• No results found

ADDITIONAL CONTRACTUAL TERMS RELATING TO THE PROVISION OF MANAGED SERVICES

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "ADDITIONAL CONTRACTUAL TERMS RELATING TO THE PROVISION OF MANAGED SERVICES"

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

ADDITIONAL CONTRACTUAL

TERMS RELATING TO THE

PROVISION OF MANAGED

SERVICES

ACT Document Version:

3.0

Customer Document Version: 1.0

Issue Date: XXXXXX

(2)

Table of Contents

1 INTRODUCTION ... 3

2 SFW’s general obligations with respect to the provision of services under the SLA

... 3

3 Customer Obligations ... 3

3.1 Layer 2: Operational Support - Specific Customer Responsibilities and Obligations when SFW is Managing Equipment Hosted at Customer Premises... 5

3.2 Layer 3: Applications Support – Specific Customer Obligations ... 6

4 Inclusive Services: General Exclusions ... 6

5 Variations to Costs ... 6

5.1 Variations, Additions and Reductions of Service ... 7

5.2 Change Requests ... 7

5.3 Call-Off Services ... 7

6 Performance of the Services: Standards and Locations ... 8

6.1 Sub-Contracted Services ... 8

7 Security Clearance... 8

8 Insurance ... 8

9 Length of Initial Contract, Automatic Services Renewal ... 8

9.1 Initial Contract ... 8

9.2 Contract Renewals ... 8

9.3 Price Indexing ... 9

9.4 Price Changes to SFW Services in addition to the RPI. ... 9

10 Termination ... 9

10.1 Termination by the Customer ... 9

10.2 Termination by SFW ... 9

11 Special Data and the Obligations to Process Data According to Data Protection

Legislation ... 9

11.1 Special Conditions Relating to Data Covered by Government Data Protection Legislation .... 10

11.2 Special Conditions relating to Data Subject to other Regulatory Regulation or Special Handling ... 10

11.3 Customer and Subcontractor Handling of Special Data ... 10

11.4 Customer Handling of Special Data ... 10

(3)

1 INTRODUCTION

These Additional Contractual Terms (ACT) comprise the third component of the Managed Services Document Set (MSDS), the others being:

 The Service Description (the SD) giving a description of all services to which the Customer can subscribe

 The Service Level Agreement (the SLA) setting out the actual services taken, and for each the extent of provision, and the levels associated with each service.

The purpose of this document is to segregate contractual terms which apply only to the supply of on-going hosting and support services under a SLA as these are generally supplementary to the main contractual terms (either SFW’s, the Customer’s or a hybrid of both), which are specifically concerned with initial project costs and deliverables such as the provision of professional services, equipment, and licence supply. By being kept separate they do not obfuscate the main terms, and may be more easily appended on a modular basis to the overall contractual framework being used.

2 SFW’s general obligations with respect to the provision of services under

the SLA

SFW’s general obligations are to:

 Provide and keep available the equipment, resources and infrastructure and provide the services as described in the SFW Service Description, to the extent and standards set out in the SLA

 Make reasonable endeavours to deliver the service within the contracted timescales  Perform all regular recurring tasks related to the individual service being offered  Follow the procedures in the SLA with respect to the handling of incidents and service

requests, and when requesting authorisation for any additional costs

 When handling data covered by Data Protection legislation, and either when notified of this by the Customer, or when reasonably able to infer this directly (for instance when SFW is aware of the data types being processed as part of applications support provision), to observe the relevant provisions of that legislation

 Keep metrics on the services being provided

 Keep records of activity and provide these on request.

3 Customer Obligations

The Customer obligations include:

 To provide contractual, management and operational contacts, deputies and

escalation contacts, who will be available during working hours and out-of-hours if this level of cover is selected

(4)

 To provide SFW with timely updates on changes to key personnel, contact information, or environment changes that could impact the supported services  To provide a timely response to requests for clarification and further information  To authorise organisations or individuals engaged in providing services in support of

the overall service which SFW are delivering which are not sub-contracted directly to SFW (e.g. hardware support organisations) to take instructions from SFW regarding such service provision when necessary

 Where Operational and / or Applications Support services are being provided, not to interfere with, or change, the systems and software being supported (unless providing support to SFW on solving a problem or implementing an SFW approved change). This includes (but is not limited to):

 adding new software to servers which SFW is monitoring

 performing restarts to such servers without prior notification and agreement

 changing configuration of servers or managed equipment

 changing applications software without prior notification and agreement

 making changes to the database or running queries on it other than via the applications being provided

Any systems unavailability arising from such work or changes will not be counted when calculating the service metrics. Additional work undertaken by SFW as a result of such changes will be charged by SFW over and above any normal contract charges.

