Cloud IU for SharePoint. Service Description

(1)

Cloud IU for SharePoint

Service Description

(2)

Confidential – Computer Sciences Corporation Page 2 of 24 The Confidentiality Notice on the last page of this document is incorporated by reference. Rev. 1.2

1 Overview

CSC’s Cloud IU for SharePoint is a fully managed service that provides a content management solution based on Microsoft SharePoint and delivered from CSC’s Cloud. CSC's solution allows clients to migrate their current SharePoint data to a usage-based Software as a Service (SaaS) delivery model.

2 Service Features

CSC’s Cloud IU for SharePoint provides SharePoint features and functions in a usage-based service model.

The service includes:

• Establishing the SharePoint 2010 environment on CSC Cloud (CloudCompute or BizCloud) using the client’s SharePoint license(s).

• Hosting the SharePoint content that has been migrated to the service

• Providing ongoing support and maintenance of the infrastructure and application • Industry standard SLA’s

Services to support the ongoing operation and maintenance of the SharePoint 2010 application include:

 Framework of SharePoint farms for change management and governance  Application monitoring

 Application and OS patching  Antivirus

 Backup and backup monitoring  24x7 level 2 help desk support  SLA: 99.9% or 99.95% availability

 Hosting the agreed-upon Internet sites in a high availability SharePoint environment  Anonymous access for all sites on the open Internet via HTTP over port 80 and HTTPS

over port 443 using SSL certificates provided by the client).

 Full site administration access to all sites by client’s designated administrators, including SharePoint Designer access for creating custom master pages and templates.

 Full contributor access to sites by client’s designated content owners to administer content.

 Multiple alternate access mappings (domain names) for all sites using domain names owned by the client. The client will continue to use its own DNS hosting service. The service provides a framework of SharePoint farms that the client can use for change

(5)

Confidential – Computer Sciences Corporation Page 5 of 24 The Confidentiality Notice on the last page of this document is incorporated by reference. Rev. 1.2 The SharePoint farms available in the governance model are configured to support user

authorization levels and workflows to enable various levels of checks and balances prior to making content available to internal and external audiences.

The following options are available and priced separately based on client requirements: • Application design for SharePoint 2010 applications

• Application development and test of SharePoint 2010 applications such as SharePoint UI Designer / SharePoint Site Branding

• Migration of data into the Cloud UI for SharePoint environment • Ongoing content release and deployment management service

3 Installation and Support

3.1 Installation and Migration

CSC will work with the client to coordinate the installation and migration of the client’s Cloud IU for SharePoint environment. If there is an existing SharePoint environment in use with data which needs to be migrated into the new Cloud IU for SharePoint environment, CSC offers an optional migration service. The migration service consists of a written communications plan and a migration plan from the existing environment to the Cloud IU for SharePoint service.

3.2 Ongoing Support

CSC will support the Cloud IU for SharePoint environment as outlined in Section 3.3 “Operational Responsibilities” and will provide technical support to a named list of

administrators (“Administrators”) per client. All user administration issues will be handled by the client’s designated IT Administrator(s) who will have access to the management interface of the Cloud IU for SharePoint environment.

The client’s Administrators will be responsible for providing level 1 help desk support to its end users. The client’s Administrators will open a ticket with the CSC Call Center for level 2

technical support. For security reasons, only designated client Administrators may submit tickets to CSC.

Training on the use of the products that are included with Cloud IU for SharePoint is not included in this service. The client’s designated Administrator(s) are assumed to have administrative knowledge of Microsoft SharePoint 2010.

3.3 Operational Responsibilities

(6)

