or to any person known to be a candidate for any office in any government, in order
to (a) influence any act or decision in any such person’s official capacity, (b) induce any such person to violate
his lawful duty, or (c) induce any such person to use his influence with any government or instrumentality
thereof to affect or influence any act or decision of such government or instrumentality, for the purpose of
obtaining or retaining business or directing business to any person, or to secure any improper advantage.
Further, without limiting the foregoing, Chapter agrees to comply with the requirements of the FCPA and to
similar regulations applicable in other applicable jurisdictions,

Section XIV. LIMITATION OF LIABILITY.

TO THE EXTENT PERMISSIBLE BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY OR ANY OF ITS DIRECTORS, OFFICERS,
EMPLOYEES OR AGENTS SHALL BE LIABLE, BEFORE THE OTHER PARTY, UNDER ANY THEORY OF TORT, CONTRACT, OR OTHER LEGAL
THEORY, STRICT LIABILITY FOR ANY LOST PROFITS, LOSS OF DATA, EXEMPLARY, PUNITIVE, SPECIAL, INCIDENTAL, INDIRECT OR
CONSEQUENTIAL LOSSESDAMAGES, EACH OF WHICH IS HEREBY EXCLUDED BY AGREEMENT OF THE PARTIES REGARDLESS OF
WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSSESDAMAGES.
IN NO EVENT SHALL THE COMBINED MAXIMUM LIABILITY OF A PARTY ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL
EXCEED ONE MILLION UNITED STATES DOLLARS ($1,000,000 USD). NO ACTION, REGARDLESS OF FORM, ARISING FROM OR RELATING
TO THIS AGREEMENT MAY BE BROUGHT BY CHAPTER MORE THAN ONE YEAR AFTER CHAPTER BECOMES AWARE THAT SUCH ACTION
HAS ACCRUED. THE FOREGOING REPRESENTS AN EXPRESS ALLOCATION OF RISK BETWEEN THE PARTIES.
18.
ISACA REVOCATION OF THE CHARTER AND TERMINATION OF THIS AGREEMENT SHALL NOT MAKE ISACA LIABLE FOR COMPENSATION,
REIMBURSEMENT, REFUNDS, OR DAMAGES OR LOST PROFITS, SALES OR GOODWILL.

NOTHING IN THIS AGREEMENT LIMITS OR EXCLUDES THE LIABILITY OF A PARTY FOR: (I) DEATH OR PERSONAL INJURY RESULTING FROM
ITS NEGLIGENCE; OR (II) FRAUD OR FRAUDULENT MISREPRESENTATION.

Section XV. TERMINATION.

(…)

C. Consequence of Termination. Upon termination of this Agreement: (i) Chapter shall immediately cease use of ISACA’s
Intellectual Property and to present itself as a Chapter of ISACA; (ii) each Party shall make no further use of the Confidential Information
and Chapter shall immediately cease the processing of ISACA’s Personal Data; (iii) each Party shall, if requested in writing, within two
(2) weeks deliver to the other Party all Confidential Information and Personal Data of such Party (and all copies thereof) in its
possession or, in accordance with the instructions of such Party, destroy any or all of the disclosing party’s Confidential Information
and Personal Data; yet the receiving Party shall not be required to delete information from any routine backup system (provided that
the receiving Party shall: (i) not use such Personal Data to inform any decision in respect of any individual or in a manner that affects
the individual in any way; (ii) not give any third party access to the Personal Data; (iii) surround the Personal Data with appropriate
technical and organizational security; and (iv) commit to the deletion of such Personal Data if or when it becomes possible to do so)
and the receiving Party will be permitted to retain any information as required by applicable law, rule or regulation or judicial
proceeding; and (iv) the Chapter’s ability to exercise any rights under this Agreement shall immediately terminate and all rights,
interests or privileges of the Chapter in the services or resources of ISACA shall be cancelled.

D. By ISACA immediately in the event that Chapter challenges the validity of ISACA’s rights in ISACA’s Intellectual Property in the
Territory or in any territory or jurisdiction worldwide.

19.
Signature: Tara Wisniewski
Tara Wisniewski (Sep 23, 2018)

Email: twisniewski@isaca.org

Title: SVP Global Affairs

Company: ISACA