Statement of Work

TIA 942 -
Assessment
For
Copyright Information

This document is the exclusive property of Seven Seas Technology. (Seven Seas); the recipient agrees that
they may not copy, transmit, use, or disclose the confidential and proprietary information in this
document by any means without the expressed and written consent of Seven Seas. By accepting a copy,
the recipient agrees to adhere to these conditions to the confidentiality of Seven Seas practices and
procedures.

2|Page
 TABLE OF CONTENT

1. BACKGROUND............................................................................................................4
2. PROJECT SCOPE..........................................................................................................4
3. APPROACH..................................................................................................................4
3.1 Deliverables..............................................................................................................7
3.2 Assessment Techniques..........................................................................................8
3.3 Pre-requisites from ADAC:.....................................................................................8
4. ENGAGEMENT PLAN..................................................................................................8
4.1 Project Governance.................................................................................................9
4.2 Seven Seas Teams and Responsibilities................................................................9
4.3 Service Review Meeting schedule.......................................................................10
5. ASSUMPTIONS AND DEPENDENCIES....................................................................10
6. FEES AND PAYMENT................................................................................................11
6.1 Payment Milestone / Schedule:...........................................................................11
6.2 Standard Terms & Conditions:.............................................................................11
7. APPROVAL AND SIGN-OFF.....................................................................................13

3|Page
1. BACKGROUND

Abu Dhabi International Airport is the primary international airport serving Abu Dhabi, the capital
of the United Arab Emirates. The airport is also the primary airport serving the homonymous
emirate of Abu Dhabi. The airport is the second busiest in the UAE after Dubai International
Airport, and is the hub of Etihad, the UAE's second largest flag carrier, as well as Wizz Air Abu
Dhabi and Air Arabia Abu Dhabi.

2. PROJECT SCOPE

Under this proposal, Seven Seas will provide –

 This audit will rigorously assess the architectural and design aspects of the airport data centre,
focusing on MTB DC, T3 DC, and ADAC HQ DC. Key elements include evaluating the robustness of
highly available infrastructures, particularly VMWare stretched clusters, and scrutinizing the Tier 2
TIA-942 rating, with an exploration of its rationale.
 The audit will delve into redundancy mechanisms at application and infrastructure levels for fault
tolerance, distribution path configurations, and strategies for environmental hazard protection.
Access control methods, incident response plans, and measures for system and information
integrity.
 Additionally, the audit will cover supply chain risk management, personnel security, risk
assessments, and security authorization procedures based on existing policies. System and
services acquisition are deemed not applicable. Training and awareness programs for personnel
will be conducted as needed.
 Monitoring audit logs, including their transmission to SIEM, will be explored for information
security. Evidence of previous audit reports and issue resolution will be provided post-order
finalization, along with detailed maintenance procedures, environmental hazard protection
strategies, and media protection methods obtained from FM. This comprehensive approach
ensures a concise yet thorough evaluation of TIA-942 compliance and overall resilience in the
airport data centre.

3. APPROACH
Our proven methodology combines extensive experience in IT and facility management with a
comprehensive understanding of TIA-942 and Tier-2 data center specifications. The assessment process
includes physical inspections, interviews, documentation reviews, and compliance assessments.

Proven methodology would help ADAC to focus on the following critical elements-

 Define the strategy and scope,

 Create a strong governance model,
 Customize risk to address business needs,
 Align processes and technology.

4|Page
The project Methodology can be divided into 3 Phases as shown in the schematic below.

Phase 1: Pre- Assessment and Planning

Phase 2: On-Site Assessment Phase

Phase 3: Analysis and Reporting

Below table outlines the detailed scope of work, deliverable and the timelines.

Project Milestone Scope of work Deliverable Elapsed Time

Phase

Phase 1 Pre-Assessment Define the scope and objectives Project Kick-off. 2 weeks
and Planning of the TIA-942 Assessment.
Identify Key
Phase
Gather initial information and Stakeholders.
documentation needed for the
Project Scoping.
assessment.