Cloud IU for SharePoint Responsibility

CSC Client Software licenses

Microsoft SharePoint 2010 license X

Windows Server Operating System, AntiVirus (server) X

Licenses required to support Cloud infrastructure X

MS SQL Enterprise X

SharePoint Administration

End User Help Desk X

SharePoint Application monitoring X

Load balancing X

Configure SharePoint farm X

Define SharePoint site X

Configure SharePoint Server Roles X

Backups of the SharePoint environment and data X

Create SharePoint Forms X

Administration of Enterprise Search X

Configure SharePoint to link to client’s Active Directory X

Enable administration of end user rights delegation. X

Enable SharePoint work flow capability X

SharePoint Central Administration X

MS SQL Database monitoring, troubleshooting, backups X

Cloud Infrastructure Management

Infrastructure (hardware and hypervisor) Monitoring and Troubleshooting X

Infrastructure Upgrades X

VM - Monitoring and Troubleshooting

VM - OS Patching X

VM - OS Antivirus X

VM – Backups X

Storage – Monitoring and Troubleshooting X

Storage - Configuration Changes X

Firewall – Configuration, Monitoring and Troubleshooting X

SharePoint Monitoring

Monitor CPU, Memory, Paging or other resource bottlenecks that may degrade application performance and take appropriate action.

X Check key service availability and provide manual or automatic restarts if

necessary

X Notify client of alerts/error conditions per the client notification matrix X

Resolve critical alerts and events 24/7. X

Track server uptime, response time, error conditions and other appropriate metrics

X Provide troubleshooting and escalate to client in accordance with client

notification matrix

X Provide monitoring of Cloud IU for SharePoint application tasks, services, and databases.

X Monitor performance of operating system and sub-systems 24x7x365 X End User Client Support

(7)

4 Cloud IU for SharePoint

Infrastructure

4.1 Architecture

The Cloud IU for SharePoint infrastructure is designed to offer 99.9% and 99.95% availability for “Gold” and “Platinum” respectively.

The redundant components of the infrastructure include: Internet access, storage, firewalls, load balancers, and virtual machines.

(8)

(9)

4.1 Security

CSC Cloud IU for SharePoint is a workload which resides on CSC’s Infrastructure as a Service (IaaS). As a workload or tenant Cloud IU for SharePoint inherits the physical and logical security features of CSC CloudCompute or CSC BizCloud as detailed in the next section. Note: These services apply to CSC BizCloud only when installed in a CSC Data Center.

4.2 Data Center Security Services

The following sections describe the data center-level security services that CSC provides as part of CSC Cloud IU for SharePoint.

4.2.1 Utility Network Intrusion Detection Services

(10)

Confidential – Computer Sciences Corporation Page 10 of 24 The Confidentiality Notice on the last page of this document is incorporated by reference. Rev. 1.2 CSC uses the latest NIDS technology from McAfee. CSC NIDS are provisioned in “detect” mode and CSC staff monitors these sensors for malicious/unauthorized activities on a 24x7x365 basis. When unauthorized access attempts or attacks are detected, CSC security operations staff is alerted and they investigate the alert. After false positive alerts are ruled out, remaining critical security alerts are escalated, following CSC’s Security Incident Response procedures as outlined below

4.2.2 Utility NIDS Incident Response

Utility NIDS probes are monitored on a 24x7x365 basis by CSC’s Security Team. Upon alert of suspicious activity, CSC utilizes the following approach to address and manage the incident to completion and mitigation.

 Detection: Utility NIDS analyzes, correlates and compares traffic for suspicious patterns and generate a security event.

 Confirmation: CSC security staff confirms a security event or rules it out as a false positive.

 Response: CSC security staff escalates confirmed security events to internal subject matter experts, engages our clients, and together we take mitigating actions to eliminate risks, contain, and recover from the security event.

4.2.2.1 Event Detection

Security event detection leverages management infrastructure common to each data center. Alert data flows from the Utility NIDS probes to the local management infrastructure. The

management infrastructure then correlates event information and, if appropriate, sends alerts to a centralized monitoring database. Alerts are then displayed at a central Security Operating Center and, based on the severity of the event, forwarded to senior security engineers for further

analysis and confirmation.

4.2.2.2 Event Confirmation

Prior to notifying the client of a security event, CSC works to investigate and confirm that a security event has taken place. CSC’s policy is to avoid unnecessary escalation to the client for unconfirmed alerts, and dedicates senior security resources towards the confirmation of the security event. Once a security event is confirmed, CSC’s Information Risk Management team will notify clients and engage them for event response and resolution.

