SCHEDULE 2B CONVERGED NETWORK MANAGEMENT SERVICES. for COUNTY. Xerox County of Orange MSA for IT Services Schedule 2B Converged Network Services SOW

Transcription

1 SCHEDULE 2B CONVERGED NETWORK MANAGEMENT SERVICES for COUNTY erox County of Orange MSA for IT Services

2 Table of Contents 1.0 Converged Network Management Services Overview and Objectives Converged Network Management Services Overview Service Objectives Converged Network Management Services Requirements Converged Network Service Area Components Service Descriptions and Roles & Responsibilities Service Environment Scope of Infrastructure to be Supported Baseline Information Service Level Requirements Objectives Service Level Requirements Reports Referenced Appendices, Schedules and Attachments List of Tables Table 1. General Roles and Responsibilities... 7 Table 2. Design and Engineering Services Roles and Responsibilities... 9 Table 3. Network Provisioning Services Roles and Responsibilities Table 4. Network Operations and Administration Services Roles and Responsibilities Table 5. Network Monitoring and Reporting Services Roles and Responsibilities Table 6. Circuit Support Services Roles and Responsibilities Table 7. Network Documentation Services Roles and Responsibilities Table 8. Network Security Services Roles and Responsibilities Table 9. Firewall Management, DMZ and Internet Infrastructure Services Roles and Responsibilities Table 10. Security Intrusion Prevention and Detection Services Roles and Responsibilities Table 11. Security Monitoring and Incident Management Services Roles and Responsibilities Table 12. Network Services Reports erox County of Orange MSA for IT Services i

3 This is Schedule 2B (Converged Network Management Services) to the Agreement between the County and the Vendor. Unless otherwise expressly defined herein, the capitalized terms used herein shall have the meaning assigned to them in the Agreement. This statement of work shall be in effect following the implementation of the Vendor provided/implemented converged network environment. 1.0 Converged Network Management Services Overview and Objectives 1.1 Converged Network Management Services Overview This Schedule 2B (Converged Network Management Services) is the statement of work that sets forth the roles and responsibilities of the Parties for the Converged Network Management Services provided under the Agreement as part of the Services. Converged Network Management Services are the end-to-end Services required to provide and support the County s converged network environment that transports data traffic related to County and Third Party applications. These services include, but are not limited to financial and business applications (e.g., CAPS+, PTMS), web applications, video and associated video applications (e.g., future video conferencing, weekly Board meetings) and IP/VOIP telephony system traffic. Vendor s end-to-end responsibilities are life cycle management (e.g., requirements, engineering, design, implementation, testing), service provisioning, security, administration, troubleshooting, and proactive service management (e.g., Availability and Capacity Management, Performance Management, Incident and Problem Management) of the County s converged network environment and services, including but not limited to: Wide area network (WAN) (including metropolitan area network (MAN), circuit and conduit management) Third Party connectivity (e.g., state consortium systems and exchanges) Wired and wireless local area networks (LANs) IP address management services Quality of service (QoS) and class of service (CoS) management Network operations, management and monitoring Support of network test environments for all network services Internet connectivity services (e.g., provisioning, monitoring and reporting) gateway services Network security services Orange County Data Center LAN Infrastructure and Management Vendor s solution for Converged Network Management Services shall provide multiple levels of secure and permission-based logical network connectivity through the enterprise network to County End Users including the following: Enterprise level connectivity Agency to agency connectivity Multiple agency to agency connectivity erox County of Orange MSA for IT Services 1

4 Agency to business partners (e.g., state, federal, other counties and cities) connectivity County connectivity to the internet via the enterprise data center For L & JA Agencies, this SOW applies to the County Enterprise WAN segments. The point of demark will be where the enterprise WAN access router interfaces to the L&JA networks The Schedule 2D-Converged Network Services (L & JA) will apply to the Services provided behind the demarcation point (demark) within L&JA agencies. Throughout the Term of the Agreement, Vendor Converged Network Management Services shall support changing County business, regulatory and technical requirements and Vendor services shall incorporate new technical and services solutions that meet County requirements and business objectives. 1.2 Service Objectives The following are the key high-level Service objectives the County expects to achieve through Vendor s Converged Network Management Services: Achieve the Service Level Requirements (SLRs) specified in Section 4 of this SOW Design, implement and maintain a reliable, scalable and secure high-speed converged network infrastructure, that meets the County s ongoing and changing business and technical requirements and SLRs End to end converged network monitoring and management including management of Third Party providers (e.g., Third Party coordination, carrier coordination, Problem and Incident management) Maintain and deliver Converged Network Services in a cost effective manner Timely delivery of Converged Network solutions to support County project implementations, and related coordination with the County and Third Parties erox County of Orange MSA for IT Services 2

