Penetration Test Service Level Agreement - DOC by qmf16157

VIEWS: 63 PAGES: 19

More Info
									Service Level Agreement
 Unix Administration Services

           for

     <<client name>>




                 Office of Information Technology Services
                                             April 21, 2000
                                  http://www.state.nc.us/its
                                                                                                                       Service Level Agreement



                                                   Table of Contents

1 SERVICE LEVEL AGREEMENT ACCEPTANCE ................................. 1

2 INTRODUCTION ................................................................................... 4

3 SCOPE AND PRIORITIES .................................................................... 5

4 SYSTEM SUMMARY............................................................................. 6

5 UNIX ADMINSTRATION SERVICES .................................................... 7
   5.1 Standard Support Services ................................................................................ 7
       5.1.1    System backups.................................................................................................................... 7
       5.1.2    Restores and On-Site Recoveries ........................................................................................ 7
       5.1.3    Disaster Recovery ................................................................................................................ 7
       5.1.4    Operating Systems (OS) Management ................................................................................ 7
             5.1.4.1 Operating System Upgrades ...................................................................................................... 7
             5.1.4.2 Operating System Patch installations ........................................................................................ 8
       5.1.5 Daily System Monitoring ....................................................................................................... 8
       5.1.6 Hardware Monitor and Management .................................................................................... 8
       5.1.7 Security Management ........................................................................................................... 8
             5.1.7.1 Security Scanning ...................................................................................................................... 8
             5.1.7.2 Monitoring Server Access .......................................................................................................... 9
             5.1.7.3 Researching Violations/Attempted Violations ............................................................................ 9
       5.1.8 Performance Monitoring and Tuning .................................................................................... 9
       5.1.9 Configuration Management .................................................................................................. 9
       5.1.10 System Shutdown and Startup ............................................................................................. 9
   5.2 Client Requested Services ............................................................................... 10
       5.2.1    Database Services .............................................................................................................. 10
       5.2.2    User Management .............................................................................................................. 10
       5.2.3    Additional System Backup and Recovery Support ............................................................. 11
       5.2.4    Consulting Support ............................................................................................................. 11
   5.3 Management Support ....................................................................................... 11
       5.3.1 Reporting and Meetings ...................................................................................................... 11
             5.3.1.1 Status Reports ......................................................................................................................... 11
             5.3.1.2 Performance Reporting ............................................................................................................ 11
             5.3.1.3 Status Meetings ....................................................................................................................... 12
       5.3.2 Engagement Change Control ............................................................................................. 12

6 SERVICE COMMITMENTS AND PERFORMANCE REPORTING ...... 13

APPENDIX A – PERFORMANCE AND SYSTEM METRICS................... 14

APPENDIX B – SLA PERFORMANCE REPORTING.............................. 15

3fca6e0f-7526-4698-8712-c389bf525fdb.doc                                Draft                                                                                  i
                                                   Service Level Agreement


APPENDIX C – SLA SCOPE CHANGE REQUEST FORM ..................... 16




3fca6e0f-7526-4698-8712-c389bf525fdb.doc   Draft                         ii
                                                                  Service Level Agreement Acceptance



1 SERVICE LEVEL AGREEMENT ACCEPTANCE
1. Background
   The parties acknowledge they have read and understood the terms and conditions herein. This
   Service Level Agreement (hereinafter "SLA") sets forth provisions for the Department of
   Commerce, Information Technology Services Unix Administration team to provide services to
   <<Client Name>>. Except as may be required by law, <<Client Acronym>> shall not be required
   to use the services of the Unix Administration team. However, to the extent that services
   covered by this SLA are provided by the Unix Administration team to the customer, this SLA
   shall control the rights and responsibilities of each of the parties.
2. Term and Termination
   This SLA shall be effective upon the date of execution by both parties and will be in effect for
   three years from the date of execution by both parties. After the client has met the purchase
   obligations for the Unix hardware, either party shall be entitled to cancel this Service Level
   Agreement at any time and for any reason without penalty upon giving thirty (30) days’ written
   notice to the other party at the following addresses:
   NC Information Technology Services                       <<Client Name>>
   Attention: Barry Bell                                    Attention:
   4115 Mail Service Center                                 <<address>>
   Raleigh, NC 2769-4115                                    <<City, State, Zip>>

