Client Responsibilities

As applicable the Client shall: 

  1. Provide timely access to people and information including, but not limited to, the following areas: 
  • Operations personnel knowledgeable of system and network administration and problem resolution flow. 
  • Personnel knowledgeable about the applications that will be running on the systems. 
  • Management personnel who are knowledgeable of the architecture of the project to resolve issues that occur during the project. 
  1. The above personnel shall be designated in advance and be readily available to the Service Provider consultants. To the extent possible, meetings will be scheduled in advance. However, access on an ad hoc basis may be necessary as work proceeds. 
  1. Ensure all sites are ready for equipment delivery. Client is responsible for providing adequate and secure on-site storage for all product, equipment deliveries, staging and installation. 
  1. Ensure that all conditioned power (appropriate power rails and circuit breakers have been tested in the racks and cabinets where required), rack space, cable management, grounding points, air conditioning, carrier circuit installation, or other preparation work required to complete the services stated in the Statement of Work, has been completed prior to the arrival of Data-Guard365’s resources. 
  1. Provide the specified/required floor/rack space, power, and network connectivity for a single timely installation of any new hardware configuration. 
  1. Identify and have access to the main communications area in the occupied building. Client shall ensure that all carrier circuits that are intended to connect to Data-Guard365 provided or re-programmed equipment have been fully tested, extended, identified/labeled, and subsequently proven to be suitable to carry voice and data network traffic. 
  1. Assign Client contacts who are deemed capable and competent to interact with Data-Guard365, and who are authorized to signoff and approve the required parts of the implementation. 
  1. Unless specifically set forth as a Data-Guard365 responsibility in the Statement of Work, have all copper and fiber runs identified (clearly labeled with an accompanying structured cabling map/diagram). Improper labels (or no labels) on runs may require a Tone/Test and Tag Project Change Request and a Project Delay Fee. 
  1. Provide appropriate work areas for Data-Guard365 resource(s) when they are on-site. This includes, but is not limited to, a work area and internet access. 
  1. Provide all necessary security access to the locations where the work is to be delivered, as well as the passwords, equipment, etc. required to successfully complete the project. 
  1. Ensure that the work environment is free of hazardous materials and free from asbestos. Client is responsible for supplying Data-Guard365 with any information concerning safety issues and/or hazardous material for disclosure to all Data-Guard365 and third-party employees working on the project. 
  1. Provide all the necessary support agreements for the software that is needed for the environment. 
  1. Have all licensing issues related to the movement of applications understood and resolved. Unless previously established as a Data-Guard365 responsibility, new license key codes, if required, must be obtained by the Client. 
  1. Have all application sources or support contact information readily available in the event that applications need to be reloaded from scratch. 
  1. Have finalized all contract negotiations with third-party suppliers for hardware, software, physical plant requirements, and/or additional network equipment required for Data-Guard365 to perform the services. Client will provide Data-Guard365 with an updated list of all third-party contacts, as well as Client’s assigned project coordinator and all contacts necessary to facilitate the services stated in the Statement of Work. 
  1. Unless previously established as a Data-Guard365 responsibility, and not included as part of the project, have performed all required backups and/or data migrations of existing data prior to work being performed by a Data-Guard365 resource(s). 
  1. If not included as part of the project, have implemented a back-up power solution that ensures the availability of mission critical data and voice equipment, and applications. 
  1. Schedule and facilitate ‘down-time’ for systems and applications during certain periods during the project. 
  1. If remote access is required, allow VPN connectivity or access via the Service Provider remote access solution. If VPN or Service Provider remote access solution is not permitted, then a Project Change Request may be required. 
  1. Allow the Install of any software which Data-Guard365 requires to be installed on Client’s internal systems as part of the services, shall use such software in its internal systems only, and shall use the software internally according to the instructions set forth by Data-Guard365. 
  1. Obtain all permits, licenses, and right of ways necessary for the completion of the project, including but not limited to building and city requirements. 
  1. Communicate any issues or changes to the original project plan and/or the services stated in the Statement of Work to Data-Guard365 immediately upon discovery. 