5 2.0 Converged Network Management Services Requirements 2.1 Converged Network Service Area Components Converged Network Management Services and network components are to the following Wide Area Network (WAN) (including Metropolitan Area Network (MAN)) Services WAN Services include the monitoring and management of networking equipment and Software that interconnect two or more separate facilities. WAN Services include acting as the prime Vendor or as an agent for trouble management for Third Party carrier services such as ATM, MPLS, point-to-point, frame relay circuits, Countyowned circuits, dedicated Internet connections and broadband circuits. Specific WAN Services include: Design of WAN connectivity solutions that will meet the County s business and technical requirements (e.g., performance, availability, reliability, capacity) WAN equipment provisioning and management (e.g., routers and CSUs/DSUs) Management of WAN circuit provisioning Management of circuit billing, invoicing and reconciliation Installation and decommissioning of WAN equipment (e.g., routers and gateways) Implementation of WAN connections and circuits Testing of WAN infrastructure (e.g., stress testing, regression testing, failover testing) changes in a non-production environment, prior to introduction into the County production environment Wiring and cabling (e.g., extended demarcation cabling) Password reset services per established security standards Optimization of WAN Services and circuits Management of end-to-end WAN connectivity and performance Internet connectivity and access Management of network QoS and CoS for all IP-based services Monitoring of all managed network devices (e.g., via SNMP) Monitoring performance and usage parameters of WAN circuits (e.g., Availability, peak utilization, average utilization, latency per QoS/class of service level, error levels, forward and backward explicit congestion notifications (FECNs/BECNs), application breakdown) Management of all WAN equipment (e.g., Routers and CSU/DSUs) Compliance with security policies and best practices Asset and configuration management Maintenance of hardware and Software (e.g., routers, switches, and system upgrades) Regular and ad-hoc reporting per County formatting requirements erox County of Orange MSA for IT Services 3

6 Development and maintenance of WAN documentation and diagrams Provide network operational support per Services to support Scope 1 Vendor disaster recovery services Wired and Wireless Local Area Network (LAN) Services LAN Services are the provision and monitoring and management of networks that are usually confined to a single facility or portion of a facility including the Orange County Data Center. LAN components include Dynamic Host Configuration Protocol (DHCP) and wireless LANs supporting all network traffic originating from computing devices (e.g., desktop devices, local file and print servers, application servers, database servers, peripherals and other network devices and other End User devices). The Service does not include the LAN-attached Network Interface Card (NIC) at the desktop. Specific Wired and Wireless LAN Services include: Review existing LANs and recommend improvements Design of LAN solutions which will meet County requirements LAN equipment provisioning and management Installation and decommissioning of LAN equipment (e.g., switches and hubs) Testing of LAN infrastructure (e.g., stress testing, regression testing, and failover testing) changes in a non-production environment, prior to introduction into County s production environment Management of LAN connectivity and performance, including wired and wireless LANs Monitoring all managed network devices (e.g., via SNMP) Monitoring LAN ports switches for Servers and interconnectivity between the switches and other network devices (e.g., IP/VOIP telephony devices) ; LAN ports shall be monitored for peak utilization, average utilization, latency, jitter, error levels unless otherwise agreed upon by County Wiring and cabling Regular and ad-hoc reporting per County requirements Compliance with security policies and best practices Asset Management and Configuration Management Support and administration of Third Party maintenance agreements and relationships. For County legacy environment, County will be responsible for administration of existing Third Party maintenance agreements and relationships until such time they are replaced by Vendor provided solution in accordance with the Transition Plan and Transformation Plan. Development and maintenance of LAN documentation and diagrams LAN administration services during County-defined windows (e.g., DNS changes, AD replication, and virus definitions) Provide network operational support per Services to support Scope 1 Vendor disaster recovery services Monitor remote equipment closets erox County of Orange MSA for IT Services 4

