Security Annex for Firewalls Additional Terms for Firewall Service

Similar documents
Security Annex for DDoS Additional Terms for DDoS Protection

SPECIFIC TERMS METRO ETHERNET SERVICE

SCHEDULE DOCUMENT N4PROTECT DDOS SERVICE PUBLIC NODE4 LIMITED 28/07/2017

SCHEDULE DOCUMENT MANAGED FIREWALL SERVICES PUBLIC NODE4 LIMITED 17/07/2017

Schedule 2a for Capital Leases

Schedule Document. Managed Firewall Services. Public. Node4 Limited 10/12/2010

Support Policy and Service Level Commitment

Epicor ERP Cloud Services Specification Multi-Tenant and Dedicated Tenant Cloud Services (Updated July 31, 2017)

TIMICO LIMITED SERVICE SPECIFIC SCHEDULES

Platform Availability Guarantee - EN

Managed NIDS Care Services

Schedule 2i. All the terms indicated above in capital letters are defined below.

Reference Offer for Leased Line and Ethernet Services

BT Compute Protect Schedule to the General Terms

DATA PROCESSING TERMS

COMCAST ENTERPRISE SERVICES PRODUCT-SPECIFIC ATTACHMENT SOFTWARE-DEFINED WIDE AREA NETWORKING (SD-WAN)

Clearswift Managed Security Service for

CERANET SERVICE LEVEL AGREEMENT

SPECIFIC CONDITIONS FOR DEDICATED SERVERS. Version dated 25/03/2019

HOSTING SERVICES AGREEMENT

XO SITE SECURITY SERVICES

Fibre & ADSL Broadband - Specific Terms and Conditions

SECTION 2-13: CARRIER PRESELECTION ACCESS SERVICE

ADDITIONAL TERMS FOR HOSTED IP TELEPHONY SERVICES SCHEDULE 2K(B)

IBM Managed Security Services - Vulnerability Scanning

Schedule document N4MDM. PUBLIC Node4 limited 31/11/2018. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

SCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

IBM Resilient Incident Response Platform On Cloud

SERVICE LEVEL AGREEMENT

IP WAN SERVICE SCHEDULE

Service Description: Cisco Technical Services Advantage (Releases 1.0 through 2.3)

PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) AT&T VPN ACCESS ATTACHMENT

PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) AT&T VPN ACCESS ATTACHMENT

VERIZON SELECT SERVICES INC. Page 1. SECTION 13 - EXHIBIT M - Network-Based IP VPN SERVICE

IBM Sterling B2B Services File Transfer Service

COMCAST ENTERPRISE SERVICES PRODUCT-SPECIFIC ATTACHMENT ETHERNET DEDICATED INTERNET SERVICES

Product Terms and Conditions - Hosted Exchange

Service Level Agreement (SLA) and Service Level Objectives (SLO)

The BlackBerry Enterprise Solution Sure Service Specific Terms and Conditions

SLA. Service Level Agreement v1.0. Published: September 2014

IBM Resilient Incident Response Platform On Cloud

ABOUT THIS SECTION...

PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICE (CCS)) CUSTOM APN ATTACHMENT

SPECIAL CONDITIONS FOR SO YOU START DEDICATED SERVER RENTAL Latest version dated 03/12/2013

SERVICE LEVEL AGREEMENT

Terms and Conditions - Dedicated Internet Access Service

HUTCHISON GLOBAL COMMUNICATIONS LIMITED IBIZCLOUD SERVICE SERVICE LEVEL AGREEMENT (SLA)

REVISION HISTORY DATE AMENDMENT DESCRIPTION OF AMENDMENT

IBM Managed Security Services for Security

SERVICE TERMS AND SLA FOR LEASE OF DARK FIBER

Service Level Agreement

IBM Resilient Incident Response Platform On Cloud

Hosting Management Outsourcing

SERVICE SCHEDULE MANAGED DATABASE

Service Description. IBM Aspera Files. 1. Cloud Service. 1.1 IBM Aspera Files Personal Edition. 1.2 IBM Aspera Files Business Edition

PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) PERMANENT VIRTUAL CIRCUIT ATTACHMENT

PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) -- IP ENABLED PVC ATTACHMENT Last Revised 2/1/2017

First Federal Savings Bank of Mascoutah, IL Agreement and Disclosures

HPE Education Services ESE (East and South Europe) Terms and Conditions

PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) -- MPLS INTERCONNECT ATTACHMENT Last Revised 12/20/17

Server Hosting Terms and Conditions

BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)

Mailbox Rental Terms and Conditions

Version v November 2015

IBM App Connect Professional

Network Intrusion Detection

Service Level Agreement (SLA)

PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICE (CCS)) CUSTOM APN ATTACHMENT

Version v November 2015

PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICE (CCS)) FRAME RELAY ATTACHMENT

ORACLE PRODUCT SPECIFIC TERMS AND CONDITIONS FOR DYN DELIVERY SERVICES

PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICE (CCS)) FRAME RELAY ATTACHMENT

These terms are product specific terms which apply to our DSL Services.

Service Schedule BT Web Starter

Schedule 2g(b) additional terms for VPN Branch service 1. SERVICE DESCRIPTION

URL NETWORKS CORPORATE INTERNET

Service Level Agreement Public CaaS Service Level Terms

Standdards of Service

Service Specific Terms & Conditions

Royal Mail Group Ltd. Specific Terms for International Response Services

v February 2016

SEC Appendix AG. Deleted: 0. Draft Version AG 1.1. Appendix AG. Incident Management Policy

Cloud Service Level Agreement

ROYAL MAIL GROUP ADDRESS MANAGEMENT UNIT PAF DATA END USER TERMS ( End User Terms )

Vodacom MPLS Service Specific Terms & Conditions

BROADBAND CONNECTIVITY SERVICE. - New Zealand-

Fxhoster VPS Agreement

NEOBROADBAND LTE SERVICE SCHEDULE

Verizon Spark Hosted Calling Service Level Agreement ( SLA )

BT One Mobile Secure Devices (MobileIron) Schedule to the General Terms

Service Schedule BT Web Manager

Service Level Agreement

Network Services BT MPLS (Marketed as IP Connect Global)

Cloud Service Level Agreement

Statement of Work IBM Support Services IBM Essential Care Service - Acquired from an IBM Business Partner -

Updated December 12, Chapter 10 Service Description IBM Cloud for Government

IP WAN SERVICE SCHEDULE. Business Hours means between the hours of 9am and 5pm, on a Business Day.

IBM Commerce Insights

Network Services Enterprise Broadband

Sure Broadband Services Service Specific Terms and Conditions

Transcription:

CONTENTS 1 Glossary of Terms & Definitions... 2 2 Service Description... 2 2.1 Firewall Service... 2 2.2 Provisioning... 2 3 Firewall throughput... 3 4 Vendor Change... 3 5 Charges... 3 5.1 Charges payable by the... 3 5.2 Additional Charges... 3 5.3 Charges for Service Changes... 3 6 Service Levels... 4 6.1 Availability... 4 6.2 Service Unavailability... 4 7 Service Credits... 4 7.1 Claiming Service Credits... 4 7.2 Calculation of Service Credits... 4 8 Responsibilities... 5 8.1 Technical Representatives... 5 8.2 Other Responsibilities... 5 9 Service Operation... 5 9.1 Service Changes... 5 9.2 Incident Management... 6 9.3 Exclusions... 6 Page 1

1 GLOSSARY OF TERMS & DEFINITIONS DMZ means demilitarised zone, i.e. a separate security zone configured on Firewall Device; End Users means the actual end user of the Service; Event means when any monitored component of the Service is not operating pursuant to its standard functionality, as indicated by alerts on s monitoring systems; Firewall Device means the equipment, Virtual Machines (where applicable), systems, cabling and facilities provided by in order to make the Firewall Service available to the ; Firewall Policy means the set of rules required by the to be implemented on the firewall; Firewall Service or Service means the optional feature of an Service for the supply and operation of the Firewall Device and service and any corresponding Licensed Software and implementation of the Policies within an Site; HA Pair means Two (2) Firewall Devices working together in active-active or active-passive mode; Incident means an unplanned interruption to a Service or deterioration in the normal quality of a Service; Incident Management means the Incident management Service provided by pursuant to this Annex to investigate an Event or Incident; Policies means the Firewall Policy and the Threat Management Policy (where applicable); SLO means Service Level Objective, which is a specific target within the Service Level Agreement; SOW means a statement of works, or a data capture form ( DCF ) used to capture the details of the Firewall Service, including the Policies; Threat Management Policy means policies associated with the Firewall Service. These may include, but are not limited to: anti-virus, anti-spyware, URL filtering, and intrusion prevention; Virtual Machine means a licensed software implementation of a physical server or machine. Any other terms in capital letters shall have the meaning set forth in Schedule 1. 2 SERVICE DESCRIPTION provides two types of Firewall Service: a. The Inclusive Assist Service provides the with a Firewall Device maintained by. shall retain administrative access to the Firewall Device and will be able to provide installation, updates and changes to the firewall via a standard change request. b. The Self-Serve Service provides the with a licence for a virtual firewall for the to install and manage as part of the s Virtual Data Centre service. For the avoidance of doubt this Service is covered by the VDC SLA annex and not under this schedule 2.1 FIREWALL SERVICE 2.1.1 shall provision a Firewall Device within an Site to control and mediate the s network traffic. 2.2 PROVISIONING 2.2.1 The must provide with the Firewall Policy to be implemented on the DCF. If the DCF is not completed by the within ten (10) Working Days s default policy will be implemented. The can modify the default policy via the service change process under Clause 9.1 below. Page 2

2.2.2 Where the has an existing firewall, the may request that implements the Policies associated with said firewall onto the Firewall Service, and will proceed, subject to the following conditions being met: a. The implementation shall be performed under a separate SOW, and shall incur Professional Service Charges where thresholds in letter c and d below are exceeded. Assessment of work involved shall be decided at s sole discretion; b. The implementation will be carried out at the s own risk and sole cost; c. The implementation shall require no more than one (1) Working Day of effort from ; d. The implementation will be carried out during a Working Day; e. The shall supply all information required to complete the SOW to within five (5) Working Days of s request. 3 FIREWALL THROUGHPUT Any statement from concerning expected throughput (measured in kilo, mega or giga bits per second (Kbps, Mbps & Gbps)) for any Firewall Service is an estimate of expected throughput and provided for informational purposes only. In no event shall be held liable for any failure of the Service to meet the estimated throughput level and does not warrant to its accuracy. acknowledges and accepts that overall firewall throughput will be affected by a number of factors beyond s control. These factors include, but are not limited to (i) the number of users and sessions, (ii) the type of applications in use, (iii) the extent to which features such as decryption are used by the and/or (iv) the overall profile of the s traffic. 4 VENDOR CHANGE utilises licenced technology from third-party vendors in order to deliver the Service. shall use reasonable endeavours to ensure that the optimum vendor platform is selected for any given requirement. accepts no responsibility or Liability regarding future changes to vendor ownership, licencing fees or overall quality. In the event of such changes reserves the right to substitute the third party supplier of these services at any time in order to continue to meet the Service Levels. Such change when enacted would be conducted at s expense and subject to standard planned works procedures. 5 CHARGES 5.1 CHARGES PAYABLE BY THE CUSTOMER Charges for the Service comprise of an initial on-boarding Installation Charge, a Fixed Rate Charge and any additional Charges set out within the Purchase Order. 5.2 ADDITIONAL CHARGES reserves the right to apply the following additional charges in conjunction with those applicable for the Services: a. Implementation of changes invoiced in accordance with a Change Order. b. Any additional work agreed to be performed outside of a Working Day, will incur Professional Service Charges. 5.3 CHARGES FOR SERVICE CHANGES 5.3.1 Minor changes are non-chargeable for up to 3 change requests per calendar month then Professional Service Charges apply. 5.3.2 Major changes will incur Professional Service Charges. Page 3

6 SERVICE LEVELS Further to the Service Levels set out within the Schedule 2 to which this Annex is appended, Service Levels are defined for the following Service performance measurements: a. Firewall Service Availability 6.1 AVAILABILITY Firewall Service Availability SLO Single Physical Firewall Appliance 99.5% Physical Firewall Appliance HA pair 99.95% Virtual Firewall on VDC (single or HA pair) 99.99% uses the following formula to calculate monthly Availability: Availability in % = (Minutes in Monthly Review Period Service Unavailability) Minutes in Monthly Review Period For the purpose of Availability measurement, Service Unavailability excludes any Planned Outage. 6.2 SERVICE UNAVAILABILITY The Firewall Service is considered to be Unavailable where the Firewall Device is not operational and processing network traffic. 7 SERVICE CREDITS 7.1 CLAIMING SERVICE CREDITS 7.1.1 Failure to meet a Service Level Objective (SLO) for a Service entitles the to claim Service Credits (subject to the exceptions set out herein and in Schedule 1). The must provide to all reasonable details regarding the relevant Service Credits claim, including but not limited to, detailed descriptions of the Incident, its duration and any attempts made by to resolve it. will use all information reasonably available to it to validate claims and make a good faith judgment on whether the Service Levels apply to the claim. 7.1.2 Unavailability of the Service cannot be used to claim failure of another service. shall not be responsible for any cross default. 7.2 CALCULATION OF SERVICE CREDITS Where Availability falls below target during any Monthly Review Period, the will be entitled to Service Credits as follows: Availability for each applicable firewall during Monthly Review Period falling below target by: Service Credits as % of the applicable Firewall Fixed Rate Charge Up to 1% 5% 1% 2% 10% 2% 3% 15% More than 3% 20% 7.2.1 Exclusions to Service Credits for Firewall Service Any software supplied to enable the reporting management services for the Firewall Service is supplied as is by third parties (e.g. distributors and or vendors of the equipment in use). will Page 4