Project Assumptions 

General project assumptions include, but are not limited to, the following (as applicable to the project): 

  1. The delivery of services will be performed at a Data-Guard365 facility and/or Client’s location specified in the Statement of Work or provided to Data-Guard365 prior to the commencement of services under the Statement of Work. 
  1. Data-Guard365 uses a forty (40) hour workweek as its full-time standard designation, delivered over a five (5) day workweek, including travel to and from Client’s location(s) when applicable. 
  1. Data-Guard365 personnel may work hours other than normal business hours to accommodate their travel schedules, preferred system downtime windows, and time zones as mutually agreed upon by the parties. 
  1. At the start of the project and throughout the duration of the project, the Data-Guard365 Project Manager or other appointed personnel shall work with Client to mutually determine any on-site requirements of non-local resources. During weeks which include Data-Guard365-observed holidays or during periods when a resource is not required to be on-site full time, the parties will mutually agree upon an alternate full-time work schedule, which may include the resource(s) performing project-related activities remotely. 
  1. For Data-Guard365 resources performing work on-site, Client agrees that a designated and responsible Client representative will be available at all times. 
  1. If applicable, travel charges that are included in the Statement of Work are quoted assuming three (3) weeks’ advance notice. All travel expenses that are incurred with less than three (3) weeks’ advance notice may be subject to price adjustments. 
  1. The pricing in the Statement of Work does not include taxes, if any, which shall be Client’s responsibility. 
  1. Data-Guard365 assumes Client will authorize Data-Guard365 to procure and have readily available appropriate hardware, software, licenses for software products, network wiring, patch cords, uplink cables, additional network equipment, and/or features that are applicable to the project which are necessary for work to be completed and to meet project milestones. 
  1. The project will involve some ‘knowledge transfer.’ The purpose of transfer of technology knowledge is to explain functionality provided by Data-Guard365 delivered for the project and to provide a high-level overview of how that functionality may be utilized by Client. Knowledge transfer is not intended to replace manufacturers’ formal instructions/classes. 
  1. Adequate staffing and project management is included in the Statement of Work. If Client accelerates their timeline, additional staffing or overtime to meet the new deadlines may be required. Changes to Client’s schedule must be communicated to the Data-Guard365 Project Manager or other appointed personnel in writing within 24 hours of the change. 
  1. All communication that affects the technical aspects of the project will be directed through the Project Manager or other appointed personnel. 
  1. Review meetings will be held at milestone points in the project. These meetings are intended to facilitate discussion regarding project timelines. The availability of Client’s management and support personnel is critical to the project and Client representation at these meetings is essential. 

Should any of the above assumptions prove to be incorrect or incomplete, Data-Guard365 may modify the price, scope of work, or if applicable, project milestones. Any such modifications shall be managed by the Project Change Management Process set forth below. 

Resource Scheduling 

Within 10 business days of receipt of the signed Statement of Work, Data-Guard365 will discuss scheduling the delivery of the services. 

Limitations 

  1. For services which are invoiced as a fixed fee engagement, the following shall apply: 
  • Data-Guard365 will invoice Client via an initial deposit invoice and a final invoice upon completion. Projects with longer timelines may require progress payments.  
  • Fixed fee pricing assumes all the work is performed as part of a single project; a delay caused by Client may increase the price. 
  • In the event that Client requests changes to the agreed upon Statement of Work through the Project Change Management Process set forth below, additional charges may be incurred and may increase the price. 
  • In the event Client decides to cancel the project before its completion, Client shall be responsible for payment of all fees for services performed through the date of termination and fifty percent (50%) of the remaining balance on the fixed fee once all completed milestone payments are paid.  
  • In the event of project cancellation, the Client is responsible for paying for hardware and software that is not able to be returned to the OEM. Hardware and software that can be returned is subject to a 30% restocking fee.   
  1. For services which are invoiced on a time and materials basis, the following shall apply: 
  • Data-Guard365 will invoice Client for services delivered based on actual hours worked and subject to the minimums and/or limitations defined in the Statement of Work and/or this document. Invoicing will occur once per month. 
  • The number of hours set forth in a Statement of Work for delivery of services is only an estimate of the number of hours required to perform the services. 

