MSP Service Level X Service Level Agreement

{MSP}
SERVICE LEVEL X
Service Level Agreement

Terms used in this document ................................................................................................................4
SERVICE LEVEL AGREEMENT – SLA X 5
Introduction ............................................................................................................................................5
Response times ........................................................................................................................................5

Priority Definitions ...............................................................................................................................6
SERVICE LEVEL AGREEMENT ACCEPTANCE 7
Charges....................................................................................................................................................7
Customer .................................................................................................................................................7
{MSP} ......................................................................................................................................................7
Articles.....................................................................................................................................................8
1. Privacy & Data Protection ..........................................................................................................8
2. Security .......................................................................................................................................10
3. Basic Requirements ...................................................................................................................11

3.1. Description ...........................................................................................................................11
3.2. Requirements/Pre-requisites .................................................................................................11
3.3. Customer Obligations ........................................................................................................... 11
MANAGED SERVICES 12
4. Continual Audit .........................................................................................................................12

4.1. Requirements/Pre-requisites/Limitations..............................................................................12
4.2. Frequency .............................................................................................................................12
4.3. Deliverable ...........................................................................................................................12
5. Capacity Monitoring..................................................................................................................13
5.2. Frequency .............................................................................................................................13
5.3. Deliverable ...........................................................................................................................13
5.4. Actions..................................................................................................................................13
5.5. Exceptions ............................................................................................................................13
6. Weekly OS Inspection and Cleansing ......................................................................................14

6.2. Frequency .............................................................................................................................14
6.3. Deliverable ...........................................................................................................................14
7. Anti-Spyware Active Protection ...............................................................................................15

7.2. Frequency .............................................................................................................................15
7.3. Deliverable ...........................................................................................................................15
7.4. Actions..................................................................................................................................15
7.5. Exceptions ............................................................................................................................15
8. AV Total Protection...................................................................................................................16
8.2. Frequency .............................................................................................................................16
8.3. Deliverable ...........................................................................................................................16
8.4. Actions..................................................................................................................................16
8.5. Exceptions ............................................................................................................................16
9. Security updates to Microsoft Software...................................................................................17

9.2. Frequency .............................................................................................................................17
9.3. Deliverable ...........................................................................................................................17
9.4. Actions..................................................................................................................................17
9.5. Exceptions ............................................................................................................................17
10. Monitoring of System and Security Logs.................................................................................18

10.2. Frequency .............................................................................................................................18
10.3. Deliverable ...........................................................................................................................18
10.4. Actions..................................................................................................................................18
10.5. Exceptions ............................................................................................................................18
11. Desktop Policy Enforcement..................................................................................................... 19

11.2. Frequency .............................................................................................................................19
11.3. Deliverable ...........................................................................................................................19
11.4. Actions..................................................................................................................................19
11.5. Exceptions ............................................................................................................................19
12. Online Reports ...........................................................................................................................20

12.2. Frequency .............................................................................................................................20
12.3. Deliverable ...........................................................................................................................20
13. Event Log Monitoring ...............................................................................................................21

13.2. Frequency .............................................................................................................................21
13.3. Deliverable ...........................................................................................................................21
13.4. Actions..................................................................................................................................21
13.5. Exceptions ............................................................................................................................21
14. Hardware and Software Change Monitoring..........................................................................22

14.2. Frequency .............................................................................................................................22
14.3. Deliverable ...........................................................................................................................22
14.4. Exceptions ............................................................................................................................22
15. Bandwidth Usage Monitoring...................................................................................................23

15.2. Frequency .............................................................................................................................23
15.3. Deliverable ...........................................................................................................................23
15.4. Actions..................................................................................................................................23
15.5. Exceptions ............................................................................................................................23
16. Onsite Visits Policy ....................................................................................................................24

