Logging and Monitoring (TOS)

TERMS OF SERVICE FOR
LOGGING AND MONITORING
SECURITY INFORMATION EVENT MANAGEMENT (SIEM)

This Service is subject to and governed by the Customer's separate signed Master Services Agreement (MSA) or Customer Service Agreement (CSA) as applicable, with Consolidated Technology Services (CTS), calling itself Washington Technology Solutions or "WaTech" for short. The reference to WaTech means the same as Consolidated Technology Services. This Agreement is entered into between you and WaTech for the provision of WaTech's Logging and Monitoring (SIEM). For the purposes of this agreement "You" and "Customer" are used interchangeably and mean the entity to which WaTech is providing service.

A. Service Description

Logging and Monitoring is a key component of an information security practice to enable incident detection and response competencies. Log data collection and analysis activities are necessary to provide visibility into what is happening in the systems and data environment.

  • You can't manage what you can't see - logging and monitoring solutions provide the visibility you need to detect potentially malicious activity

  • The ability to correlate logs and analyze network, system and user activity is critical in minimizing the impact of compromise

  • Determining the cause of a compromise is very difficult, if not impossible, without system activity logs

  • These factors drive policy and regulatory compliance requirements that make logging and monitoring a mandatory component of many security plans

WaTech operates a multi-tenant virtualized SIEM platform at the State Data Center. This service provides Customers with the ability to aggregate log data and configure dashboard views, reports, and alerts needed to enable event correlation and log file analysis tasks. Information Security analysts use the toolset to analyze log data in the course of performing incident detection and response tasks.

This service also includes 24x7 vendor managed services. The managed services provider manages the health and availability of the platform, provides subject matter expertise and user support, and also monitors the Customer's SIEM to provide 24x7 "eyes on glass" for incident alert communication and escalation as defined by the Washington State Office of Cyber Security (OCS) and the Customer's incident response preferences.

B. Availability/Accessibility

  1. Availability Management
    The service(s) defined in this agreement will be available 24 hours a day, 7 days a week. WaTech shall not be liable for any damages resulting from any service interruptions, downtimes, or any other factor beyond WaTech's control.

  2. Change Management
    All changes to WaTech Data Center computing and network environments are managed to promote or provide stability and minimize the impact of the changes to its customers. All changes to the WaTech computing and network environments are implemented in accordance with WaTech Information Technology Services procedures.

  3. Problem Management
    Problems with the WaTech computing and network environments are managed in accordance with the WaTech Information Technology Service Management Operations Manual Problem Management Standards and Procedures.

  4. Security Management
    WaTech provides a security system infrastructure that reasonably protects its Customers from unauthorized external access to Customer's intellectual property, proprietary and confidential data. WaTech shall manage the security system infrastructures in accordance with the WaTech Information Technology Service Management Operations Manual Standards and Procedures.

  5. Security Disclaimer
    This WaTech service is designed to prevent outsiders from gaining access and will provide an effective method of monitoring and limiting access. However, it may not prevent some instances of an employee from gaining unauthorized access to confidential information stored on the network. WaTech does not and will not accept liability for any losses or damage to Customer's business or data that arise as a result of the service not preventing unauthorized access. The WaTech service does provide a high standard of protection and service, but no system can claim to be completely secure.

C. Charges

Agencies paying into the State Network Allocation contribute to fund this service. The allocation covers the expenses associated with the hardware and software components of the platform, and for a finite amount of data collection and analysis capacity. The available capacity is allocated to customers based on their percentage of contribution to the allocation.

The scope of this service includes the storage and analysis/processing of systems log data. Additional SIEM functionality such as network traffic packet data capture and analysis or instructor lead training classes can be purchased through the WaTech vendor contract as a brokered service for a 5% of purchase price handling fee. In the event a Customer exceeds their allocated capacity WaTech will work with the Customer and the vendor to negotiate then current pricing for additional licensing and or hardware required to provide the Customer with additional capacity at the Customer's expense.

D. Responsibilities

The delineation of responsibilities are documented in more detail in the RACI matrix (Appendix A.) Below is a general description of responsibilities

  1. WaTech

    1. Manages the SIEM solution provider contracts, purchasing, maintenance support, and renewal agreements.

    2. Serves as the Customer's liaison with the solution provider to manage and monitor support issues, assists to coordinate escalations for problem resolution Monday through Friday 8:00 am - 5:00 pm.

    3. Partners with the vendor to provide and facilitate state wide Customer user group meetings and training sessions.

    4. Manages communications to ensure all Customers are kept current on relevant news and events, and solicits regular feedback for service improvements.

    5. Manages central shared hardware platform in the State Data Center and assists Customer teams in onboarding and use of their tenants within the multi-tenant environment.

    6. Reasonably manage and maintain the physical environment housing the infrastructure in accordance with applicable WaTech policies.

  2. Managed Services Provider

    1. Provides remote administration management of the platform to cover appliance management needs such as uptime monitoring, software updates and patching, validation of new event sources.

    2. Assists in incident response activities to monitor SIEM activity 24x7 for indicators of compromise, document parameter of anomalies found to use as baseline data for configuring new reports and alerts, and manages communications per OCS and the Customer's designated preferences.

    3. Provides skills and expertise to support customer teams in configuring their instance of the SIEM in the initial onboarding phase and then in ongoing day to day operations.

    4. Provides resources to partner with WaTech to define Customer service requirements to assist with onboarding and implementation tasks.

    5. Owns day to day operation of the Customer's use of the service to perform SIEM tasks and configure alerts and reports.

    6. Submits support request and partners with WaTech in issue resolution with the solution provider.

    7. Allocates resources to participate in periodic user group meetings and training events.

E. Special Terms

  1. License Grant
    Subject to the additional Product Specific License applicable to the service, the rights granted to Customer are subject to the following restriction, and Customer hereby covenants as follows: While there is no software transfer necessary from Vendor to Purchaser to effectuate the Service, Purchaser agrees not to reverse engineer, decompile, or disassemble any software that is embedded that provides the Service, or otherwise attempt to derive the processes by which the Service is provided or the Reports are generated, except to the extent the foregoing restriction is expressly prohibited by applicable law.

  2. Limitation of Warranties
    RSA (including its suppliers) provides the Products and Services "AS IS" to WaTech. and makes no other express or implied warranties, written or oral, and ALL OTHER WARRANTIES ARE SPECIFICALLY EXCLUDED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AND ANY WARRANTY ARISING BY STATUTE, OPERATION OF LAW, COURSE OF DEALING OR PERFORMANCE, OR USAGE OF TRADE.

  3. Government Regulations
    The Products and the technology included therein provided under this Agreement are subject to governmental restrictions on exports from the U.S.; restrictions on exports from other countries in which such Products and technology included therein may be produced or located; disclosures of technology to foreign persons; exports from abroad of derivative products thereof; and the importation and/or use of such Products and technology included therein outside of the United States (collectively, "Export Laws"). Diversion contrary to U.S. law is expressly prohibited. Customer shall, at its sole expense, comply with all Export Laws and RSA export policies made available to Customer by RSA. Customer represents that it is not a Restricted Person, which shall be deemed to include any person or entity: (1) located in or a national of Cuba, Iran, Libya, North Korea, Sudan, Syria, or any other countries that may, from time to time, become subject to U.S. export controls for anti-terrorism reasons or with which U.S. persons are generally prohibited from engaging in financial transactions; or (2) on any restricted person or entity list maintained by any U.S. governmental agency. Certain information, products or technology may be subject to the International Traffic in Arms Regulations ("ITAR"). This information, products or technology shall only be exported, transferred or released to foreign nationals inside or outside the United States in compliance with ITAR.