4.2.2.3 Event Response

Once suspicious activity is confirmed (e.g. the activity is impacting the Cloud infrastructure or clearly has the potential to do so), CSC:

 Assesses the impact and categorizes the severity

 Minimizes risk to life first, then to the client’s business assets and data  Engages all required resources to support incident response

 Informs stakeholders per Response Time SLA requirements

(11)

 Records decisions and approaches for future reference  Follows procedures for maintaining confidentiality

Final resolution of any security event is managed by CSC’s Security team in conjunction with the affected clients, other CSC support teams and third-party suppliers as required. Final resolution may also involve temporary shutdown of affected virtual machine images, patching, firewall rule restrictions, and identification of the root cause of the attack for future forensics or law enforcement purposes as appropriate. CSC reserves the right to take any immediate action it deems appropriate without notice or consultation with clients if CSC believes such action is necessary to minimize serious harm.

4.2.2.4 NIDS Maintenance

CSC has selected technology that can be easily updated to look for new signature or patterns of attack behavior, and updates its Utility NIDS signature database within a maximum of 24 hours of the supplier’s release of a new signature.

4.2.3 Vulnerability Alert Management

Vulnerability alerts require an automatic, repeatable, appropriate, timely, and documented response in order to prevent potentially significant damage to CSC and client systems. As part of the security services CSC provides, CSC evaluates critical security alerts pertaining to CSC’s Cloud infrastructure. The Vulnerability Alert Management Process (VAMP) dictates the way in which threats to the CSC Cloud infrastructure are identified, categorized, and mitigated. The VAMP process guides CSC in determining the severity of a new vulnerability and in taking the necessary steps to help mitigate clients’ exposure to new security threats as they arise.

CSC subscribes to many Vulnerability Alert services in order to identify vulnerabilities that could impact the Cloud IU for SharePoint environment. CSC monitors software vendor security advisories primarily through CSC’s paid subscription to Symantec’s DeepSight Alert

Management System. This service provides e-mail, paging, and SMS notification to CSC’s risk management team detailing new security alerts on hardware, software, malware and viruses that could impact the overall security of the Cloud infrastructure.

4.3 Monitoring

(12)

4.4 Backup & Restore Services

CSC will provide file system backups for the Cloud IU for SharePoint environment. These backups will include the virtual environment settings, the operating systems, and SharePoint data.

Cloud IU for SharePoint provides file system backups through the use of a secure backup facility (firewall-protected backup network). CSC’s backup service for Cloud IU for SharePoint is a disk-based backup service within the local data center.

A full file system backup will be completed upon the initial installation of the virtual machine and monthly thereafter; a copy of the incremental changes will be taken daily. All backups will be retained for 30 days.

Clients can request restores from the disk backups, but cannot receive the actual disks. Clients requiring archiving to tapes or the ability to recover physical tapes back to their own facilities will require a custom service at an additional fee.

At installation, the following services will be provided:  Installation of backup client on virtual machines  Network access to Backup Infrastructure

 Initial test of backup service

As part of the ongoing operational service, the following services are included:  Problem management and fault isolation

 Restorations upon request

CSC monitors 24x7x365 for the following events:  Scheduled backup status

 Backup network availability

Pricing for backup services includes restores for the purpose of data recovery only. Data recovery is defined as the restoration of data that has been lost or corrupted due to system

crashes, erroneous deletions, or other unplanned events. In the event that a client requests CSC to restore data for reasons other than data recovery, additional charges may apply.

4.5 Disaster Recovery

For Cloud IU for SharePoint “Platinum”, CSC will provide additional capacity at a secondary data center in order to provide an active-passive configuration and automatic failover.

(13)

 Replication of client’s Cloud IU for SharePoint environment (including data, applications and network configurations) to the secondary data center

 Failover of client’s environment to the secondary data center in the event of a disaster or upon request by client.

 Annual DR test

5 Account Management Services

Detailed work flows and the description of the day-to-day operational support is contained in the Client Operations Guide which is provided separately.

5.1 Service Delivery

CSC’s Service Delivery Group provides project management services to clients during implementation of the client’s Cloud IU for SharePoint environment. These services are provided by CSC’s Service Delivery Managers who adhere to common methodologies prescribed in the Project Management Body of Knowledge.

The Service Delivery Manager acts as the client’s primary point of contact, interacting with the client and with the appropriate CSC personnel to support the client.