16.2. Frequency .............................................................................................................................24
16.3. Deliverable ...........................................................................................................................24
16.4. Exceptions ............................................................................................................................24
Appendix ...............................................................................................................................................25
Workstation Event Log monitoring ....................................................................................................25
Server Event log monitoring ...............................................................................................................25
Terms used in this document
{MSP} – {MSP}
NOC – Network Operations Centre, central helpdesk where {MSP} services are run from
Service Level Agreement – SLA X
Introduction
As most traditional IT services are based around site visits by engineers, often an SLA has
come to be based around that deliverable, meaning the measurable standards are how
quickly you see someone on site.
Many of the services delivered by {MSP}s SLA1 can actually be ‘invisible’ in many ways to
a non-technical end user. To ensure that our customers get value for money we therefore
seek to make this ‘visible’. To do that we outline here all tasks that are carried out as a
part of the service contract, what they do, how the work, and how you can tell very easily
if they are being done as per the service agreement.
It is also the fundamental premise of {MSP} to avoid onsite visits wherever possible, as
this drives up the cost of providing support, and slows down the provision, so our Service
Levels are designed to avoid onsite visits and provide better service remotely, this benefits
all of our customers.
Response times
It is difficult to set response times for many of the services that {MSP} provides as many
of them are complex automated services, and so the response is immediate. These need a
lot of care an attention to make sure that they all work correctly, but this maintenance is
ongoing and continuous.
However, where you make contact with us, we will prioritise the incident as covered in the
‘Setting Priorities’ section and will agree to respond within the given time frames.
A response does not merely mean we will let you know we have received your message, it
means we will look at your issue, started diagnosis, and we will come back to you with 4
facts:
1) A clear agreement of what the incident is about

2) An owner for the problem both at {MSP} and your company
3) A clear outline from {MSP} as to what the next steps are
4) An expected time frame to resolution of the problem (a ‘Fix’ time)
In furnishing you with this information we have satisfied the ‘Response’ as constituted by
this service agreement.
It is extremely important that you discuss the Priority clearly with the {MSP}
representative as the priority will be set by agreement, the default Priority will be used if
you do not specify. You must also be realistic about the priority of an incident. Any
incidents which have been set above their allotted Response will be dropped to the
appropriate Priority by a senior member of {MSP}, which will also reset the count time for
the incident.
The target Response times set out for SLA1 are as follows:
Priority Response Time

Emergency 1 Hour
Urgent 4 Hours
High 1 Day
Normal 3 Days
Priority Definitions
As the setting of Priority for an incident carries such an important weight in the delivery of
service, it is imperative that this is carried out in a consistent and fair manner for all
customers. To ensure this, clear definitions exist to decide what priority any incident will
come under, and this is based upon the business impact.
Priority Definition Example

Emergency All users on a site unable to work • Virus Outbreak
• Email server failure
• Server crash
• Network failure
Urgent 1 user unable to work or all users greatly • Single virus
inconvenienced • Users machine crashed
• Internet outage*
• Important File unavailable
• Printer problem for
important meeting
High 1 user unable to perform a single function • Application fault
or experiencing inconvenience • File unavailable
Normal General question, enquiry or problem that • How do I…?
does not effect any users ability to work • How much would …cost?
*Note that Internet outage is not an emergency priority as it is held with a 3rd party – your ISP, and while {MSP} will
endeavour to chase this as quickly as possible it is in the end, outside of our control.
If at any time you feel that your incident has either not been given the appropriate
priority, or that your incident is not being dealt with quickly enough, then you should
contact your account manager, as listed in this document. You are of course also welcome
to contact the Managing Director of the company at any time on MD@{MSP}.net
Service Level Agreement Acceptance
To ensure that the document has been understood by both parties and that there is
agreement over the service that is going to be delivered the acceptance section needs to
be filled in and signed by both parties. Unless there are changes to the service which is
being delivered this will be carried forward to any extra machines that are added to the
agreement.
Charges
This service level agreement will attract the following charges:
XX per month for PC Support

XX per month for Laptop Support
XX per month for Server Support
Any onsite visits will be charged at XX per hour, with conditions as outlined in section 16.
Customer
I hereby accept that I have read the Service Level Agreement document and have
understood and agree to the conditions in place upon the service that will be delivered to
me by {MSP}, and in particular realising the realistic Limitations on a fixed price service.
Number of PCs:_______
Number of Laptops:_______
Number of Servers:_______
Customer:_________________________________________________
Signed:___________________________________________________
Date:_____________________________________________________
{MSP}
I hereby agree that I have taken any and all steps to ensure that the customer
understands the service that they are being offered by {MSP}, and will take all measures
possible to ensure that {MSP} is delivering this service to the customer by regularly
delivering reports and checking customer satisfaction.
{MSP} Account Manager:___________________________________________
Signed:___________________________________________________________
Date:_____________________________________________________________
Articles
1. Moves Adds and Changes