Phase 2 On-Site Conduct physical inspections, On-Site Inspection 1 week

Assessment Phase interviews, and assessments Report:
based on the detailed scope of
Detailed findings
work.
from IT
infrastructure and
facility inspections.

Interview Reports:

Summaries of
interviews with data
centre and facility
5|Page
Project Milestone Scope of work Deliverable Elapsed Time
Phase

management.

Assessment Reports:

In-depth
assessments of
cabling, power,
cooling, and security
measures.

Phase 3 Analysis and Analyse the data collected during Data Analysis 4 weeks
Reporting the on-site assessment. Report:

Evaluate compliance with TIA-942 Summary of findings

and Tier-2 standards. from data analysis.

Provide strategic Compliance

recommendations for Evaluation Report:
improvements.
Assessment of
Provide Final Report. compliance with
TIA-942 and Tier-2
standards.

Initial Risk
Assessment:

Identification of
potential risks.

6|Page
3.1 Deliverables

The following deliverables shall be produced during the TIA 942 – Assessment Project Lifecycle:

 Weekly Status Report – Seven Seas consultants shall share the status report at the end of every
week on the findings if any and the high-level mitigation steps to this project owners over email
which will enable the respective teams to fix the risks instantly.
 Management Review meeting minutes

Project Milestone Deliverable

Phase

Phase 1 Pre- Assessment and  Project Kick-Off

Planning  Identify Key Stakeholders
 Project Scoping

Phase 2 On-Site Assessment  On-Site Inspection Report:

Phase  Detailed findings from IT infrastructure and facility
inspections.
 Interview Reports:
 Summaries of interviews with data centre and facility
management.
 Assessment Reports:
 In-depth assessments of cabling, power, cooling, and
security measures.

Phase 3 Analysis and Reporting  Data Analysis Report:

 Summary of findings from data analysis.
 Compliance Evaluation Report:
 Assessment of compliance with TIA-942 and Tier-2
standards.
 Initial Risk Assessment:
 Identification of potential risks.
 Providing Final TIA 942 Audit report.

7|Page
3.2 Assessment Techniques
Data Processing Controls gap assessment will be performed using one or more of following techniques:

 Questionnaire
 Interviews – Conference Calls
 On-site Visit
 Group discussions
 Workshops
 Document Reviews
 Evidence Review
 Approval and Next Steps

3.3 Pre-requisites from ADAC:

 Data Center Infrastructure.
 Policies and Procedures.
 BCP procedures and policies.
 IT policies.
 Mapping Structure of the facility.
 Facility Configuration document.
 Previous Audit Reports. (Internal/External)

4. ENGAGEMENT PLAN

The overall timeline for developing Reports, Roadmap, Infrastructure Management and Planning shall be
maximum 10 weeks.
All activities will be performed onsite and remote during business hours.

Review Focus area Participants Mode

Weekly  Project/Service requests Lead Consultant, Email based reports.

Status  Status Clarifications, issues. Consultant, Project Conference
Manager, Calls / meetings

ADAC Team

Monthly  Engagement Status Project Manager, Conference Call

Status  Approval and Next Step Business Head

ADAC Network and

Security Engineer

8|Page
4.1 Project Governance
Seven Seas will appoint Senior Consultant, who will be the single point of contact for ADAC. TIA
Consultant will be supported by Flex Team of TIA consultant/s who will be deployed at Seven Seas office
as per the project schedule.

Project progress, delivery assurance will be reviewed with the Senior Consultant on a weekly basis. Formal
project governance meetings will be scheduled Weekly (or on demand). These meetings shall be used for
issue, risk resolution and as a channel for any escalations.

4.2 Seven Seas Teams and Responsibilities

 Lead Consultant
o Prepare and track project plan.
o Interface between ADAC Team and Seven Seas team
o Overall project status update to management
o Understand areas of control improvement and changes.
o Review current ADAC policy and procedure documents.
o Review current services and security available to ADAC.
o Project milestone Sign-off
In addition to the lead consultants, following team shall also be available from Seven Seas to support the
engagement to ensure the deliverables are aligned with expectations and provide strong project
management support.