The Service Delivery Manager will provide the following services:

 Verification of order details

 Identification of client dependencies (client responsibilities upon which the completion of the project is dependent)

 Act as liaison between Company and Supplier

 Ensure that Root Cause Analysis (RCA’s) are completed

 Escalation point for any Incidents or Service Requests

 Communication Lead on behalf of Supplier for any instances where end user or Company communication is required

 Supplier point of contact for any onboarding requirements

 Provide and present service delivery reports

(14)

5.2 Change Management

A change is any action to the Cloud IU for SharePoint infrastructure which, when taken, alters the system configuration or the current state of the client’s Cloud IU for SharePoint environment — whether it is an upgrade, modification, or addition.

CSC’s Change Management process involves a formal review of each proposed change by a cross-functional team of managers and/or technicians who are responsible for approving the steps for all qualified change-control activities. This approval process is part of a checks-and-balances approach to make sure that appropriate planning has taken place and proper advance notice has been given to all parties before the change activity begins.

All scheduled changes and maintenance services for the infrastructure are performed during the defined maintenance windows set forth below. In the event that a break-fix change is required, and CSC needs to implement the change outside the defined maintenance window, CSC will notify the client as soon as possible.

Scheduled Maintenance Windows:

 1st weekend of each quarter - 7:00PM Saturday - 7:00AM Sunday

 First Friday/Saturday of the month excluding above window – 9:00PM - 6:00AM

5.3 Event Management

As part of the services provided to every Cloud IU for SharePoint client, CSC uses a comprehensive Event Management process for detecting, reporting, addressing, resolving, closing and preventing problems impacting service. When a service event or problem occurs, CSC’s primary goals are:

 To resolve the problem and/or return to an operational state in the minimum time possible.

 To provide timely notification and ongoing communications with the client’s technical/management personnel

 To work with the client to identify any remaining issues and institute corrective/preventive measures

Clients can report problems by opening tickets through the CSC Service Delivery Portal or by calling the helpdesk.

5.4 CSC Service Delivery Portal

The following services are available to clients through the CSC Hosting Portal:

5.4.1 Reporting Center

(15)

Backup Reports

CSC’s Backup Reports provide information about the amount of data that was backed up on a specific date and the success of those backups.

Change Management Reports

CSC’s Change Management Report displays all of the changes that have been made to a client’s environment in a given month. This report gives clients the ability to track changes that affect their environment.

Hosting Bandwidth Utilization Report

The Bandwidth Utilization Report provides clients with the ability to view a graphical representation of their Internet bandwidth utilization.

Each report graph shows bandwidth traffic (inbound, outbound and total), and displays data on daily, weekly and monthly bandwidth usage. The daily and weekly reports show the actual bandwidth usage; the monthly reports shows actual usage and the 95th percentile mark used for billing. A CSV file can be downloaded including the raw data for the Bandwidth Utilization Report, allowing clients to manipulate and utilize the data for their own reporting methods.

Service Incident Reports

CSC provides a Service Incident Report at the conclusion of all significant service-impacting events. This report includes a summary of the event, details the timeline of events, explains the problem resolution, and provides root cause analysis. As a control mechanism to limit future reoccurrences of an issue, this report also defines preventative measures and risk mitigation steps.

Real-Time Systems Performance Reports

The Real-Time System Performance Reports provide statistics on the virtual machines that make up the client’s Cloud IU for SharePoint environment. Performance data is provided in a graphical format through a configurable interface, giving clients the ability to access these detailed and rich reports with ease. Clients have the ability to select the virtual machine, reporting attribute (e.g., CPU utilization, disk I/O) and time interval (e.g., daily, weekly, monthly). These systems performance reports are polled in near real time and are displayed with a color coded key and numeric values for minimum, maximum and averages values over the time frame for the particular metric.

5.4.2 Ticket Center

CSC provides clients with a Web-based client service system that is integrated into the workflow and ticketing tool that CSC’s support teams utilize for problem management and service

(16)

5.4.3 Billing Center

The CSC Service Delivery Portal Billing Center provides detailed line item monthly billing information for CSC clients. The invoice information provided on the Portal is viewable at the line item level and can be rolled up to allow an aggregate look at monthly fees.

