ITS Statement of Work

The company will monitor each covered server remotely and will alert the Customer according to the Customer’s preestablished emergency contact preferences of any operating characteristics outside of the server’s normal ranges.  

The Managed Firewall Service includes monitoring and management of a firewall system. The Customer must ensure that each device is accessible by the Company. At the Customer’s request, the Company will configure the Customer’s firewall system to allow a VPN to be established between two firewalls or between a firewall and a client. The Company will monitor the availability and condition of the firewall system and respond in case of failure. Security monitoring is limited to the information as it becomes available from and is detected by, the firewall. The Company will automatically perform major software upgrades on the Company-managed firewalls to maintain the security posture. If possible, upgrades will be performed remotely and during routine maintenance windows. If the Company reasonably determines that a patch is critical, the Company will schedule an emergency installation of the patches necessary for the Customers safety.  

Managed Firewall Services only apply to problems arising from the normal use of a firewall and does not apply if the firewall is damaged due to negligence or willful misconduct of the Customer.  The Company will support the Company-released-and-approved current major version and the major version immediately preceding the current major version of the device(s), including software, being managed.  Customers will upgrade device(s) to conform to the policy within 30 days of such notification. 

If a Customer firewall ceases to be fully supported by the manufacturer(s), the Customer must convert to a supported firewall model promptly and within the timeframe requested by the Company. The Customer acknowledges and agrees that Managed Firewall Services will constitute only one component of the Customer’s overall security program and is not a comprehensive security solution. The Customer agrees that there is no guarantee that these firewall-related services will be uninterrupted or error-free, that networks or systems connected to or supported by Company will be secure, or that the Company Services will meet Customer’s requirements and that there is no guarantee that any communications sent by means of managed firewalls will be private. 

Customer must maintain the Customer’s firewall and any associated software, systems, cabling, and facilities in accordance with the reasonable instructions of the Company and must not modify, relocate, or in any way interfere with Company’s firewall-related service unless expressly authorized by a representative of the Company to do so.  Customers must furnish electrical power in the form of a 120V outlet, including backup power, and such other facilities as are required to accommodate the firewall management service.  To the extent that the Company uses Customer-owned or provided hardware and/or software, the Customer must provide any license, approvals, or consents required for the Company to access or use Customer’s equipment. 

Customer must, at its own expense, take all reasonable physical and information systems security measures necessary to protect all equipment, software, data, and systems located on Customer’s premises or otherwise in Customer’s control and used in connection with the Company’s firewall management services, whether owned by Customer, the Company, or the Company’s subcontractors. The Company will not be liable for any loss resulting from any unauthorized access to or alteration of, theft, destruction, corruption, or use of, facilities used in connection with the Company’s firewall-related service.  All security policies, including, but not limited to, firewall security policies, will be the responsibility of the Customer even if the Customer uses a third party (or Company) to configure and implement such policies.  

The Company can, upon request, provide limited access to the ticket portal for all contacts within the Company’s system. Administrative access to the portal will be available upon request.  

The Company will monitor the patch and update information for Microsoft Windows-based operating systems and Microsoft Office applications.  Where the Company becomes aware of an upgrade or patch to which Company is aware that Customer is entitled, the Company will cause such patches and updates to be installed on Customer’s covered workstations and servers automatically, so long as covered workstations are available daily and servers are available on weekend days. If the Company is locked out of any patch or update site or other mechanism and has reason to believe that Customer’s subscription for any such service has expired, the Company will not patch or update those systems.  

The Company will use industry-standard software installed on individual workstations and servers or other industry-standard measures through Customer’s firewalls (where Managed Firewall Services are provided for in this SOW) designed to detect and eliminate viruses, Trojan horses, worms, and other code intended to harm computer systems or the data stored thereon (“Malicious Code”).  The obligation regarding Antivirus Services is solely an obligation to use industry-standard protection and commercially reasonable efforts to prevent the introduction of Malicious Code into Customer’s systems or data.  Antivirus Services will not guarantee any Malicious Code reaching Customer’s systems or data or any Malicious Code damaging or otherwise affecting Customer’s systems or data.  

The Company can, upon request, collect asset information using an automated software agent deployed where applicable for the Customer’s equipment assets. 

The Company will collect warranty information using an automated software agent deployed where applicable for the Customer’s equipment assets. If provided by the Customer, the Company will retain documented warranty information for future use. 

Customers will, at the Customer’s expense, provide a connection to Customer’s systems for the purposes of monitoring Customer’s systems or otherwise performing services.  Such connection may be accessed through the Customer’s existing Internet connection. The Company will monitor system uptime, CPU, RAM, and storage usage through the use of an automated software agent deployed where applicable on the Customer’s equipment. 