 To ensure that services provided over the internet running on equipment or hosting facilities provided or managed by SFW are legal according to UK and EEC law and otherwise to comply with all applicable law relating to its conduct and business.  To comply with any terms and conditions of usage mandated by the sub-contract ISP

(for instance regarding web site content)

 Where the Customer provides Software Licences and / or licence keys to run on equipment installed, configured or managed by SFW, to ensure that all relevant software licences or other agreements (including without limitation in relation to hypervisor or other virtualisation software and any other agreements impacted by any kind of virtualisation) are obtained and maintained in force for legal operation, and to provide proof of such when requested by SFW or the Licensor

 To ensure that it has appropriate back up, business continuity and disaster recovery arrangements in place for all relevant purposes [to the extent that SFW is not involved in the provision of any of these services]

 Where any services that SFW are providing are in or for a hosted or Cloud environment [and to the extent that SFW is not involved in providing these,] the Customer acknowledges and agrees that SFW does not bear any responsibility for communications via the Internet and the Customer will maintains in force (i)

appropriate contracts with the suppliers of all relevant services and facilitates their cooperation with SFW to the extent necessary to enable SFW to provide the services it has agreed to provider; (ii) operates appropriate measures relating to the security of its data

 Where the services that SFW are providing to it involve the personal data (i.e. data referable to a living individual), to ensure that all processing, storage, transmission and

(5)

other actions in relation to such personal data comply with the Data Protection principles and otherwise with the Data Protection Act 1998 and any re-enactment or replacement legislation and/or similar legislation in any other country (“Data Protection legislation”)

 To acknowledge and agree that where SFW is carrying out any activities in relation to personal data under the Data Protection legislation that SFW is acting as data

processor only and that the Customer acts as data controller  To notify SFW specifically when of any data being handled:

 Is covered by Data Protection legislation

 Is subject to any other regulatory requirement specific to the data type or otherwise

 Is of ‘high value’.

 If data should be stored under a special storage requirements

3.1 Layer 2: Operational Support - Specific Customer Responsibilities and

Obligations when SFW is Managing Equipment Hosted at Customer

Premises

These additional terms relate only to the Layer 2 Operational Support Services only (see section 4 of the SLA). The Customers obligations include:

 To provide remote access facilities including a method of electronic access for SFW to communicate with, monitor and control the equipment and virtualisation and other operating system software being managed

 To ensure that SFW controlled servers are fitted with remote management cards or other devices which can force a hard restart. Otherwise relevant incidents requiring a restart will be frozen until ‘Helping Hands’ are available at site, or in the event that these are not available a site visit (which may involve additional costs) will be made to do this

 To delegate operational management of the equipment to SFW  To provide site access by arrangement

 To make arrangements for out-of-hours access if any hardware diagnostics or repair work is necessary during this time. If not, then incidents requiring this will be frozen  To provide emergency access to “Helping Hands” services to carry out tasks under

SFW direction, otherwise incidents will be frozen until a site visit can be made

 (Where out-of-hours cover is taken) to provide an out-of-hours escalation contact who has the authority to authorise or deny SFW actions necessary for the restoration of service which:

 may involve additional costs to the Customer above any pre-authorised threshold

 which, in SFW’s opinion, may involve risk to the Customer’s infrastructure and / or the service being provided.

 In order to provide the service levels indicated, customer equipment, data and

telecommunications facilities must have adequate maintenance and service contracts in place.

(6)

3.2 Layer 3: Applications Support – Specific Customer Obligations

These additional terms relate only to the Layer 3 Applications Support only (see section 5 of the SLA). These are:

 To provide a first line support helpdesk via which requests will be received and responses given, and to filter queries and provide desktop support when this is needed.

 To provide helpdesk and other authorisation contacts in Schedule 1 of the SLA, prior to the start of the contract.

 (Where the application is not hosted by SFW) to provide a suitable hosting environment, operational support and remote access for diagnostic and software update purposes.

 To provide a user contact and a deputy, who will be available to provide ‘hands on’ assistance to SFW support staff on site by running SFW directed tests, reporting results, etc.

