OITS Service Level Agreement

Transcription

1 OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer. The OITS Service Level Agreement (SLA) includes: Glbal Service Levels: General areas f supprt and targets that are applicable t every OITS service Service SLA fr each service: Levels f supprt and targets applicable t a specific service t include respnsibilities f OITS and the custmer. MOU: Optinal custmer specific requirements (additins r changes) If there are cntent differences, infrmatin dcumented in the Service SLA takes precedence ver the infrmatin stated in the Glbal Service Levels. In additin, infrmatin cntained in an MOU assciated with a standard service als takes precedence ver the infrmatin cntained in the Service SLA and/r the Glbal Service Levels. Glbal Service Levels Service Supprt The OITS Service Desk perates 24 x 7 and ffers a single pint f cntact fr all custmer inquiries related t OITS services fr the State f Nrth Carlina's business and technical infrastructures. The OITS Service Desk agents prvide business and technical infrastructure analysis, prblem slving, and first and secnd level diagnstics. Hurs f Operatin OITS Services are available 24 x 7, excluding planned utage maintenance windws and unavidable events. Maintenance windws are used nly when needed fr planned changes that have gne thrugh the OITS Change Management Prcess. In additin t the Standard OITS Maintenance Windws, site-specific changes may be crdinated with custmers at nn-standard times. OITS Standard maintenance windws include: 4:00 a.m. t 7:00 a.m. each Thursday 4:00 a.m. t 12:00 p.m. each Sunday Any service maintenance windws utside f these standard windws are dcumented in the service specific SLA. Cntacting Supprt and Ticket Escalatin The OITS Service Desk is the single pint f cntact fr initiating all Incidents and Service Requests, including any requests fr ticket escalatin. Custmers may cntact the OITS Service Desk at r tll free at r via at [email protected]. The Business Relatinship Manager assigned t yur agency is available t address any questins regarding OITS services, prcesses r infrmatin technlgy business needs. Yu may cntact yur Business Relatinship Manager directly r initiate a Service Request with the OITS Service Desk. ITS Glbal Service Levels v4.0 Page 1

2 Incidents and Service Requests Ticket Creatin and Priritizatin Tw types f tickets may be created by cntacting the OITS Service Desk. An Incident is any disruptin f service. A Service Request is a request fr infrmatin r a request fr a new service r t change an existing service. Custmers may pen an Incident r a Service Request ticket by calling r initiating an t the OITS Service Desk. It is imprtant t nte that tickets received via are categrized as a lw pririty. Therefre, any critical r high Incident r Service Request shuld be initiated by calling the OITS Service Desk. If a critical r high Incident r Service Request is initiated by , it must be fllwed up with a telephne call t the Service Desk t ensure prper priritizatin. Failure t call may result in a lw pririty ticket. When sending an , summarize the nature f the Incident r Service Request in the Subject field. Upn ticket creatin, the custmer will autmatically be ed a Receipt Cnfirmatin with the ticket r reference number. This cnfirmatin ntes that the Incident r Service Request has been lgged at the OITS Service Desk and that it is being assigned t a wrk grup. Custmers are respnsible fr ensuring their address is prvided t the OITS Service Desk fr update and reslutin ntificatin purpses. The OITS Service Desk assigns a Pririty t every initiated Incident r Service Request. The OITS Priritizatin Mdel is used t ensure a cnsistent apprach t define the sequence fr a ticket t be handled and t drive the assignment f resurces. The Pririty assigned t a ticket depends upn: The Impact n the business: size, scpe and cmplexity f the Incident The Urgency t the business: time within which reslutin is required Ticket Target Reslutin Times The Incident Target Reslutin Time is the ttal time frm ticket creatin t Incident reslutin (restratin f service t the user). Service may be restred either thrugh a wrkarund r a permanent slutin. OITS is cmmitted t reslve ninety percent (90%) f Incidents within the time frame specified fr each Pririty. The fllwing chart shws the target reslutin times by Pririty after the initial assessment/assignment f an Incident by the Service Desk. Incident Pririty Critical High Medium Lw Target Reslutin Time 4 hurs r less 8 hurs r less 24 hurs r less 3 business days Change Management OITS has a Change Management Prcess with the gal f prtecting the shared envirnment f the State s infrastructure frm unintended impacts as a result f changes made t the varius systems, applicatins, and equipment perating n the enterprise netwrk and in the State Data Centers managed by OITS. Additinally, OITS spnsrs the Enterprise Change Advisry Bard (ECAB), whse membership cnsists f agency and OITS representatives. The ECAB meets regularly t cmmunicate all Majr and Significant changes t its members. ITS Glbal Service Levels v4 Page 2