   The client is responsible to make full reimbursement to ITS for the Unix hardware. If this Service
   Level Agreement is terminated prior to full reimbursement, ITS will continue to issue invoices to
   the client until 1) the full price of the Unix hardware is reimbursed, or, 2) another client agrees to
   takeover the responsibility of the Unix machine from the original client.
3. Services
   Section 3, Scope and Priorities, identifies the services included and excluded by this Service
   Level Agreement.
4. Service Level Agreement Changes
   It is mutually understood and agreed that no alteration of the terms of this SLA shall be valid
   unless made in writing using the SLA Scope Change Request Form, as shown in Appendix C.
   No oral understanding or contracts not incorporated herein and no alteration or variations of the
   terms hereof shall be binding on either party unless made in writing and signed by both parties.
   Approved changes will be effective according to the Effective Date of the change or when both
   parties have approved and signed the change, whichever is later. This approved form will be an
   amendment to the Service Level Agreement. All such amendments will take precedence over
   this original Service Level Agreement.
5. Billing Information
   Unix Administration (UA) services will be invoiced monthly. The actual charges, based upon
   billing rates approved by IRM, will be used to calculate the UA invoice amount. If the client has a
   problem with the billing information, call the ITS Help Desk at 919-872-8841 or 1-800-722-3946
   and the appropriate individual will be notified and in return contact you to provide assistance.
   The UA Project Manager will determine appropriate additional resources or actions and will
   marshal assistance as needed. If a solution can not be reached, the issue will be escalated, at
   the discretion of the <<Client Acronym>> Project Manager, to the Engagement Manager and
   Chief Operations Officer for final resolution.




3fca6e0f-7526-4698-8712-c389bf525fdb.doc            Draft                                                   1
                                                                   Service Level Agreement Acceptance
6. Miscellaneous Provisions
    A.       This is a complete and total integration of all agreements between the parties regarding
             the subject matter of this Service Level Agreement
    B.       The headings are provided for informational purposes only and shall not be deemed to
             be controlling parts of this agreement.
    C.       The failure of either party to this agreement to enforce any of the terms or provisions
             hereof shall not constitute nor be deemed a waiver to enforce that or any other portion of
             this agreement.
    D.       All issues regarding timeliness or quality of service provided should be directed to the
             ITS Help Desk, at 919-872-8841, or 1-800-722-3946 or to the Engagement Manager.
    E.       Escalation may be requested via a phone call to the ITS Help Desk, UA Project
             Manager, Engagement Manger, or Chief Operating Officer during normal business
             hours. After-hours escalation should be directed to the ITS Help Desk staff, who will
             update the Vantive ticket accordingly.

Dispute Resolution. In the event that a dispute arises out of or relates to this SLA, or the breach,
termination, validity or subject matter thereof, the parties to the SLA and to the dispute expressly
agree to endeavor in good faith to settle the dispute by mediation before having recourse to
arbitration or litigation. Either party to this SLA may invoke its right to mediation as follows:

         (a) A party claiming that a dispute has arisen must give written notice to the other party to
         the dispute specifying the nature of the dispute.

         (b) On receipt of the notice specified in (a), the parties to the dispute must, within seven (7)
         days of receipt of said notice, seek to resolve the dispute.

         (c) If the dispute is not resolved within seven (7) days or within such further period as the
         parties agree, then the dispute shall be referred to a mediator who is certified as a Superior
         Court Mediator by the North Carolina Dispute Resolution Commission. The mediator shall
         be agreed upon by the parties prior to referral.

         (d) Except as may be set forth herein, the mediation shall be conducted in accordance with
         generally accepted procedures for the conduct of the process of mediation.

         (e) Unless otherwise agreed to by the parties, the mediator's fee shall be paid in equal
         shares by the parties. Parties obligated to pay a share of the fees shall pay them equally.
         Payment shall be due upon completion of the conference or at such other time as may be
         required by the mediator.

         (f) The parties agree that all information discussed during the mediation process shall be
         confidential and will not be introduced as evidence against the other party in any court
         proceeding. Further, neither party will call the mediator, or any member of the mediator's
         staff, to testify in any court proceeding regarding any matters associated with the mediation
         process and/or sessions. The parties also agree that they will not require the mediator to
         produce in court any records, documents or tape recordings made by the mediator.




3fca6e0f-7526-4698-8712-c389bf525fdb.doc             Draft                                                  2
                                                                 Service Level Agreement Acceptance
7. Acceptance
    This Service Level Agreement constitutes the entire agreement between both parties and
    supersedes all other communication, written or oral, related to the subject matter of this Service
    Level Agreement. The Parties hereby acknowledge and accept the terms and conditions of this
    Service Level Agreement.



               <<client name>>                             Information Technology Services,
                                                            Distributed Computing Services


<<Client Acronym>> Engagement Manager      Date     Engagement Manager: Barry Bell                 Date



<<Client Acronym>> Project Manager         Date     UA Project Manager: Brian Austin               Date



<<Client Acronym>> Site Coordinator        Date     UA Team Leader: Robert Deacle                  Date




3fca6e0f-7526-4698-8712-c389bf525fdb.doc           Draft                                                  3
                                                                                  Unix Administration SLA



2 INTRODUCTION
The UA Team measures its maintenance support performance through the Service Level Agreement,
herein referred to as the SLA. The objective of the SLA is to define the criteria to be used for measuring
the UA Team’s performance throughout the engagement. It defines the support functions that the UA
Team will commit to throughout the engagement; assigns priorities to these functions; and establishes
baseline service standards and commitments. It becomes the reporting vehicle for the performance
measurement and provides the opportunity to identify service-level improvements throughout the
engagement.

The service-level commitments contained in the SLA were developed from estimates of current and
desired service levels that are subject to fluctuation. Accordingly, the SLA should be viewed as a dynamic
document and should be periodically reviewed and changed when the following events occur:

   The environment has changed;

   The client's expectations and/or needs have changed; and

   Workloads have changed.

In reading the SLA, keep in mind that it defines commitments and measurement goals. Procedures for
each service category are also explained in detail in the Unix User Manual.

Also note that the UA Team has no control over external dependencies that affect processing, such as
software errors. If this should occur, the UA Team will contact the appropriate responsibility point and
monitor the situation. This will be indicated on the Performance Report as explainable variances. The UA
Team will identify external problems and work with the responsible groups to prevent them from
reoccurring.




3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                           4
                                                                                          Unix Administration SLA



3 SCOPE AND PRIORITIES
Figure 1 shows the layers that make up the Unix Administration service base.

                                   Layer                  Description
                                   Help Desk              Single point of requesting services or reporting
                                                          problems for all services provided by ITS
              Account Management




                                   Web Hosting Services   Hosting services on Unix platform for client web sites
                                   Domain Name System     Domain Master Services
                                   (DNS)
                                   Majordomo/ListServ     Mailing List Administration
                                   Software               System Support to Application Software on Unix
                                   Database               System Support to Application’s DBA
                                   System Management      Gathers Operational System Status
              Administrative




                                   Operating System       Manages Usage Of Hardware Resources
                Services




                                   Security               User Management, Access Monitoring, and Security
                                                          Scans
                                   Hardware               CPUs, Storage, Memory, Power



         Figure 1. - Layers of Service that Define the Service Level Agreement Foundation.

The SLA is designed to ensure that client needs are addressed individually, service level terms are
defined for each layer of the service base in order to effectively define all of the layers that apply to a
particular environment. Developing a common set of service level agreements, tools, and procedures for
each layer simplifies the management, deployment, and implementation of new services for all ITS
clients.

To address specific business needs, agencies need to address each service area to ensure that all
requirements are reviewed before the SLA is completed. Each module uses common service level
agreements of the base, but allows flexibility to address client-specific business requirements.




3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                                     5
                                                                                  Unix Administration SLA



4 SYSTEM SUMMARY
<< This section should provide a broad overview of the size and complexity of the client’s computing
environment. The summary should contain counts of the types of hardware (number and make/model of
workstations, servers, printers and the like) and a description of the major software products used. In
addition, it should describe the standard configuration for workstations, servers and any major
systems.>>

             Unix Computer Make and Model
             Business Application
             Database Software
             Other Application Supporting
             Software
             Other Hardware


ITS will ensure that the Unix configuration(s) covered by this SLA adhere to all IRMC principles, policies,
standards, etc.




3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                           6
                                                                                      Unix Administration SLA



5 UNIX ADMINSTRATION SERVICES
This section includes a list of services provided by the UA team along with a definition of the service.