4 Inclusive Services: General Exclusions

There are a number of general exclusions to the work covered by fixed price elements of any supply contract unless they have been specifically included in Schedule 2 of the SLA. These are:

 Any work which is carried out on site due to remote access restrictions, over and above any site visit allowance set out in Schedule 2 of the SLA

 Any development work e.g. change controls, unless covered under a pre-defined ‘call-off’ allowance, as part of the contract take-on or as otherwise specifically agreed in writing

 Remedial work arising as a result of changes made to the configuration of the system, data or software by the Customer that have not been assessed and agreed with SFW before hand

 Restoration of systems and data after a failure caused by:

 malicious attack on the computer infrastructure

 modification or corruption of the system by the Customer

 any fatal applications error which corrupts the system or its data, unless this is covered by SFW’s Applications Support Service

 a major disaster, unless this is covered by SFW’s Disaster Recovery Service

 invalid operator or user action (such as data deletion), to the extent that it exceeds any thresholds set in Schedule 2 of the SLA

 Additional work requested by the Customer over and above SFW’s standard processes and procedures required to conform with the Customer’s internal procedures.

However, SFW will optionally perform excluded tasks on customer request, as Change Requests.

(7)

5 Variations to Costs

The following processes are used to obtain authorisation to carry out work not covered by any fixed cost element of the contract, to agree variations or additions to the services being supplied, or to process change requests, for example for software enhancements or the supply of additional equipment.

5.1 Variations, Additions and Reductions of Service

Costs for additional services or extensions of existing ones will be set out in a SFW quotation or Change Request and provision of these services will commence on

acceptance of the quotation or Change Request by the Customer. Where the new service is on-going, for instance hosting new equipment or maintaining a new software system, the SLA schedules are not normally modified until the annual renewal, when any services added by the Customer during the year are included in the renewal notice and SLA. For the avoidance of doubt, any changes made to Customer systems by SFW are immediately supported. Where possible, additional services are charged pro-rata to the contract renewal date.

Subject to the proper notice (See Section 10) variations or deductions reducing the services being taken are similarly treated, in that they are refunded pro-rata up until the contract renewal date.

5.2 Change Requests

These may be raised either by the Customer or by SFW:

 A ‘Change Request’ is raised setting out a request for changes or additions to the services being delivered and / or software being supported.

 When the initial request comes from the Customer, SFW will respond to this request giving the cost, timescales for execution (if not predefined by the SLA), any inputs required, dependencies, likely effects on performance and incremental on-going support costs. When the initial request comes from SFW the information above will also be included.

For changes which cannot easily be estimated due to a requirement to carry out scoping or design work, SFW will in the first instance submit a quotation for study or ‘impact assessment ‘.

See the Section 7.4 of the SLA and Appendix E of the Service Description for more information about change request processing.

5.3 Call-Off Services

Where a contract and SLA comprises an element of ‘call-off’ time, then on reception of a request for such time (whether oral or written) from a Customer representative who SFW reasonably believes to have authority to place such a request, SFW will execute the request, and keep a log of the time expended against the overall time allowance

provisioned. SFW will inform the Customer when there is insufficient call-off time left to service a request.

(8)

6 Performance of the Services: Standards and Locations

Unless stated otherwise in Schedule 2 of the SLA, the services being performed under this SLA will be delivered:

 to the operational procedures and standards set out in SFW’s own quality management systems. These are ISO9001 and ISO27001 accredited.  From any of the offices and locations where SFW operates.

6.1 Sub-Contracted Services

Some services such as provision of hosting space and equipment repair are

sub-contracted to specialist providers. When this is the case relevant sub-contractor’s terms will be passed on to the customer. By way of example, the provision of hosting and Cloud services is subject to various customer obligations concerning acceptable content.

SFW’s obligations are to manage the delivery of the subcontractor’s services using a reasonable and appropriate level of skill and care.

The list of sub-contractors used, and their terms of supply are set out in Schedule 1 of the SLA.

7 Security Clearance

Unless stated otherwise in Schedule 2 of the SLA, SFW staff delivering the services specified in this SLA will have undergone basic security clearance.

8 Insurance

Unless specified in Schedule 2 of the SLA, Customer computer equipment, software assets, or data will not be insured by SFW. Therefore the Customer is strongly recommended to insure their equipment and licences when at SFW’s premises, and against data loss.