 Consultants – TIA
o Augment Core Project team in Data Collection
o Documentation

9|Page
  Project Manager
project manager should be appointed, and an outline project plan should be submitted with the
project management method to be defined. The implementation methodology should cover, but
not limited to the following:
o Detailed project plan
o Project milestones and phases
o Project Tracking, Weekly Project Status Review and Clarification
o Operational & Manual Documentations
o Project Issue and Risk Management
o Resource Management (Project Team)
o Project Quality and Assurance
o Centre of Excellence support
o Project Sign-off Document
o
 Global Practice Head and Account Manager
o Project Oversight and Guidance

4.3 Service Review Meeting schedule

Review Focus area Participants Mode

Weekly  Project/Service requests Lead Consultant, Email based reports.

Status  Status Clarifications, issues. Consultant, Project Conference
Manager, Calls / meetings

ADAC Team

5. ASSUMPTIONS AND DEPENDENCIES

 ADAC templates and formats shall be used for Deliverables. Seven Seas will provide templates in
a format acceptable to ADAC wherever the same are unavailable or non-existent.
 ADAC shall share any pre-established standard policies and procedures that Seven Seas review in
order during the ADAC Gap Analysis and Risk Assessment. E.g.
o Access Control Policy
o Physical Security Policy
o Facility Management Policy
o Business Continuity Plan.
o Disaster Recovery.
 Key stakeholders identified by ADAC will be reasonably available for meetings/ discussions with
members of the Seven Seas project team during the remediation Seven Seas will provide
reasonable advanced notice of such meetings/discussions.

10 | P a g e
  Stakeholders identified by ADAC will provide timely feedback and/or review of the Deliverables.
ADAC shall provide review feedback for all the deliverable within 2 days after the first draft
submission. Any updates of the documents shall be done in one iteration only.
 ADAC shall complete remediation of non-conformity (NC), or any opportunity for improvement
(OFI) to within 2 Weeks of completion of Initial Iteration and notify Seven Seas. Post
confirmation, our Seven Seas Consultant shall perform re-validation and issue Final report.
 Seven Seas shall provide necessary audit assistance and prepare ADAC IT department to achieve
compliance with ISO/IEC 27001 by contracting with the Certification body however ADAC will
recommend the selection of the certification body.
 ADAC shall supply all the pre-requisites on timely manner.
 Post the submission of said Deliverables, any concerns regarding the deliverables need to be
reported within One ("1") Business Week.
 Delay of any project phases beyond the control of Seven Seas shall be chargeable as per the
applicable rates.

6. FEES AND PAYMENT

Project would be delivered remotely. The service covered under this proposal shall be delivered on a fixed
price Total AED One Hundred Four Thousand - as mentioned in table below.

S. No TIA 942 Assessment Estimated Amount (AED)

Duration
(Weeks)
1 Pre-Assessment Planning phase 2 14,800

2 On-Site Assessment Phase 1 7400

3 4 29,600
Analysis and Reporting
7 51,800
Total

6.1 Payment Milestone / Schedule:

 50% along with PO
 Balance 30% up on completion of Development of Policy
 Balance 20% up on completion of Internal Audit

