Service Level Agreement - System Hosting and Management
1. 0 Scope
This document defines the Agreement between Technology Resources (TR), the hosting and management Provider, and [Department/Company Name], the Owner. If the service(s) are to run on the Provider’s equipment, please skip to section 2.0; otherwise, list the Owner’s equipment to be managed:
Vendor / Description / Model Number / Serial Number / Property Tag / Service Tag2. 0 Owner Contacts
Entity / Name / Phone / Cell Phone / After Hours Phone / EmailDept Head
System
Admin
Application Admin
Alternate Contact
3 .0 Service Agreement
3.1 Hardware Configuration
All hardware must be of the rack mountable type, complete with rails. We also require that all hardware have “hot swappable”, redundant, power supplies, and cooling fans. Servers must have redundant internal disk drives (Configured with RAID 1 or better). In addition, the above named system(s) require, at a minimum, a “Lights Out” management card.
3.2 Location and Connectivity
The above named system(s) will be located in a Texas State University Data Center operated by the Provider and connected to the network via redundant, gigabit Ethernet.
3.3 Access
The Owner will have no unescorted physical access to the System unless arranged in advance with the Provider. The Owner, in conjunction with the Provider, will install, maintain, and manage the application. The Owner will schedule tasks requiring root level administrative rights with Provider.
3.4 Software Installation and Maintenance
Provider will:
· Assure appropriate assignment and management of the System’s IP addresses
· Assure appropriate installation and configuration of the required operating system(OS) and related utilities.
o Maintain the OS with the latest service packs and patches
o Configure the OS to receive automatic updates
· Install server / system monitoring software as needed
· Log events to the Provider’s logging server as needed
· Assure appropriate installation of approved anti-virus software configured to:
o Scan on write
o Complete full system scans on a periodic, after hours, basis
o Receive automatic updates and signatures
· Install and maintain the following software at the latest service pack/update level.
o Host-based Firewall
o Security Agent
The Owner is responsible for installing and maintaining all other software on the System and shall not install any software or take any action that would impede or otherwise interfere with the proper operation of Provider-installed software.
In order to ensure (as far as is possible) that all systems are fully protected and cannot interfere with the operation of other systems on the network, Provider normally applies the latest patches to all its systems as soon as is practicable after the patches are released for general use. This generally occurs automatically, without prior notification. It is the responsibility of the Owner to ensure that Owner’s applications continue to function in this scenario. Provider will not be responsible for application failures arising from updates to the OS software that Provider is maintaining under this Agreement.
The Owner must maintain the patch level of software for which the Owner has responsibility to ensure (as far as is possible) that the System is protected from vulnerabilities and cannot disrupt other systems or network services. Provider reserves the right to disconnect the Owner’s System without prior notice if it is identified as the cause of network service disruption or is compromised.
3.5 Network Services
Provider will configure the System(s) such that all services offered to the network are disabled except for those explicitly identified by the Owner as necessary for the System application(s) to properly function. By default, all Internet access to the System is denied by the Provider’s perimeter firewall; external access through the firewall is subject to Provider’s firewall security policy.
3.6 Hardware Maintenance
The Owner is responsible for obtaining hardware maintenance coverage for the System. Subject to availability and at Provider’s sole discretion, Provider may include the System on its hardware maintenance contract consistent with the terms and conditions of that contract. In such circumstances, Provider will pro-actively monitor the operation of System hardware components and initiate parts replacement when potentially failing components are identified. Any necessary downtime to replace components will be scheduled by Agreement with the Owner.
3.7 System and Network Availability
The Provider will strive to provide 24X7 availability of the System(s), with the exception of scheduled downtime. The Owner will be advised in advance of other non-availability periods except in emergency situations, which necessitate immediate withdrawal of system availability.
3.7 Backup and Recovery
A backup schedule will be negotiated with the Owner that considers the volatility of the data, the availability of other recovery options, and the Provider’s backup capacity. In the event that System recovery is required, Provider will collaborate with the Owner (and 3rd party application suppliers as necessary) to accomplish System recovery in a timely fashion. Note that in a failure requiring the restoration of multiple systems or services, the Provider’s highest priority will be restoration of services critical to the operation of the University.
3.8 Disaster Recovery and Testing
The Owner is solely responsible for making appropriate business continuity arrangements to address the risks associated with the catastrophic loss of the System(s). The Owner, with guidance from the Provider, will submit system recovery and test plan(s).
3.9 Security and Privacy
The Provider will not access the System(s) or Owner data accessible via the System(s) except as necessary to provide the services described in this Agreement. Provider will not disclose any Owner information obtained in provision of services except as required by law or unless such data is already publicly available. To the extent possible, Provider will apply its installed intrusion prevention and firewall technologies to prevent unauthorized access to the System at the same level as it applies those technologies to its own systems. Owner is solely responsible for the management and oversight of the access controls afforded by the application(s) installed on its System.
3.10 Data Retention
Provider is not responsible for retaining any Owner software or data beyond the retention period afforded by the agreed upon backup service, if any.
3.11 Limitations on Liability
Neither the Provider nor the Owner shall be liable to the other for any loss, cost, claim, or damages of any kind arising out of or relevant to this Agreement.
3.12 Term, Termination and Renewal
This Agreement shall expire at the end of the state fiscal year within which it was executed and shall renew automatically for each succeeding fiscal year (September through August) if neither party gives notice of intent to terminate by July 31st of the then current fiscal year. Either the Provider or the Owner may terminate this Agreement with thirty (30) days notice to the other party.
3.13 Governing Law
This Service Level Agreement will be governed by and construed in accordance with the laws of Texas. Both the Owner and the Provider hereby consent to the exercise of exclusive jurisdiction by the state or federal courts in the State of Texas for any claim relating to the enforcement of, or any rights under, this Service Level Agreement.
4.0 Charges
Provider will invoice the Owner annually in advance for the above services in accordance with the following:
Installation, software, and maintenance feeService / Texas State University / University System (TSUS) / Outside Party[i]
Owner’s Hardware / No Charge / No Charge / $200 per month[ii]
Provider’s Hardware / No Charge / No Charge / $100 per month[iii]
We the undersigned agree to the terms and conditions as stated herein:
______/ ______Provider’s Signature / Owner’s Signature
______/ ______
Provider’s Printed Name / Owner’s Printed Name
______/ ______
Provider’s Title / Owner’s Title
______/ ______
Date / Date
[i] Outside parties must be in the administrative or academic interest of the University.
[ii] Fees are payable on an annual basis and due on September 1 of each year.
[iii] Fees are payable on an annual basis and due on September 1 of each year.