endeavour to ensure that these services are maintained and available to Firewall Service customers. However, any failure of the reporting service will not constitute Unavailability of the Service and therefore will not accrue any Service Credits. 8 CUSTOMER RESPONSIBILITIES The responsibilities set out in this paragraph 8 shall apply both during provisioning (Clause 2.2) and during the Term. 8.1 TECHNICAL REPRESENTATIVES The must designate one or more qualified persons as their technical representatives and support points of contact with. These technical contacts can be updated online, by phone, or email and must be provided for both pre and post installation, and during Incident Management. 8.2 OTHER RESPONSIBILITIES undertakes that it shall: i. Own the firewall Policy and undertake to keep fully informed of the Policies and to notify of any required changes to them as soon as possible. The acknowledges and accepts that shall not be responsible for or liable for any security breach or failure resulting from the Policies and shall not be obliged to supply or advise on the Policies. ii. Further to this, reserves the right not to implement the Policies where such implementation may result in an Incident on the Service, or impair the integrity of the Network or impact any customer. a. accept responsibility for ensuring that the Services provided are a proper fit for the s specific requirements. provides the contracted service as described and does not provide any warranty to this effect or carry any obligations beyond those explicitly described in this agreement or that the Firewall Service will operate in the particular circumstances in which it is used by the or that any use will be uninterrupted or error free; b. report any Incidents or problems with the Services to the Contact Centre as soon as such problems have been identified; c. provide feedback on any maintenance approval requests passed to the within the reasonable times specified within such requests; d. do such other things and provide such information as may reasonably request in order for to provide the Service; and e. not initiate a penetration test without agreeing and complying to the current Penetration Test Agreement. In case a penetration test is undertaken and no respective Penetration Test Agreement was signed, herby agrees that the Penetration Test Agreement is deemed to have been signed and that its stipulations bindingly apply. 9 SERVICE OPERATION 9.1 SERVICE CHANGES 9.1.1 Firewall Service All requests to change the Policies or configuration of the firewall must be submitted on the standard change request form, the following changes are all considered as one standard change: Loading of additional patches onto one (1) Firewall Device or HA Pair ( will implement critical and security patches by default as a standard part of the managed service). Page 5

Modification or addition of five (5) or fewer rules to the Firewall Policy (For the avoidance of doubt, one line on the policy document or change request form is considered to be one rule), Execution of a log dump request, for a specific time period of no more than five (5) hours in duration Modification, Addition or removal of a single static route Any other change shall be considered a Major change and shall be subject to Professional Service Charges unless agreed otherwise by. 9.2 INCIDENT MANAGEMENT 9.2.1 Depending on the impact an Event or Incident has on the Service, each Event or Incident is categorized pursuant to paragraph 9.2.2 into one of three priority levels: priority level 1 (Critical), priority level 2 (Major) or priority level 3 (Standard). 9.2.2 Any Events or Incidents relating to a security incident which requires post-restoration investigation are considered out of scope for the Incident Management Service and will incur Professional Service Charges. Priority Description Hours of Operation Response Time Critical (1) When the Service is Unavailable. 24/7 30 minutes Update Frequency Major (2) Standard (3) The performance of the Service is degraded, but it is still Available A system or component of the Service is not available and a temporary fix may be available. Where there is not a critical need and no impact to the delivery or use of the Service. Working Day 2 hours 2 hours 4 hours N/A If responds to and works on a reported Incident and it is subsequently found not to be an Incident with the Service then Professional Service Charges will apply. 9.3 EXCLUSIONS does not provide any analysis of Incidents and Events on the Service, including analysis or support of information generated by the Firewall reporting management interface. Log files are stored for ninety (90) days, and can be made available on request. will not provide technical support to End Users. Page 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback