Fees are set out in the Product description.
Fees for services may be increased/decreased from time to time by Long View Systems Corporation (“Long View”), upon 30 calendar days' notice to the Product Owner prior to the date scheduled for such change based on the occurence of one (1) or more of the following:
External Factors |
|
Services Scope Change |
|
Licensing Subscription |
|
Disaster response(s), recovery efforts, and significant zero-day remediation efforts (“Extraordinary Events”)
Disaster response(s), recovery efforts, and significant zero-day remediation efforts (“Extraordinary Events”) are not considered Incidents as described in the Governance and Service Management section and are billed on a time and materials basis. Extraordinary Events are outside the scope of operational management (run and maintain). These are unique activities that may arise from events including – but not limited to – floods, fires, catastrophic infrastructure failures, security breaches, security vulnerabilities, and/or responses requiring greater than 40 hours of effort to restore services.
Long View managed services do not include the development of or execution against a Client disaster recovery plan (DRP) or security escalation document (SED).
Service recovery efforts related to end-of-life hardware, unsupported software, vendor support contract hours of coverage is best effort based on vendor availability. These efforts are not covered by SLAs and may be billed on a T&M basis.
This Schedule describes governance and service management services to be performed by Long View as part of the services. Effective governance and service management ensures consistent quality in the delivery of managed services through consistent use of Information Technology Infrastructure Library (ITIL) processes and regular communication between Long View and Client at managerial and operational levels. Client owns and is responsible for developing all ITIL processes applicable to the managed services.
Long View manages and delivers the following ITIL processes and governance activities for all managed services, including:
Responsibilities are defined as follows:
ID | Service | Activity | Long View | Client |
---|---|---|---|---|
2.1.1 | Incident Management | Own the overall Incident Management and major incident processes (classifications, prioritization, approval processes, etc.). | ✓ | |
2.1.2 | Manage the Incident Management process for in-scope services. | ✓ | ||
2.1.3 | Categorize, prioritize, log, maintain, and update all in-scope incidents in the ITSM application. | ✓ | ||
2.1.4 | Participate in major Incident conference calls related to in-scope services as required. | ✓ | ||
2.1.5 | Prepare and submit major Incident reports for in-scope major Incidents. | ✓ | ||
2.2.1 | Service Request Fulfillment | Own the overall Service Request Fulfillment process including classification/prioritization of Service Requests and defining qualification and approval processes. | ✓ | |
2.2.2 | Categorize, prioritize, and log in-scope Service Requests in the ITSM application. | ✓ | ||
2.2.3 | Respond to and resolve requests assigned to Long View via the ITSM application. | ✓ | ||
2.3.1 | Problem Management | Own the overall Problem Management process including prioritization and risk assessment, based on business needs and priorities. | ✓ | |
2.3.2 | Identify Problems based on Client feedback. | ✓ | ||
2.3.3 | For in-scope Problems, manage the Problem process including oversight, and providing Client updates. | ✓ | ||
2.4.1 | Change Management | Own the overall Change Management process to ensure proper management of the business risk associated with change activities and to ensure consistent Change Management process for managed services and out-of-scope services. | ✓ | |
2.4.2 | For Changes related to in scope services, provide single point of contact for change requestors, manage the Change Management process, and ensure the Change process is followed and changes documented in ITSM application. | ✓ | ||
2.4.3 | For Changes related to out-of-scope services, manage the Change Management process, coordinate change schedule with Long View and ensure the Change process is followed. | ✓ | ||
2.4.4 | Review and approve all requests for change and communicate with the business regarding the status of their Change requests. | ✓ | ||
2.4.5 | For in-scope services, schedule Change meetings and chair the change advisory board meetings. | ✓ | ||
2.4.6 | For out-of-scope services, schedule Change meetings and chair the change advisory board meetings. | ✓ | ||
2.5.1 | Asset and Configuration Management | Own the asset and configuration management process, standard asset tool and managed asset tracking requirements for infrastructure being managed by Long View, regardless of location (i.e., on-premises, in a co-location center, public cloud or private cloud). | ✓ | |
2.5.2 | For assets managed by Long View, update asset information in asset management system with agreed to data elements/fields. | ✓ | ||
2.5.3 | For assets managed by Long View, validate for completeness and correctness on a monthly basis. | ✓ | ||
2.6.1 | Security Management | Develop, deploy, communicate, monitor, and perform continuous improvement of Client IT security policies and operating procedures. | ✓ | |
2.6.2 | Own data classification standards, management, and enforcement of managing data to those standards. | ✓ | ||
2.6.3 | Setup and manage Data Loss Prevention policies. | ✓ | ||
2.6.4 | Implement security awareness training and phishing campaign testing for Client employees. | ✓ | ||
2.6.5 | Own vulnerability management across application and infrastructure layers (e.g., running scans, reviewing vulnerability data, determining the gaps, managing, and maintaining the gaps, creating auditor reports). | ✓ | ||
