Web Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012

Similar documents
STANDARD (PAY AS YOU GO) PRE-PAID SUPPORT PACKAGE SERVICE LEVEL AGREEMENT

Service Level Agreement (SLA) for The Texas State University System Office

Milk Support Service Level Agreement

(Office 365) Service Level Expectation

End User Terminal Service

Number: USF System Emergency Management Responsible Office: Administrative Services

Subject: University Information Technology Resource Security Policy: OUTDATED

Texas A&M University: Learning Management System General & Application Controls Review

Operating Level Agreement for NYU Login Service

University of Hawaii Hosted Website Service

Texas A&M AgriLife Research Procedures

Standard for Security of Information Technology Resources

McGill University Virtualization Service Description and Service Level Agreement

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Service Level Agreement Research Computing Environment and Managed Server Hosting

Version v November 2015

Web-Hosting: Service Level Agreement

SYSTEMS ASSET MANAGEMENT POLICY

University staff and student broadcast policy. Overview. Scope. Related Documents

DETAILED POLICY STATEMENT

UTAH VALLEY UNIVERSITY Policies and Procedures

Version v November 2015

Information Security Incident Response Plan

TECHNOLOGY SUPPORT SERVICE LEVEL AGREEMENT

INFORMATION TECHNOLOGY NETWORK ADMINISTRATOR ANALYST Series Specification Information Technology Network Administrator Analyst II

IBM Security Intelligence on Cloud

ISSP Network Security Plan

THE AUTOMATED TEST FRAMEWORK

ecampus 9.2 Faculty Homepage

IBM Resilient Incident Response Platform On Cloud

Service Level Commitment (SLC) for NewsMemory Service by Tecnavia S.A.

Marketing and Communications Missouri University of Science and Technology

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

FOLLOW-UP REVIEW OF RISK MANAGEMENT ETC RISK MANAGEMENT FRAMEWORK

v February 2016

Revision History Revision (Rev) Date of Rev Owner Summary of Changes Section I. (alpha); Incident Closure Canceling Incidents

Cyber Security Program

IT CONTINUITY, BACKUP AND RECOVERY POLICY

Managed Security Services - Endpoint Managed Security on Cloud

Appendix 3 Disaster Recovery Plan

The Common Controls Framework BY ADOBE

UCLA AUDIT & ADVISORY SERVICES

PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC

Information Security Incident Response and Reporting

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

ITCS Web Hosting - Service Level Description (SLD)

Service Level Agreement (SLA) for Customer by Cybersmart Pty Ltd (Cloud Hosting Agreement)

Information Security Policy

US Customer Support Handbook

General Information System Controls Review

Application Lifecycle Management on Softwareas-a-Service

REPORT 2015/149 INTERNAL AUDIT DIVISION

WEB ACCESSIBILITY. I. Policy Section Information Technology. Policy Subsection Web Accessibility Policy.

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

Accessibility Implementation Plan

Red Flags/Identity Theft Prevention Policy: Purpose

INFORMATION SECURITY- DISASTER RECOVERY

CORPORATE GLOBAL ROAMING PRODUCT SPECIFICATION

Request for Proposal Technology Services, Maintenance and Support

Information Technology General Control Review

Trust Services Principles and Criteria

University Information Systems. Administrative Computing Services. Contingency Plan. Overview

The Initial Design of a Website Parallel Archiving System Using Virtualization

ITD SERVER MANAGEMENT PROCEDURE

PretaGov Australia SaaS Hosting with Fully Managed Services, Support and Maintenance

WHITE PAPER- Managed Services Security Practices

Policy. Business Resilience MB2010.P.119

NN CS 704 NEURONEXT NETWORK STANDARD OPERATING PROCEDURE FOR DATA BACKUP, RECOVERY, AND CONTINGENCY PLANS

PTS Customer Protection Agreement

Certified Information Systems Auditor (CISA)

Member of the County or municipal emergency management organization

Credit Card Data Compromise: Incident Response Plan

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

Clearswift Managed Security Service for

A company built on security

University of Wyoming Mobile Communication Device Policy Effective January 1, 2013

A s c e r t i a S u p p o r t S e r v i c e s G u i d e

Service Description: CNS Federal High Touch Technical Support

Active Directory User Management System (ADUMS) Release User Guide

Guidance for IT staff on priorities to be used when logging incidents.