7 2.1.3 IP Management Services IP Management Services are both Domain Name Services (DNS) and Dynamic Host Configuration Protocol (DHCP), including administration and management of Domain Name Services. Vendor shall be responsible for managing DNS Services within the LAN and also on the Internet for all County application and service web sites. Vendor will also be responsible for providing DHCP services in support of all network traffic. Specific DNS services are: IP address management DHCP Service for Service Area hardware Internal and External DNS Service for Service Area hardware Internal and External DNS/DHCP Services for County sites Static IP addressing Provision and maintenance of central, real time logs that are to be kept in via Vendor-provided portal/integrated ITSM suite per County information security policies Provision and support of a DNS/DHCP tool that provides the following capabilities, including but not limited to: Remote Access Combines data from all DHCP servers on the reports Logs all devices that provide IP addresses via DHCP in the County s environment including remote access devices Supports real-time reporting formatted to the County s standards Provides capability to search for information from either the IP address, MAC address, hostname, or Active Directory End User ID Ability to generate alerts when a specific IP address, MAC address, hostname, or Active Directory End User ID is used Remote Access Services include the provision and management of solutions (e.g., virtual private network (VPN)) that allows remote End Users and business partners to securely connect to the network and County Application Services and/or County IT resources over the public Internet or private intranet. It requires industry/internetbased standards for security to create and preserve privacy, data integrity, and authenticity. The Remote Access Service will be highly scalable (e.g., client and siteto-site) and support will be provided for County sites, designated home offices, wireless access points, and other locations as required. All Remote Access Services provided hereunder will be provided in compliance with the County s security policies Network Security Services Network Security Services include the provision and support of methods that provide security to wired and wireless physical and logical network devices connected to the network and for security to IP traffic on the network. All Network Security Services provided hereunder will be provided in tiered administration in compliance with the County s security policies. Network Security Services are: erox County of Orange MSA for IT Services 5

8 Firewall management (e.g. DMZ, Internet, and Third Party connections) Provision and management of multi-factor authentication (e.g., token and certificate) Malicious code detection and prevention, and Internet monitoring (e.g. IDS/IPS, anti-virus, and anti-malware) gateway and SPAM filtering per County requirements Security policy verification Tiered web filtering (e.g., URL filtering, malicious sites, spyware, advertisements, instant messaging, and free software downloads) Internet usage reporting Tiered antivirus Data leak monitoring Data Leak Prevention services Provision, installation, configuration, management, and maintenance of network intrusion detection and prevention sensors at specified network entry points Intrusion incident reporting Ongoing vulnerability assessment and remediation Support of Third Party security assessment, scanning and penetration testing Design, implementation, management and maintenance of encryption solutions Management of County-owned security certificates, SSLs and domain names Incident and Problem Resolution Password Reset services per established security standards Logging, tracking and management of security risks and issues to Resolution and closure Network security services reporting per County requirements Physical and logical access control (e.g., End User, administrative, and card access) Remediation of discovered security risks from any security audit findings Management and Administration Services Management and Administration Services are system and component management and monitoring, information protection, component addressing, and IT Service management activities such as patch management, version control, access control, and Change control for all in scope network components including IP telephony/voip components. Management Services are: erox County of Orange MSA for IT Services 6

9 Network systems management and troubleshooting (e.g., performance, Problem, Change and capacity monitoring) Bandwidth, capacity, availability and performance management and reporting Application usage statistics (e.g., identify top talkers by application via Layer 7 monitoring) Coordinating with public carriers and other circuit providers to perform operations activities, support SLRs and to manage reporting of Third Party SLRs to the County QoS and CoS management Physical and logical network segmentation Administration Services include: Managing network devices, configurations, ACLs, firewalls, Internet Protocol (IP) addresses and related Services (e.g., DNS/DHCP) as specified by the County Asset management and configuration management, including hardware and Software Logical (e.g., IP address change) IMACs for network components Physical equipment and site IMACs Firewall Management, DMZ and Internet Infrastructure Services Firewall Management, DMZ and Internet Infrastructure Services are the activities associated with Managing and supporting County Internet and Third Party connections and associated firewalls, DMZ infrastructures, proxies, content filters and other Services necessary for secure Internet access from and to the County network. The following Services and roles and responsibilities shall apply to all in scope County network components described above (e.g., WAN, MAN, LAN, and VPN). 2.2 Service Descriptions and Roles & Responsibilities General Responsibilities The following table identifies general roles and responsibilities associated with this SOW. An is placed in the column under the party that will be responsible for performing the task. Table 1. General Roles and Responsibilities General Roles and Responsibilities Vendor County 1. As part of transformation, develop and document the physical and logical network design/architecture plan and inventory (e.g., circuit inventory, conduit mapping, and IP address schema, as built) to meet County requirements 2. Maintain the physical and logical network design/architecture plan and inventory (e.g., circuit inventory, conduit mapping, and IP address schema, and as built) to meet County requirements 3. Review and approve the plan for network design/architecture erox County of Orange MSA for IT Services 7

