attachment to managed application services service...

Attachment to Managed Application Services

Service Component Provider

Master Services Agreement

DIR Contract No. DIR-MAS-SCP-ADSAMS-001

Between

The State of Texas, acting by and through

the Texas Department of Information Resources

and

Enterprise Services, LLC

Exhibit 2.7.2

Statement of Work

Application Maintenance Services

February 15, 2017

Exhibit 2.7.2 Statement of Work Application Maintenance Services Page 1 of 23

Table of Contents

1.0 Application Maintenance Services ............................................................. 3

1.1 Services Overview ................................................................................................... 3

1.2 Service Strategies and Objectives ........................................................................... 3

2.0 Service Environment ................................................................................... 3

2.1 Scope to Be Supported ............................................................................................ 3

2.1.1 Applications ......................................................................................................... 4

2.1.2 Service Locations ................................................................................................ 4

2.1.3 Infrastructure Hosting .......................................................................................... 4

2.1.4 Personnel ............................................................................................................ 4

2.1.5 Policies, Procedures and Standards .................................................................... 4

2.2 Baseline Information ................................................................................................ 4

3.0 Service Descriptions – Application Maintenance Services (AMS) ........... 5

3.1 Maintenance Services .............................................................................................. 5

3.1.1 Mandatory Maintenance Services ........................................................................ 5

3.2 Enhancement Services ............................................................................................ 6

3.2.1 Minor Enhancement Services .............................................................................. 6

3.2.2 Request Turnaround Times ................................................................................. 7

3.3 Innovation Services.................................................................................................. 7

3.3.1 Innovation Service Objectives .............................................................................. 7

3.4 Application Maintenances Roles and Responsibilities: ............................................. 8

3.4.1 Application Architecture and Architecture Planning .............................................. 8

3.4.2 Application Planning and Analysis ....................................................................... 9

3.4.3 Application Requirements Definition .................................................................. 10

3.4.4 Application Design Specifications ...................................................................... 11

3.4.5 Programming/Development ............................................................................... 12

3.4.6 Application Implementation and Data Migration ................................................. 13

3.4.7 Application Services Documentation .................................................................. 14

3.4.8 Application Training and Knowledge Transfer .................................................... 15

3.4.9 Environment and Facilities Support ................................................................... 16

3.4.10 Non-Production Environment Support ..................................................... 17

3.4.11 Support of IT Infrastructure Management ................................................ 17

3.4.12 Infrastructure Services ............................................................................. 17

3.5 Application Quality Assurance Services ................................................................. 18

3.5.1 Application Integration and Testing .................................................................... 19

3.6 Disaster Recovery Services ................................................................................... 21

3.7 Third Party Software Acceptance ........................................................................... 21


3.7.1 Description ........................................................................................................ 21

3.7.2 Third Party Software Acceptance Process ......................................................... 21

3.7.3 Resolving Issues with Third Party Software Acceptance .................................... 22

3.8 Accessibility Requirements .................................................................................... 23

3.9 Assumptions, Dependencies and Constraints ........................................................ 23


This is Exhibit 2.7.2 - Managed Application Services – Applications Maintenance Services to the Agreement between DIR and Service Provider.

1.0 Application Maintenance Services

1.1 Services Overview

This Exhibit 2.7.2 - Managed Application Services – Application Maintenance Services SOW is the Statement of Work (or “SOW”) that sets forth the roles and responsibilities of the Parties for the Services provided under the Agreement.

The designated roles and responsibilities in Section 3.4 are the typical expectations for the Service Provider and STC Customer. Adjustments may occur when the Service Provider is engaged by an STC Customer to propose or deliver services. These adjustments will be documented in the Exhibit 25 Service Proposal developed by the Service Provider per the STC Customer requirements.

DIR is seeking a Service Provider to deliver the following types of services:

• Application Maintenance Services o A structure and relationship involving the purchase of IT services from a Service

Provider that supplies not only the resources, but also the processes, tools and methodologies and is responsible for the day-to-day management, Enhancement, maintenance and support of existing applications at predetermined levels of service, and is commonly referred to “buying a service.”

