publishingext.dir.texas.govpublishingext.dir.texas.gov/portal/internal/contracts-and-services... ·...
TRANSCRIPT
Attachment 3-C Critical Deliverables Page 1 of 7
Exhibit to Managed Application Services Service Component Provider Master Services Agreement
DIR Contract No. DIR-MAS-SCP-ADSAMS-OOI Between
The State of Texas, acting by and through the Texas Department of Information Resources
and
Enterprise Services, LLC
Attachment 3-C
Critical Deliverables
September 19, 2017
Attachment 3-C Critical Deliverables Page 2 of 7
TABLE OF CONTENTS
A.0 ONE TIME CRITICAL DELIVERABLES - INTRODUCTION ............................................. 2
A.1 Day 1 Readiness Plan.................................................................................................................... 2
A.2 Service Management Manual (SMM) ........................................................................................... 2
A.3 New Customer Integration Plan .................................................................................................... 2
A.4 Updated Disaster Recovery Plans ................................................................................................. 2
A.5 Customer Outreach Plan............................................................................................................... 3
B.0 RECURRING CRITICAL DELIVERABLES - INTRODUCTION ......................................... 3
B.1 Annual Technology Plan and Roadmap........................................................................................ 3
B.2 Annual Equipment & Software Refresh Plan ............................................................................... 3
B.3 Service Management Manual Currency - Quarterly Report......................................................... 4
B.4 Customer Satisfaction Improvement Plan ..................................................................................... 4
B.5 RESERVED .................................................................................................................................. 4
B.6 Security Patch Compliance Report ............................................................................................... 4
C.0 DELIVERABLE ACCEPTANCE CRITERIA MATRIX.......................................................... 4
Attachment 3-C Critical Deliverables Page 3 of 7
A.0 ONE TIME CRITICAL DELIVERABLES - INTRODUCTION
This Attachment sets forth certain obligations of Service Provider regarding One Time Critical Deliverables. If Service Provider fails to deliver to DIR any Critical Deliverables as described below, in format and content acceptable to DIR, DIR at its discretion may prohibit the Service Provider from engaging with STC Customers for Services.
Unless otherwise specified below, Service Provider shall provide each One Time Critical Deliverable set forth in Attachment 3-A on or before the respective date listed therein, as applicable and as indicated in this Attachment. For the avoidance of doubt, (i) if the Effective Date is September 01, 2016, and (ii) if the number of months for delivery of a One Time Critical Deliverable is three (3) months after the Effective Date, the Service Provider must provide the Critical Deliverable to DIR no later than December 01, 2016. The One Time Critical Deliverable Acceptance Criteria and DIR Sign-off Matrix will be developed prior to the Effective Date and will be in the format referenced in Section C of this document.
A.1 Day I Readiness Plan
Service Provider will complete a Day 1 Readiness Plan that must be approved by DIR thirty (30) days after the Effective Date. The purpose and scope of such plan is to outline the plans and milestones for ensuring Service Provider's organization, process and procedures are established to begin seeking Customer proposals for services.
Items to be addressed include development of initial catalogue of services and Customer marketing plans for services. For each MAS Category, Service Provider will identify a catalog of services and/or SaaS products it intends to implement and by when.
A.2 Service Management Manual (SMM)
Service Provider will develop documentation in accordance with the requirements and schedule in Attachment 6-B (Service Management Manual).
A.3 New Customer Integration Plan
60 days after the acceptance of the Day 1 Readiness Plan, Service Provider shall provide a detailed plan that documents how new STC Customers will be integrated into the existing Services. Such plan should include how new Customers are trained, how Service Provider will perform knowledge transfer, how transition of services from Customer to Service Provider will be managed, how SLAs will be implemented and reported, how Customers will be invoiced for services. Plan should include Service Provider's ongoing approach to market services to potential new customers throughout the life of the contract.
A.4 Updated Disaster Recovery Plans
Service Provider shall develop an Application Recovery Guide (ARG) template and methodology / approach to address Disaster Recovery requirements for applications. The ARG template must include, but is not limited to, the following:
o RTO/RPO for the Application
Attachment 3-C Critical Deliverables Page 4 of 7
o DR Level Classification (DR Class)
o DR Functional Category Code
o Critical Application designation
o Customer and SCP contact information
o Recovery site and systems
Directories File System and other mount points required such as NFS
Inter-server environment relationships and dependencies
Security dependencies
Interface dependencies
Application and/or database specific dependencies
Operational procedure dependencies associated to the application
o Recovery CI assets (including DR target server CI, if target is required (Class P, 1 and 2A, 2B, and 6))
o Network diagrams
o Criteria for Return to Normal designation
o 3rd Party Software dependencies required to support applications and databases
o The DR methodology must include, but is not limited to, the following:
o Approach for supporting application recovery in a shared services environment, including integration with infrastructure SCPs
o Enterprise view of application recovery to support multiple Customers
o Alignment with the DCS Dual Data Center DR model
o Process for ensuring ARGs are maintained with current information
Attachment 3-C Critical Deliverables Page 5 of 7
Within 1 month of the commencement of services with a new Customer the Service Provider will have updated contact information in all Disaster Recovery Plans to reflect Service Provider changes where appropriate. Within three (3) months after the commencement of services with a new Customer, Service Provider shall update all existing Customer-specific Disaster Recovery Plans and Application Recovery Guides to reflect all changes implemented to the Services. For Applications lacking tested Disaster Recovery Plans, Service Provider shall work with Customers to create a Disaster Recovery Plan and Application Recovery Guides.