10 General Roles and Responsibilities Vendor County 4. Provide and manage 24x7x365 network Availability for Vendor managed network (e.g., components and segments) 5. Provision network components as required 6. Provision circuits per County s instructions and approvals 7. Dispose of decommissioned network equipment in accordance with County requirements and policies 8. Develop business and functional requirements for network projects 9. Provide technical and functional requirements for Vendor-proposed network support and upgrade projects 10. Manage and perform firmware/software upgrades for all in-scope network devices 11. Review and approve firmware/software upgrade maintenance costs and schedule for network devices 12. Identify, test, and Resolve compatibility issues between firmware/software versions of in scope network devices 13. Perform proactive network optimization and tuning for Vendor managed network components 14. Coordinate with County entities and Third Parties (e.g., hardware/software Vendors, carriers, service providers) as required 15. Provide ad-hoc network reports on Vendor managed network components when requested by the County 16. For Vendor managed network components, coordinate with County Third Party WAN/LAN network providers for Incident Resolution and to collect and report on network Availability and performance to the End User 17. Support audit activities by providing necessary resource, reports and data on Vendor managed network components 18. Provide and support Data Center networks (e.g., LAN, WAN connection) and related operations (e.g., design, build, systems monitoring, Incident diagnostics, troubleshooting, Resolution and escalation, security management, and capacity planning/analysis) as required to meet County Service requirements 19. Provide, document and maintain wiring and cabling for Data Center 20. Team with Scope 1 vendor and any third party to perform problem determination and resolution activities related to supporting County WEB sites. These activities include but are not limited to (Internal and Externally facing sites): Resolving access issues (Network and security segments) Resolving performance issues (Network and security segments) Establishing new sites (Network and security segments) Discontinuing sites(in many case this may have to be down with little to no notice and after hours) Investigating hacking and defacing incidents. erox County of Orange MSA for IT Services 8

11 General Roles and Responsibilities Vendor County 21. Install, configure, and support network Web infrastructure components (e.g., hardened servers, middleware, load balancing components, Internet connectivity, SSL certificates) 22. Provide and manage Internet bandwidth to the Web infrastructure to meet County requirements and SLRs (for externally facing web site access) Design and Engineering Services Design and Engineering Services are those activities associated with the design and engineering of the technical infrastructure, and providing and managing tools and utilities to support the network environment. The following table identifies the Design and Engineering Services roles and responsibilities that Vendor and the County shall perform. Table 2. Design and Engineering Services Roles and Responsibilities Design and Engineering Services Roles and Responsibilities Vendor County 1. Recommend Vendor s standard Network Design and Engineering Services procedures 2. Develop, document and maintain in the Policies, Standards and Procedures Manual Network Design and Engineering Services procedures that meet County requirements and adhere to County policies for Vendor managed environment 3. Review and provide input and/or additional procedures as required and approve Network Design and Engineering Services procedures 4. Integrate Life and Safety Systems (fax, paging, modems, and other notification systems) 5. Provide capability to integrate with 800 MHz Radio solution 6. Prepare and provide network design, engineering, security plans and schedules (e.g., service design package (SDP)) to support new and enhanced applications, architectures and standards based on established procedures as needed or requested by the County 7. Review and approve network design, engineering, security plans, and schedules 8. Provide recommendations for optimizing network design 9. Review and approve recommendations for optimizing network design 10. Coordinate with County and Third Parties as required to meet service requirements and SLRs for Vendor managed network components 11. Review and approve Changes to the network environment in accordance with Change Management policies and procedures 12. Develop scheduling of all Changes to the network environment for Vendor managed network components 13. Review and approve the scheduling of Changes to the network environment in accordance with Change Management policies and procedures erox County of Orange MSA for IT Services 9

12 Design and Engineering Services Roles and Responsibilities Vendor County 14. Provide technical advice to the County regarding application development to optimize utilization of data and applications over the network Network Provisioning Services Network Provisioning Services are those activities associated with the pricing, evaluation, selection, acquisition, installation, ongoing management and disposition of new and upgraded network components (e.g., circuits, equipment). The following table identifies the Network Provisioning Services roles and responsibilities that Vendor and the County shall perform. Table 3. Network Provisioning Services Roles and Responsibilities Network Provisioning Services Roles and Responsibilities Vendor County 1. Recommend Vendor s standard Network Provisioning Services procedures 2. Develop, document and maintain in the Policies, Standards and Procedures Manual Network Provisioning Services procedures that meet County requirements and adhere to County policies for Vendor managed network components 3. Review and provide input and/or additional procedures as required and approve Network Provisioning Services procedures 4. Manage circuit provisioning for new WAN connectivity, including obtaining favorable circuit pricing 5. Review carrier options and provide the County with recommendations regarding most favorable options 6. Review and approve Vendor s carrier recommendations regarding most favorable options 7. Maintain financial responsibility for County specified data circuits and other connectivity methods 8. Maintain financial responsibility for County specified data circuits and other connectivity methods 9. Specify network provisioning physical requirements (e.g., power, floor space) 10. Install equipment and establish connectivity as required 11. Document router configuration files and IP addressing schemas 12. Provide initial and ongoing capacity planning, incorporating Countyprovided business requirements 13. Manage and coordinate the performance of public carriers (and other Third Parties) to meet County requirements (e.g., schedules, project plans, SLRs) 14. Ensure that all new circuits, devices and Software provisioned are included in all IT Service Management and Life Cycle Services related documentation (e.g., Asset and Configuration Management) 15. Upgrade/remove/decommission network equipment and connectivity from County sites as required per agreed schedules and in accordance with County policies and procedures erox County of Orange MSA for IT Services 10

13 Network Provisioning Services Roles and Responsibilities Vendor County 16. Manage and provide WAN connectivity installs, moves, adds and changes (IMACs) 17. Minimize disruptions in Services during Changes 18. Review and approve installation, connectivity and removal activities 19. Acquire and manage domain name entries on behalf of the County (e.g., web URL and SSL certificates) 20. Maintain financial responsibility and ownership of domain name entries Converged Network Operations and Administration Data Network Operations and Administration Services are those activities associated with the provisioning and day-to-day management of the network environment. The following table identifies the Network Operations and Administration Services roles and responsibilities that Vendor and the County shall perform. Table 4. Network Operations and Administration Services Roles and Responsibilities Network Operations and Administration Services Roles and Responsibilities 1. Recommend Vendor s standard Network Operations and Administration Services procedures 2. Develop, document and maintain in the Policies, Standards and Procedures Manual Network Operations and Administration Services procedures that meet County requirements and adhere to County policies for Vendor managed network components 3. Review and provide input and/or additional procedures as required, and approve Network Operations and Administration Services procedures 4. Perform day-to-day Network Operations and Administration Services activities for Vendor managed network components 5. Develop, manage and maintain inventory of Network traffic (e.g., types, sources, services) 6. Manage in scope network Assets in accordance with the County s policies, standards and procedures (including security oversight and Change Management policies and procedures) 7. Recommend QoS and CoS for QoS/CoS sensitive applications including IP/VOIP based telephony systems 8. Review and approve QoS and CoS requirements for QoS/CoS sensitive applications and IP/VOIP based telephony systems 9. Implement and manage QoS and CoS for QoS/CoS sensitive applications and IP/VOIP based telephony systems 10. Recommend IP addressing, directory and configuration information and requirements 11. Review and approve IP addressing, directory and configuration information and requirements Vendor County erox County of Orange MSA for IT Services 11

14 Network Operations and Administration Services Roles and Responsibilities 12. Develop and maintain IP addressing schemes, router configurations and routing tables that meet County s requirements Vendor 13. Manage and maintain DNS/DHCP Services 14. Provide requirements (e.g., security, performance) for physical and logical network traffic segmentation 15. Recommend approaches, technologies and network management techniques for physical and logical network traffic segmentation 16. Review and approve Vendor recommend approaches, technologies and network management techniques for physical and logical network traffic segmentation 17. Implement physical and logical network traffic segmentation to meet County requirements and SLRs (e.g., security, performance) 18. Manage and maintain physical and logical network traffic segmentation to meet County requirements and SLRs (e.g., security, performance) for Vendor managed network components 19. Manage County Third Party contracts for facility cable management (e.g., physical wiring between servers and wiring closet and between wiring closet and desktop) Services at specified County sites 20. Manage and maintain current inventory of cable plant 21. Manage and provide proactive and reactive maintenance on network Assets 22. Manage and respond to Services Requests and provide IMACs for network components and sites 23. Maintain and provide security information in an agreed upon format, including general logs, access logs such as system logs, network logs, server logs and desktop logs in accordance with the County s security policies and procedures. Note: Vendor shall provide and maintain logs that cannot be modified. 24. Provide centralized logs of computer security relevant events containing sufficient data to support comprehensive audits of the effectiveness of, and compliance with security measures (audit tracking) 25. Coordinate network administration activities through defined Change Management processes 26. Support provisioning and de-provisioning account activities (e.g., administrative accounts, End User accounts) and maintain associated history logs as required 27. Support activities related to County- or Third Party-planned and unplanned Outages (e.g., post-power outage startup activities, County preparedness emergency exercises or Incidents, recovery) 28. Coordinate needed access to appropriate components of the County s network infrastructure with appropriate Third Party providers, as required 29. Encrypt passwords per established security standards 30. Provide remote access administration (e.g., VPN access, SecurID tokens) for Vendor managed components County erox County of Orange MSA for IT Services 12

15 Network Operations and Administration Services Roles and Responsibilities 31. Conduct required testing of Premise equipment as required on Vendor managed component (e.g., battery, backup power and balancing on PB equipment) and/or coordinate with County third party vendor (e.g. Backup power vendor ) Vendor County Network Monitoring and Reporting Network Monitoring and Reporting are those activities associated with the proactive monitoring and reporting of network performance and management information (e.g., performance metrics, Incidents) for in-scope network components (e.g., routers, switches, and network appliances, IP /VOIP telephony system components). Vendor is only required to perform monitoring activities up to the capability of County provided toolsets and legacy devices until such time that they are replaced with Vendor-provided solutions per the County-approved replacement timeline. The following table identifies the Network Monitoring and Reporting Services roles and responsibilities that Vendor and the County shall perform. Table 5. Network Monitoring and Reporting Services Roles and Responsibilities Network Monitoring and Reporting Services Roles and Responsibilities Vendor County 1. Recommend Vendor s standard Network Monitoring Services and Incident and Problem Resolution procedures 2. Develop, document and maintain in the Policies, Standards and Procedures Manual Network Monitoring Services procedures that meet County requirements and adhere to County policies for Vendor managed network components 3. Review and provide input and/or additional procedures as required and approve Network Monitoring Services procedures 4. Manage current or provide and manage new automated tools for monitoring in scope network circuits, devices and traffic from a Vendor provided Network Operations Center (NOC) 5. Implement measures and provide proactive analysis of network data and reports to limit network Outages and optimize the County s bandwidth utilization for Vendor managed network components 6. Proactively monitor current network utilization and provide information to the County for use in determining future capacity requirements for Vendor managed network components 7. Monitor, operate, perform Problem determination, alert, and repair for all Vendor managed network environments on a 24x7x365 basis, including for Service Outage, loss of connection and specific performance indices 8. Monitor Vendor managed LAN ports for all servers and uplinks: LAN ports should be monitored for peak utilization, average utilization, latency, and error levels unless otherwise agreed upon by the County. Vendor should also have the capability to turn on monitoring for individual regular desktop ports for troubleshooting 9. Perform remote LAN analysis diagnostics and on-site troubleshooting per County designated site classification requirements erox County of Orange MSA for IT Services 13

16 Network Monitoring and Reporting Services Roles and Responsibilities Vendor County 10. Manage Service Requests and dispatch process as directed by the County 11. Dispatch pre-approved Vendor on-site support personnel and/or Third Parties as appropriate 12. Manage network performance or Availability issues resulting from a fault or impairment in Vendor managed network circuits or devices 13. Provide reporting (e.g., availability, utilization, latency, capacity) on Vendor managed network components providing connectivity to County applications 14. Collect data and reports from Third Parties and provide consolidated reporting (e.g., availability, utilization, latency, capacity) on out-of-scope network components (e.g., Third Party circuits, Third Party WAN/LAN network circuits and components, Third Party partner and service provider connections) providing connectivity to County applications 15. Review and approve network performance reporting Circuit Support Circuit Support Services are those activities associated with providing 24x7x365 support of the network to ensure continuous operation. This support includes Problem isolation and determination to the network device port level. The following table identifies the Circuit Support Services roles and responsibilities that Vendor and the County shall perform. Table 6. Circuit Support Services Roles and Responsibilities Circuit Support Services Roles and Responsibilities Vendor County 1. Recommend Vendor s standard Circuit Support Services procedures 2. Develop, document and maintain in the Policies, Standards and Procedures Manual those Circuit Support Services procedures that meet County requirements and adhere to County policies for Vendor managed network components 3. Review and provide input and/or additional procedures as required and approve Circuit Support Services procedures 4. Isolate Problems to the circuit, port or device level 5. For circuit Incidents and Problems, contact carrier to determine the cause of the Outage, notify the County, and work on the Incident/Problem with carrier until Resolved 6. Track Incidents and Problems, follow up on status, escalate when required and report status to the appropriate Party including when Incidents/Problems are Resolved 7. Provide any possible Workarounds to help maintain production until a permanent fix can be achieved during network Problems/Outages 8. Provide Third Party SLR reporting in accordance with County requirements 9. Provide network operational support per Services to support Scope 1 provider disaster recovery testing erox County of Orange MSA for IT Services 14

17 Circuit Support Services Roles and Responsibilities Vendor County 10. Provide network operational support per Services to support Scope 1 provider disaster recovery Network Documentation Services Network Documentation Services are those activities associated with continually developing, revising, maintaining, reproducing, and making secure network infrastructure information securely accessible on an as needed basis. Documentation shall be formally provided to the County in electronic form quarterly and shall be stored and maintained in the integrated IT Service Management suite. Some of the document types specific to this Schedule include: Network system specifications and topologies (e.g., router configurations, firewall policies, routing diagrams/ip addressing tables, hardware/software listings) Detailed circuit location information (e.g., circuit ID including LEC access ID, location, speed) Firewall policies, group and object information As-built documentation for all network devices (including firewalls) that are deployed in development, test, QA, production and other technical environments Maintain network topology diagrams The following table identifies the Network Documentation Services roles and responsibilities that Vendor and the County shall perform. Table 7. Network Documentation Services Roles and Responsibilities Network Documentation Services Roles and Responsibilities Vendor County 1. Recommend Vendor s standard network documentation types and content 2. Develop and maintain network documentation that meets County requirements 3. Review and approve network documentation Network Security Services All Network Security Services provided hereunder will be provided in tiered administration in compliance with the County s security policies Network Security Planning and Operations Services Network Security Planning and Operations Services are those activities associated with maintaining logical security of all Network Management Services components (e.g., hardware, Software) and data, Malware protection, access protection and other Network Security Services in compliance with County security requirements and all applicable regulatory requirements. The following table identifies the Network Security Services roles and responsibilities that Vendor and the County shall perform. Table 8. Network Security Services Roles and Responsibilities Network Security Services Roles and Responsibilities Vendor County General erox County of Orange MSA for IT Services 15

18 Network Security Services Roles and Responsibilities Vendor County 1. Implement logical security plans that comply with County security policies; develop and provide documentation demonstrating adherence to the plans, processes and procedures 2. Provide requirements and/or recommendations for physical security plan on in scope devices housed in County facilities (e.g., OCDC) 3. Maintain a secure network environment, including compliance with County policies 4. Perform information security compliance, auditing, and reporting per County-defined requirements 5. Design and implement Vendor security services and technical solutions that protect data logically, in storage and during wired and wireless transmission, against unauthorized or accidental access, modification or disclosures (e.g., encryption, network segmentation, monitoring tools) 6. Maintain Vendor security services and technical solutions that protect data logically, in storage and during wired and wireless transmission, against unauthorized or accidental access, modification or disclosures (e.g., encryption, network segmentation, monitoring tools) 7. Review and approve Vendor security solutions 8. Develop, document and maintain in the Policies, Standards and Procedures Manual Security Services standards and procedures that meet County requirements, regulatory requirements, and adhere to County policies 9. Review and approve Network Security Services standards and procedures 10. Execute security policies and provide and operate security monitoring tools including documentation demonstrating consistent adherence to the process 11. Provide, implement and manage security analysis and monitoring tools into the County s network environment 12. Provide tiered and role-based access to Vendor s security analyses and monitoring tools 13. Review and approve security analysis and monitoring tools Security Policy and Controls 14. Provide County security strategy, policies and requirements 15. Recommend Vendor s standard best practice security policies, services and procedures 16. Review and provide input and/or additional procedures as required and approve Vendor recommended standard/best practice security policies, services and procedures 17. Ensure compliance with patch management and Change Management policy 18. Proactively monitor current IT security trends, threats, exploits and security best practices and notify the County of same 19. Provide a County security liaison that works with Vendor for security requirements related to the scope of this Schedule 20. Implement a Network Security Incident Response Team (NSIRT) program to resolve security incidents 21. Participate in Computer Incident Response Team (CIRT) as required by the County or Third Parties erox County of Orange MSA for IT Services 16

19 Network Security Services Roles and Responsibilities Vendor County 22. Review and approve all security plans, security remediation plans, programs, and security infrastructure Physical Security Control 23. Develop and maintain network environment access control lists and provide reporting on which individuals have accessed locations and resources 24. Review and approve network environment access control list 25. Conduct a quarterly review of the list of authorized people to computing/network equipment areas 26. Adhere to established access control policies and procedures System Administrative Privileges 27. Establish access profiles and policies for adding, changing, enabling/disabling and deleting log-on access for County and Third Parties 28. Investigate attacks (e.g., attempts to logon) 29. Provide logs of network security events containing data to support comprehensive audits of the effectiveness of, and compliance with security measures in accordance with County policies (e.g., audit trail) System Administrative Privileges 30. Establish access profiles and policies for adding, changing, enabling/disabling and deleting log-on access for County and Third Parties 31. Investigate systematic attacks (e.g., attempts to logon) 32. Provide logs of network security relevant events containing sufficient data to support comprehensive audits of the effectiveness of, and compliance with security measures (audit tracking) Security Integrity Advisory 33. Provide security advisory information to the County in a mutually agreed manner 34. Evaluate security advisories, assign a risk value and communicate recommended action plan to the County Security Status Checking and Validation 35. Provide security assessment audit single point of contact to define audit controls and coordinate audit activities 36. Provide support for audit activities, public requests for information (PRIs) per the Public Information Act, e-discovery, legal hold, and forensic audits as required by the County (e.g., data collection, audit tool installation, report generation) 37. Develop plans to remediate audit findings that do not comply with the established County security policies and standards 38. Review and approve audit findings and remediation plans 39. Implement remediation plans and report on progress of associated implementation 40. Support audit activities by providing a security assessment audit coordinator erox County of Orange MSA for IT Services 17

20 Network Security Services Roles and Responsibilities Vendor County 41. Maintain all documentation required for security assessments, Audits and internal control and control testing 42. Perform semi-annual security assessments, or ad hoc assessments as required, to identify control or security gaps and provide trending problem reports to the County, and recommend remediation plan(s) 43. Conduct security planning and review sessions to review results of security assessments and Vendor remediation plans 44. Review all findings and identified risks and approve remediation plans 45. Implement County-approved remediation plans Content Filtering for Malware 46. Review and approve Malware Prevention policies and services 47. Adhere to County-approved Malware Prevention policies and services 48. Monitor supplier information and manage up-to-date information on malicious code outbreaks and deploy the appropriate signature files to protect against the malicious code in accordance with established County Change Management procedures 49. Deploy anti-malware updates and patches following a Malware Incident per the County Change Management procedures 50. Immediately notify the County on detection of malicious code within the infrastructure 51. Implement the established action plan (e.g., quarantine of malicious code or network segment) and escalation procedures for a malicious code event beyond what is automatically fixed by the anti-malware software 52. Filter outbound URLs to enforce compliance with County policies 53. Filter both inbound/outbound multiple Web protocols, including deep inspection of encrypted traffic 54. Filter inbound URLs real-time threat protection, block access to sites harboring harmful code, Malware - spyware, phishing, virus, worms and Trojan horse software. Provide for continuous scanning, eradication and reporting of detected harmful code as listed and Incident Resolution 55. Scan user-generated content per County policies 56. Provide seamless user/ip integration to County multi-agency for authentication, tracking, reporting 57. Integrate fully with End User browsers (e.g., MS I/E, foxfire, chrome) with IP and user identification tracking, reporting 58. Provide reporting and audit capabilities, including user activity as required by County polices 59. Provide for Agency tiered management 60. Manage user/groups URL filters and reporting as required Content Filtering of 61. Recommend Gateway and inbound and outbound Filtering policies, services and procedures 62. Review and approve Gateway and Filtering policies, services and procedures erox County of Orange MSA for IT Services 18