9 Length of Initial Contract, Automatic Services Renewal

9.1 Initial Contract

Unless stated otherwise in the contract, SFW’s Managed Services contracts and sub-contracts run for an initial period of 1 year. The exception is for some equipment rental contracts where there may be a longer initial period. Where this is the case it will be clearly stated.

(9)

9.2 Contract Renewals

Where the contract is on an annual basis, for continuity of service, the default for all services is automatic annual renewal, with price indexing calculated as set out in clause 9.3 below, and subject to the Customer’s and SFW’s termination rights set out in clause 10.

9.3 Price Indexing

For multi-year contracts or on renewal of annual contracts SFW will adjust prices at the time or renewal by the change in the UK Retail Price Index (RPI), over the previous annual period.

9.4 Price Changes to SFW Services in addition to the RPI.

For contracts let on an annual basis, SFW reserves the right to propose price increases prior to renewal and to pass on increases from subcontractors, in addition to any changes caused by movement in the [RPI], but will give at least 45 working days of any such notice when these are under SFW’s control, and 30 day notice when they are from sub-contract service providers. The Customer will be deemed to have accepted these should no objection be received prior to the commencement of the new period of service. In the event that agreement cannot be reached then SFW or the Customer may optionally elect to terminate the contract as set out in clause 10.

10 Termination

10.1 Termination by the Customer

The Customer may terminate any time after the initial contract period, subject to the provision of 3 months’ notice, save for the following:

 Any customer-dedicated equipment supply by SFW where the cost of such supply is being amortised over a longer period. In this circumstance, there will be an additional charge on termination equal to the outstanding book value of the asset at the time of termination.

 Any sub-contract services where the renewal dates for sub-contracts cannot be terminated on the same notice period (e.g. some hosting costs, annual hardware maintenance, license renewals). In such cases any outstanding charges will be billed

10.2 Termination by SFW

SFW may terminate at any time after the initial contact period, subject to the provision of:  3 months’ notice, if prices for the new service period cannot be agreed within 3 months

of notification

 6 months’ notice otherwise.

11 Special Data and the Obligations to Process Data According to Data

Protection Legislation

(10)

‘Special Data’ includes any of:

 Data covered by the relevant Data Protection Legislation.  Data covered by other regulatory conditions

 ‘High Value’ data, i.e. data which if lost would be difficult or impossible to reconstruct, and / or result in significant losses for the Customer

11.1 Special Conditions Relating to Data Covered by Government Data

Protection Legislation

The Customer will inform SFW if any of the Customer’s data being processed is covered by Data Protection Legislation, and if so its data type.

SFW is aware of its obligations with respect to the UK Data Protection Act and a definition of the relevant types under the UK Act, is set out in Appendix A. Where SFW is holding and processing data for non-UK Customers, then these Customers must inform SFW of any additional or specific provisions their own legislation requires in addition to the requirement in the UK.

In the UK, the categories for which notification is required are: a) Personal Data

b) Sensitive Personal Data

These data types will be handled in accordance with SFW’s Data Protection, IT Security and Data Transfer Policies.

11.2 Special Conditions relating to Data Subject to other Regulatory

Regulation or Special Handling

If data being processed is subject to other regulatory or special handling requirements, the Customer will inform SFW of this beforehand. SFW will assess the Operational and

Backup procedures being used (by SFW) for compliance, and report the findings to the Customer, and discuss and agree any necessary changes of procedure to achieve compliance and any additional costs of providing this might entail. An example of such data is ‘Restricted Data’ as defined in Appendix A below.

11.3 Customer and Subcontractor Handling of Special Data

Where services are sub-contracted to third parties, SFW will request a statement of compliance to SFW’s own Information Handling Requirements, and any gap between actual and recommended practice will be risk assessed, and if the risk appears significant, SFW will report this to the Customer, discuss with the Customer how they which to

proceed, and if appropriate attempt to reduce the risk by some form of remedial action.

11.4 Customer Handling of Special Data

Where the Customer, or the Customer’s own agents are responsible for handling of Special Data, SFW is not responsible for ensuring compliance to regulations, or for the effectiveness of any backup archive processes. However, SFW will perform a handling assessment as an additional task if requested.