As a part of the managed service we are including as per this agreement fixed services
which are delivered as a part of the Managed Service cost.
New items are not supported in this agreement

2. Privacy & Data Protection
2.1. Each party shall ensure that it shall at all times during the term of this agreement
comply with all the provisions and obligations imposed on it by Data Protection
legislation.
2.2. For the purpose of this agreement the Data Protection Act shall mean:
2.2.1. the Data Protection Act 1984 as long and as far as it is still applicable to
processing of personal data pursuant to this Agreement;
2.2.2. the Data Protection Act 1998 as soon as it becomes applicable to
processing of personal data pursuant to this agreement
2.2.3. any other data protection legislation adopted pursuant to the Data
Protection Act 1998
2.3. The {MSP} support system holds only technical data, and any contact data as
supplied by the customer to {MSP}. {MSP} will not use this data in any way other
than to provide service as outlined in this document. {MSP} will not share your
information with any 3rd Parties, or use it for any marketing activities except
where you have given us permission.
3. Security
3.1. Network Access
3.1.1. To provide IT support it is necessary for {MSP} to have full administration
access to your network and any supported machines, you must agree to this
to allow us to forfill the requirements of this service.
3.1.2. You must allow access for the {MSP} support system by opening port 5721
on your network for outbound access, or giving permission for {MSP} to set
up such access (a site visit to set this up may incur a charge).
3.2. Passwords
3.2.1. {MSP} will need passwords to access the network environment, including
but not limited to:
3.2.1.1. Windows Domains, Local Windows admin accounts, Routers,
Firewalls
3.2.2. {MSP} will set up Admin accounts for its own technical access to your
systems. We will use strong password technique, this also means your
password is unique to your business, but is based on a formula so that it can
not be guessed, and does not need to be written down or stored. {MSP} does
not reveal this information to customers, and customers asking for password
information will be refused. It is an offence for any member of {MSP}’s staff
to disclose any Admin passwords to anyone outside the {MSP} security team
and will result in immediate dismissal.
3.3. Listed below are the security features implemented by {MSP} as part of it’s
management system:
3.3.1. The {MSP} management system is designed with comprehensive security
throughout. The {MSP} system’s design team brings over 50 years of
experience designing secure systems for government and commercial
applications.
3.3.2. {MSP} Agent
3.3.2.1. The {MSP} platform architecture is central to providing maximum
security. Each computer managed has a small agent installed. The
agent initiates all communications back to the server. Since the agent
will not accept any inbound connections, it is impossible for a third
party application to attack the agent from the network.
3.3.3. Firewalls
3.3.3.1. {MSP} does not need any input ports opened on client machines.
This lets the agent do its job in any network configuration without
introducing susceptibility to inbound port probes or new network
attacks.
3.3.4. Encryption
3.3.4.1. {MSP} protects against man-in-the-middle attacks by encrypting
all communications between the agent and server with 256-bit RC4
using a key that rolls every time the server tasks the agent (typically at
least once per day). Since there are no plain-text data packets passing
over the network, there is nothing available for an attacker to exploit.
3.3.5. Secure Access
3.3.5.1. Administrators access the {MSP} server through a Web interface
after a secure logon process. The system never sends passwords over
the network and never stores them in the database. Only each
administrator knows his or her password. The client side combines the
password with a random challenge, issued by the {MSP} server for
each session, and hashes it with SHA-1. The server side tests this result
to grant access or not. The unique random challenge protects against a
man-in-the-middle attack sniffing the network, capturing the random
bits, and using them later to access the {MSP} server.
3.3.6. Web Access
3.3.6.1. The Web site itself is protected by {MSP} Patch Management. The
{MSP} Patch scan is run on the {MSP} server every day. As soon as
new patches are released, the {MSP} Patch scan automatically detects
they are needed and applies all security patches automatically.
4. Basic Requirements
4.1. Description
This lists the minimum requirements for customers to be able to receive any of the {MSP}
services
4.2. Requirements/Pre-requisites
1. Windows Based Operating System on the following:
1.1. As per what Microsoft currently support
1.2. Where Microsoft drop support for a product {MSP} will let you know and a
separate arrangement will be made to upgrade existing hardware/software to
meet Microsoft’s new requirement
2. All PC’s/Servers must perform to the specification as outlined by Microsoft for the given
operating system or application system
3. {MSP} Agent installed and working (supplied by {MSP})
4. Broadband or equivalent ‘always on’ internet connection with at least 256Kb’s spare
capacity (not a dial-up connection, unless roaming out of office). For sites with more
than 10 PC’s a higher specification connection may be required, for example SDSL.
5. Firewall/router or similar port blocking device, set to block all inbound traffic (except
where required for internal functionality).
6. Access to change the firewall device above to allow outbound traffic on port 5721
7. Machines left on continuously where possible (unless agreed otherwise), with power
saving setup to minimize wastage ({MSP} can configure this for you).
8. An {MSP} information panel will be displayed on the machine desktop that will be used
to help identify the machine for support purposes, this must not be removed
9. {MSP} will introduce some small records into the Windows registry to keep track of
internal settings for delivering the service
4.3. Customer Obligations

