Service Level Agreement 2

SERVICE LEVEL 2

Service Level Agreement

Terms used in this document ...... 3

SERVICE LEVEL AGREEMENT – SLA2

Introduction ...... 4

Response times...... 4

Priority Definitions...... 4

SERVICE LEVEL AGREEMENT ACCEPTANCE

Charges...... 5

Customer...... 5

Twisted Technologies, Inc...... 5

Articles...... 6

1. Moves Adds and Changes……………………………………………………………………...... 6

2. Privacy & Data Protection...... 6

3. Security ...... 6

4. Basic Requirements ...... 7

4.1. Description ...... 7

4.2. Requirements/Pre-requisites ...... 7

4.3. Customer Obligations ...... 7

MANAGED SERVICES

5. Continual Audit ...... 8

5.1. Requirements/Pre-requisites/Limitations...... 8

5.2. Frequency ...... 8

5.3. Deliverable ...... 8

6. Capacity Monitoring...... 8

6.1. Requirements/Pre-requisites/Limitations...... 8

6.2. Frequency ...... 8

6.3. Deliverable ...... 8

6.4. Actions...... 8

6.5. Exceptions ...... 8

7. Weekly OS Inspection and Cleansing ...... 8

7.1. Requirements/Pre-requisites/Limitations...... 8

7.2. Frequency ...... 9

7.3. Deliverable ...... 9

8. Anti-Spyware Active Protection ...... 9

8.1. Requirements/Pre-requisites/Limitations...... 9

8.2. Frequency ...... 9

8.3. Deliverable ...... 9

8.4. Actions...... 9

8.5. Exceptions ...... 9

9. AV Total Protection...... 9

9.1. Requirements/Pre-requisites/Limitations...... 9

9.2. Frequency ...... 9

9.3. Deliverable ...... 9

9.4. Actions...... 10

9.5. Exceptions ...... 10

10. Security updates to Microsoft Software...... 10

10.1. Requirements/Pre-requisites/Limitations...... 10

10.2. Frequency ...... 10

10.3. Deliverable ...... 10

10.4. Actions...... 10

10.5. Exceptions ...... 10

11. Monitoring of System and Security Logs...... 10

11.1. Requirements/Pre-requisites/Limitations...... 10

11.2. Frequency ...... 10

11.3. Deliverable ...... 10

11.4. Actions...... 10

11.5. Exceptions ...... 11

12. Desktop Policy Enforcement...... 11

12.1. Requirements/Pre-requisites/Limitations...... 11

12.2. Frequency ...... 11

12.3. Deliverable ...... 11

12.4. Actions...... 11

12.5. Exceptions ...... 11

13. Online Reports ...... 11

13.1. Requirements/Pre-requisites/Limitations...... 12

13.2. Frequency ...... 12

13.3. Deliverable ...... 12

14. Event Log Monitoring ...... 12

14.1. Requirements/Pre-requisites/Limitations...... 12

14.2. Frequency ...... 12

14.3. Deliverable ...... 12

14.4. Actions...... 12

14.5. Exceptions ...... 12

15. Hardware and Software Change Monitoring...... 12

15.1. Requirements/Pre-requisites/Limitations...... 12

15.2. Frequency ...... 12

15.3. Deliverable ...... 12

15.4. Exceptions ...... 12

16. Bandwidth Usage Monitoring...... 12

16.1. Requirements/Pre-requisites/Limitations...... 12

16.2. Frequency ...... 13

16.3. Deliverable ...... 13

16.4. Actions...... 13

16.5. Exceptions ...... 13

17. Disaster Recovery and Offsite Backup………………….………………….….……………..13

17.1 Requirements/Pre-requisites/Limitations...... 13

17.2 Frequency………………………………………………….………………….….……………13

17.3 Deliverable………………………………………………….………………….….…………..13

17.4 Actions……………………………………………………….………………….….…………13

17.5 Exceptions…………………………………………………….………………….….………...13

17.6 Offsite options………………………………………………….………………….….…….....13

17.7 Liabilities……………………………………………………….………………….….……….14

18. Onsite Visits Policy ...... 14

18.1. Requirements/Pre-requisites/Limitations...... 14

18.2. Frequency ...... 14

18.3. Deliverable ...... 14

18.4. Exceptions ...... 14

19. PC Loaner Policy…...... 14

20. Double Manufacture’s Warranty...... 14

Terms used in this document

EyeOnLAN™ - Twisted Technologies, Inc.

NOC – Network Operations Centre, central helpdesk where Twisted Technologies, Inc. services are run from.

