Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Service level agreement - Scotland's Health On the Web

advertisement 
NSS
Service level agreement between
theProvider and theClient
Reviewed by: ...............................
(theProvider)
Date:
Reviewed by: ...............................
(theClient)
Date:
Approved by: ...............................
(theProvider)
Date:
Approved by: ...............................
(theClient)
Date:
Document Control Summary
Author
theAuthor
Version
1.021
Date Issued
9 March 2016
Status
Issued
QA
QA person, b@b.com
Product
Reference
prodRef
Location
\\san\SHOW Documents\SLAs
Configuration
Control
Comments To
Configuration Manager, c@c.com
theAuthor, author_email
Service level agreement between theProvider and theClient
Table of Contents
1
2
3
4
Introduction .......................................................................................................... 3
1.1
Review, termination and administration of changes ...................................... 3
1.2
Scope ............................................................................................................ 3
1.3
Dependencies ............................................................................................... 4
Service Overview ................................................................................................. 5
2.1
Service Elements .......................................................................................... 5
2.2
Service Exclusions ........................................................................................ 6
Service Hours ...................................................................................................... 7
3.1
Times of Service Provision ............................................................................ 7
3.2
Extension to Service Hours ........................................................................... 7
3.3
Public Holidays.............................................................................................. 8
3.4
Emergency Call Out ...................................................................................... 8
Service Performance ........................................................................................... 9
4.1
Target Response and Fix Timescales ........................................................... 9
5
Escalation Procedure......................................................................................... 10
6
Service Monitoring and Review ......................................................................... 12
6.1
Reports ....................................................................................................... 12
6.2
Meetings ..................................................................................................... 12
Appendix A
Service Measures.............................................................................. 13
Appendix B
Contacts ............................................................................................ 16
Meetings ............................................................................................................... 16
Reporting distribution list ....................................................................................... 17
Appendix C
Change Authorities ............................................................................ 18
Signatories ............................................................................................................ 18
7
Document Control .............................................................................................. 20
7.1
Document history ........................................................................................ 20
7.2
References .................................................................................................. 20
7.3
Distribution .................................................................................................. 20
Page 2 of 20
Version 1.02
Service level agreement between theProvider and theClient
1 Introduction
This document outlines:



the service levels that will operate between theProvider and theClient for the
provision of a web hosting service;
service review and escalation procedures and ;
the roles and responsibilities of both parties to the agreement.
1.1 Review, termination and administration of changes
This agreement remains valid until either terminated or superseded by mutual
consent and endorsement of signatories or their delegates as defined in Change
Authorities.
Termination of the agreement requires a notice period of noticePeriod.
This agreement will be reviewed at least annually to ensure it reflects the business
requirements. Amendments can be made at any time providing they are mutually
agreed and endorsed by all parties named as signatories in this document or
delegated representatives.
Minor changes to the SLA (e.g. changes in personnel, signatories or contact details)
may be notified to all holders of the SLA by letter or email, which should then be kept
with the SLA. This replaces the need to issue a revised SLA in these circumstances.
These changes will be periodically incorporated into a new version of the SLA.
theProvider and theClient change authorities for sign-off of contract variations and
changes to services (technical and business) are detailed in “Change Authorities”.
1.2 Scope
Within scope for the service are:












Define and manage service levels
Manage third-party services
Manage performance and capacity
Ensure continuous service
Ensure systems security, including provision of anti-virus, firewall and
intrusion detection;
Manage service desk and incidents
Manage problems
Configuration Management
Manage the physical environment
Manage operations, including provision of backup and DR facilities;
provision of hardware and operating systems’ environment;
provision of network connections;
Page 3 of 20
Version 1.02
Service level agreement between theProvider and theClient

reporting of service performance.
KPIS for these service elements are given in “Service Measures”
Outwith service scope are:





support of applications developed and running on the servers provided;
helpdesk support for third party customers of applications that are provided by
theClient through the infrastructure provided;
performance of penetration tests;
performance of server load tests related to client developments;
user training and education.
1.3 Dependencies
1.3.1 Underlying service catalogue
The NISG service catalogue forms the definitive statement of services offered by
NISG, this document in is line with the service catalogue and provides mode specific
details where necessary to allow the SLA to be used as an independent document
covering the relationship between theProvider and theClient.
1.3.2 Other dependencies
This SLA is provided in accordance with NISG service catalogue. The service is
provided under the assumption that the following operate within levels committed to:
AOA national SLA for NHSScotland services
NISG service catalogue version 1.01
The following documents provide more detail on backup and disaster recovery:


NISG/SHOW DR Plan
NISG/SHOW Backup and recovery plan
The following document provides more detail on security approach:

NISG/SHOW Security risk assessment approach.
The following provides more information on the incident management:

theProvider incident management process.
Copies of relevant documents may be obtained from the theProvider contact.
Page 4 of 20
Version 1.02
Service level agreement between theProvider and theClient
2 Service Overview
The following elements from the NISG service catalogue comprise the service
offered. Individual section numbers for principal services envisaged are given in the
table below.
Arch
& PVCM
Consltg
X (2..2.3)
Project
Mgt
SAS
Testing
Service
Mgt
X (5.3,7)
Infrastructur
e
X (5.3)
3rd Party
X (3.3)
2.1 Service Elements
See Appendix B Service Measures below for more detail on KPIs relevant to these
service elements.
Define and manage service levels
Manage third-party services
theProvider will retain responsibility for
managing 3rd party suppliers related to
infrastructure, i.e. AOA, equipment
manufacturers and providers of
infrastructure level software systems
(e.g. backup, systems monitoring, anitvirus).
Manage performance and capacity
Ensure continuous service
Ensure systems security
Working within current NHSS security
policies will provide and manage antivirus, firewall, intrusion detection and
reverse proxies to limit risk of
unauthorised access to systems.
Manage service desk and incidents
Provides a single point of contact for
logging requests, changes and faults
relating to their IT Services provided by
theProvider. Call will be logged and
allocated.
Manage problems
Management of the root causes of
hosting issues e.g.hardware faults,
intermittent faults etc
Manage the physical environment
theProvider will work with their data
centre supplier to ensure that the
Page 5 of 20
Version 1.02
Service level agreement between theProvider and theClient
physical environment is maintained.
Appropriate monitoring of the physical
environment will be maintained to ensure
that e.g. temperature and humidity are
within normal parameters.
Manage operations
theProvider will support web servers,
forward and reverse proxies, switches
necessary to provide the service. Domain
Issues and configuration management,
application of changes (except where
agreed as delegated to theClient),
performance of backups and restores
Provide and manage infrastructure
assets necessary for hosting theClient
websites and services
Provide virtual servers and network
environment to make theClient
information available online. This will
include installs, moves, network
connection and configuration. LAN/WAN
connectivity together with Hub, Switch,
Router and Cable Management.
2.2 Service Exclusions
2.2.1 Business Application Training
Support does not extend to training individual users in how to operate elements of
software connected with publishing their information, e.g. MSSQL, IIS, ftp clients etc.
2.2.2 Procurement
theClient retain the responsibility of managing Software License agreements and
usage policies. theProvider will not install software unless theClient authorise the
installation.
2.2.3 Disaster Recovery
theClient retain the responsibility for Disaster Recovery.
2.2.4 PC and Laptop Hard Drive Backup
theClient staff are responsible for performing their own PC and Laptop hard drive
backups.
Page 6 of 20
Version 1.02
Service level agreement between theProvider and theClient
3 Service Hours
A summary table showing the Standard Service Cover Provision, by week can be
seen below.
Standard Service Cover Provision
Mon – Thurs
Fri
Sat – Sun
– 08.00
08.00 –17.30
17.30 – 24.00
No Cover
On Site cover
No Cover
– 08.00
08.00 – 16.00
16.00 – 24.00
No Cover
On Site cover
No Cover
No Cover
No Cover
– 24.00
No Cover
Public Holidays
– 24.00
No Cover
3.1 Times of Service Provision
The services will be provided during the following hours:
1. Monday to Thursday between the hours of 08.00 and 17.30.
2. Friday between the hours of 08.00 and 16.00.
3. Saturday and Sunday there is no standard cover.
The above hours of Service Provision may be extended by agreement between the
parties, in line with business requirements of PSD. Weekend support, public
holidays support and extensions to Service Hours will be subject to additional
charges.
3.2 Extension to Service Hours
theClient may require, on occasion, additional Service Hours. Extensions to the
above service hours will be requested through the Customer Support Desk, subject
to the following restrictions.
Only authorised staff may request extension to Service Hours and theClient will
provide theProvider with a list of such authorised staff and update periodically. The
request must be submitted to the Customer Support desk, giving 5 full working days’
notice. theProvider do not currently have facilities to be able guarantee meeting
these requests but will respond on a best endeavours basis on each occasion.
Extensions to Service Hours which are agreed will be subject to additional charges.
Page 7 of 20
Version 1.02
Service level agreement between theProvider and theClient
3.3 Public Holidays
No cover will be provided during Public Holidays.
3.4 Emergency Call Out
There is no emergency call out procedure available.
Page 8 of 20
Version 1.02
Service level agreement between theProvider and theClient
4 Service Performance
4.1 Target Response and Fix Timescales
Priority/Service
Description
Respond
Resolve
Receipt of
incident
notification
All e-mails sent to the Help Desk will
be captured by theProvider and
Logged
30min
1 (Critical)
Where either the whole system or
network is UNUSABLE a critical
process is UNUSABLE or any data is
corrupted
1 hr
4 hrs
2 (Major)
Where part of a system or network is
UNUSABLE, therefore customers are
unable to gain access
2 hrs
1 day
3 (Medium)
Where a problem is causing an
inconvenience but system/network is
still functioning
1 day
5 days
4 (Minor)
Where there is no impact on service
but if left for a considerable time, could
affect the service
2 days
10 days
5 (Low)
Where there is no impact on service
3 days
20 days
6 (Non Urgent)
Where there is no impact on service
and the work is of a Project nature
10 days
Governed
through
project
agreements
The target response and resolution times defined above are measured as service
hours/days as detailed in the Standard Service Cover Provision Table. Days are
counted as standard working days. In some cases, resolution of a call may not
result in a fix. Possible outcomes are e.g. referral to a third party, invocation of DR
process, mutual agreement that no further action is needed.
Page 9 of 20
Version 1.02
Service level agreement between theProvider and theClient
5 Escalation Procedure
Page 10 of 20
Version 1.02
Service level agreement between theProvider and theClient
Appendix A
The escalation contacts are the relevant people to
be contacted once escalation levels have been reached or a
Priority 1 call is logged. Each level of escalation is reached if a
priority call is not resolved within an agreed limit of time.
Contact details are given in Contacts
below.
The roles defined are:
theProvider