5.1     Standard Support Services
This section briefly describes the normal day-to-day services that the UA team provides for Unix
machines located at ITS without requests from the client. See 4 System Summary for Unix systems
covered by this agreement.

5.1.1     System backups

ITS is responsible for Unix file system backups and shall supply the hardware and software necessary for
doing the backups. This does not include backups of raw data (see 5.2.3 regarding backups of raw data).
These backups are included the basic monthly fee for the Unix machine.

     Incremental backups will done daily (Sunday through Friday) and those tapes will be kept on-site for
      30 days.

     One full backup will be done weekly and will be kept on-site. The retention period will correspond to
      the daily backup retention (30 days).

     An additional full backup will be done every Friday and it will be kept off-site in a 5 week rotation.

5.1.2     Restores and On-Site Recoveries

The UA team will coordinate any software and hardware repairs and restore, as applicable, operating
environment and file systems containing the client’s application data from the latest backup. The fees for
this service are included in the monthly fee for the Unix box. The Database Administrator (DBA) is
responsible for restoring databases; the UA team will restore the latest database backup data to a
directory for the DBA.

5.1.3     Disaster Recovery

If the optional disaster recovery support services is chosen by the client, UA team and the client will
jointly conduct disaster recovery tests in accordance with the client specifications and on hardware
provided/arranged by the client. The UA team will restore the operating environment and file systems
containing the client’s application data from the latest off-site backups to the recovery system. In the
event of an actual disaster recovery situation, the UA team will perform the same services as those in the
recovery test. The actual services and fees for this service will be negotiated at the time that the client
has opted for this service. The fees would be based upon issues such as ITS labor, materials, frequency,
and geographic location of the test.

5.1.4     Operating Systems (OS) Management

Upgrades and patches are scheduled by the UA team, only after obtaining approval from the client (see
section 4 of the Unix User Manual for these procedures).

5.1.4.1 Operating System Upgrades

As Unix operating systems evolve, the OS vendors release newer versions of the operating system.
These upgrades usually provide new features and/or enhance or delete features of the prior version. The
UA team reviews OS upgrades on an annual basis and installs them only after obtaining the client’s
approval. The service fees are dependent upon the type of upgrade. A minor upgrade (little to no impact
on client’s application or database software) is included in the basic monthly fee for the Unix machine and
would not have additional fees. A major upgrade (potentially high impact to client’s application and


3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                                 7
                                                                                    Unix Administration SLA

database software) will be billed to the client based upon the ITS labor expended to install the update as
well as the cost of the upgrade package/license from the OS vendor. The client may delay an upgrade
until the OS vendor no longer supports the version in use. After that, an OS upgrade may be required to
address problems or security issues.

5.1.4.2 Operating System Patch installations

As problems are discovered in an OS, the OS vendor will make patches available to correct the problems.
The UA team reviews patch availability on a quarterly basis unless it is a security or persistent problem
patch. Security and persistent problem patches will be installed as soon as possible after ITS notifies the
client of an installation date. The client cannot reject security or persistent problem patches, only
negotiate an installation date not to exceed 90 days of the proposed date. Normal quarterly patches will
be installed only after the client approves the installation.

Patches are initiated several ways. The UA team is on vendor’s patch mailing list which sends email
messages with a list of new patches that are available in the vendor’s environment. The UA team also
receives security alerts (not vendor specific) that report security situations and patches/work-arounds for
different computer systems that will correct the problem. Other patches are a result of problems that the
UA team or the client’s users encountered. The UA team will search the vendor’s online data to find
possible patches to fix the problem or contact the vendor to request assistance when a patch cannot be
found for the specific problem.

This service is included in the basic monthly fee for the Unix machine.

5.1.5   Daily System Monitoring

The UA Team will monitor the Unix systems each morning to ensure all appropriate processes are
running, no errors are in system error logs, and that sufficient disk/file system space is available. If
problems are detected during the daily checking, the UA Team will take appropriate action to correct the
problem.

This service is included in the basic monthly fee for the Unix machine.

5.1.6   Hardware Monitor and Management

The UA team will monitor the hardware in the Unix environment. If the UA determines that a problem
exists with the hardware, the UA team will coordinate repairs/replacements through the applicable
contracts with the hardware vendors.

This service is included in the basic monthly fee for the Unix machine.

5.1.7   Security Management

ITS and the client must abide by and adhere to all IRMC principles, policies, standards, etc. regarding
Unix security management.

5.1.7.1 Security Scanning

ITS Computing Services provides the Statewide Computer and Network Security (SCANS) service that
provides an assessment of network vulnerabilities. This service uses a set of automatic scanning
software that offers an extensive battery of penetration tests that aids the network and system
administrators in quickly finding and fixing network security holes – proactively controlling their security
risks. This service provides reports identifying severity, description, and a repair action for any security
vulnerabilities that are found.

Computing Services performs Low-level scans monthly and the UA team will review the resulting reports
for the client’s Unix environment (as specified in section 4 System Summary). If vulnerabilities are
identified, the UA team will notify the client of the problem and obtain the client’s approval to take the



3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                                 8
                                                                                    Unix Administration SLA

recommended action to correct the problem. If the scan identifies a problem in the client’s database
software, the UA team will provide the scanning report information to the client’s database administrator.

Detailed information may be found regarding ITS’ SCANS service on the ITS web site at
www.state.nc.us/its/divisions/dcs/scans/SCANSweb.htm. This service is included the basic monthly fee
for the Unix machines covered by this SLA.

5.1.7.2 Monitoring Server Access

The UA team uses a software program (TCP Wrapper) that monitors and filters incoming requests for
telnet, ftp, finger, etc. Before allowing access, the software checks to see if the requesting host is
authorized to connect. The software is configured to send an email to the UA team when an
unauthorized attempt occurs. This service is included in the basic monthly fee for the Unix machine.
Note: This service is not provided for clients with their own listener.

5.1.7.3 Researching Violations/Attempted Violations

If repeated unauthorized attempts are made from the same host, the UA team will send an email
message to the hostmaster of the sending IP address informing them that the activity is considered
criminal in nature and must stop immediately. This service is included in the basic monthly fee for the
Unix machine. If the activity does not stop, all of the information regarding the attempts will be forwarded
to the State Bureau of Investigation (SBI) for further investigation and possible prosecution. The client will
be billed for time and materials for the data collection and research for the SBI reporting.

5.1.8   Performance Monitoring and Tuning

The UA team will monitor system (not database) performance on the Unix platforms to ensure that they
are operating at within acceptable levels. If the monitoring tool indicates a performance problem, the UA
team will research the problem and make the appropriate adjustments to tune the system’s performance.
The adjustments may require hardware/software upgrades. The cost of the hardware/software upgrades
will be billed to the client. Changes requiring production shutdown will be coordinated with the client’s
Project Manager. The application database administrator is responsible for monitoring and tuning the
application’s database. System monitoring and tuning services are included in the basic monthly fee for
the Unix machine.

5.1.9   Configuration Management

The UA team will track the configuration of the client’s Unix environment. The configuration will include a
complete inventory of the client’s Unix environment as well as maintenance contract information such as
dates and support level for the maintenance support. The client must abide by and adhere to all IRMC
principles, policies, standards, etc. regarding the configuration of the Unix system. This service is
included in the basic monthly fee for the Unix machine.

5.1.10 System Shutdown and Startup

The UA team schedules normal maintenance on Sundays between the hours of 4:00a.m. and 12:00p.m.
The UA team only shutdowns the system on those Sundays where maintenance is required and only for
the duration needed within the scheduled window. When maintenance is complete, the UA team starts
up the system and all normally scheduled software.

If the system must be shutdown for special projects such as major enhancements/upgrades to the
operating system, the UA team will request to shutdown the system as specified in section 4 of the Unix
User Manual. The client and the UA team must agree on the shutdown schedule prior to the UA team
actually shutting down the system.

In emergency situations (i.e. system crashes), the UA team will notify the client’s Project Manager through
the ITS Help Desk. The UA team will handle the problem as an emergency level problem. They will
research the problem and startup the system as quickly as possible.


3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                             9
                                                                                   Unix Administration SLA

This service is included in the basic monthly fee for the Unix machine.


5.2     Client Requested Services
These are services that the UA team provides, but only at the request of the client. See the procedures in
the Unix User Manual for information on how to request these services.

5.2.1     Database Services

The UA team provides limited database support. The UA team will establish disk space for the database
and will mount media such as CDs to support the client’s database administrator (DBA). The client is
responsible for providing, or obtaining, the DBA support. If the client is not able to provide database
support, DBA services may be obtained from the ITS Business Technology Services (BTS) Database
Support team or from a vendor.

The client is responsible for providing or obtaining DBA support that includes the following
services.

     Install and upgrade database software

     Data administration and data modeling support

     Physical database design

     Creation of database objects

     Development of initial load programs and utilities

     Loading of test databases

     Periodic database backups

     On request, database unloads

     On request, database loads

     Development of database triggers and stored procedures

     Maintenance of database security

     Maintenance of the test database schemas

     Create production database schemas

     Assistance with the migration of test data to production

     Performance monitoring

     Establishment and testing of database disaster recovery routines

     Database support for application developers

     Monitoring of production database utilities

5.2.2     User Management

This includes Unix logon management of issuing new logons or modifying or deleting existing logons to a
server and or portions of a server (particular application, specific subdirectories, etc.) This also includes



3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                           10
                                                                                   Unix Administration SLA

setting up file and directory permissions and resetting passwords for a logon ID. The client must abide by
and adhere to all IRMC security standards and policies regarding user management. See section 2 of the
Unix User Manual for procedures in requesting this service. This service is included in the basic monthly
fee for the Unix machine.

5.2.3     Additional System Backup and Recovery Support

This service provides a method for the client to request system backup and recovery services in addition
to the standard services described in 5.1.1 through 5.1.3. See section 6 of the Unix User Manual for
procedures in request this service. This service is billed in addition to the basic Unix fee.

5.2.4     Consulting Support

This service is available to assist clients when the issue is Unix but none of the above services cover the
issue. It could include general Unix questions, questions regarding a specific Unix system software
capabilities, request for estimates on potential future services/hardware. It does not include services that
are provided by other service groups (i.e. web development, database administration, etc.) See section 3
of the Unix User Manual for procedures in requesting this service. This service is billed separately from
the basic Unix fee.




5.3     Management Support
The Unix Administration management believes that in order to provide effective Unix Administration
services, management must stay on top of events and make effective use of all resources. Measurement
and goal-based reporting is critical to this process. This information allows the UA management to plan,
organize, delegate, and control the Unix Administration services. This will position the UA team to meet
and exceed its service level commitments.

A basic goal of the UA management is to keep the client continually informed. Status meetings, status
reports, performance measurements, and planning sessions are the vehicles used to ensure that the
client is kept abreast of all activities. This service is included the basic Unix fee.

5.3.1     Reporting and Meetings

5.3.1.1 Status Reports

Quarterly, the UA Project Manager or designee will provide status in writing to the client’s Project
Manager. Status reports will summarize the following activities.

     On- and off-shift support activity

     Planned activities completed

     Planned activities not completed

     Unplanned activities

     Activities planned for following quarter

     Issues and concerns

5.3.1.2 Performance Reporting

The UA Project Manger will measure performance against the SLA commitments (see Appendix A), using
information provided by system logs, Vantive reports, and by UA team members’ status reports. The



3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                          11
                                                                                Unix Administration SLA

performance will be recorded on the Performance Report form (see Appendix B) and sent to the client
Project Manager along with the quarterly Status Report.

5.3.1.3 Status Meetings

Upon the client’s request, the UA Project Manager, or designee, will conduct a status meeting with the
client’s Project Manager. The standard agenda will include:

   Review latest status report

   Review last three Performance Reports

   Review plans for next quarter

   Issues and Concerns

5.3.2   Engagement Change Control

Whenever a change to the Unix computers or services provided, as specified in this SLA, is planned by
either the client or the UA team, the party proposing the change must submit a SLA Scope Change Form
(see Appendix C) detailing the proposed change. Both parties will then meet to discuss the proposed
change. If both parties agree to the change, it will be completed as agreed upon, and both parties will
sign the Scope Change Acceptance portion of the SLA Scope Change Form. The Amendment Number
and Effective Date will also be entered and the SLA Scope Change Request Form will be appended to
the original SLA and the appropriate changes will be applied to the SLA using revision tracking. As the
client’s Unix environment changes, the UA team will update the SLA to reflect the change.

The UA Project Manager, and/or marketing representative, will meet with the client at least annually to
review the SLA commitments. Both parties will agree on any adjustments based upon the performance
history and anticipated workloads.