The Company will supply remote access to servers and desktops provided the Customer meets certain minimum Firewall requirements, obtains proper VPN licenses, and implements MFA (multi-factor authentication). 

The company will supply Antispam email filtering provided Customer agrees to route their email services through Company’s Antispam email servers. 

The company will conduct a variety of vulnerability scans on external IP addresses and covered agents on a regular, periodic basis and will report to the Customer as Company deems reasonably necessary. 

The Company will use industry-standard software installed on individual workstations and servers designed to detect and eliminate Malicious Code.  The obligation regarding Anti-breach/Anti-ransomware software is solely an obligation to use industry-standard protection and commercially reasonable efforts.  These Services do not guarantee that no Malicious Code will reach Customer’s systems or data or that Malicious Code will not damage the Customer’s systems or data. 

If not included in your support plan, reactive support services can be purchased for an hourly fee. The price per hour as it pertains to all remote or onsite support sessions for reactive support services will be set forth in the Customer’s support plan.

Emergency response times will vary by the severity of the situation. The target emergency response time set forth in the Customer’s support plan applies if an incident results in 80% or more Company staff being unable to work when the issue is reported. 

Purchases of onsite reactive support services are subject to a 1-hour minimum and will be billed on a per-minute basis after the first hour. Remote reactive support services are billable per minute without any minimums. 

Any session when a technician is not physically on location at a customer site is considered a phone or remote session. 

When the Company system identifies a virus is present, the Company will work to remove or remediate the infected hardware as it will be commercially reasonable to restore the system to its original state. 

When the Company system identifies that spyware is present, the Company will work to remove or remediate the infected hardware as it will be commercially reasonable to restore the system to its original state. 

The company will replace failed or damaged hardware with Customer-provided hardware.  

If the Customer finds missing data, information, or files that are covered by the Company's backup solution and reports the incident, the Company will use commercially reasonable efforts to restore the missing information. 

New user setup services will apply when a new account is added to the Customer system not associated with an existing computer. 

New workstation installation services will apply when a new workstation is a new computer not currently used in the Customer environment. 

New Project Work is any major upgrade or downgrade of an operating system, new hardware, or replacements in the Customers environment. 

The Company will issue a monthly report showing warranty information, drive space status, open ticket status, and other service-related metrics.  

The Company will back up data on servers that are connected to and responsive during specified backup times. Offsite backups require the Customer to provide a working Internet connection. Offsite backup services are conditioned upon the Customer’s Internet connection having adequate bandwidth within which to pass the backed-up data in a timely manner.  If Customer Internet bandwidth is inadequate to pass backup data for a complete offsite backup set, recommendations may be presented to implement an alternative solution which may incur additional fees. 

Monitoring includes antispam configuration, users without MFA enforced, O365 unified audit logs, O365 exchange transport issues, and O365 exchange spam policy issues as well as MX, SPF, DKIM, DMARC records in order to identify conditions that fall outside of the Company’s recommended practices. 

Weekly scans of open ports on firewalls to identify common services under attack, evaluate each open port on a case-by-case basis for solutions, and remediate approved strategies to improve security.   

The company will assess all Customer devices and determine necessary changes to bring the network/hardware up to Company standards. These changes will be reported to the Customer according to their impact.  

As identified, requested, or approved by the customer, updates will be processed according to the labor guidelines of the agreement for services. Updates must be approved by the Customer to be processed.  

Upon Customer request, workstation onsite backups will be completed daily. The Company will backup data on workstations that are connected to and responsive during specified backup times. Offsite backups require Customers to provide a working Internet connection. Offsite backup services are conditioned upon the Customer’s Internet connection having adequate bandwidth within which to pass the backed-up data in a timely manner.  If Customer Internet bandwidth is inadequate to pass backup data for a complete offsite backup set, recommendations may be presented to implement an alternative solution, which may incur additional fees, which can be implemented upon request. 

The Company will become a liaison between the Customer and their agreed-upon vendor to resolve ongoing issues impacting the Customer’s network/hardware. 

To the extent that the services reasonably require that the Company manage, or direct the scheduling or other performance of, third parties, the Customer will authorize the Company to do so.  The Company will be permitted to show to such a third-party the Customer’s support plan as proof of the Company’s authority. The Company will review the Customer’s agreements with vendors like, but not limited to, the Customer’s telephone, Internet, or copier providers. 