A.5 Customer Outreach Plan
Service Provider will create a Customer Outreach Plan that within 30 days of after acceptance of the Day 1 Readiness Plan that outlines the strategies and specific tasks the Service Provider will undertake within the first year of operations to communicate to DCS customers about Managed Application Development and Managed Application Maintenance services available. The plan will identify all potential customers to reach, the schedule of events to reach them, and the communication methods to be employed. The plan will further identify tasks to research, estimate and propose development and maintenance services to interested customers.
B.0 RECURRING CRITICAL DELIVERABLES - INTRODUCTION
This Attachment sets forth certain obligations of Service Provider regarding Recurring Critical Deliverables. If Service Provider fails to deliver to DIR any Recurring Critical Deliverables as described below, in format and content acceptable to DIR, DIR at its discretion may prohibit the Service Provider from engaging with STC Customers for Services.
Unless otherwise specified below, Service Provider shall provide each Recurring Critical Deliverable set forth in Attachment 3-A on or before the Deliverable date indicated in Attachment 3-A. The Acceptance Criteria and DIR Sign-off Matrix will be developed prior to the Effective Date and will be in the format referenced in Section C of this document.
B.1 Annual Technology Plan and Roadmap
Service Provider will provide updates to the Technology Plan and the Technology Road Map to the MSI to include proposed updates to reference technical architecture and software currency designations. Service Provider will complete its portions of the Technology Roadmap and Technology Plan in alignment with the established annual deliverable cycle. The Technology Roadmap will comply with the requirements of Section 9.5(d) of the Master Services Agreement, subject to approval by DIR. The Roadmap will identify specific, short-term steps and schedules for projects or changes with estimated timing and cost impacts for DIR and STC Customers. The Technology Roadmap will be updated at least annually in alignment with the annual Technology Plan and Roadmap deliverable cycle.
B.2 Annual Equipment & Software Refresh Plan
The Service Provider will deliver annually to DIR a Refresh plan that addresses Refresh for all Equipment and Software for which a Refresh cycle is provided in Attachment 4-B. The initial Refresh plan will place all STC Customer and Service Provider Equipment on a five-year Refresh cycle, with one-fifth of all Equipment to be refreshed annually. Service Provider will work collaboratively with the DCS Service Component Providers to refresh Customer environments according to this schedule. For development environments not hosted in DCS, Service Provider
Attachment 3-C Critical Deliverables Page 6 of 7
must provide plan that ensures the refresh cycles are met.
As a part of the Refresh plan, Service Provider will provide a schedule to upgrade Software to N/N-1 levels and to Refresh Equipment in accordance with the Technology Plan and Technology Roadmap. The Refresh plan is subject to DIR and STC Customer Acceptance through the DCS Technology Solutions Group governance Process. Proposed Software version levels will comply with the N and N-1 targets in the Consolidated Data Centers.
Following the initial Refresh plan, Service Provider will include in subsequent Refresh plans a report describing the Refresh status of all Equipment and Software included in the Refresh plan.
B.3 Service Management Manual Currency - Quarterly Report
The MSI will provide an annual schedule for reviewing and updating all sections of the Service Management Manual (SMM). The MSI will provide a quarterly report of the review findings which demonstrates the currency and accuracy of the SMM sections reviewed in that quarter. The MAS SCP will provide updates to its SMM sections accordingly.
B.4 Customer Satisfaction Improvement Plan
The MSI is responsible for providing a third party Customer Satisfaction survey annually. Three (3) months after the results of the Customer Satisfaction Surveys are available, the MAS Service Provider shall provide an improvement plan in accordance with Section 7.6(c) of the Master Services Agreement to address and improve the level of satisfaction. The customer satisfaction improvement plan shall be approved by DIR and reported against by the MAS Service Providers on a monthly basis. The progress of implementation and improvement shall be reported by the MSI on a monthly basis.
B.5 RESERVED
B.6 Security Patch Compliance Report
Not later than three (3) months after Effective Date and by October 1 annually thereafter, Service Provider will deliver for DIR approval a report assessing security patch level compliance across all infrastructure related to the applications in development or maintenance. The report shall include a plan for bringing infrastructure into compliance. If the application is hosted in the DCS program, the compliance report will be produced by the DCS Service Providers and the MAS Service Provider must work with the DCS Service Providers to eliminate any noncompliance. For development environments not hosted in DCS, the MAS Service Provider is required to produce a security patch compliance report and demonstrate all noncompliance has been remediated before the deliverable can be approved.
Attachment 3-C Critical Deliverables Page 7 of 7
C.0 DELIVERABLE ACCEPTANCE CRITERIA MATRIX
This section describes the process DIR will use for Acceptance of Milestone Deliverables that are committed to in the RFO. The Matrix provided below is an example of the template that will be used to capture Milestones/Deliverables and other information related to the acceptance process.
A thorough deliverable acceptance process that addresses deficiencies as early as possible to minimize impacts to the Services is critical. DIR and DIR Customer will review the Milestone Deliverables throughout the phases of development. Service Provider will solicit input from DIR and DIR Customer as the Milestone Deliverables are developed. Service Provider shall review the expectations in advance so as to obtain acceptance of the final Milestone Deliverable within the Acceptance Review Period. Feedback and suggestions received from DIR and DIR Customers will be incorporated into the Milestone Deliverable. The deliverable acceptance process will comply with Section 4.6 of the Master Services Agreement and be formally documented in the Service Management Manual.
Example - Critical Deliverable Acceptance Matrix
Critical Deliverable Acceptance Criteria Sign-Off Authority Lead Time for Review (days)
1.0 2.0 3.0 4.0 5.0