3 All ECAB members must adhere t the fllwing guidelines: Custmers will have an agency representative attend and participate in the ECAB Custmers will ntify OITS and ther agencies f any agency planned changes t the OITS prvided infrastructure Custmers will cncur and sign ff n any OITS majr change that affects their agency OITS will cncur and sign ff n any agency change that impacts the OITS managed infrastructure. There are three levels f change types (Majr, Significant and Minr) which necessitate the lead times listed belw fr effective and efficient implementatin: Change Request Type Majr Significant Minr Required Lead Time 20 business days 10 business days 3 business days Custmer Cmmunicatin OITS will update custmers as tickets are being wrked and upn ticket reslutin. OITS will als prvide cmmunicatins, thrugh the OITS Custmer Cmmunicatins Hub, when Incidents r utages ccur that may impact the custmer. Custmers f OITS shuld visit the OITS Custmer Cmmunicatin Hub at t self-register fr cmmunicatins regarding services and t view service status. Custmers may als subscribe t the Prjected Service Outage Reprt via the Cmmunicatins Hub which prvides infrmatin regarding upcming change events that have the ptential t impact services and lines f business. If an Incident is causing majr impact, r ptentially majr impact, t the business and requires a respnse that is abve and beynd that given t standard incidents, a Majr Incident Plan (MIP) may be declared. Typically, MIPs are priritized as critical incidents and require crss-agency crdinatin, management escalatin, the mbilizatin f additinal resurces, and increased cmmunicatins. Depending upn the custmer impact, OITS may prvide cmmunicatins t agency cntacts using NtiFind. The Business Relatinship Managers wrk with their respective agencies t maintain updated MIP cntact infrmatin. Security Standards and Plicies OITS services adhere t OITS and State CIO Security Standards and Plicies. The Custmer is respnsible fr ensuring that their systems, applicatins, prcesses and data are cmpliant with and fllw State CIO Security Standards and Plicies. As an example, the Custmer is respnsible fr classifying their data and identifying additinal security that may be required fr data classificatins such as PII, HIPPA, PCI r IRS Risk Management OITS prvides business cntinuity services, including assistance with cntinuity planning strategies, t help agencies cmply with G.S Other services include the availability f dual sites fr applicatin hsting, testing, and disaster recvery. OITS cnducts a minimum f tw disaster recvery exercises each year fr its critical applicatins; hsted agencies are invited t participate. The custmer is respnsible fr determining their disaster recvery ITS Glbal Service Levels v4 Page 3

4 bjectives and purchasing any additinal services r equipment that may be required t meet thse bjectives. Custmer and OITS Access and Assets Prtectin f equipment Agencies/Custmers must prtect all OITS wned assets that are resident at agency lcatins r being used by agency persnnel r cntractrs. (NC State Security Plicy Chapter 2) While the agency/custmer is respnsible fr the physical security f the assets, OITS is respnsible t replace OITS wned assets that are lst, damaged r stlen while n agency premises and/r in use by agency emplyees r cntractrs. Site Envirnmentals Agencies/Custmers must prvide, prtect, cntrl and mnitr any nsite envirnmentals assciated with the presence f OITS wned assets. (NC State Security Plicy Chapter 9) This includes HVAC, Static electricity, humidity, air circulatin, electrical circuits and line fluctuatins, flding, physical access, space management, and BCP/DR plans fr the envirnmental cntrls. If a new lcatin r site is being cnsidered fr OITS Services, a site survey will be cnducted by OITS staff t determine if there are envirnmental cncerns r ther issues that need t be addressed as part f the service prvisining prcess. Any issues that cannt be addressed r that are nn-standard will be dcumented in an MOU, including additinal csts (if applicable) and ther actins needed t mitigate the risk r cncern. Custmer Access t Agency Owned Assets The custmer shall have access rights t their assets fr the purpse f applicatin mnitring and fr managing sftware licenses and applicatin cde. OITS Physical and Remte Access and changes t OITS equipment n custmer premises Agencies and custmers f OITS must prvide timely physical site access t OITS Staff s that OITS can prvide the necessary supprt fr the services being prvided t that lcatin. Access must be prvided t OITS assets lcated n agency premises, including access t server clsets, wiring clsets, switches and ther OITS managed devices. OITS staff must adhere t an agency s security access requirements, i.e. signing a visitr s access lg. OITS must ensure that the agency is ntified when OITS staff n lnger require badge access t the agency s facility. When changes are made t OITS assets, OITS and custmers must adhere t the security standards assciated with the asset (NC State Security Plicy Chapter 2) and fllw the OITS Change Management Prcess. Agencies and custmers f OITS agree t permit OITS t pen all required firewall prts necessary fr OITS t prvide services and the management f OITS remte equipment in the Agency. On-barding and ff-barding f State emplyees and cntractrs. Agencies need t submit a ticket t the OITS Service Desk fr the n-barding and ff-barding f agency emplyees/cntractrs when they are entitled t receive supprt fr any OITS service. In additin, OITS wned assets deplyed t agency emplyees/cntractrs must be returned t OITS fr prper equipment cleanup and ptential reuse. Financial Authrizatin ITS Glbal Service Levels v4 Page 4

5 Agencies must prvide OITS with written assurances thrugh the apprpriate services prvisining prcess that funds are available t cver the requisitin f the new equipment r services being purchased frm OITS and that all invices will be paid prmptly and fully upn receipt, cnsistent with State accunts payable practices. Agencies shuld pen a ticket with the OITS Service Desk if there are any questins r disputes with the OITS bill. Service Level Reviews OITS shall cnduct regular meetings with executive branch agencies (custmer) t review service level achievements, service supprt and Service Level Agreements (SLAs).These Service Reviews will be facilitated by the OITS Supprt Services grup and cnducted at a minimum n an annual basis r as agreed upn by the custmer. A Business Relatinship Manager and the custmer will participate in the reviews. A custmer s SLA Reprt will be discussed which displays service level achievements, such as metrics and details fr Incidents and Service Requests. Applicable SLAs will als be reviewed with the custmer whenever there is a significant change t the delivery f the service. Dispute Reslutin The Parties (OITS and the Custmer) agree that it is in their mutual best interest t reslve disputes infrmally and amicably. If representatives f the Parties are unable t reslve any dispute after reasnable negtiatin, such issue shall be escalated t the respective legal cunsel f the Parties, and then, if necessary, t the heads f the respective agencies. If the dispute still remains unreslved, then either Party may seek reslutin using the mechanism set ut in N.C.G.S Fees; Dispute Reslutin Panel. Cnfidentiality As a result f this SLA, each Party (OITS and the Custmer) is likely t have access t infrmatin r recrds f the ther Party that is exempt frm disclsure under applicable law. Such infrmatin shall be deemed Cnfidential Infrmatin. Each Party shall maintain all Cnfidential Infrmatin f the ther Party in strictest cnfidence and will nt at any time use, publish, reprduce r disclse any Cnfidential Infrmatin, except t the extent necessary t carry ut the Party s duties under this SLA r as expressly authrized in writing by the ther Party. Each Party shall, prir t disclsing any Cnfidential Infrmatin t any cntractr r ther third party, prmptly seek and btain authrizatin fr the disclsure frm the ther Party and shall ensure that the cntractr r ther third party is subject t a nn-disclsure agreement enfrceable in Nrth Carlina. Nthing in this paragraph is intended t prevent either Party frm cmpliance with any rder issued by a Nrth Carlina state r federal curt. Ownership and Custdy f Data All data r ther recrds held r stred by OITS as a result f this SLA shall be cnsidered the prperty f, and in the custdy f, the Custmer. Custmers shuld ensure their backup, retentin and business cntinuity requirements fr custmer wned data are clearly identified in the SLA. In the event f a request made t OITS fr access t Custmer recrds pursuant t the Nrth Carlina Public Recrds Act r by ther legal prcess, OITS will decline such requests and indicate t the requestr that OITS is nt the custdian f such recrds. OITS will refer the requestr t the Custmer and will ntify the Custmer f such request as sn as is reasnable under the circumstances, in rder t prvide the Custmer with an pprtunity t state r therwise argue its wn psitin cncerning such request. ITS Glbal Service Levels v4 Page 5