Customer Support Desk Manager
Service Manager
NISG senior management
theClient


Level
Regional Manager
Assistant Director
theProvider
theClient
1
Customer Support Desk Manager
Contract & Services Assistant
2
Service Manager
Contract & Services Manager
3
NISG senior management
Head of IT (HPS)
Page 11 of 20
Version 1.02
Service level agreement between theProvider and theClient
6 Service Monitoring and Review
6.1 Reports
This section details the Quarterly Service reporting that is required for information
and discussion at the Service Review Meetings.
The Monthly reporting pack will comprise:
1. Monthly call summaries
2. Call responses (time to resolve) for all calls by priority
3. Network Availability Report
6.2 Meetings
For the avoidance of doubt the meeting specified below will not have a mandate to
proceed unless at least one of the specified attendees (or authorised deputy) for
each of theProvider and theClient is in attendance. In the event that this is not
possible the meeting must be deferred until such time as the required parties can be
brought together.
6.2.1 Service Review Meetings
These meetings will take place on ….
theProvider
theClient
Customer Support Desk Manager
Contract & Services Assistant
Service Manager
Contract & Services Manager
Senior Management
Head of IT
Page 12 of 20
Version 1.02
Service level agreement between theProvider and theClient
Appendix B
Service Measures
This appendix defines the measures used to gauge the health of the service. Where
applicable, the Cobit 4 control object and ITIL element is referenced.
Cobit Service Element
/ITIL #
KPIS / KGIS / Goals
DS1
% of business stakeholders satisfied that service delivery meets agreed levels
% of users satisfied that service delivery meets agreed levels
Define and
Manage Service
Levels
DS2
Manage Thirdparty Services
DS3
Manage
Performance and
Capacity
DS4
Ensure
Continuous
Service
# of delivered services not in the catalogue
% of services meeting service levels
% of service levels that are measured
# of SLA review meetings per year
% of service levels reported
% of service levels automatically reported
# of elapsed working days to adjust a service level
# of user complaints due to contracted services
% of purchase spend subject to competitive procurement
% of major suppliers meeting clearly
defined requirements and service levels
# of formal disputes with suppliers
% of supplier invoices disputed
% of major suppliers subject to clearly defined requirements and service levels
% of major suppliers subject to monitoring
Level of business satisfaction with effectiveness of communication from the supplier
Level of supplier satisfaction with effectiveness of communication from the business
# of significant incidents of supplier non-compliance per time period
# of hours lost per user per month due to insufficient capacity planning
# of critical business processes not covered by a defined service availability plan
Peak load and overall utilisation rates
% of peaks where target utilisation is exceeded
% of response time SLAs not met
Transaction failure rate
Frequency of performance and capacity forecasting
% of assets included in capacity reviews
% of assets monitored through centralised tool(s)
# of hours lost per user per month due to
unplanned outages
% of availability SLAs met
# of business-critical processes relying on IT not covered by IT continuity
plan
% of tests that achieve recovery objectives
Frequency of service interruption of critical systems
Elapsed time between tests of any given element of IT continuity plan
IT continuity training hours per year per relevant IT employee
% of critical infrastructure components with automated availability
monitoring
Frequency of review of IT continuity plan
Page 13 of 20
Version 1.02
Service level agreement between theProvider and theClient
DS5
Ensure Systems
Security
DS8
Manage Service
Desk and
Incidents
DS9
Manage the
Configuration
DS10
Manage
Problems
• Frequency and review of the type of security events to be monitored
• # and type of obsolete accounts
• # of unauthorised IP addresses, ports and traffic types denied
• % of cryptographic keys compromised and revoked
• # of access rights authorised, revoked, reset or changed
• # and type of suspected and actual access violations
• # of violations in segregation of duties
• % of users who do not comply with password standards
• # and type of malicious code prevented
• # of incidents with business impact
• # of systems where security requirements are not met
• Time to grant, change and remove access privileges
• % of incidents and service requests
reported and logged using automated tools
• # of days of training per service desk staff per year
• # of calls handled per service desk staff per hour
• % of incidents that require local support (field support, personal visit)
• Backlog of unresolved queries
• % of first-line resolution based on total number of requests
