Statement of Work

Monitor & Secure Network



Monthly Reporting

Vendor will provide monthly reporting to customer. Reports will vary depending on which technologies are deployed at customer’s business.

24/7 Network Monitoring

Vendor will monitor numerous technologies and devices remotely, where if an issue is detected, a support ticket will be created with the Vendor for further investigation. Customer is responsible for providing an internet connection to the monitored devices. Monitoring allows Vendor to proactively identify issues to ensure proper functionality of Customer’s computer systems. Vendor has Customer’s permission to monitor, but not limited

  • Internet connection(s)

  • Server(s)

  • Workstation(s)

  • Anti-Malware alerts

  • Missing security updates

  • Onsite backup server

  • Server backup jobs

  • Blocked firewall threats*

  • Passed firewall threats*

  • Rogue wireless networks*

*Requires Cisco Meraki network firewall.

Anti-Malware Deployment & Updates

Vendor will use industry-standard software installed on individual workstations designed to detect and eliminate viruses, Trojan horses, worms, and other Malware intended to harm computer systems or the data stored thereon (“Malware”). The obligation with regard to Anti- Malware Services is solely an obligation to use industry-standard protection and commercially reasonable efforts. Anti-Malware Services do not guaranty that no Malware will reach Customer’s systems or data or that Malware will not damage Customer’s systems or data.

Server Onsite and Offsite Backups

Vendor will backup data on servers that are connected to a network attached backup device. Vendor will provide onsite backup device, unless otherwise agreed upon. Vendor will cause full backups to occur every 30 days and incremental backups to occur nightly. Vendor will keep a total of “six” full month backups, “4” weekly backups and “7” daily backups, with customer that has reasonable amount of data.

Vendor will let Customer know in writing if amount of data is unreasonable.

Backup services require that Customer servers be connected to a network and available to respond to automated commands to backup at the appropriate times, usually during night time hours.

There is no guarantee every on-site backup will be completed successfully, however Vendor will always in good faith and in a reasonable amount of time attempt to resolve the issue. It is possible due to software glitches, networking challenges, and planned maintenance a backup may fail. In the event a backup fails Vendor will

be notified through our 24/7 Network Monitoring service and work on resolving the issue before the next backup is scheduled.

Offsite backup requires Customer to provide a working Internet connection with adequate bandwidth to pass data to offsite location. If Customer requires faster internet connection Vendor will work with Customer to find a reasonable and appropriate speed to complete offsite backup.

There is no guarantee every off-site backup will be completed successfully, however Vendor will always in good faith and in a reasonable amount of time attempt to resolve the issue. It is possible due to software glitches, Internet bandwidth, datacenter issues and planned maintenance a backup may fail. In the event a backup fails Vendor will be notified through our 24/7 Network Monitoring service and work on resolving the issue before the next backup is scheduled. By the nature of off-site backups, transmitting data over your Internet connection takes longer than an onsite backup. Because of this your offsite backups may take longer to complete, however Vendor will in good faith always manage this to the best of our abilities.

Vendor will recover data at Customer’s request so long as the onsite backup server is powered on and connected to the network. The more data that is being recovered the longer it takes. Vendor can recover either individuals, known as file level restore, or the entire system, known as image restore. If recovery requires utilizing the offsite datacenter, Customer can expect longer recovery times due to the nature of transmitting data over the Internet.

In the event of contact termination Customer may purchase onsite backup server or pay Vendor a reasonable rate to copy data to a hard drive. Offsite data will be deleted within “3 Days” of contract termination.

Server and Workstation Patch Management

Vendor monitors the patch and update information for Microsoft Windows based operating systems and Microsoft Office applications. Where Vendor becomes aware of an upgrade or patch to which Vendor is aware that Customer requires, Vendor will cause such patches and updates to be installed on Customer’s covered workstations and servers.

Document network and settings

Vendor document information deemed critical and important to customer’s network. In the event of contact termination, Vendor will provide a copy of all information when final bill is paid in full.

DNS Threat Prevention & Content Filtering

Vendor filters DNS queries through a 3rd party security service as an additional layer of security. This service is designed to detect and prevent Malware infected websites from loading on Company’s computer systems. Service will also block websites deemed non-work related by Vendor. Blocking on the DNS level prevents threats from reaching the managed firewall or managed antimalware services, increasing the overall security of the Customer.

Antispam Email Filtering

Vendor scans all incoming email through a 3rd party service to detect and block spam. This service is designed to detect and prevent Malware from reaching Company’s computer systems.

Managed Security Firewall

Managed Firewall Service includes device configuration, administration, monitoring, *report generation, and customer support for the management of a customer-owned and maintained firewall system.

Configuration: The firewall management service will be operational once the Vendor notifies Customer of proper reception of alerts from the managed devices. Customer must ensure that each device is accessible by Vendor.

VPN Support: At Customer’s request, Vendor will configure Customer’s firewall system to allow a VPN to be established between two firewalls or between a firewall and a client.

Firewall System Monitoring: Vendor monitors the availability and condition of the firewall system and respond in case of failure.

*Security Monitoring and Log Analysis: Vendor processes incoming security alerts from the firewall to determine whether any events of significance occur. Security monitoring is limited to the information as it becomes available from, and is detected by, the firewall.

Firewall Software Upgrades: Vendor will perform major software upgrades on the Vendor-managed firewalls in order to maintain the security posture. If an upgrade is planned, Customer will be notified in advance. If possible, upgrades will be performed remotely and during routine maintenance windows.

Firewall Software Patches: Vendor monitors for new security threats, corresponding patches, and software upgrades. If a potentially critical security patch is discovered, Vendor will inform Customer within a commercially reasonable time after becoming aware of the availability of the patch. If Vendor reasonably determines that a patch is non- critical, Vendor will schedule installation of the patch for routine installation.

Support: Customer will transfer all management of the devices to Vendor. With respect to the firewall only, Vendor will provide the following support services (“Support Services”): (a) Use commercially reasonable efforts to isolate any problems with the firewall and send a technician to the Customer site if necessary; and (b) if Vendor, in its reasonable discretion, determines that any component of a firewall that resides on Customer’s premise needs to be replaced, Customer will replace such component with a component in good working order and of like kind and functionality from a Vendor-approved manufacturer at the time of replacement. Support Services only apply to problems arising from the normal use of a firewall and does not apply if the firewall is damaged as a result of the negligence or willful misconduct of Customer. Vendor will support the vendor-released-and-approved current major version and the major version immediately preceding the current major version of device(s), including software, being managed. Customer will upgrade device(s) to conform to the policy within 30 days of such notification.

Specific Customer Obligations: If a Customer firewall ceases to be fully supported by the manufacturer(s) thereof, Customer will convert to a current model within the time-frame requested by Vendor. Customer will notify Vendor of all planned changes. Customer acknowledges and agrees that (a) Vendor’s firewall management services service constitutes only one component of Customer’s overall security program and is not a comprehensive security solution; (b) there is no guarantee that Vendor’s firewall-related services will be uninterrupted or error- free, that networks or systems connected to or supported by Vendor will be secure, or that Vendor’s services will meet Customer’s requirements; and (c) there is no guarantee that any communications sent by means of Vendor-managed firewalls will be private.

Equipment: Customer will (a) maintain the Customer’s firewall and any associated software, systems, cabling and facilities in accordance with the reasonable instructions of Vendor and (b) not modify, relocate, or in any way interfere with Vendor’s firewall-related service unless expressly authorized by a representative of Vendor to do so. Customer will furnish electrical power in the form of a 120V outlet, including backup power, and such other facilities as are required in order to accommodate the firewall management service. To the extent that Vendor uses Customer-owned or provided hardware and/or software, Customer will provide any license, approvals, or consents reasonably required for Vendor to access or use Customer’s equipment.

Security: Customer will, at its own expense, take all reasonable physical and information systems security measures necessary to protect all equipment, software, data and systems located on Customer’s premises or otherwise in Customer’s control and used in connection with Vendor’s firewall management services, whether owned by Customer, Vendor, or Vendor’s subcontractors. Vendor will not be liable for any loss resulting from any unauthorized access to or alteration of, theft, destruction, corruption, or use of, facilities used in connection with Vendor’s firewall-related service. All security policies, including, but not limited to, firewall security policies, are the responsibility of Customer even if Customer uses a third party (or Vendor) to configure and implement such policies.

*Vendor will only generate reports for Cisco Meraki firewalls, unless otherwise agreed upon.

Professional Services



Hourly Rate

Vendor will charge Customer hourly rates when inside times below:

Hours PST: 6:00 a.m. to 5:00 p.m. except for Vendor holidays. Hours CST: 8:00 a.m. to 7:00 p.m. except for Vendor holidays. Hours EST: 9:00 a.m. to 8:00 p.m. except for Vendor holidays.

After Hours Emergency Rate

Vendor will charge Customer After Hour Emergency Rate outside hourly rate time frame.

*Emergency Response Time

See below for support information

Onsite Support

Vendor will arrive onsite when required to fulfil service agreement.

Phone and Remote Support Sessions

Vendor will resolve issues remotely, billing in 15 minute increments.

Vendor Liaison

Vendor will contact 3rd party providers on behalf of Customer if required to complete an open support request. Customer agrees to have active 3rd party support so Vendor can properly resolve the issue.

New Project Work

Vendor will determine when labor falls under “New Project Work”. Examples include but are not limited to:

  • Server migrations, new server setup, server installation.

  • Migrating data from one core system to another.

  • Office moves large hardware deployments.

  • Large scale planned changes to IT operations.

  • Anything requiring over 10 hours of labor.

*Emergency Response Time

Severity level


Time for initial response

Effort level required for resolution

Level 1

Covered system unavailable for normal operations AND/or majority of users unable to operate

1 Hour Response Time

Work continuously during business hours until resolved

Level 2

(1) Covered system performance substantially degraded, but normal operations possible OR (2) key user(s) (e.g. VIP users) are unable to use the covered system for normal operations

2 Hour Response Time

Work continuously during business hours until resolved

Level 3

Covered system available and usable for normal operations but with minor technical departures from normal operations.

8 Hour Response Time

Work with plan for final resolution within 30 days constitutes resolution.

Optimize Profitability



Server and Workstation Maintenance

Vendor will execute remote commands, sometime automatically, to maintain the reliability and performance of workstations and servers.

Network Remediation Based on Best Practices

Vendor will provide network remediation based on our experience to stabilize and resolve network issues that will impact business operations.

Increase Staff Effectiveness

By Vendor properly maintaining Customer’s computer systems, staff of Customer’s will experience faster computers with less issues, increasing their ability to complete work faster and more efficiently.

Unlimited Software Upgrades

When Vendor becomes aware of an upgrade or patch which Vendor is aware that Customer is entitled, Vendor will cause such patches and updates to be installed on Customer’s covered systems. Software upgrades includes 3rd party applications outside of the Microsoft realm.

Quarterly Review and Planning Meeting

Vendor will assign account manager to Customer as a main point of contact. Vendor and Customer will meet quarterly to review happiness of existing agreement and plan future projects and changes.

Enterprise Services



*All Workstations Replaced

Vendor will replace all workstations over the length of the contract.

**All Servers Replaced

Vendor will replace all servers over the length of the contract.

VoIP Phone System

Vendor will setup and install enterprise VoIP phone system for Customer. Vendor will maintain and support phone system, configure system, secure system and upgrade the phone system when needed.

Server Hosted in Offsite Datacenter

Vendor will host servers in datacenter.

Internet Connectivity

Vendor will install and maintain Internet Connectivity for Customer.

Advanced Wireless Networking

Vendor will scope out customized Wireless solution to meet the specific needs of the customer.

Mobile Device Management

Vendor will install software on each mobile device at Customer’s request. Vendor can manage devices remote and execute commands to prevent data theft in the event the device is lost.

* All Workstations Replaced

Advanced Technology Replacement: Vendor will take the total number of workstations under contract, at the time the contract was written, and divide 48 months (the contract period), by the number of workstations under contract at the beginning of the agreement to set a replacement interval, and replace one desktop system under contract with a new system of the “current technology” at no charge per that interval. The details of the replacement system are defined below. All labor for moving user applications and data is included as part of the managed service. The system brand will be Dell. The replacement system is for hardware and Microsoft desktop operating system.

We will reload the system with the customer’s existing applications. The customer may choose to upgrade the applications through Vendor at that time.

At any one time, there is a range of processor speeds that is deemed current by the industry. Vendor will replace the system with a speed of processor and hard drive that will properly support and grow with the company.

Includes speakers, keyboard, mouse, and DVD-ROM. The specifications will always meet or exceed the

recommended specifications as published by Microsoft for their current operating release of desktop operating system.

One 22” monitor will be part of the replacement package. Client has the option of paying the difference to upgrade any feature of the system. Vendor takes title of the old system being replaced after performing a security erase of all data on the system. Client has the option of selecting the order of replacements. If the client has no preferences, Vendor will replace the systems having the greatest problem or speed issues, which is usually the oldest system, but not always. At the end of the agreement Customer owns all replaced Workstations.

**All Servers Replaced: Vendor will replace existing server with Dell branded system. Vendor will pick a server that supports the future growth plans of the business. Vendor will migrate all existing server applications and software, upgrade to the latest version of Microsoft Server operating system, and ensure all systems are working properly. Server will include high performance storage hard drives with Intel Xeon processors, sufficient RAM, 5 year pro support warranty with iDrac enterprise remote management controllers. Desert IT will take ownership of old server unless client expresses written desire to keep old system.

Miscellaneous Service Matters Vendor Holidays

New Year’s Day

President’s Day

Memorial Day

Veterans Day

Independence Day

Labor Day Thanksgiving

Friday after Thanksgiving

Christmas Day

Enterprise Usage Requirement

When purchasing services, Customer must purchase services for every workstation, server, and firewall at the served location. Customer will pay to Vendor the then-current amount for services for each new workstation, server, firewall, or network switch (“Network Devices”) that Customer adds to Customer’s network. Vendor requires all devices at the location to be covered under the agreement. Customer must have all devices on the same service plan. If a remote device accesses the network, the server or any data owned by Customer, that workstation or device must also be covered under agreement.

Customer will report to Vendor the addition of each new workstation to the served location. Customer may swap out workstations for the same services, provided that the old Network Device is no longer operated at the served location and Customer notifies Vendor of the swap.

Workstation Configuration Lockdown

At Vendor’s discretion, Vendor will enforce a standard configuration across the workstations subject to support under this SOW and will prohibit by policy the introduction or loading of nonstandard software or other applications onto supported workstations. Customer will permit Vendor to load and operate software on the supported workstations designed to prevent the operation of unauthorized or nonstandard software or other applications on each supported workstation. Customer and Vendor will agree in good faith on a standard configuration and pre-approve any departures from the standard configuration (such as the operation of job-specific applications on designated workstations). Vender will have no obligation to support any workstation that materially departs from the standard configuration and Customer will pay Vendor at $120 per hour for any services that Vendor actually renders in connection with any workstation whose configuration departs from the standard configuration. Customer will notify Vendor of any proposed change to the standard configuration and any proposed departures from the standard configuration with regard to any supported workstation.

Authority to Manage Other Vendors

To the extent that the Services reasonably require that Vendor manage, or direct the scheduling or other performance of, third-party vendors, Customer hereby authorizes Vendor to do so. Vendor may show to third-party vendors this SOW as proof of Vendor’s authority and Customer authorizes each third-party vendor to rely upon this authorization.

New Devices

If Customer requires that a new device be connected to Customer’s network, Customer will open a ticket for such installation and schedule the installation a reasonable time in advance. Minor device additions are expected to require at least one business day’s advance notice. Major additions may require additional notice and Customer and Vendor will coordinate such installations with commercially reasonable lead times.

Customer Cooperation

All time commitments contained in this SOW assume reasonable access and Customer assistance when requested and/or necessary. Failure of Customer to grant reasonable access or render reasonable assistance will delay the time for performance by Vendor for the duration of Customer’s failure.

Projects Separate

The Services provided under this SOW are intended to cover ongoing normal operations of Customer’s business as specified at the inception of services. Any development, substantial migration, substantial conversion, or similar activity is not covered by the Services provided for in this SOW. If customer requires such Services, the Parties will negotiate a separate SOW.

Matters Supported

Vendor will provide basic first-level support with regard to the use of, and troubleshooting of problems with Customer line of business applications. Vendor will have no obligation to support any operating system or application that is more than one major release older than the then-most-current major release.

Revisions to Pricing

The prices in this SOW are subject to change after the term of this SOW upon at least 30 days’ notice by Vendor to Customer.