Project Delay Caused by Client 

The delivery of services under the Statement of Work requires Client’s timely response to requests from Data-Guard365, including but not limited to the following (as applicable to the project): 

  • Documentation of systems and/or requirements 
  • Approval of project requirements 
  • Completion of assigned project tasks 
  • Any testing to be performed by Client 
  • Signoff of project milestones 

In the event Client’s delay in providing the above referenced items causes unscheduled delays to the project schedule or adversely affects the utilization of Data-Guard365 resources assigned to the project, Data-Guard365 may: 

  • Following a review of the cause for delay with Client’s assigned project sponsor, place the project “On Hold” until Client meets its obligations as outlined above. 
  • Once a project is “On Hold”, no additional status calls, reporting, tasks, etc. will proceed until the project is removed from “On Hold” status. 
  • Once a project is removed from “On Hold” status, Data-Guard365 and Client will schedule the delivery of the remaining project services. Scheduling will be subject to Data-Guard365’s resource availability. 

Project Completion and Acceptance 

  1. For services which are invoiced as either a time and materials or a fixed fee engagement, the services will be considered complete when the scope of work specified in the Statement of Work is complete. 

    Project Change Management Process

    1. Changes to the project scope may only be made through the following Project Change Management process. In the event either party desires to change the project, the following procedures shall apply: 
    • Either party shall notify the other party of any requested changes. Data-Guard365 will deliver a Project Change Request to Client for review and execution. The Project Change Request will describe the nature of the change, the reason for the change, and the effect the change will have on the scope of work, which may include changes to the tasks and activities, deliverables, project price and/or the schedule. 
    • If both parties agree to implement the Project Change Request, the appropriate authorized representatives of the parties will sign the Project Change Request, indicating the acceptance of the changes by the parties. 
    1. Each executed Project Change Request will be incorporated into, and made a part of, the Statement of Work. 
    1. No party is under any obligation to proceed with the Project Change Request until such time as the Project Change Request has been agreed upon by both parties. 
    1. Any Client and/or third-party vendor actions that either accelerate or postpone Data-Guard365 project responsibilities may result in a change to the Statement of Work and a subsequent Project Change Request. 
    1. In the event of a conflict between a Project Change Request’s scope of work and that set forth in the original Statement of Work, or a previous fully executed Project Change Request, the most recent fully executed Project Change Request shall prevail. 

    Customer Environment Failures or Non-Performance

    Customer agrees that Data-Guard365 will not be responsible for any failure to provide the Services if such failure is caused by Customer’s failure to meet the applicable requirements for each Service. At a minimum, the Customer is responsible for ensuring the following environmental losses do not negatively impact the Services: 

    1. Service interruptions, deficiencies, degradations, or delays due to any Customer-supplied Internet or private access, whether provided by Customer or its third-party suppliers, or equipment when supplied by Customer or its third parties. Failure or deficient performance of Customer-supplied power, equipment, services, or systems not provided by Data-Guard365. 
    2. Customer’s election to not cover an endpoint on the network with the required EDR software, whether through the customer’s unintentional exclusion or intentional decision.  Endpoint installations are the Customer’s responsibility, and Incident Response activities shall be billed at an hourly rate of $250.  
    3. Customer’s failure to adhere to Data-Guard365 recommended configurations on managed or unmanaged equipment affects the Service.  
    4. Service interruptions, deficiencies, degradations, or delays during any period when a service component is removed from Service for maintenance, replacement, or rearrangement purposes by Customer’s submission without a mutually agreed upon change order form.  
    5. Failure to provide a suitable secure environment for on-premises devices, including, but not limited to, fast mounting/racking, appropriate cooling and air handling, premises secure from theft, loose wires bundled neatly, etc.  
    6. Service interruptions, deficiencies, degradations, or delays in Service caused by a piece of equipment, configuration, routing event, or technology required to be operative to perform under this SLA, under the management and control of the Customer.  
    7. Network, software, or server changes or outages to the managed services environment without reasonable prior notification that significantly impact event volumes. This applies to any assets affecting the generation and transmission capability of logs, events, or other activity that Data-Guard365 monitors for Security Alerts. If the Customer fails to notify Data-Guard365, SLA remedies due to the identified change or outage will not apply.

    Data-Guard365 and Customer Responsibilities

    Onboarding

    A Data-Guard365 Program Administrator will work hand in hand with the Customer to ensure a seamless onboarding process. This collaborative effort will involve gathering information about the Customer environment, guiding the Customer regarding EDR agent installation, and determining a timeline for the complete service rollout.  Weekly meetings will be required during the onboarding process and will continue until all initial program requirements are complete.  Endpoints are not fully protected until after the onboarding is complete. 