Service Level Agreement – SLA 2

Introduction

As most traditional IT services are based around site visits by engineers, often an SLA hascome to be based around that deliverable, meaning the measurable standards are howquickly you see someone on site. Many of the services delivered by Twisted Technologies, Inc.’s SLA2 can actually be ‘invisible’ in many ways toa non-technical end user. To ensure that our customers get value for money we thereforeseek to make this ‘visible’. To do that we outline here all tasks that are carried out as apart of the service contract, what they do, how the work, and how you can tell very easilyif they are being done as per the service agreement. It is also the fundamental premise of Twisted Technologies, Inc. to avoid onsite visits wherever possible, asthis drives up the cost of providing support, and slows down the provision, so our ServiceLevels are designed to avoid onsite visits and provide better service remotely, this benefitsall of our customers.

Response times

It is difficult to set response times for many of the services that Twisted Technologies, Inc. provides as manyof them are complex automated services, and so the response is immediate. These need alot of care an attention to make sure that they all work correctly, but this maintenance isongoing and continuous. However, where you make contact with us, we will prioritize the incident as covered in the‘Setting Priorities’ section and will agree to respond within the given time frames. A response does not merely mean we will let you know we have received your message, itmeans we will look at your issue, started diagnosis, and we will come back to you with 4facts:

1) A clear agreement of what the incident is about

2) An owner for the problem both at Twisted Technologies, Inc. and your company

3) A clear outline from Twisted Technologies, Inc. as to what the next steps are

4) An expected time frame to resolution of the problem (a ‘Fix’ time)

In furnishing you with this information we have satisfied the ‘Response’ as constituted bythis service agreement. It is extremely important that you discuss the Priority clearly with the Twisted Technologies, Inc.representative as the priority will be set by agreement, the default Priority will be used ifyou do not specify. You must also be realistic about the priority of an incident. Anyincidents which have been set above their allotted Response will be dropped to theappropriate Priority by a senior member of Twisted Technologies, Inc., which will also reset the count time forthe incident.

The target Response times set out for SLA2 are as follows:

Priority Response Time

Emergency 1 Hour

Urgent 4 Hours

High 1 Day

Normal 3 Days

Priority Definitions

As the setting of Priority for an incident carries such an important weight in the delivery ofservice, it is imperative that this is carried out in a consistent and fair manner for allcustomers. To ensure this, clear definitions exist to decide what priority any incident willcome under, and this is based upon the business impact.

Priority Definition Example

Emergency All users on a site unable to work

• Virus Outbreak

• Email server failure

• Server crash

• Network failure

Urgent 1 user unable to work or all users greatlyinconvenienced

• Single virus

• Users machine crashed

• Internet outage*

• Important File unavailable

• Printer problem forimportant meeting

High 1 user unable to perform a single functionor experiencing inconvenience

• Application fault

• File unavailable

Normal general questions, enquiry or problem thatdoes not affect any user’s ability to work

• How do I…?

• How much would …cost?

*Note that Internet outage is not an emergency priority as it is held with a 3rd party – your ISP, and while Twisted Technologies, Inc. will endeavor to chase this as quickly as possible it is in the end, outside of our control.

If at any time you feel that your incident has either not been given the appropriatepriority, or that your incident is not being dealt with quickly enough, then you shouldcontact your account manager, as listed in this document. You are of course also welcometo contact the Managing Director of the company at any time or 404-202-1517

Service Level Agreement Acceptance

To ensure that the document has been understood by both parties and that there isagreement over the service that is going to be delivered the acceptance section needs tobe filled in and signed by both parties. Unless there are changes to the service which isbeing delivered this will be carried forward to any extra machines that are added to theagreement.

Charges

This service level agreement will attract the following charges:

$29 per month for PC Support

$299 per month for SBS (Small Business Server) Support

$199 per month for 2000/2003 Server Support

Any onsite visits will be charged at $120 per hour, with conditions as outlined in section 16.

Offsite backup pricing found in section 17.6.1.

Customer

I hereby accept that I have read the Service Level Agreement document and haveunderstood and agree to the conditions in place upon the service that will be delivered tome by Twisted Technologies, Inc., and in particular realizing the realistic Limitations on a fixed price service.

Number of PCs:______

Number of SBS Servers:______

Number of Servers:______

Size of total offsite backup in GB:______

Customer:______

Signed:______

Date:______

Twisted Technologies, Inc.

I hereby agree that I have taken any and all steps to ensure that the customerunderstands the service that they are being offered by Twisted Technologies, Inc., and will take all measures possible to ensure that Twisted Technologies, Inc. is delivering this service to the customer by regularlydelivering reports and checking customer satisfaction.