(11)
(12)

Appendix A: Definition of Special Data Types

The definitions of these types are taken from the UK Data Protection Act of 1998. As such SFW’s handling of this data must be in accordance with the provisions of this Act.

a) Personal Data

The Data Protection Act 1998 defines personal data as:

“…data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual”.

Such personal data might include, but not be limited to:  Name  Address  Telephone Number  Age  Date of Birth  Qualifications

 Education and employment history

 A unique reference number, if that number can be linked to other information which identifies the data subject.

b) Sensitive Personal Data

The Data Protection Act refers to certain types of data as “sensitive personal data”. This might include, but not be limited to data which relates to the subject’s:

 Racial or ethnic origin  Political opinions

 Religious beliefs or other beliefs of a similar nature  Trade union membership

 Physical or mental health or condition  Sexual life

 Commission or alleged commission of any offence

 Any proceedings for any offence committed, or alleged to have been committed.  Credit card details

 National Insurance numbers

The processing of sensitive data must only be performed in accordance with protocol and the law.

c) Protected Personal Data

This definition relates to any material that links an identifiable individual with information that, if released, would put them at significant risk of harm or distress, or alternatively any source of information relating to 1000 or more individuals that is not in the public domain, even if the

(13)

d) Depersonalised Data (from Personal Data)

Depersonalised data are individual records from which it is not possible to identify any living individual – i.e. all the fields from which the individual could be identified have been removed. These fields include, but are not limited to: name, address and telephone number.

Depersonalised datasets on their own will not directly identify individuals. However, it may be possible with depersonalised data to match them to other data held externally, and to produce a dataset containing personal information, or to directly identify individuals from the matched data. Therefore SFW treat depersonalised data as personal data and give them the protections of the Data Protection Act 1998 unless the data is sufficiently anonymised.

e) Restricted Data

Data provided by a Customer that is sensitive information to which access is restricted by law or regulation to particular classes of people. It is information or knowledge that might result in loss of an advantage or level of security if disclosed to others who might have low or unknown trustability and/or indeterminable or hostile intentions.

f) Aggregated Data

Aggregated data are data which are summarised to produce a generalised or high level result. An example of this would be the summary results of a Customer satisfaction survey.

There is sometimes a slight risk that aggregated data may still allow individuals to be identified if results or analysis produce very small numbers. To safeguard individual’s rights and to manage risk, aggregated data which comprise less than five individual records should be regarded as personal data and given the protection of the Act

g) Data Not of a Personal Nature

Any data that does not fall into the category of personal data will generally not be covered by the Data Protection Act 1998.

References

Download now ( PDF - 13 Page - 547.05 KB )

Related documents

Breeding Strategies for Maintaining Colonies of Laboratory Mice

How Many Breeding Females are Needed to Produce 40 Male Homozygotes per Week Using a Heterozygous Female x Heterozygous Male Breeding Scheme With 15% Non-Productive Breeders.

Data is at the heart of deliverability

Confirmed (closed loop) opt- ins ensure that people also receive a confirmation email following an opt in request.. It notifies them that some action is necessary before their

RF Diode Design Guide

• KIT604-10A Silicon PIN Beam-Lead Diodes for High-Frequency Switch Applications • KIT603-10A Silicon PIN Diode Chips for Switch and Attenuator Applications • KIT607-10A

Agreement on Contract Data Processing

1.1 YOOCHOOSE processes the customer’s data (comp. Section 3.1) on behalf of the customer to meet its contractual obligations pursuant to the ASP Agreement. Section 3.2), YOOCHOOSE

Editorial: legal education and Information & Communications Technology (ICT)

The convergence of online and face-to-face teaching methods via learning management systems such as WebCT or Blackboard, for example, is creating new learning situations for

Discurso de ódio em redes sociais e reconhecimento do outro: o caso M. = Hate speech in social networks and recognition of the other: the M. case

Isso porque o discurso de ódio, como já visto, embora expresse negação da igualdade entre os seres humanos (base do reconhecimento jurídico), também manifesta negação do valor

High-resolution alternating evolution schemes for hyperbolic conservation laws and Hamilton-Jacobi equations

We formulate the first, second and third order accurate schemes and theoretical numerical stability is proved mainly for the first and second order schemes of hyperbolic

Black Wave in croatian Cinematography

Jednako tako svojim radom ću pokušati potvrditi tezu kako su hrvatski izdanci Crnog vala izuzetno važni filmovi kako za hrvatsku kinematografiju tako i za jugoslavensku, te