• % of incidents reopened
• Call abandonment rate
• Average duration of incidents by severity
• Average speed to respond to telephone and e-mail/web requests
• User satisfaction with first-line support (service desk or knowledge base)
• % of incidents resolved within agreed/acceptable period of time
• Average time period (lag) between identifying a discrepancy and rectifying
it
• # of discrepancies relating to incomplete or missing configuration
information
• % of configuration items in line with service levels for performance,
security and availability
• # of deviations identified between configuration repository and actual
asset configurations
• % of licences purchased and not accounted for in repository
• # of business compliance issues caused
by improper configuration of assets
• Average duration between the logging of a problem and the identification
of the root cause
• % of problems for which a root cause analysis was undertaken
• The frequency of reports or updates to an ongoing problem, based on the
problem severity
• % of problems recorded and tracked
• % of problems that recur (within a time period) by severity
• % of problems resolved within required time period
• # of open/new/closed problems by severity
• Average and standard deviation of time lag between problem
identification and resolution
• Average and standard deviation of time lag between problem resolution
and closure
Page 14 of 20
Version 1.02
Service level agreement between theProvider and theClient
DS11
Manage Data
DS12
Manage the
Physical
Environment
DS13
Manage
Operations
AI6
Manage Changes
• # of recurring problems with impact on business
• # of business disruptions caused by operational problems
• Frequency of testing of backup media
• Average time for data restoration
• % of successful data restorations
• # of incidents where sensitive data were retrieved after media were
disposed of
• # of down time or data integrity incidents caused by insufficient storage
capacity
• Occurrences of inability to recover data critical to business process
• User satisfaction with availability of data
• Incidents of noncompliance with laws due to storage management issues
• Frequency of training of personnel in safety, security and facilities
measures
• % of personnel trained in safety, security and facilities measures
• # of risk mitigation tests conducted in the last year
• Frequency of physical risk assessment and reviews
• # of incidents due to physical security breaches or failures
• # of incidents of unauthorised access to computer facilities
• Down time arising from physical environment incidents
• # of injuries caused by the physical environment
• Security exposure arising from physical environment incidents
• # of training days per operations personnel per year
• % of hardware assets included in preventive maintenance schedules
• % of work schedules that are automated
• Frequency of update of operational procedures
• # of down time incidents and delays caused by deviating from operations
procedures
• % of scheduled work and requests not completed on time
• # of down time incidents and delays caused by inadequate procedures
• # of service levels impacted by operational incidents
• Hours of unplanned down time caused by operational incidents
• % of changes recorded and tracked with automated tools
• % of changes that follow formal change control processes
• Ratio of accepted to refused change requests
• # of different versions of each business application or infrastructure being
maintained
• # and type of emergency changes to the infrastructure components
• # and type of patches to the infrastructure components
• Application rework caused by inadequate change specifications
• Reduced time and effort required to make changes
• % of total changes that are emergency fixes
• % of unsuccessful changes to the infrastructure due to inadequate change
specifications
• # of changes not formally tracked or not reported or not authorised
• Backlog in the number of change requests
• # of disruptions or data errors caused by inaccurate specifications or
incomplete impact assessment
Page 15 of 20
Version 1.02
Service level agreement between theProvider and theClient
Appendix C
Contacts
theProvider
Role
Name
Tel.
E-mail
Signatory
Gavin Venters
0131 2756857
gavin@nhs.net
0131 2756759
keith@nhs.net
Project Manager
Operational
Contact
Keith Scot
Ron MacDonald
Ron.macdonald@nhs.net
All are located at:
Gyle Square, 1 South Gyle Cresc., Edinburgh.
EH12 9EB
Tel:
0131 275 6857
The main point of contact at theProvider will be the Service Manager, Gavin Venters.
Service requests will be through the theProvider helpdesk (nss.showteam@nhs.net,
0131 275 6139).
theClient
Role
Name
Signatory
client signatory
Tel.
E-mail
Operational
Contact
Client main postal address:
XXX
The main point of contact will be XXX
Meetings
The following regular service review meetings will take place:

Quarterly meetings between theProvider Project Manager and the theClient
Business representative to review helpdesk activity and prioritise changes,
monitor the service, review the technical environment performance and plan
future actions with timescales for implementation.
Page 16 of 20
Version 1.02
Service level agreement between theProvider and theClient

Annual service review meetings will be held to review the overall service
provided over the previous year and to plan for the following year.
Minutes will be produced by theClient for all meetings unless agreed otherwise with
theProvider.
Reporting distribution list
Service Tracking Reports will be prepared monthly for delivery to an agreed
distribution list.
Page 17 of 20
Version 1.02
Service level agreement between theProvider and theClient
Appendix D
Change Authorities
This schedule details the authorities for sign-off of



changes to the Service
technical changes
business changes
1. Changes to the Services
Day-to-day changes to the Services covered by the Agreement can be effected
within the terms of the Change Control mechanism which is documented in this SLA.
The Change Control procedure includes prioritisation of changes and an examination
of changes proposed to establish what level of authorisation is required. It is
expected that escalation to Director or Chief Executive level will be a rare event
resulting only from major developments or major technical upgrades.
There are two major sources of change:


Application systems change which is the result of a business change and is
effected via the Application Support service or via the Development Framework
Technical systems change which may be a consequence of a business change
or may be required for operational or technical currency reasons (e.g. operating
or database software upgrades).
Suggestions or requests for change can be put forward by either party.
Table 1 Change authorities – Signatories
Signatories
Validation of this SLA and any changes thereto requires the agreement and
endorsement of the following:
Title
Organisation
CLIENT Manager
theClient
.
provider signatory job
title
theProvider
providerSignatory
Page 18 of 20
Version 1.02
Service level agreement between theProvider and theClient
Change Authorities – theProvider
Signatory
Gavin Venters
Ron MacDonald
Change Authorities – theClient
Page 19 of 20
Signatory
Version 1.02
Service level agreement between theProvider and theClient
7 Document Control
7.1 Document history
Version
Number
Date
Details of Changes included in update
1.0
Issue
First issue
1.01
Added representative kpis
7.2 References
Ref
Title
1
n/a
Description
7.3 Distribution
Version
no.
Date
Copies to
Location
Copy No.
Ron MacDonald
theProvider
01
Gavin Venters
theProvider
02
Keith Scott
theProvider
03
theClient
04
theClient
05
Page 20 of 20
Version 1.02
Related documents
Information
Information
Community Service Reflective Essay
Community Service Reflective Essay
What is a brand?
What is a brand?
7.1 Safety Records and Statistics Policy
7.1 Safety Records and Statistics Policy
Just Culture Safety Survey
Just Culture Safety Survey
Title of Assignment:
Title of Assignment:
Watership Down Teaching Unit
Watership Down Teaching Unit
Volunteering Bank Health & Safety Questionnaire
Volunteering Bank Health & Safety Questionnaire
Download
advertisement