Access to billing information is limited to the users specified by the client.

6 Service Level Agreements (SLAs)

6.1.1 Cloud IU for SharePoint Gold

The Availability SLA for Cloud IU for SharePoint Gold is 99.90% uptime. Clients will be entitled to a credit of 1/30th of the applicable monthly recurring charges for any calendar month in which Cloud IU for SharePoint is unavailable for forty-three (43) minutes.

Availability means that the client can access Cloud IU for SharePoint.

Availability will be based on a client’s cumulative outages over a calendar month.

In order to qualify for this SLA, the client’s applications within client’s virtual data center must be capable of failover to separate virtual machines. Applications other than the O/S and web servers may require redundant virtual machines in order to achieve 99.90% uptime.

Note that in the normal course of a failover, the time to it takes for one server to fail over to another may take several minutes. This failover timeframe is considered normal and is therefore counted as uptime.

6.1.2 Cloud IU for SharePoint Platinum

The Availability SLA for the Cloud IU for SharePoint Platinum primary site is 99.95% uptime. Clients will be entitled to a credit of 1/30th of the applicable monthly recurring charges for any calendar month in which the client’s Cloud IU for SharePoint is unavailable for or twenty-two (22) minutes.

Availability means that the client can access Cloud IU for SharePoint.

Availability will be based on a client’s cumulative outages over a calendar month.

6.2 Response Time SLAs

CSC’s Response time SLA’s (otherwise known as “Time to Respond” which does not include Resolution) assures all clients are entitled to reimbursement of 1/30th of their applicable monthly recurring charges for any calendar month in which CSC fails to notify the client or respond to events within the timeframes outlined in the schedule below.

(17)

Confidential – Computer Sciences Corporation Page 17 of 24 The Confidentiality Notice on the last page of this document is incorporated by reference. Rev. 1.2  “Notify” means that CSC will call back or respond electronically to the designated client contact.  “Respond” means that CSC will begin working on the problem and/or ticket item, e.g., by calling

the client back to clarify the issue or by starting the technical investigation.

 “Mean Time” is defined as the arithmetic mean; all occurrences for a severity level will be averaged over a calendar month.

Level Mean Time to Respond to Event Mean Time to Notify Client

Severity 1  If the client calls the Call Center, the ticket is logged real-time and CSC will Respond by a hot hand-off to the appropriate technician while the client is still on the phone.

 If CSC has received notice through a monitoring alert or the client has opened the ticket by any means other than calling the Call Center, CSC will Respond within 30 minutes from the initial alert or receipt of the ticket

Once CSC has confirmed that a Severity 1 event has occurred, CSC will Notify the client of the issue within 30 minutes from the initial monitoring alert.

Severity 2  If the client calls the Call Center, the ticket is logged real-time and CSC will Respond by a hot hand-off to the appropriate technician while the client is still on the phone.

 If CSC has received notice through a monitoring alert or the client has opened the ticket by any means other than calling the Call Center, CSC will Respond within one (1) hour from the initial alert or receipt of the ticket

Once CSC has confirmed that a Severity 2 event has occurred, CSC will Notify the client within one (1) hour from the initial monitoring alert.

Severity 3 CSC will Respond within one (1) business day from receipt of the ticket.

Once CSC has confirmed that a Severity 3 event has occurred, CSC will Notify the client within one (1) business day from the initial monitoring alert. Severity 4 CSC will Respond within four (4) business

days from receipt of the ticket.

Not applicable

For purposes of the Response Time SLAs, the Severity Levels are defined as follows:

 Severity 1: Complete loss of infrastructure connectivity or server functionality so that end users are unable to access Client’s Web site(s) or application(s); or a critical security event such as a CSC-confirmed security incident on a CSC Managed server.

(18)

Confidential – Computer Sciences Corporation Page 18 of 24 The Confidentiality Notice on the last page of this document is incorporated by reference. Rev. 1.2 in CSC’s sole reasonable discretion, that if not corrected could result in an outage or loss of client data; or a major security event that degrades or could degrade service.

 Severity 3: Single member of redundant unit or circuit has failed, but there is no impact on end users or any degradation of service; or material degradation or loss of a non-critical business function; or services are functioning normally, but an individual experiences a problem; or a non-critical security event that does not impact performance.

 Severity 4: A service request that is not a problem, for example, a request to install software, change firewall rules, open accounts or provide access.

6.3 Credits and Remedies

6.3.1 Definition of Applicable Monthly Recurring Charges

Applicable monthly recurring charges consist of the:

 Standard monthly recurring fees for the Cloud IU for SharePoint virtual Data Center. The SLA credit will not include charges for:

 Excess usage fees

6.3.2 SLA Credits

Clients apply for SLA credits using CSC’s reimbursement claim process; details of this process are included in the “how to” procedures provided to all Cloud IU for SharePoint clients.

The total amount of the client’s SLA credits shall not exceed the client’s applicable monthly recurring charges for the CSC Cloud IU for SharePoint services in any bill cycle.

CSC’s failure to meet any service level agreement will be excused to the extent the failure is due to any of the following:

 regularly scheduled maintenance or service upgrades;

 intentional shutdowns due to emergency interventions and/or responses to security incidents;

 problems with third-party components for which fixes have not been provided by the supplier;

 the applications and/or data placed by the client on its virtual servers (i.e. Content);  any components that are not managed by CSC;

 configuration changes initiated by the client;

 the client’s failure to observe the security and upgrade policies set forth in Appendix B

CSC Cloud Policies;

 the acts or omissions of the client, its employees, agents, consultants, suppliers or end-users; or

(19)

7 Time and Materials

Upon the client’s request and prior approval by CSC, CSC will perform on a time and materials (“T&M”) basis tasks that are the client’s responsibility under the services chosen by the client. There are two options for T&M services: Pre-Approved or Pre-Purchased Blocks of T&M. The benefit of Pre-Approved T&M is that it allows the client to obtain T&M services without having to execute an Order each time a request is made.

 Pre-Approved T&M – Once the client has executed an Order that authorizes Pre-Approved T&M, the client requests support on an as-available basis by opening a ticket with CSC’s call center. CSC provides the client with an estimate of the number of hours required to complete the work; the client then provides e-mail approval to CSC for the work to proceed. Pre-Approved is CSC’s preferred method for delivering T&M services to clients.

 Pre-Purchased Blocks of T&M – Under this option, the client purchases a defined number of T&M hours via an Order. Once the Order is executed by the client and CSC, the client simply contacts their assigned service delivery manager for all service requests. The service delivery manager tracks the number of labor hours used as each request is received and notifies the client when they are running low.

(20)

Appendix A: Software

A.1 Software Licensing

CSC offers the following options for software licensing:

 Use – CSC retains all rights to the software, and grants the client a license to use the software only during the client’s service period. The client has no rights to the software after the expiration or termination of the client’s hosting agreement with CSC and/or the applicable Order. To the extent any software provided under a Use license includes components licensed under open source licenses, those components are provided under the Open option described below.

 Open – Software that is freely licensed under a GNU General Public License or other Open Source license, including but not limited to various UNIX utilities that are part of the Standard O/S Build, is provided to the client under the terms of the applicable GNU or Open Source license. The client has all rights to the software granted by the applicable license, including any rights to the source code of the software.

 Open Plus – CSC obtains maintenance and/or technical support for an Open software application from a third-party supplier. The client has the same rights to the software as under the Open option above.

 Client-Provided – The client retains ownership of the license to the software. If the client requests CSC to install the software, the client is responsible for providing the license contract number to CSC prior to installation.

A.2 Software Maintenance

For the Use, Purchase and Open Plus options, software maintenance is included in the fees for the software.

For Client-Provided licenses, the client is responsible for obtaining maintenance from the software vendor.

(21)

Appendix B: CSC Cloud Policies

B.1 Support & Upgrade Policy

If, during the client’s service period, the applicable software vendor reduces its support of CSC-licensed software that has been installed on the client’s Cloud IU for SharePoint environment, the following terms shall apply:

 Reduced Vendor Support – CSC will continue to support the applicable CSC-licensed software as far as possible given the level of support provided by the software vendor. For example, CSC will continue to install necessary patches for as long as the vendor continues to supply them. If Reduced Vendor Support results in an increase in CSC’s costs to support the CSC-licensed software, then CSC will, at its sole discretion, either increase the client’s service fees or make a corresponding reduction in CSC’s level of support.