Virtual Server Service

LVTS RULE 11 CHANGE MANAGEMENT, TESTING AND CERTIFICATION 2018 CANADIAN PAYMENTS ASSOCIATION

Information Security Incident Response Plan

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

Information Security Data Classification Procedure

MNsure Privacy Program Strategic Plan FY

A guide for assembling your Jira Data Center team

TEST ACCOMMODATIONS: Process Overview

Fiscal 2015 Activities Review and Plan for Fiscal 2016

ISO27001 Preparing your business with Snare

STRATEGIC PLAN. USF Emergency Management

01.0 Policy Responsibilities and Oversight

Advisory Circular. Subject: INTERNET COMMUNICATIONS OF Date: 11/1/02 AC No.: AVIATION WEATHER AND NOTAMS Initiated by: ARS-100

Sisu Super Computing Service Service Level Agreement

DISASTER RECOVERY PRIMER

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Appendix 06 - Service Level Agreement (SLA) Version 1.4 of 15 June 2018

Connect Support Request Guide

DIGITAL COMMUNICATIONS GOVERNANCE

Transcription:

Web Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012 Table of Contents 1 General Overview... 2 2 Service Description... 2 2.1 Service Scope... 2 2.1.1 Eligibility Requirements... 2 2.1.2 Boundaries of Service Features and Functions... 2 2.2 Software: Procedures and Policies... 3 2.2.1 Software Approval Process and Request Form... 3 2.2.2 Active Security Risks... 4 2.2.3 Insecure/Unauthorized Software... 4 2.3 Service Level Performance... 4 3 Roles and Responsibilities... 4 3.1 Service Providers... 4 3.2 TSD/ITU Responsibilities... 4 3.3 User Responsibilities... 6 4 Methods of Requesting Service... 7 5 Hours of Coverage, Response Times and Escalation... 7 5.1 Hours of Coverage... 7 5.2 Incidents... 7 5.2.1 Incident Prioritization and Response... 7 5.3 Escalation... 8 6 Maintenance and Service Changes... 8 6.1 Maintenance Window... 9 6.2 Emergency Changes and Maintenance... 9 7 Reviewing and Reporting... 9 7.1 System Performance and Availability of Reports... 9 7.2 Reports on the State of Jiju... 9 8 Approvals... 10 Older SLAs: No older SLAs apply Last Updated: 6/13/2012 pg. 1

1 General Overview This is a Service Level Agreement (SLA) between Users of Mason Web Hosting Services and the Technology Systems Division of the Information Technology Unit Service Provider to document the working relationships for supporting the use of the Mason Home Page Server (Jiju) Web Hosting. This SLA shall remain valid until revised or terminated and shall be reviewed on an annual basis. 2 Service Description Web hosting is a service that allows for the publishing of websites on the World Wide Web. Mason offers free, secure, and reliable web hosting on the Jiju server. The server runs Red Hat Enterprise Linux with SELinux, Apache web-server. PHP is available with select modules. 2.1 Service Scope The university s main web server, which hosts www.gmu.edu and affiliated virtual host names is called Jiju. It is comprised of the hardware and software required to function as the university s main web server. The following policies are related to Jiju. The Mason Home Page Server (Jiju) features include: Disaster recovery measures are only available for www.gmu.edu Any other virtual hosts on this machine will not be available in the event of a disaster. In addition, TSD/ITU provides infrastructure, people, and processes including: Escalated support services System operations, administration and network connections Web access System level backup processes and disaster recovery, if required 2.1.1 Eligibility Requirements Space on this server is available to colleges, departments, and other university units for purposes relating to official university activities and information. Recognized student organizations are also eligible to host websites on this server for the purposes of organizational information and recruitment. 2.1.2 Boundaries of Service Features and Functions While the ITU does provide for total system recovery, we do not provide individual file backup and recovery for any individual sites. Therefore users must backup site files locally on a secure, reliable file space. ITU provides limited technical support Last Updated: 6/13/2012 pg. 2

for basic issues, such as connection and permission problems, through webmaster@gmu.edu. ITU does not provide extensive support or troubleshooting for any custom coding or configurations, such as for.htaccess files. 2.2 Software: Procedures and Policies 2.2.1 Software Approval Process and Request Form Any user who wants to run software that is not already on the approved list (the approved list will be published on http://webdev.gmu.edu) is required to complete a request form. Software includes any 3 rd party scripts, or any scripts written that make network or database calls to resources off Jiju. Submit the software request form at: http://webdev.gmu.edu/forms/software_request/ A copy of the code may be required. This can be sent to webmaster@gmu.edu The Form will ask for Name and contact information of person submitting the form Name and contact information of person who will be responsible for testing and installing updates Name of department/organization Name of the software Cost (include maintenance costs such as annual renewals, if any) Operating system required Version Programming Language and Version Does the software require a database? What is the purpose or intent of the software? Will the software require directories that will be used to upload files (i.e. world writable directories)? The request will be reviewed by The Webmaster Systems Engineers responsible for Jiju IT Security Office Accessibility Office The approval/disapproval process might take several weeks. Requests for software over $2,000 must be reviewed by the Architectural Standards Committee (ASC). If such a request is submitted via the software request form, requests will be returned to the requester and the requester will be required to submit the request through the ASC process: http://ascreview.gmu.edu/. Last Updated: 6/13/2012 pg. 3

2.2.2 Active Security Risks Systems Engineers reserve the right to immediately disable or remove any software without notice if it is causing an active security issue. Webmaster will notify users as soon as possible, within 8 business hours, after the disabling or removal of the software with an appropriate level of the details of the security vulnerability and the actions that were or must be taken to fix the security problem. 2.2.3 Insecure/Unauthorized Software Users may be notified in advance via email if they are using insecure or unauthorized software and will be given notice to remove it, depending on the severity level of the threat. If the software is not removed by the date requested, Systems Engineers will disable the software. 2.3 Service Level Performance We strive to maintain high uptime outside of maintenance windows; however misconfigured sites can lead to uncontrolled outages. Users should check all custom coding, file/directory permissions, and.htaccess configurations before reporting issues with their sites. 3 Roles and Responsibilities 3.1 Service Providers The following Service Provider(s) are associated with this SLA: Service Provider Title / Role Contact Information ITU Systems Engineering Group Systems Engineers Contact Webmaster ITU Client Relations Webmaster webmaster@gmu.edu ITU Web Team 3.2 TSD/ITU Responsibilities TSD/ITU will provide the infrastructure, technology, people, processes and monitoring tools necessary for Jiju and assume the following responsibilities. General Clearly document Web Hosting services provided in ITU Support Center Service Catalog http://itservices.gmu.edu/services/ Meet response times associated with the priority assigned to incidents and service requests. Generate reports on service level performance Appropriate notification to users for all scheduled maintenance via the ITU Event Calendar, Outages web page (http://outages.gmu.edu), Last Updated: 6/13/2012 pg. 4

web development wiki (http://webdev.gmu.edu), and/or GMUWEBMASTERS-L and JIJU-USERS-L ListServs. Systems Engineering: Perform patches or upgrades, as necessary, during the maintenance window when possible Provide details of changes to the webmaster, including but not limited to unexpected outages, issues, maintenance, and notifications related to any change management processes Maintain the operating system of the server Maintain a defined set of foundational web development software as specified by the Systems Engineers and communicate what constitutes the defined set to users Manage redirects and virtual hostnames on server Create new directories, assign and change ownership Alert users when they are approaching their allocated quota Manage a list of approved software to be shared with webmaster and users Provide information regarding active redirects, virtual host mapping, quota usage, and web server file ownership to webmaster Perform system-level backups for the purpose of system recovery Webmaster: Maintain the Jiju ListServ (JIJU-USERS-L) Maintain user friendly documentation online at http://webdev.gmu.edu with input from web team Draft communications regarding planned and unexpected outages, post information to appropriate ListServs and websites Respond to inquiries and requests through webmaster@gmu.edu inbox Review any complaints and either forward the complaint to the proper department or review with the Web Team Act as liaison between ITU and users Web Team: The Web Team is an oversight committee comprised of members from different units around the university. The Web Team is responsible for providing ongoing guidance regarding Mason s web presence and applications. The Web Team meets at least once a month. Members include: Webmaster, Systems Engineer for the server, ITU TSD Director of Client Relations and Staff member, University Relations Web Communications representative, representative from ITU Security and Project Management Office, IT Accessibility Coordinator from the Assistive Technology Initiative, representative from Library Digital Programs and Systems and a representative from one academic department. The Web Team s duties include: Last Updated: 6/13/2012 pg. 5

Review software requests, with input from the Security Office and appropriate Systems Engineers and propose a recommendation for further action Provide guidance and recommendations to the Webmaster for requests outside the normal scope of the Webmaster s responsibilities Create and approve policies to govern website management at Mason Review proposed changes in server policies Recommend improvements to services 3.3 User Responsibilities A user is anyone who maintains, edits, and/or administers a file or web site hosted on Jiju User responsibilities and/or requirements in support of this Agreement include: Follow university and web server (Jiju) policies below. Optimize allotted space o Stay within allocated space quota o Respond to warnings of quota nearing allocation Subscribe (opt-in) to Webmaster ListServ. Instructions at: http://webdev.gmu.edu/web_development_discussion_list Monitor e-mail for notifications regarding the user s site and the server Update contact information when there any changes to the owner s information or to the ownership of site Submit a request for approval for proposed software, following the guidelines in the following sections. o A Software Approval Request will be submitted through the online form located at: http://webdev.gmu.edu/forms/software_request/ Maintain approved software by applying patches and updating when new releases are available Test software and websites after system updates (as notified by Webmaster) or after software updates (performed by themselves) Will not create world writeable files or directories Will not share login information Run a link checker at least once a semester to verify links are working o The World Wide Web Consortium (W3C) offers a free link validator: http://validator.w3.org/checklink/ Back up files, preferably on a secure and centrally supported file space, such as MESA Conduct HTML and script troubleshooting Comply with University Visual Identity Guide at http://logo.gmu.edu/ Last Updated: 6/13/2012 pg. 6

Comply with all federal, state, and university accessibility laws and requirements, see http://webaccessibility.gmu.edu for more information and details 4 Methods of Requesting Service Online via www.gmu.edu Directory Request Form: http://webdev.gmu.edu/forms/gmuedu_request.php Phone via ITU Support Center (703-993-8870) Email (webmaster@gmu.edu) Walk-in (ITU Support Center) 5 Hours of Coverage, Response Times and Escalation For general website issues during regular business hours, Monday through Friday, 8:30 AM to 5:00 PM, contact webmaster@gmu.edu. In the event of an emergency, such as a server outage, at any time, contact the ITU Support Center via phone at 703-993-8870. Support outside regular business hours may be available through webmaster@gmu.edu, but is not guaranteed. 5.1 Hours of Coverage Jiju web hosting is provided 24 hours a day 7 days a week except for periods of planned maintenance and unexpected outages. 5.2 Incidents 5.2.1 Incident Prioritization and Response Please note these prioritization and responses times are a guideline for ticket processing and measure time from when a Service Desk Express (SDE) ticket is opened. Response times may be affected by emergencies or unusually large volumes of request such as at the start of a semester. Further information may be required before a ticket can be opened. Webmaster emails are responded to within 1-3 business days. Urgency Level Criteria Response Target Time Closure Target Time 2 High Priority There is significant impact to departmental services or functions, and must be addressed quickly. Examples: Service outage affecting multiple or high-profile clients Discovery of a worm or compromised 1 hour 8 hours Last Updated: 6/13/2012 pg. 7

system that is aggressively attempting to infect other hosts 3 Standard Routine services and requests 8 hours 16 hours Examples: Ownership changes to files and directories Virtual host requests Login issues 4 Scheduled Training Users need instruction on connecting to the web server Site migrations or major site upgrades requests for the migration of a site onto another server or other major changes. As Negotiated with the User As Negotiated with the User 5.3 Escalation The first point of escalation for incidents reported to the Webmaster webmaster@gmu.edu. Further escalation can be reported to David Robinson, 3-9477. 6 Maintenance and Service Changes The regular maintenance window is the second Sunday of the month, 7 AM to 2 PM. Every attempt will be made to perform non-emergency changes during this window. When possible, changes will be communicated in advance to JIJU-USERS-L ListServ and indicated on the semi-annual report, by the Webmaster. TSD/ITU related planned service outages are published in the ITU Event Calendar https://activecalendar.gmu.edu/default.aspx?type=&view=grid&category=16-72. The ITU Event Calendar currently serves as the official outage and maintenance schedule for TSD/ITU. Maintenance and service changes are scheduled during regular maintenance windows, as appropriate. TSD schedules maintenance and service changes that cannot be scheduled during regular maintenance windows are scheduled at the discretion of TSD, unless defined in this SLA. A maintenance window is a defined period of time during which planned outages and changes to production (see definition below) services and systems may occur. The purpose of defining standard maintenance windows is to allow clients of the service to prepare for possible disruption or changes. Production means university faculty, staff, and other users depend on the service to complete business and academic tasks and objectives. Last Updated: 6/13/2012 pg. 8

Major upgrades to a service are treated as projects outside the scope of a weekly maintenance window. 6.1 Maintenance Window The Maintenance Window for Mason Home Page Server (Jiju): Planned outages are generally scheduled and performed between 7:00 AM and 2:00 PM on Sundays. Check http://webdev.gmu.edu for updates, changes to the support and maintenance times and maintenance work outside the normal schedule. If there is a change to the schedule, the change will appear in a yellow box at the top of the page. Planned outages and changes will not be scheduled during the first or last weeks of instruction, finals or grading week of the academic quarters, or during other significant campus events or key dates. 6.2 Emergency Changes and Maintenance Whenever possible, emergency changes and maintenance will be done after business hours. Users will be notified in advance or shortly after an emergency maintenance is performed. The Mason webmaster will communicate what the emergency was, how it was fixed, and any possible implications to web applications or sites. 7 Reviewing and Reporting 7.1 System Performance and Availability of Reports This Agreement is valid from May 14, 2012. The Agreement should be reviewed at a minimum once per fiscal year; however, in lieu of a review during any period specified, the current Agreement will remain in effect. The service provider is responsible for facilitating regular reviews of this document. Contents of this document may be amended as required, provided mutual agreement is obtained from the primary stakeholders and communicated to all affected parties. The service provider will incorporate all subsequent revisions and obtain mutual agreements / approvals as required. This Agreement will be published at the following location and will be made accessible to users of this service: http://itservices.gmu.edu/documents/slas/upload/sla_jiju.pdf 7.2 Reports on the State of Jiju The Mason Webmaster will send out a semiannual report to JIJU-USERS-L ListServ with a report of what happened during the previous period and, if known, what is Last Updated: 6/13/2012 pg. 9

expected for the upcoming period and when it will be implemented. The report will include a summary of the actions taken. Ex: We applied an operating system security patch on 12/9/2010. The server outage lasted approximately 20 minutes. 8 Approvals The Unit and Department Liaisons and ITU Senior Managers approve this document. Then, this document is published in the ITU Support Center Service Catalog web site along with other service level agreements. Last Updated: 6/13/2012 pg. 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback