Project 3

profileMoona26
servicelevelagreement.pdf
Home>Computer Science homework help>Project 3

1

CYB 260 Service Level Agreement Version 1.1

Agreement Overview

This Agreement represents a Service Level Agreement (“SLA” or “Agreement”) between Helios Health Insurance (“COMPANY”) and Fit-vantage Technologies (“CLIENT”) for the provisioning of hosting services required to support and sustain product or custom software development. This Agreement remains valid until superseded by a revised agreement mutually endorsed by the stakeholders.

Goals and Objectives

The purpose of this Agreement is to ensure that the proper elements and commitments are in place to provide consistent IT service support and delivery to the CLIENT by the COMPANY. The objectives of this Agreement are to:

• Provide clear reference to service ownership, accountability, roles, and/or responsibilities • Present a clear, concise, and measurable description of service provision to the CLIENT • Match perceptions of expected service provision with actual service support and delivery

Service Agreement

The following detailed service parameters are the responsibility of the COMPANY in the ongoing support of this Agreement. Service Scope The following Services are included in this Agreement:

• Manned telephone support • Monitored email support • Support desk / ticket system

CLIENT Requirements CLIENT responsibilities and/or requirements in support of this Agreement include:

• Payment for all support and maintenance costs according to the contracted service contract or hourly rate in CLIENT’s agreement/contract with COMPANY

• Reasonable availability of CLIENT representative(s) when resolving a service-related incident or request

COMPANY Requirements COMPANY responsibilities and/or requirements in support of this Agreement include:

• Best effort for availability outside of office hours

2

• Meeting response times associated with service-related incidents • Appropriate notification to CLIENT for all scheduled maintenance • Best effort in diagnosis and repair of incident(s), including critical decision making in emergency

situations CIS Controls COMPANY responsibilities and/or requirements in support of this Agreement include:

• Control 1: Inventory and Control of Hardware Assets • Control 2: Inventory and Control of Software Assets • Control 5: Account Management • Control 6: Access Control Management • Control 10: Malware Defenses • Control 14: Security Awareness and Skills Training

Audit COMPANY responsibilities and/or requirements in support of this Agreement include:

• The Audit will be performed at least once a year. • The Audit will detail how the CLIENT covers the CIS critical controls. • The Audit will be in a short report to senior management.

Exceptions CLIENT shall not receive any credit under the SLA in connection with any failure or deficiency of website or email availability caused by or associated with:

1. Circumstances beyond COMPANY’s reasonable control, including, without limitation, acts of any governmental body, war, insurrection, sabotage, armed conflict, embargo, fire, flood, strike or other labor disturbance, interruption of or delay in transportation, unavailability of or interruption or delay in telecommunications or third-party services, virus attacks or hackers, failure of third-party software (including, without limitation, e-commerce software, payment gateways, chat, statistics, or free scripts) or inability to obtain raw materials, supplies, or power used in or equipment needed for provision of this SLA;

2. Scheduled maintenance and emergency maintenance and upgrades (Note: Every effort will be made to keep downtime to a minimum during maintenance periods, and when possible, COMPANY will notify CLIENT in advance of the expected downtime. CLIENT will not be billed hourly for these maintenance periods, but these maintenance periods are not eligible for SLA credits);

3. DNS issues outside the direct control of COMPANY; 4. CLIENT’s acts or omissions (including acts or omissions of others engaged or authorized by the

CLIENT), including, without limitation, custom scripting or coding (e.g., CGI, Perl, HTML, ASP, etc.), any negligence, willful misconduct, or use of the Services in breach of this Agreement;

5. DNS (Domain Name Server) Propagation; 6. Outages elsewhere on the Internet that hinder access to your account. COMPANY is not

responsible for browser or DNS caching that may make your site appear inaccessible when others can still access it. COMPANY will guarantee only those areas considered under the control of COMPANY.

3

7. Issues with email Client configuration or performance

Service Management

Effective support of in-scope services is a result of maintaining consistent service levels. The following sections provide relevant details on service availability, monitoring of in-scope services, and related components. Service Availability

• Regular business hours are considered to be from 9.00 a.m. until 5.00 p.m. Eastern Standard Time, Monday to Friday, except federal U.S. holidays and observances as defined by the U.S. government.

• Telephone support: Will be conducted during business hours. • Email support: Will be monitored during business hours. Any email received outside office hours

will be collected, and best efforts will be made to respond to CLIENT’s request. However, no action will be guaranteed until the next working day.

• Support desk / ticket system: Customers provided this option are encouraged to submit a ticket, no matter if during or after office hours, via the support desk.

Emergency Situation

1. Any work performed or calls handled outside regular business hours will be considered an emergency and billed accordingly.

2. Services that need an immediate resolution, including but not limited to server failure, software failure, e-PHI risk, that are not related to an existing project or approved work/change order, may be completed without CLIENT’s approval.

3. CLIENT will be provided with an emergency email address and phone number, which will be forwarded to multiple parties in COMPANY’s organization.

CLIENT will be promptly notified in the event of this situation, and COMPANY will make the best effort to identify such circumstances in order to ensure the best possible service. COMPANY guarantees 99.8% uptime (over a 1-month period) for systems under COMPANY’s exclusive control and hosted in COMPANY’s cloud HIPAA hosting environment, protecting the system from downtime as a result of poor server configuration or poor application performance. On simple HIPAA hosting, if server, or failure point is not hosted in COMPANY’s network, COMPANY cannot be held responsible for downtime as a result of network outages, hardware failure, and other issues outside of COMPANY’s control. COMPANY expects remote access to be maintained and direct contact to individuals physically present at the server hosting company. Customer Requesting Reimbursement If there is a server outage or other problem that causes CLIENT’s environment to go offline and the problem is in-scope of the responsibility of COMPANY, CLIENT will be entitled to the following:

• Credit of 2% of the monthly bill (applicable hosting, support, and maintenance fees only) for each 30 minutes of downtime beyond the guaranteed uptime up to a maximum 100% of their monthly bill.

4

To receive a credit, CLIENT must make a request by sending an e-mail message to COMPANY. If the outage is confirmed by COMPANY, credits will be applied within two billing cycles after receipt of CLIENT’s credit request. Credits are not refundable and can be used only toward future billing charges.