Table of Contents
- 1.0 Service Level Agreement
- 1.1 Version Details
- 1.2 Document Change History
- 1.3 Document Approvals
- 2.0 Agreement Overview
- 2.1 SLA Introduction
- 2.2 Definitions, Conventions, Acronyms, and Abbreviations
- 2.3 Purpose
- 2.4 Contractual Parameters
- 3.0 Service Agreement
- 3.1 KPIs and Metrics
- 3.2 Service Levels, Ranking and Priority
- 3.3 Service Response
- 3.4 Exceptions and Limitations
- 3.5 Roles and Responsibilities
- 3.6 Service Management
- References and Glossary
- A.1 Pricing Models and Charges
1.0 Service Level Agreement
1.1 Version Details
This is version 1.0 of this SLA.
1.2 Document Change History
Last review date: January 15th, 2021
Next scheduled review: January 2nd, 2023
|1.0||1/15/2021||This is the first version.||Thomas Carpe|
1.3 Document Approvals
|Thomas Carpe||CEO Principal Architect||1/15/2021|
|Alara Rogers||Practice Lead, Cloud Services||1/15/2021|
2.0 Agreement Overview
2.1 SLA Introduction
This is a Service Level Agreement (SLA) between Liquid Mercury Solutions ("Company") and it's Client(s) participating in the Cybersecurity Readiness and Response Program ("Program").
Specifically, the Program provides access services intended to increase Clients' operational cybersecurity posture and to respond to potential and actual cybersecurity threats, such as unauthorized access, data breach, and other security incidents.
This document identifies the services required and the expected level of services to be provided under this Program. Subject to review and renewal scheduled as indicated above.
2.2 Definitions, Conventions, Acronyms, and Abbreviations
|SLA||Service Level Agreement|
|Accuracy||Degree of conformance between a result specification and standard value.|
|Responsiveness||The characteristic representing how quickly Client(s) may expect to receive initial and/or follow-up communications of a non-automated nature.|
|Timeliness||The characteristic representing performance of action that leaves sufficient time remaining so as to maintain SLA service expectation.|
|MTTR||Mean Time to Recovery - This is the average time required to restore integrity and usability services after an incident, such as a security breach.|
|MTTF/MTBF||Mean Time to Failure / Between Failures - This is the average time between incidents, such as a security breach.|
|IT Operations Department||An organizational unit of Client(s) responsible for internal IT Operations.|
|Technical Manager||Personnel designated by Client(s) to have authority to make approvals, such as authorizing payments for Priority Service(s).|
|Technical Contact||Any designated member of Client's IT Operations Department.|
|End User||Personnel working for Client(s) who access and use Client's IT services, but have no direct role within Client's IT Operations Department.|
|Cloud Support Staff||Personnel working for Company who have the duty to provide remote support for Client(s), including services as described in this SLA.|
The purpose of this SLA is to specify the requirements of the Program as defined herein with regards to:
- Requirements for service that will be provided to Client(s)
- Agreed service targets
- Criteria for target fulfilment evaluation
- Roles and responsibilities of Client and Company
- Duration, Scope and Renewal of this SLA contract
- Supporting processes, limitations, exclusions and deviations.
2.4 Contractual Parameters
This section specifies the contractual parameters of this agreement:
All Client(s) purchasing Microsoft services ("Subscriptions") from Company shall participate in this Program, in order that Company may be able fulfill its contractual obligations as a Microsoft Partner and Reseller under the Microsoft Cloud Reseller Agreement (MCrA) and Microsoft Customer Agreement (MCuA). Specifically, these agreements require Company to provide essential support to customers purchasing Microsoft 365, Azure, and other cloud services from Microsoft.
- This agreement shall remain in effect so long as Client continues to purchase Subscriptions or has designated Company as Cloud Reseller, Subscription Advisor, Delegated Administrator, or Partner of Record.
- The period of performance shall conform to the superset of all Client's Commitment Terms as described in the MCuA and other agreements between Microsoft and Client.
- Modifications, amendments, extension and early termination of this SLA must be agreed by both signatory Parties.
- Client is entitled to a minimum of 30 days’ written notice for early termination of this SLA.
3.0 Service Agreement
3.1 KPIs and Metrics
|Responsiveness||Company shall provide a hotline and other methods of rapid communication to facilitate urgent response to any security related requests. Assuming that Cloud Support Staff are not immediately available, the time to establish first contact shall be kept to an absolute minimum.||Time to First Response|
|Availability||Company shall make support services available on an urgent basis as needed to respond to potential and actual security incidents as they arise.||
|Reliability||Company shall take proactive steps to ensure that potential and actual security incidents will be minimized.||MTBF|
|Issue Recurrence||Once a security incident occurs, Company shall make services available to ensure that any compromised systems are corrected, access and operations are restored, and appropriate countermeasures are implemented to prevent reoccurrence.||MTBF|
3.2 Service Levels, Ranking and Priority
|Severity Level||Description||Target Response|
|Breach||There is evidence of an active security breach, such as account being locked out, systems being unavailable, or other direct evidence of compromise.||Immediate|
|Critical||There is a high probability security risk indicator. For example, Company receives an automated security notification labeled as "high risk".||Within 1 hour|
|Important||There is a medium probability security risk indicator. For example, Company receives an automated security notification labeled as "medium risk".||Within 4 hours|
|Monitor||There is a known security vulnerability or a low probability security risk indicator, where no immediate action is necessary.||Within one business day|
|Informational||There is a security related query, such as identification of the legitimacy of a specific email message, research into security related topics, best practices, or other recommendations.||Within 72 hours|
3.3 Service Availability and Response
|Service||Description||SLA Level||Performance Metric / Measurement|
|Lighthouse||Microsoft 365 SaaS platform that allows partners to manage Microsoft security products and information, such as Enterprise Mobility and Security, Defender ATP, etc.||99.999%||Availability|
|EPM||Enterprise password management services, such as KeyVault, PassPortal, or MS Authentication||99.99%||Availability|
|Emergency Response||Direct and immediate support response to restore service integrity in the event of a breach.||99%||Responsiveness,
|Security Consultation||Availability of Cloud Support Staff with subject matter expertise in cybersecurity topics||99%||Responsiveness,
|System Event Monitoring||Review and classification of automated events, notifications, warnings, etc. in order to determine which may require an immediate response.||95%||Reliability,
|Situational Awareness||Periodic review of systems, configurations, practices in order to ensure that IT Operations Department is kept aware of the current threat landscape.||N/A||Availability|
|Security Attestation / Accreditation||Certification for third parties (such as insurance providers, Client's potential customers) of implementation status of security best practices||N/A||Availability|
|Forensic Analysis||Analysis of system logs and other data in order to determine the extent of a breach and its root causes.||N/A||Availability|
3.4 Exceptions and Limitations
- Company may not be liable to credit reimbursement for service impact due to outages in Microsoft 365, third-party SaaS services, or Internet Service Providers.
- Responsiveness may be delayed by up to 2 hours between the hours of 12 midnight and 8 a.m. and on holidays during which Company offices are closed for business.
- Extended incident support lasting longer than 2 hours shall require Priority Services per pricing structure specified in Appendix A.1.
3.4.1 Service Credit Reimbursement
If Company shall fail to maintain acceptable service availability and performance within the above provided metrics, Client shall be entitled to a credit or refund against any applicable Program fees.
Should Client feel entitled to such, it is the Client's responsibility to request such reimbursement.
Such credit reimbursement shall be pro-rated based on the actual deficiency rate (e.g. 75% performance shall receive a 25% reimbursement) and shall be limited in all cases to no more than 3 months for any single instance of deficiency.
3.5 Roles and Responsibilities
- Client should provide all necessary information and assistance related to service performance that allows the Company to meet the performance standards as outlined in this document.
- Client shall obtain at its own expense any necessary security software and/or tools as needed to ensure the security and integrity of their information and security systems.
- Client shall inform Company regarding changing business requirements that may necessitate a review, modification, or amendment of this SLA.
- Company will act as primary support provider of the services herein identified except when third-party vendors are employed who shall assume appropriate service support responsibilities accordingly.
- Company will conduct periodic screening of all Cloud Support Staff in order to minimize any risk to Client's information and security systems.
- Company will inform Client regarding scheduled and unscheduled service outages due to maintenance, troubleshooting, disruptions or as otherwise necessary.
- Company will validate and verify the identity of any of Client's Technical Contacts requesting services prior to providing any services or information that may undermine the integrity of Client's information and security systems.
3.6 Service Management
Services included in whole or in part by this Program include, but are not limited to:
- Proactive Posture
- Ensuring that Microsoft services are configured to adequately protect your organization from phishing attacks, malware, and fraud - both before and after an attack
- Perform any of the following configurations on the Microsoft 365 tenant:
- System Security Alerts
- Auditing Policies
- DKIM, DMARC, SPF
- Defender for Office 365 Cloud
- Defender for Endpoints
- Defender for Identity Protection
- MFA Policies
- Conditional Access Policies
- E-mail File and Retention Policies
- Configure and operate Lighthouse for Microsoft 365
- Monitoring system generated alerts to determine what's a false alarm and what may be a real threat to Client's information and security systems
- Courtesy evaluation of email you suspect may be phishing, hacking, fraud, or scam
- Access to cybersecurity subject matter experts
- Quarterly security awareness bulletin plus advisories to specific incidents
- Periodic advice or training sessions on best practices to prevent attackers from stealing money from your business
- Incident Response
- Maintaining a preferred network of cybersecurity experts
- Keeping Cloud Support Staff on-call, ready to respond to potential emergencies
- Referrals to pre-evaluated after-action security services such as hunting and forensic experts
- Attestation, Accreditation, and Insurance
- We provide affirmative statements regarding the security configurations, such as may be needed for Client's potential customers and cyberthreat insurance policies.
- Company maintains Professional Liability Insurance (E&O) in the amount of $2 million to underwrite the quality of security advice and services covered by this SLA. Client(s) experiencing a security breach are entitled to claim against this insurance in the event of any deficiency in performance of services described herein. Company shall provide certificate of insurance to Program members upon request.
- Other Helpful Resources
- Providing security enhancing software, such as enterprise grade password management tools, or other security tools to help enhance your security posture.
3.6.1. Service Availability
Service coverage by Company as outlined in this agreement follows the schedule specified below:
- Phone Support: 24-Hours as per Section 3.2. of this agreement.
- Email and Support: 24-Hours as per Section 3.2. of this agreement.
- Chat Support: 9 a.m. to 6 p.m. Monday to Saturday via Microsoft Teams.
References and Glossary
This SLA makes reference to certain Microsoft agreements, which vary by market segment and geographic region. You may view the relevant version of the Microsoft Customer Agreement here: https://www.microsoft.com/licensing/docs/customeragreement.
Certain terminology used in this SLA are consistent with those same terms when used in our Client Terms of Service and other agreements and policy documents. Please see Definitions and Our Terms of Service, SLA, Etc. for a list of these.
A.1 Pricing Models and Charges
Program Pricing Model
Company charges each Client a uniform fee to participate in Program. This fee is based on a sliding scale, depending on the total number of users in Client organization.
The formula is as follows:
- + First 10 users @ $2/ea/month
- + 11-25 users @ $1/ea/month
- + 25-100 users @ $0.50/ea/month
- + Above 100 users @ $0.20/ea/month
So for example, depending on the number of users, the cost would be as follows:
For expediency, Company may input fixed amounts into billing and subscription management systems. Where such systems do not provide the capacity for automatic re-calculation of the above formula, the amount charged will be subject to periodic manual review.
Monthly Fee Reduction
When Client purchases Microsoft licenses to provide advanced security features and enrolls in Company's Service Plan(s), the monthly Program fee may be reduced or waived.
It is Client's responsibility to initiate this process and provide evidence that all requirements are met.
Client's who meet most but not all of the eligibility requirements below will be reviewed on a case-by-case basis, and any fee reductions shall be at Company's sole discretion.
- Enroll in a qualifying Service Plan, such as Admin 365 On Demand or Event Horizon Co-managed Cloud. This also includes retainer based Service Plans, where Client places a deposit for future services delivered T&M basis.
- Maintain a Cybersecurity Insurance policy upon which Company may file a claim to provide funding for incident response and after action services in the event of a incident or breach.
- Enforce MFA for all users (with reasonable exceptions granted for service and break-glass accounts); note that (under Azure AD Premium Plan 2, cited below) this does not necessarily mean all users will be required to provide MFA on every login.
- Disable or restrict access to legacy authentication / protocols, such ActiveSync, POP3, IMAP, and SMTP. (Reasonable exceptions for secured system processes are allowed.)
- Purchase Microsoft 365 plans for security* (or otherwise demonstrate that you've deployed an equivalent security solution from another vendor) that include the following:
- Defender for Identity Protection (a.k.a. Azure AD Premium Plan 2)
- Defender for Cloud / Office 365 (a.k.a. Threat Intelligence)
- Defender for Endpoints (PC and mobile anti-virus / malware / zero-day)
- Comply with Microsoft's end-user licensing requirements, by purchasing plans that include Defender ATP for Office 365 Plan 1 and Azure AD Premium Plan 1 for end-users as needed.
* Under a co-managed relationship this will generally mean at least two users, one for your IT admin login and one to be used by Company's Cloud Support Staff. (Customers with Event Horizon service plans may elect to receive one or more of these plans at no cost using Event Horizon benefit points.)
The following table illustrates plans than provide the required protection:
|Required Feature||Qualifying Plans|
|Defender for Identity Protection Plan 2||Microsoft 365 E5, EMS E5, or Azure AD Premium Plan 2|
|Defender for Office 365 Plan 2||Microsoft 365 E5, Office 365 E5, and Defender ATP for Office 365 Plan 2|
|Defender for Endpoints||Microsoft 365 E5, Windows 10 Enterprise E5, and other qualifying plans per Microsoft changes Dec 1, 2020 such as EMS E5 or Defender ATP for Endpoints|
|Defender for Office 365 Plan 1||Microsoft 365 BP/E3/E5, Office/Microsoft 365 E5, EMS E3/E5, or DATP for Office 365 Plan 1/2|
|Defender for Identity Protection Plan 1||Microsoft 365 BP/E3/E5, EMS E3/E5, or Azure AD Premium Plan 1/2|
As indicated elsewhere, extended security support incidents lasting longer than 2 hours shall be subject to Company's policies regarding Priority Services. Where a support request is determined to be within the scope of this Program, Client will not be billed for the period of the security support incident which falls within the 2 hour Fair Use period.
Specific hourly rates for Priority Services are based on specific Entitlements that are unique for each Client (such as whether the Client is enrolled in a Service Plan) and/or the time of service for Urgent/Emergency Service.
As of this writing, rates for Priority Services are in the range between $172.70 and $271.70 hourly, while Emergency rates fall between $282.70 and $326.70 hourly. Clients who wish to review detailed price information may visit Pricing Policies.