Where some part of a customer environment does not meet the criteria as specified above,
{MSP} will be unable to setup any service, or continue to deliver service to that device or
site (if the item affects an entire site) until the environment is bought back in line with
{MSP}’s minimum requirements.
Where service is already being delivered by {MSP} and the environment is changed
outside the afore mentioned requirements either by the customer, by {MSP}, it’s partners
or a 3rd party, {MSP} will at it’s discretion continue to deliver service to that environment
until it can be bought back into alignment with the requirements, for a period of up to 14
days, or until next payment date is due for the customer, whichever is sooner. After which
time if support is to continue an extra charge will be levied to support a machine outside of
the required specification, generally this will be three times the normal monthly cost of
supporting a machine per month or part thereof.
Unless the changes are directly a result of negligence on the part of {MSP} or it’s partners,
all costs involved in bringing an environment back in line with requirements will be meet
by the customer. {MSP} will not meet any costs as a result of 3rd parties.
{MSP} will make all endeavours to warn the customer of the costs before undertaking any
work, but will also try to operate in the best interests of the customer and the continuation
of it’s business, and may take it upon itself to deliver chargeable services where this would
be continuing to operate in the spirit of the previous spending and decisions made by that
customer in accordance with the perceived business impact or possible service disruption.
Managed Services
5. Continual Audit
5.1. Requirements/Pre-requisites/Limitations
5.1.1. As per {MSP} minimum requirements
5.1.2. DMI/SIMBIOS compatible motherboard with PCI or above slots (not ISA)
5.1.3. RAID controllers will not be separately identified
5.2. Frequency
5.2.1. Machines will be set to renew audit information every 7 days and be set to
skip if machine is not available at the time of the audit.
5.3. Deliverable
5.3.1. Monthly Executive summary report which includes license summary.
5.3.2. Upon Request:
a. Report of Licensed Software (as per Kaseya Software License database)
b. Full installed application list (note, this is an extremely large report and
can only be run as a one-off and not continuously, if this is required in hard
copy it may incur a printing cost)
c. Operating System report
d. Hardware report
e. System settings
6. Capacity Monitoring
6.2. Frequency
6.2.1. Machines will be set to provide Capacity Monitoring on a continuous basis
6.3. Deliverable
6.3.1. Monthly Executive Report showing available space & total space %
breakdown
6.3.2. Detailed Capacity report available upon request.
6.4. Actions
6.4.1. If disk space falls to within 10% of total on any fixed partition, {MSP} will
contact you with this information and suggested corrective action.
6.4.2. Upon disk space reaching 10% of total on any fixed partition {MSP} will
run an automatic clean-up to try and free-up any unnecessary system files
and delete any temporary user files. This is done in the best interests of the
health of a machine, as a completely full HDD on a windows machine can
cause complete failure, so all attempts will be made to avoid that happening.
6.5. Exceptions
6.5.1. This service only covers standard fixed HDD partitions, not external
devices such as USB devices etc. or mapped drives.
6.5.2. Where the disks are already clean and no further room can be made the
automatic cleanup will not run.
6.5.3. If the disk is filling up extremely fast (within second or minutes) then the
{MSP} alert may not be quick enough to catch this happening. Something
would have to already be seriously wrong for this to take place, and under
such circumstances {MSP} cannot accept responsibility for capacity of the
machine, or any failure of the device caused by such. Recovery or fix would
be at the discretion of {MSP} and may be chargeable.
7. Weekly OS Inspection and Cleansing
7.2. Frequency
7.2.1. Machines will be set to provide OS Inspection and Cleansing every 7 days
and be set to skip if machine is not available at the time of the service. A de-
fragmentation will happen every 30 days (this will be skipped on a machine if
no de-fragmentation is found).
7.3. Deliverable
7.3.1. {MSP} System script and clean up tool using Windows Disk Cleanup
7.3.2. {MSP} System script running Windows and 3rd Party De-frag tools
7.3.3. Entry of cleanup and defrag into {MSP} System log
7.3.4. Monthly executive report showing count of cleansing and defrags on all
machines
7.3.5. Local Pop-up on machine to warn users that the service is running
(optional)
8. Anti-Spyware Active Protection
8.1.2. Windows Defender Beta 2 ({MSP} will install if not already on the machine)
8.1.3. {MSP} may see fit to remove other Anti-Spyware programs from your
machine if they will interfere with delivery of the service
8.2. Frequency
8.2.1. A Weekly scheduled service that will ensure the Anti-Spyware program is
activated is updated and that a clean-up has been run on the system.
8.3. Deliverable
8.3.1. Included in the Executive Summary will be a list of the number of scans
and updates that have taken place.
8.3.2. A log entry will be created on {MSP}’s system so separate report can be
generated if required
8.3.3. Anti-Spyware Definitions updated minimum monthly
8.4. Actions
8.4.1. An alert will be raised with the {MSP} NOC if any Spyware is found on a
machine. It is expected that this would be removed by the automatic
cleanup, but the ticket that this alert will raise will be followed up to ensure
this is the case.
8.5. Exceptions
8.5.1. While {MSP} will make every effort to ensure your machine is safe from
Spyware, we do not guarantee that your machine can not be infected in
exceptional circumstances. Where this does happen, any resulting support or
service required may be chargeable at the discretion of {MSP}, but with
consultation with the Customer.
9. AV Total Protection
9.1.2. GriSoft AVG professional will be supplied and installed by {MSP}
9.1.3. Any other Anti-virus programs will be disabled and may be removed, it is
up to the customer to ensure they have the necessary files/paperwork to
reinstall this software should you stop receiving this service from {MSP}
9.2. Frequency
9.2.1. A Weekly scheduled service that will ensure the Anti-Virus program is
activated is updated and that a clean-up has been run on the system.
9.3. Deliverable
9.3.2. Script log entry so separate report is possible
9.3.3. Definitions updated minimum monthly
9.4. Actions
9.4.1. An alert will be raised with the {MSP} NOC if any Virus is found on a
machine. It is expected that this would be removed by the automatic
cleanup, but the ticket will be followed up with high priority to ensure this is
the case.
9.5. Exceptions
9.5.1. While {MSP} will make every effort to ensure your machine is safe from
Viruses, we do not guarantee that your machine can not be infected in
exceptional circumstances. Where this does happen, any resulting support or
service required may be chargeable at the discretion of {MSP}, but with
consultation with the Customer.
10. Security updates to Microsoft Software
10.2. Frequency
10.2.1. Weekly scans to assess patch requirements
10.2.2. {MSP} internal machines are patched Monday and Tuesday with the latest
patches to ensure reliability
10.2.3. Custom machines patched between Thursday – Sunday each week
10.3. Deliverable
10.3.1. Latest patches as per Microsoft’s recommendations will be installed on all

managed machines
10.3.3. Script log entry so separate report is possible
10.3.4. Patch status shown in monthly executive summary report
10.3.5. Detailed patch report available on request
10.3.6. An Alert will be raised with the {MSP} NOC if a patch fails to install
10.3.7. Where possible Patches will be downloaded once to a central file share on
the local network and then delivered across the local area network to
conserve internet bandwidth
10.4. Actions
10.4.1. Assess test machines on Wednesday and approve patches for Customer
machines
10.4.2. Any issues raised with the NOC will be dealt with as per normal ticket
affecting 1 user.
10.5. Exceptions
10.5.1. Where a patch / hotfix causes system problems on a customer machine

{MSP} staff will roll back the patch / hotfix to try to resolve the problem
10.5.2. Patches come from Microsoft and not from {MSP}, therefore {MSP} cannot
be responsible for any adverse reaction that a patch might have with any
particular machine configuration. In in unlikely event of a machine failure
{MSP} will restore the machine to it’s last good backup with no charge.
11. Monitoring of System and Security Logs
11.1.2. Windows Event logging switched on
11.1.3. No other software interferes with Windows Event logs
11.2. Frequency
11.2.1. Even logs will be scanned and uploaded to {MSP} NOC on a continuous
basis
11.3. Deliverable
11.3.1. List of event log activity will be shown in Monthly Executive Summary
report
11.3.2. Full latest inclusion and exclusion list supplied on request
11.4. Actions
11.4.1. Where any of the faults in the {MSP} Inclusion list is found an Alert will be
raised ant a ticket created at the {MSP} NOC.
11.4.2. An Alert will be raised where anything falls outside the {MSP} Exclusion
list, the Alert will be looked at to see if it warrants further investigation and if
so, a ticket will be raised.
11.4.3. Any issues raised with the NOC will be dealt with as per normal ticket
affecting 1 user.
11.4.4. The Event Logs can often pick up and idetntify issues which require
attention, such as with applications installed on machines (please note most
applications are outside the scope of {MSP}’s support). Any time spent
fixing such problems will be chargeable, but the customer will be notified
before any such chargeable work is undertaken.
11.5. Exceptions
11.5.1. Monitoring will stop where machines start producing more than 100 Event
Log entries per hour, this will be alerted and investigated as a separate issue.
11.5.2. Where the Event Logging is stopped due to undue Event Creation the
Monthly report may be affected and this will be pointed out by {MSP} Staff
11.5.3. If a machine is generating an unordinary number of alerts, this can
adversely effect the {MSP} system, so {MSP} at it’s discretion will stop
monitoring Event Logs on this machine until the problem is rectified (this may
incur an extra charge), or discontinue support for this machine completely.
12. Desktop Policy Enforcement
12.1.2. Windows active directory and group policies, professional operating system
12.1.3. Clear agreement with Customer of current Corporate Policy
12.2. Frequency
12.2.1. This is a continuous service, but the details of the desktop policy will be
reviewed annually, or more often on request
12.3. Deliverable
12.3.1. Login policy (times places etc)

12.3.2. Accounts policy (admin settings user account usage, own account etc)
12.3.3. Corporate Screensaver?
12.3.4. Desktop look and feel, background, colurs, fonts, IE 6 or later settings
12.3.5. Block Access to the following programs:
12.3.5.1. Kazaa
12.3.5.2. Share Bear
12.3.5.3. Audio Galaxy
12.3.5.4. iTunes
12.3.5.5. BitTorrent
12.3.5.6. Getright
12.3.6. File Shares on machines (should be none)
12.3.7. Installation of other Applications,
12.3.7.1. is this allowed,
12.3.7.2. by whom,
12.3.7.3. what approval policy
12.3.7.4. Block editing of Windows system settings (such as the registry)
12.4. Actions
12.4.1. {MSP} will consult with customer to create a policy if there isn’t one
already
12.4.2. {MSP} will set up a way to implement the policy
12.4.3. {MSP} will monitor the policy and alert on any deviations
12.5. Exceptions
12.5.1. Where users are given local admin rights it will always be possible for them
to circumvent policies, therefore {MSP} cannot enforce a policy where the
user is a local administrator
12.5.2. Please note that enforcement of policy can restrict users’ ability to perform
actions on their machine(s) which may mean they need to contact {MSP} to
perform some actions on their machine, giving delays to some actions.
{MSP} will always try to keep these delays to a minimum but accept no
responsibility for any inconvenience caused by such delays, as this service is
in place to protect the security of the customer.
13. Online Reports
13.1.2. Email address supplied for main site contact
13.2. Frequency
12.2.1 Updated Monthly
13.3. Deliverable
13.3.1. URL’s emailed for each of the following report types:

13.3.1.1. Executive Summary
13.3.1.2. Uptime History
13.3.1.3. Patch Status
13.3.1.4. Disk Usage
13.3.1.5. Machine Summary
14. Event Log Monitoring
14.2. Frequency
14.2.1. This is an ongoing service that is constantly monitoring the Windows
Event Logs. The system can pickup and respond to errors inside the Windows
Event Log with 30 seconds.
14.3. Deliverable
14.3.1. The Executive Summary report will show a total each month of the
number of actionable items found in the Application Event Log
14.3.2. {MSP} filters and looks through the logs for specific know problems and
turns these into tickets which will be checked and responded to.
14.3.3. A full list of all the Filtered events that {MSP} monitor for can be found in
the Appendix.
14.4. Actions
14.4.1. Any Events that are found via the filters and raised as a ticket will be
investigated by an engineer and if any fault is found this will be resolved
wherever possible via remote management.
14.5. Exceptions
14.5.1. Where a problem is as a result of hardware failure, this cost is not
included in support
14.5.2. Where a problem requires an onsite visit this is not included
14.5.3. If a problem is complex and affected by other systems {MSP} will put this
information together into a report of findings that will delivered to the
customer along with a course of action and costs associated with taking
corrective action
15. Hardware and Software Change Monitoring
15.2. Frequency
15.2.1. This change monitoring takes place at the same frequency as the
Continual Audit service
15.3. Deliverable
15.3.1. Separate Monthly change report can be supplied on requests

15.3.2. Engineers will work through the monitored alert list for any anomalies,
and where these are found a ticket will be raised and the customer informed.
15.4. Exceptions
15.4.1. The hardware change report does not cover external devices such as USB
keys and USB attached drives, unless these have a windows hardware driver
that makes them appear as a part of the normal OS operation.
16. Bandwidth Usage Monitoring
16.1.2. Windows XP Pro SP2 or later or 2003 SP1 patch or later
16.1.3. Installation of Kaseya Network Protection Driver
16.2. Frequency
16.2.1. On request, runs for 7 days
16.3. Deliverable
16.3.1. Bandwidth Usage report by machine and by top 10 applications across all
machines, sent via email.
16.4. Actions
16.4.1. A ticket will be raised with a 7 day due date to ensure the system is
turned off after that period has elapsed.
16.5. Exceptions
16.5.1. The Bandwidth Monitoring requires use of a Driver installed by the {MSP}
monitoring system. This is a system level driver inserted in the TCP/IP stack.
In rare circumstances this can interfere with normal operation of the
machine, for example loss of network connectivity. Where such issues occur
{MSP} will endeavour to remove the Driver and reboot the machine to enable
connectivity again. Where other more adverse effects encountered {MSP} will
operate on a best-endeavour basis to get the machine fully operation as soon
as possible, however any site visit require will be chargeable.
17. Onsite Visits Policy
17.1.1. {MSP} will only send an engineer onsite where all other options have been
exhausted. As this will be chargeable you will be warned before and engineer
is sent onsite.
17.1.2. The Engineer will only stay onsite for the length of time required to address
the issue at hand, and will not undertake any other work while onsite, unless
this is agreed by an Account Manager and any extra time and expense
agreed.
17.2. Frequency
17.2.1. There are no pre-booked onsite visits as a part of the Service Level
Agreement and all ad-hoc onsite visits will be chargeable.
17.3. Deliverable
17.3.1. Time onsite will be delivered in 1 hour blocks with a minimum of two
chargeable hours.
17.3.2. Travel to site will be a set charge of 1 hour of normal chargeable time.
17.4. Exceptions
17.4.1. Where the customer is more than 1 hours travel one way from {MSP}
travel will be charged on an hourly basis by agreement. Costs may also be
incurred for travel by means other than a car, and some small charge for
mileage if the site is over 100 miles away from {MSP}, this will also be by
agreement.
Appendix
Workstation Event Log monitoring

The following events will be monitored and responded to in the Windows Event Log
Source Filter Category Event User Description

Filter ID Filter Filter
*Application popup* * 26 * *
*Microsoft Office* * 11 * *
*Ntfs* * All IDs * *The file system
structure on the disk
is corrupt and
unusable*
*OMCI* * 2 * *Amount of physical
memory*
*Sophos Anti-Virus* * 2 * *
*Sophos Anti-Virus* *Potentially 16 * *
unwanted
application*
*SophosAntiVirus* * 6 * *
*sweepNT* * 17410 * *
*SweepNT* * 17409 * *
*Tcpip* * 4198 * *
Application Error * 1000 * *Faulting application*
Application Hang * 1002 * *Hanging application*
Folder Redirection * 101 * *
NETLOGON * 5719 * *No Windows NT
Domain Controller is
available for domain*
Server Event log monitoring

The following events will be monitored and responded to in the Windows Event Log
Source Filter Category Event ID User Description