(continued on the following page)

Twisted Technologies, Inc. Account Manager:______

Signed:______

Date:______

Articles

1. Moves Adds and Changes

As a part of the managed service we are including as per this agreement fixed serviceswhich are delivered as a part of the Managed Service cost. New items are not supported in this agreement

2. Privacy & Data Protection

2.1. Each party shall ensure that it shall at all times during the term of this agreementcomply with all the provisions and obligations imposed on it by Data Protectionlegislation.

2.2. For the purpose of this agreement the Data Protection Act shall mean:

2.2.1. The Data Protection Act 1984 as long and as far as it is still applicable toprocessing of personal data pursuant to this Agreement;

2.2.2. The Data Protection Act 1998 as soon as it becomes applicable toprocessing of personal data pursuant to this agreement

2.2.3. Any other data protection legislation adopted pursuant to the DataProtection Act 1998

2.3. The Twisted Technologies, Inc. support system holds only technical data, and any contact data assupplied by the customer to Twisted Technologies, Inc.. Twisted Technologies, Inc. will not use this data in any way otherthan to provide service as outlined in this document. Twisted Technologies, Inc. will not share yourinformation with any 3rd Parties, or use it for any marketing activities exceptwhere you have given us permission.

3. Security

3.1. Network Access

3.1.1. To provide IT support it is necessary for Twisted Technologies, Inc. to have full administrationaccess to your network and any supported machines, you must agree to thisto allow us to fulfill the requirements of this service.

3.1.2. You must allow access for the Twisted Technologies, Inc. support system by opening port 443 on your network for outbound access, or giving permission for Twisted Technologies, Inc. to setup such access (a site visit to set this up may incur a charge).

3.2. Passwords

3.2.1. Twisted Technologies, Inc. will need passwords to access the network environment, includingbut not limited to:

3.2.1.1. Windows Domains, Local Windows admin accounts, Routers,Firewalls

3.2.2. Twisted Technologies, Inc. will set up Admin accounts for its own technical access to yoursystems. We will use strong password technique, but is based on a formula so that it cannot be guessed, and does not need to be written down or stored. Twisted Technologies, Inc. doesnot reveal this information to customers, and customers asking for passwordinformation will be refused. It is an offence for any member of Twisted Technologies, Inc.’s staffto disclose any Admin passwords to anyone outside the Twisted Technologies, Inc. security teamand will result in immediate dismissal.

3.3. Listed below are the security features implemented by Twisted Technologies, Inc. as part of it’smanagement system:

3.3.1. The Twisted Technologies, Inc. management system is designed with comprehensive securitythroughout. The Twisted Technologies, Inc. system’s design team brings over 40 years ofexperience designing secure systems for commercialapplications.

3.3.2. Twisted Technologies, Inc. Agent by Kaseya

3.3.2.1. The Twisted Technologies, Inc. platform architecture is central to providing maximumsecurity. Each computer managed has a small agent installed. Theagent initiates all communications back to the server. Since the agentwill not accept any inbound connections, it is impossible for a thirdparty application to attack the agent from the network.

3.3.3. Firewalls

3.3.3.1. Twisted Technologies, Inc. does not need any input ports opened on client machines.This lets the agent do its job in any network configuration withoutintroducing susceptibility to inbound port probes or new networkattacks.

3.3.4. Encryption

3.3.4.1. Twisted Technologies, Inc. protects against man-in-the-middle attacks by encryptingall communications between the agent and server with 256-bit RC4using a key that rolls every time the server tasks the agent (typically atleast once per day). Since there are no plain-text data packets passingover the network, there is nothing available for an attacker to exploit.

3.3.5. Secure Access

3.3.5.1. Administrators access the Twisted Technologies, Inc. server through a Web interfaceafter a secure logon process. The system never sends passwords overthe network and never stores them in the database. Only eachadministrator knows his or her password. The client side combines thepassword with a random challenge, issued by the Twisted Technologies, Inc. server for

each session, and hashes it with SHA-1. The server side tests this resultto grant access or not. The unique random challenge protects against aman-in-the-middle attack sniffing the network, capturing the randombits, and using them later to access the Twisted Technologies, Inc. server.

3.3.6. Web Access

3.3.6.1. The Web site itself is protected by Twisted Technologies, Inc. Patch Management. The Twisted Technologies, Inc. Patch scan is run on the Twisted Technologies, Inc. server every day. As soon asnew patches are released, the Twisted Technologies, Inc. Patch scan automatically detectsthey are needed and applies all security patches automatically.