6.2 Standard Terms & Conditions:

 Proposal is valid for 1 months from submission i.e., till 15h January 2024

11 | P a g e
 Taxes: The Fees are exclusive of all applicable taxes. ADAC will be responsible for, and will
promptly pay, taxes (including but not limited to value-added (VAT), sales, service, export and use
taxes, withholding tax (WHT)) associated with this Agreement or ADAC receipt of the Services,
and any stamp tax or similar taxes payable on conclusion of contracts or issue of purchase orders,
statements of work and similar documents, except for taxes based on Seven Seas ’ net income
and taxes related to Seven Seas ’ employees. Seven Seas shall state applicable taxes on its invoice
and pay all collected taxes to the appropriate taxing authority. Seven Seas shall not charge taxes if
ADAC, to the satisfaction of Seven Seas, provides an exemption certificate acceptable to the
taxing authorities or a written request. If the tax authorities subsequently opine that Seven Seas
should have charged such taxes, ADAC shall pay such taxes (including any interests, levies, and
penalties) as required by the authorities. Except as provided above, the party that is liable for
payment of any tax upon which interest and penalties are imposed shall bear such interest and
penalties. Further, may withhold income taxes as applicable to the country of invoicing on the
amounts payable to Seven Seas if required by law, except to the extent Seven Seas submits a
certificate of exemption from / reduced withholding. ADAC shall remit the withholding taxes to
the tax authorities and enable Seven Seas to claim a tax credit by providing an appropriate and
timely certificate of withholding. If Seven Seas is unable to claim credit, shall reimburse Seven
Seas the withheld taxes.
 Any concerns against invoice shall be notified by ADAC to Seven Seas within 5 days from the date
of submission of invoice by Seven Seas. All un-disputed invoices or invoices where no concerns
are raised in 5 days shall deemed to be accepted and due within 30 days from the date of invoice.
 Payment of Fees under this Agreement shall be made by ADAC to Seven Seas on submission of
invoice.
 Seven Seas shall need a minimum notice of 5 working days before the start of the engagement.
 Project would be delivered remotely. If travel becomes necessary, all reasonable and necessary
travel from Bangalore and related expenses will be reimbursed in accordance with ADAC’ s travel
and expense policy. Additionally, to be considered reimbursable such expenses must be (a) pre-
approved by ADAC (b) invoiced as actuals, and (c) submitted with receipts.
 During the term of this proposal and for one (1) year thereafter, neither party shall solicit, directly
or indirectly, any employee of the other party who was involved in the provision or receipt of the
services. This clause shall not restrict a party from hiring employees of the other party who apply
unsolicited in response to a general advertising or recruitment campaign.
 Project can be terminated by either party with 1-month prior notice. If this project is terminated
prior to completion of contract, ADAC will incur fees for 1 month from date of written termination
notice.
 Seven Seas retains the right to withhold any deliverable until all outstanding invoices have been
paid in full.
 In no event, will either party be liable to the other for any indirect, special, consequential, punitive
or incidental damages or loss of revenue, loss of data or loss of business or profits, however
caused, even if advised of the possibility of such damages and the maximum aggregate liability
(whether in contract, tort (including negligence and wilful misconduct)) of either party to the
other, regardless of the form of claim, shall be limited to the aggregate fees paid or payable to
Seven Seas by ADAC under the SOW.

12 | P a g e
  Neither party shall, without the express written consent of the other, make public or otherwise
directly or indirectly reveal the contents or existence of this SOW or any confidential information
exchanged between parties except to their employees/consultants/advisors who shall undertake a
similar duty of confidentiality.
 This SOW shall be construed and governed by the laws of India.
 Any software, hardware, tool, external auditor, and certification cost is not included.

7. APPROVAL AND SIGN-OFF

This Statement of Work (“SoW”) dated 15th January 2024, executed between Seven Seas Technology at
72B Umm Hurair Rd - Oud Metha - Dubai - United Arab Emirates (“Seven Seas”) and ADAC HQ Abu
Dhabi, UAE (“Abu Dhabi International Airport”). Any changes to this Proposal would be initiated by
business change request (CR). Once discussed and mutually agreed, the CR would be approved and
signed as an addendum to this proposal.

IN WITNESS WHEREOF, the parties have signed the Proposal as of the Effective Date.

The parties have caused their duly authorized representatives to execute the proposal as of the date set
forth below: -

For ADAC HQ For Seven Seas Technology

Signature Signature

Name: Name:

Title: Title:

Date: Date:

13 | P a g e