    Investigation and Escalation

    Data-Guard365 leads in alert detection, analysis, investigation, and escalation. Our team is dedicated to thorough alert analysis and investigation to determine if alerts or security events from covered endpoints warrant alert classification. If one or more events are classified as an alert, the MDR will escalate the alert to the Customer.  On the other hand, the Customer is responsible for responding to escalated alerts and comments to resolve escalated alerts. This clear division of tasks ensures effective incident management and timely resolution of security issues, providing you with a sense of security.  

    Data-Guard365 will investigate all initial security alerts identified in the Endpoint Detection and Response Platform (“EDR”) and escalate alerts as appropriate by the established and agreed upon Service Level Agreements (“SLAs”). After investigating events and alerts, the MDR will escalate alerts requiring action by the Customer.  The MDR will follow established escalation paths and protocols utilizing the contact information collected during the onboarding process, as mutually agreed by the Customer and Data-Guard365.  It is the Customer’s responsibility to ensure that their contact information is correct and that they promptly respond to any MDR requests. MDR will take a contain-first approach to any potentially malicious alerts and, if waiting on information from Customer, may leave items in a quarantine state while waiting for input from Customer.  

    For alerts assigned to the Customer after analysis, the Customer is responsible for escalating alerts back to the MDR that require action or analysis by the MDR.  As events are pulled into the MDR workflow, it is the MDR’s responsibility to create and classify alerts. As the MDR is responsible for alert escalation and response, only the MDR can organize events or alerts as “alerts” to ensure due diligence of event investigation and accountability in reporting. 

    Endpoint Detection and Response Program

    Data-Guard365 will provide Security Orchestration Automation and Response capabilities using the EDR. This capability will provide event reduction, supervised learning, alert workflow, and alert orchestration. Task ownership is outlined below using a RACI Model.  

    CAPABILITY CUSTOMER MDR 
    EDR agent install or uninstall along with endpoint reboots RA CI 
    Provide information regarding any internal systems on the Customer network and respond promptly to MDR requests for information or action. RA CI 
    Remove the previously installed antivirus software during onboarding as instructed by MDR. RA CI 
    Event Storage and 14-day Retention (can be increased for an additional charge if needed) CI RA 
    Filter, Feed, and Orchestration Development and Tuning CI RA 
    Alert Orchestration and Notifications CI RA 
    Reporting and Metrics Development CI RA 
    Regular EDR Agent Updates to ensure GA (Generally Available) level RAC 
    EDR System Maintenance, Health, and Performance RAC 
    R: Responsible A: Accountable C: Consulted I: Informed 

    Additional Customer Responsibilities

    The customer understands that Data-Guard365’s service performance partly depends on the customer’s compliance with the service requirements. The Customer understands that it is responsible for the timely delivery of the items and information listed in the following sections of this agreement. Additionally, the Customer understands that it must perform the tasks and provide access to its employees, consultants, business processes, and systems as contemplated herein for Data-Guard365 to perform such services efficiently. The following list is required to ensure Data-Guard365’s ability to perform the Services.  

    1. Provide reasonable assistance to Data-Guard365 for performance under this agreement, including helping troubleshoot technical issues within the Customer’s environment and any services provided by third parties to the Customer that may affect the delivery of the Services.  
    2. Ensure all endpoints within the network have an installed EDR agent through configured group policy, manual installation during system deployment, or any other means available to customers. 
    3. Ensure systems are regularly patched and known vulnerabilities remediated. 
    4. Ensure that the vendor currently supports and patches all operating systems.  Suppose there are out-of-support systems that the Customer requires in the environment. In that case, the Customer accepts that MDR cannot ensure complete protection of those devices, and any compromises to or from those devices may be more severe and not covered by MDR. 
    5. Develop a network map detailing relevant aspects of the Customer’s network architecture and deliver it to the Data-Guard365 team for their reference when troubleshooting.  
    6. Provide Data-Guard365 with accurate and up-to-date information, including the name, email, landline, and mobile numbers for all designated, authorized Customer Points(s) of Contact.   
    7. Maintain maintenance and technical support contracts with Customer’s software and hardware vendors for any device affected by this agreement.  
    8. In the event of a breach, provide resources needed to perform tasks beyond the EDR platform’s capabilities.  This includes but is not limited to, the customer rebuilding machines in their environment, communicating with stakeholders, disaster recovery efforts, and additional prevention configuration. 
    get_footer();