4. Basic Requirements

4.1. Description

This lists the minimum requirements for customers to be able to receive any of the Twisted Technologies, Inc. services

4.2. Requirements/Pre-requisites

4.2.1. Windows Based Operating System on the following:

4.2.2. As per what Microsoft currently support

4.2.3. Where Microsoft drop support for a product Twisted Technologies, Inc. will let you know and aseparate arrangement will be made to upgrade existing hardware/software tomeet Microsoft’s new requirement

4.2.4. All PC’s/Servers must perform to the specification as outlined by Microsoft for the givenoperating system or application system

4.2.5. Twisted Technologies, Inc. Agent installed and working (supplied by Twisted Technologies, Inc.)

4.2.6. Broadband or equivalent ‘always on’ internet connection with at least 256Kb’s sparecapacity (not a dial-up connection, unless roaming out of office). For sites with morethan 10 PC’s a higher specification connection may be required, for example T1.

4.2.7. Firewall/router or similar port blocking device, set to block all inbound traffic (exceptwhere required for internal functionality).

4.2.8. Access to change the firewall device above to allow outbound traffic on port 443

4.2.9. Machines left on continuously where possible (unless agreed otherwise), without powersaving (Twisted Technologies, Inc. will configure this for you).

4.2.10. A Twisted Technologies, Inc. information panel will be displayed on the machine desktop that will be usedto help identify the machine for support purposes, this must not be removed

4.2.11. Twisted Technologies, Inc. will introduce some small records into the Windows registry to keep track ofinternal settings for delivering the service

4.3. Customer Obligations

4.3.1 Where some part of a customer environment does not meet the criteria as specified above,

Twisted Technologies, Inc. will be unable to setup any service, or continue to deliver service to that device orsite (if the item affects an entire site) until the environment is bought back in line with Twisted Technologies, Inc.’s minimum requirements.

4.3.2. Where service is already being delivered by Twisted Technologies, Inc. and the environment is changedoutside the afore mentioned requirements either by the customer, by Twisted Technologies, Inc., it’s partnersor a 3rd party, Twisted Technologies, Inc. will at it’s discretion continue to deliver service to that environmentuntil it can be bought back into alignment with the requirements, for a period of up to 14days, or until next payment date is due for the customer, whichever is sooner. After whichtime if support is to continue an extra charge will be levied to support a machine outside ofthe required specification, generally this will be three times the normal monthly cost ofsupporting a machine per month or part thereof.

4.3.3. Unless the changes are directly a result of negligence on the part of Twisted Technologies, Inc. or its partners,all costs involved in bringing an environment back in line with requirements will be meetby the customer. Twisted Technologies, Inc. will not meet any costs as a result of 3rd parties. 4.3.4. Twisted Technologies, Inc. will make all endeavors to warn the customer of the costs before undertaking anywork, but will also try to operate in the best interests of the customer and the continuationof it’s business, and may take it upon itself to deliver chargeable services where this wouldbe continuing to operate in the spirit of the previous spending and decisions made by thatcustomer in accordance with the perceived business impact or possible service disruption.

Managed Services

5. Continual Audit

5.1. Requirements/Pre-requisites/Limitations

5.1.1. As per Twisted Technologies, Inc. minimum requirements

5.1.2. DMI/SIMBIOS compatible motherboard with PCI or above slots (not ISA)

5.1.3. RAID controllers will not be separately identified

5.2. Frequency

5.2.1. Machines will be set to renew audit information every 7 days and be set toskip if machine is not available at the time of the audit.

5.3. Deliverable

5.3.1. Monthly Executive summary report which includes license summary.

5.3.2. Upon Request:

a. Report of Licensed Software (as per Kaseya Software License database) only if requested

b. Full installed application list (note, this is an extremely large report andcan only be run as a one-off and not continuously, if this is required in hardcopy it may incur a printing cost)

c. Operating System report

d. Hardware report

e. System settings

f. Backup log summary

6. Capacity Monitoring

6.1. Requirements/Pre-requisites/Limitations

6.1.1. As per Twisted Technologies, Inc. minimum requirements

6.2. Frequency

6.2.1. Machines will be set to provide Capacity Monitoring on a continuous basis

6.3. Deliverable

6.3.1. Monthly Executive Report showing available space & total space %breakdown

6.3.2. Machine Summary report available upon request.

6.4. Actions

6.4.1. If disk space falls to within 5% of total on any fixed partition, Twisted Technologies, Inc. willcontact you with this information and suggested corrective action.

6.4.2. Upon disk space reaching 10% of total on any fixed partition Twisted Technologies, Inc. willrun an automatic clean-up to try and free-up any unnecessary system filesand delete any temporary user files. This is done in the best interests of thehealth of a machine, as a completely full HDD on a windows machine cancause complete failure, so all attempts will be made to avoid that happening.

6.5. Exceptions