2.6.6 | Comply with Client IT security policies and procedures and notify Client of any exceptions. | ✓ | ||
2.6.7 | Approve exceptions and exemptions to Client IT security policies and procedures. | ✓ | ||
2.6.8 | Own anti-virus and anti-malware policies and perform security incident investigations, validate security incidents, and formulate the incident response. | ✓ | ||
2.6.9 | For in-scope services, advise Client on potential vulnerabilities where no vendor remediation plans exist (e.g., worms, ransomware, etc.). | ✓ | ||
2.6.10 | For in-scope services, monitor for and implement operating system vendor security alerts that require immediate attention. | ✓ | ||
2.6.11 | Ensure compliance to SSAE18/SOC1 governance and security measures. | ✓ | ||
2.7.1 | Documentation and Knowledge Management | Own the Documentation and Knowledge Management process including providing access to any existing knowledge articles and providing the knowledge base platform. | ✓ | |
2.7.2 | Manage the Documentation and Knowledge Management process for in-scope services by keeping all Documentation and Knowledge Management processes updated with current information. | ✓ | ||
2.7.3 | Ensure that all documentation developed prior to or during the performance of the managed services is placed in Client’s documentation and knowledge management repository. | ✓ | ||
2.8.1 | Account Governance and Reporting | Provide single point of contact for in-scope operational issues and keep Client up to date on service restoration. | ✓ | |
2.8.2 | Ensure appropriate Client specific contacts and escalation are in place with vendors. (e.g., for licensing, testing, issue resolution). | ✓ | ||
2.8.3 | Deliver monthly reporting by the 15th of each month. | ✓ | ||
2.8.4 | Schedule and attend operational status review meetings. | ✓ | ||
2.8.5 | Review monthly reports and follow-up with Long View, if necessary. | ✓ | ||
2.9.1 | Billing | Provide invoices in accordance with relevant Fees. | ✓ | |
2.9.2 | Approve any changes to the pro forma invoice format. | ✓ | ||
2.9.3 | Submit complete and accurate invoices in a timely manner in accordance with relevant Fees. | ✓ | ||
2.9.4 | Investigate and respond to requests for billing clarification, as required. | ✓ | ||
2.10.1 | Vendor Support | Maintain financial responsibility for vendor support contracts for all hardware and software. | ✓ | |
2.10.2 | Provide hardware and software support based on Incident priorities and within the priority support matrix. In circumstances where Client subscribes to vendor support contracts that don’t align to the priority of services being requested, Long View attempts resolution to a maximum of two (2) hours of support. Additional effort is billed on a time and materials basis. | ✓ | ||
2.11.1 | Security and Compliance Audits | Run reports, provide evidence collection and/or attending meetings with external auditors for security and compliance audit support (e.g., ISO27001) | ✓* |
*Long View can provide these services on a Time and Materials (T&M) cost basis.
If applicable, the priority matrix used for measuring priority is as follows:
URGENCY | IMPACT | |||
---|---|---|---|---|
High | Medium | Low | ||
Immediate | Critical | High | Expedited | |
Routine | High | Expedited | Low | |
Low | Expedited | Low | Low |
The priority matrix used for measuring priority is as follows:
IMPACT is defined as a measure of the extent of the incident also taking into account potential damage caused by the incident before resolution, as defined within the following range:
URGENCY is defined as how quickly the resolution of the Incident is required, defined within the following range:
Service Level are aligned to incident and service request priority, as determined by the call handling matrix in the Governance Schedule.
Severity | Description | Service Hours | Target to Respond | Target to Resolve | % Met |
---|---|---|---|---|---|
1 - Critical |
|
24x7 | 30 Min | 2 Hours | >=95% |
2 - High |
|
24x7 | 30 Min | 4 Hours | >=95% |
3 - Medium |
|
8x5 | 2 Business Hours | 1 Business Day | >=85% |
4 - Low |
|
8x5 | 2 Business Hours | 5 Business Days | >=85% |
NOTES:
To enable the subscribed services, the Parties shall collaborate in the service onboarding/transition process to configure all systems and supporting processes required for service delivery. Devices must meet our minimum support requirements of being vendor supported and/or being configured in a supportable way, prior to onboarding. Updating devices to this supportable state is considered out of scope and may require additional fees. Service transition/on-boarding may include:
Initial installation/configuration of devices, tools or software required to deliver the service
Services True up
If Client requires transformation services to fully develop the operational capabilities of the subscribed services (including activities such as active directory integration, application, storage, email, and print and service data migrations), this may require further scoping and engagement by Long View professional services. Service transformation may include:
Applicable additional service transformation costs are calculated and presented to Client accordingly as a T&M Service Order Request. If the T&M Service Order Request is not approved, additional identified devices and services are considered out of scope.
In consideration of the terms and conditions below and the supply and purchase of services (the “Services”) described in the product-specific terms and conditions, Long View and Client (individually “Party”, together “Parties”) agree as follows:
Terms and Definitions can be found here.