3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                        12
                                                                                    Unix Administration SLA



6    SERVICE COMMITMENTS AND PERFORMANCE REPORTING
The SLA is an essential tool for managing this UA engagement. It defines the boundaries of the UA
engagement in terms of the functions and services that will be provided by the UA Team:

Appendix A itemizes the commitments that the UA Team is making to the client and is used to measure
the success of the engagement. Commitments are targets for the UA Team’s performance that the UA
Team will exercise best efforts to achieve. Actual performance against these commitments will be
reported quarterly by the ITS UA Project Manager via the SLA Performance Reports. (See Appendix B.)

The following is a description of the columns used in Appendix A:

   Commitment – identifies the commitment;

   Measurement – specifies what the measurement of this commitment will be;

   Percentage – the percent of the time this commitment is targeted to be met; and

   Time Event – if there is a time that this commitment is related to, this is specified here.



The following is a description of the columns used in the SLA Performance Reports as shown in Appendix
B:

   Commitment – specifies the commitment as defined in corresponding Appendix A metrics;

   Standard – the measurement from the corresponding Appendix A metrics;

   Actual – the actual performance for the commitment during the reporting month;

   Variance – the difference between the committed standard and the actual performance for the
    commitment; and

   Action Steps – actions that the UA Team will take to prevent significant variances in the future.




3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                          13
                                                                                  Unix Administration SLA


           APPENDIX A – PERFORMANCE AND SYSTEM METRICS

                            Performance and System Metrics
Commitment                   Measurement                       Percentage     Time Event


Availability of System       24 hours by 7 days, except        99% of the
                             4:00am – 12pm Sundays             time


Workload
Incremental Backups          6 per week                        100%           Saturday through Thursday
Full backups                 2 weekly (one on-site             100%           Off-site backup – Friday
                             retention, one off-site
                             retention)
Disaster Recover Tests*      As per client requirements        100%
OS patch installs

 Normal patch releases                                         100%           Quarterly review with client
 Security patches                                              100%           If applicable to system,
                                                                              install upon receipt
 Emergency patches                                             100%           Immediately upon receipt
OS Upgrades                                                    100%           Annual review with client
Daily System Monitoring      Daily                             100%
User Access                  5/month                           100%           24 hours to add/delete use
Management
                                                                              1 hour to reset a password


                                                                                        th
Status & SLA Reports         Quarterly                         100% of the    By the 10 of month
                                                               time           following the end of the
                                                                              quarter


Status Meetings              As per client request             100% of the    Within 10 days following the
                                                               time           customer’s request


                                                                                        th
SLA Reviews                  Annually                          100% of the    By the 15 of the final
                                                               time           month of the current SLA


Quality Reviews              As per client request             100% of the    Within 10 days following the
                                                               time           customer’s request
* Disaster recovery is an optional service and the client must provide the disaster recovery test platform.
The UA team will provide the backups and load and setup client’s system on the recovery system.




3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                            14
                                                                                                   Unix Administration SLA


                                      APPENDIX B – SLA PERFORMANCE REPORTING

                                                     SERVICES LEVEL PERFORMANCE REPORT
                                                     FOR REPORTING PERIOD _______________
                Commitment                      Standard             Actual         Variance   Action Steps
 Availability of System


 Workload
 Incremental Backups
 Full backups
 Disaster Recover Tests*
 OS patch installs
   Normal patch releases
   Security patches
   Persistent Problem patches
 OS Upgrades
 User Access Management
 Daily System Monitoring


 Status Reports
 Status Meetings
 SLA Reviews
 Quality Reviews

* Only if service option has been chosen by client




3fca6e0f-7526-4698-8712-c389bf525fdb.doc                               Draft                                            15
                                                                               Unix Administration SLA


              APPENDIX C – SLA SCOPE CHANGE REQUEST FORM


                                  SLA Scope Change Request Form

Requester Information
Name                                                       Title
Division                                 Department
Request                                  Return By
Date                                     (Date)
Phone                                    E-Mail


Description of Change




Scope Change Acceptance

                 <<client name>>                        Information Technology Services,
                                                              Computing Services


>>client name>> Engagement Manager      Date      UA Engagement Manager: Barry Bell             Date



<<client name>> Project Manager         Date      UA Project Manager: Brian Austin              Date



<<client name>> Technical Coordinator   Date      UA Team Leader: Robert Deacle                 Date




SLA Amendment Number:                             Effective Date:




3fca6e0f-7526-4698-8712-c389bf525fdb.doc Draft                                                     16

								
To top