 End of Support Life – Once the vendor completely stops supporting the CSC-licensed software, CSC will no longer provide support for the CSC-licensed software. CSC may allow the CSC-licensed software to remain part of the client’s Cloud IU for SharePoint environment through the end of the client’s then-current service period, provided the CSC-licensed software poses no security or operability risks to the client’s Cloud IU for SharePoint environment or to the Cloud infrastructure.

In the event that (i) CSC informs the client that a component of the client’s Cloud IU for SharePoint environment (even if such component is managed and/or maintained by the client) needs to be upgraded because:

 It is CSC-licensed software subject to Reduced Vendor Support or End of Support Life, and/or:

 Failure to upgrade is causing or is likely to cause a degradation of the client’s Cloud IU for SharePoint environment or operational problems in the Cloud infrastructure, and/or:  Failure to upgrade poses a security risk to the client’s Cloud IU for SharePoint

environment, the Cloud infrastructure and/or other CSC clients,

and (ii) the client chooses not to upgrade, then the client assumes all risks related to the failure to upgrade, including any increased costs to CSC.

Such costs may include, but are not limited to, the cost of fixing any problems on the client’s Cloud IU for SharePoint environment caused by the failure to upgrade. In the event that such failure to upgrade causes an outage to the client’s Cloud IU for SharePoint environment, client’s Availability Service Level Agreements will not apply. CSC also reserves the right to uninstall the application and/or suspend the client’s access to the applicable virtual machine to mitigate security or operability risks.

(22)

Confidential – Computer Sciences Corporation Page 22 of 24 The Confidentiality Notice on the last page of this document is incorporated by reference. Rev. 1.2 In the event that the client’s failure to upgrade has a negative impact on CSC or its other clients, such failure may be considered by CSC to be a material breach of the client’s agreement with respect to the relevant services.

Note: All software version upgrades will be at the client’s expense. CSC-required software patches and service packs are included in CSC Managed Support for the software, but will be at the client’s expense if the software is Client Managed.

B.2 Chronic Problem Policy

A Chronic Problem is any problem that:

 Sets off CSC’s monitoring alerts and/or causes CSC to expend resources identifying the cause of the problem; and

 CSC’s support staff has identified as having a root cause that requires the client to take action (e.g., the problem is caused by client content and/or client managed software needs to be upgraded, etc.); and

 Has been communicated to the client by CSC.

In the case of a Chronic Problem, the client has the following choices:  The client may fix the Chronic Problem.

 The client may remove the relevant content from the client’s Cloud IU for SharePoint environment.

(23)

Appendix C: Terms & Conditions

C.1 Client Responsibilities

The client is responsible for:

 Providing accurate and complete information to CSC upon CSC’s request  Designating the technical and administrative contacts required by CSC  Supporting the provisioning process as required

 Performing all operational tasks that are the client’s responsibility under the services chosen by the client.

 Abiding by CSC’s standard policies and procedures for CSC Cloud services.

C.2 Installation

Installation will be complete when the following criteria have been met:

 The client’s Cloud IU for SharePoint environment is provisioned in the CSC data center.  Monitoring (as applicable) has been activated and is reporting messages to the

appropriate CSC monitoring station

(24)

Confidentiality Notice

CONFIDENTIAL – COMPUTER SCIENCES CORPORATION (CSC). The information contained in this document constitutes valuable and confidential proprietary information of CSC. No license to any technology or intellectual property rights of CSC, or their affiliates, subsidiaries or their licensors is granted or to be implied through your receipt of this document. You may use this document only in connection with your evaluation or use of the services that are the subject of this document. You may not otherwise use, and you may not reproduce, or disclose to any third party, this document or any of its contents without the express prior written permission of CSC. By accepting receipt of this document you agree to the above terms. If you do not agree to those terms you must immediately return all copies of this document to your CSC Account Manager and you may not use any of the information contained in this document for any purpose.

Cloud IU for SharePoint. Service Description