Customers can request a review of the Company’s technology services or hardware purchases. The company will provide insight and recommendations to Customers based on Company’s relevant experience and knowledge.  

The Company can request recommendations related to its IT budget to use as an overview of the Customer’s environment and aid with decision making for future growth, expansion, or technology refresh opportunities.  

The Company will regularly meet with the Customer to provide an overview of their current technology status and discuss future needs/goals of the Customers business.  

The Company will provide a firewall solution that includes device configuration, web filtering, gateway antivirus, gateway antimalware, bandwidth throttling, intrusion prevention, and a full hardware warranty from the device manufacturer 

The Company can, upon request, provide server-class hardware or basic tower computer(s) for Customer for an agreed-upon monthly rate. 

The Company will provide a workstation replacement project plan for the Customer as agreed by the parties including purchasing, installation, and ongoing management. This is general funding through a leasing arrangement. 

The Company will provide a server replacement project plan for the Customer as agreed by the parties including purchasing, installation, and ongoing management. This is general funding through a leasing arrangement. 

The Company will provide firewall(s) replacement project plan for Customer as agreed by the parties including purchasing, installation, and ongoing management. This is general funding through a leasing arrangement. 

The company will provide Computer monitoring and data loss prevention software as requested by the Customer to track the behavior of employees and remote users. Employee Monitoring Software can identify suspicious activity, detect possible threats, optimize productivity, and ensure regulatory compliance.  

The Company sends out client satisfaction surveys for every completed service ticket or project for the Customer to provide essential feedback to help improve Company services. 

The Company provides a guarantee that Customer will be completely satisfied with our services. Customers can give 30 days' notice to resolve any unsatisfactory issues with no additional fees.  

The Company provides flat-rate billing on a per user or per device basis monthly. 

The Company will provide basic first-level support with regard to the use of and troubleshooting of problems with Customer line of business applications. The Company will have no obligation to support any operating system or application that is more than one major release older than the then-most-current major release. 

When purchasing services, Customer must purchase services for every user or workstation, server, firewall, and network switch at the served location. Customer will pay to the Company the then-current amount for services for each new user or workstation, server, firewall, or network switch (“Network Devices”) that Customer adds to Customer’s network (audited monthly). 

Customer will report to Company the addition of each new user or workstation to the served location. Customer may swap out workstations for the same services, provided that the old Network Device is no longer operated at the served location and Customer notifies Company of the swap. 
If a problem upon which Company expends effort or in connection with which Company renders services is caused by, or associated with, a non-supported workstation or a non-supported server, Company will have no obligation to provide any services or meet any service levels associated with such devices and Customer will pay Company for such work at the current rate. 

The Company may place hardware and other goods on Customer’s site for the purpose of facilitating the provision of services. Customer will provide appropriate power, placement, environment, connections, and cabling, all to the extent necessary or expedient to facilitate Company’s rendering of the services. Such hardware and other goods will remain the property solely of the Company and, upon the Company’s request, the Customer will permit the Company to remove such hardware and other goods from the Customer’s premises. 

At Company’s discretion, the Company will enforce a uniform configuration across the workstations subject to support under this SOW and will prohibit by policy the introduction or loading of nonstandard software or other applications onto supported workstations. Customer will permit Company to load and operate software on the supported workstations designed to prevent the operation of unauthorized or nonstandard software or other applications on each supported workstation. Customer and Company will agree in good faith on a standard configuration and pre-approve any departures from the standard configuration (such as the operation of job-specific applications on designated workstations). Company will have no obligation to support any workstation that materially departs from the standard configuration and Customer will pay Company at the current rate per hour for any services that Company renders in connection with any workstation whose configuration departs from the standard configuration. Customer will notify Company of any proposed change to the standard configuration and any proposed departures from the standard configuration regarding any supported workstation.

If Customer requires that a new device be connected to Customer’s network, Customer will open a ticket for such installation and schedule the installation a reasonable time in advance. Minor device additions are expected to require at least one business day’s advance notice. Major additions may require additional notice and Customer and Company will coordinate such installations with commercially reasonable lead times.

All time commitments contained in this SOW assume reasonable access and Customer assistance when requested and/or necessary. Failure of Customer to grant reasonable access or render reasonable assistance will delay the time for performance by Company for the duration of Customer’s failure and Company will not be responsible for any such delay or any resulting liability. 

The services provided under the Customer’s support plan are intended to cover ongoing normal operations of the Customer’s business as specified at the inception of services. Any development, substantial migration, substantial conversion, or similar activity is not covered by the services provided for in Customer’s support plan. If a customer requires such additional services, the Parties will negotiate a separate order for a support plan.