Filter Filter Filter
APCPBAgent * 1025 * *Shutdown In
Progress*
APCPBAgent * 2000 * *UPS On Battery*
APCPBEAgent * 3003 * *UPS Battery Is

Discharged*
APCPBEAgent * 3030 * *Insufficient Runtime

Available*
DhcpServer * 1051 * *The DHCP/BINL
service has determined
that it is not
authorized*
DhcpServer * 1051 * *The DHCP/BINL
service has determined
that it is not
authorized*
EventLog * 6008 * *The previous system
shutdown at*
EventLog * 6009 * *Uniprocessor Free*
IISAdmin * 104 * *IISADMIN service

failed to create
account*
Microsoft ISA * 12206 * *proxy chain loop*
Server
Microsoft ISA * 14141 * *proxy chain loop*
Server
MSExchangeDSAcc Topology 2102 * *All Domain Controller
ess Servers in use are not
responding*
MSExchangeIS * 1112 * *has reached the
maximum allowed
size*
MSExchangeIS * 1112 * *has reached the
maximum allowed
size*
MSExchangeIS * 1003 * *The disk is full.
Attempting to stop the
Microsoft Exchange
Information Store
service*
MSExchangeIS * 1113 * *The log disk is full.

Attempting to stop the
Microsoft Exchange
Information Store
service*
MSExchangeIS * 1159 * *Database error*
MSExchangeSA * 1005 * *Unexpected error*
NETBT * 4319 * *A duplicate name has

been detected on the
TCP network.*
NETLOGON * 5719 * *No Windows NT
Domain Controller is
available for domain*
Server * 2511 * *The server service
was unable to recreate
the share*
SQLExecutive * 208 * *SQL Server
Scheduled Task*
sqlserveragent * 208 * *SQL Server
Scheduled Job*failed*
sqlserveragent * 103 * *SQLServerAgent
could not be started*
TermServLicensing * 18 * *Terminal Services
Licensing*
WSH * 1 * *Exchanges
Information Store *

MSP Service Level X Service Level Agreement

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MSP Service Level X Service Level Agreement

Uploaded by

Copyright:

Available Formats

{MSP}

Service Level Agreement

SERVICE LEVEL AGREEMENT – SLA X 5

Response times ........................................................................................................................................5

SERVICE LEVEL AGREEMENT ACCEPTANCE 7

1. Privacy & Data Protection ..........................................................................................................8

3. Basic Requirements ...................................................................................................................11

4. Continual Audit .........................................................................................................................12

6. Weekly OS Inspection and Cleansing ......................................................................................14

7. Anti-Spyware Active Protection ...............................................................................................15

9. Security updates to Microsoft Software...................................................................................17

10. Monitoring of System and Security Logs.................................................................................18

11. Desktop Policy Enforcement..................................................................................................... 19

12. Online Reports ...........................................................................................................................20

13. Event Log Monitoring ...............................................................................................................21

14. Hardware and Software Change Monitoring..........................................................................22

15. Bandwidth Usage Monitoring...................................................................................................23

16. Onsite Visits Policy ....................................................................................................................24

1) A clear agreement of what the incident is about

Priority Response Time

Priority Definition Example

XX per month for PC Support

{MSP} Account Manager:___________________________________________

1. Moves Adds and Changes

New items are not supported in this agreement

4.3. Customer Obligations

10.3.1. Latest patches as per Microsoft’s recommendations will be installed on all

10.5.1. Where a patch / hotfix causes system problems on a customer machine

12.3.1. Login policy (times places etc)

13.3.1. URL’s emailed for each of the following report types:

15.3.1. Separate Monthly change report can be supplied on requests

Workstation Event Log monitoring

Source Filter Category Event User Description

Server Event log monitoring

Source Filter Category Event ID User Description

APCPBAgent * 2000 * *UPS On Battery*

APCPBEAgent * 3003 * *UPS Battery Is

APCPBEAgent * 3030 * *Insufficient Runtime

IISAdmin * 104 * *IISADMIN service

MSExchangeIS * 1113 * *The log disk is full.

MSExchangeIS * 1159 * *Database error*

MSExchangeSA * 1005 * *Unexpected error*

NETBT * 4319 * *A duplicate name has

You might also like

APCPBAgent * 2000 * UPS On Battery

MSExchangeIS * 1159 * Database error

MSExchangeSA * 1005 * Unexpected error