1.2 Service Strategies and Objectives

Managed Application Services (MAS) is a procurement and service delivery mechanism to be offered by Texas DIR for STC Customers to engage prequalified Service Providers to obtain governed application services.

DIR STC Customers may request specific Service Proposals that assume the responsibilities defined in this Statement of Work that will be applied to a specific scope of applications. The Service Proposal will address the specific applications and provide pricing based upon the unit pricing agreed upon for Attachment 4-A – Service Provider Pricing Forms (MAS), which is included in the DIR RFO.

2.0 Service Environment

2.1 Scope to Be Supported

The following sub-sections and related Appendices further describe and scope the services to be supported and/or with which Service Provider shall comply. The Service Environment will be specifically defined at the time the Service Provider is engaged by an STC Customer to propose or deliver services per Exhibit 25.

For this Application Maintenance Services scope of work, all test, development and production environments must be hosted within the DCS program.


To provide general context across potential Service Environments, the following sections may reference general lists, descriptions or guidance to be considered by the Service Provider in responding to the DIR RFO.

2.1.1 Applications

The Applications in scope for the services described in this SOW will be determined when the Service Provider is engaged by an STC Customer to propose or deliver services.

2.1.2 Service Locations

Service locations will vary based on the STC Customer requirements and will be determined if an STC Customer engages the Service Provider to propose or deliver services.

Texas service locations are preferred. Onshore service locations are required. No offshore services are allowed because the maintenance service provider will be managing production environments and potentially test/dev environments that may have sensitive data.

2.1.3 Infrastructure Hosting

All test, development and production environments must be hosted within the DCS program. All DIR Customers are eligible to purchase maintenance services as long as the hosting requirements above are met. If the STC Customer’s application is not being hosting within the DCS program at the time the Customer requests services, Service Provider must include the transition of the infrastructure to the DCS program as part of their scope of work and price.

2.1.4 Personnel

Service Provider will be responsible for providing appropriately skilled staffing to meet the Roles and Responsibilities and Service Levels set forth in this SOW.

2.1.5 Policies, Procedures and Standards

The general policies, procedures and standards with which Services will comply are provided in Attachment 6-B — Service Management Manual. Additional requirements will be determined if the Service Provider is engaged by an STC Customer to propose or deliver services per Exhibit 25.

2.2 Baseline Information

Baseline information (e.g. Application portfolio, ticket counts) will be provided by the STC Customer if the Service Provider is engaged by an STC Customer to propose or deliver services. Information will be acquired as available as part of Service Providers implementation of Third Party Acceptance and per Exhibit 25.


3.0 Service Descriptions – Application Maintenance Services (AMS)

3.1 Maintenance Services

Service Provider shall perform the Maintenance Services, including repairing defects, creating and updating baseline documentation for production Applications, and all other life-cycle support activities.

The Service Provider shall adhere to the tenants of the state Application Development Framework upon its publication by DIR, and support DIR and STC Customers in the maintenance of the framework's relevance to STC Managed Application Services.

The scope of Maintenance Services includes, but is not limited to:

a. Fixing defects b. Application support and any miscellaneous effort not dedicated to a specific

Enhancement c. Unit Testing d. Regression Testing not dedicated to a specific Enhancement e. Application Testing in production and non-production environments f. Triage and investigation of Incidents regardless of whether it may result in an

Enhancement in the future g. Code fixes to resolve Incidents that stop or hold Application processes h. Data changes to resolve Incidents

i. Create, maintain, monitor, and resolve Scheduled Events j. General Application Administration k. Ongoing performance and capacity monitoring/modeling and tuning. l. Daily operational activities m. Implementation of Third Party Vendor provided software patches and testing of those

patches n. Incident and Problem monitoring and resolution o. Change, Configuration and Release Management and associated activities p. Participation in Application and Infrastructure Incident Root Cause Analysis

As part of delivering Application Maintenance Services, the Service Provider may be required to coordinate with Application Development work provided by STC Customer or Third-Party.

3.1.1 Mandatory Maintenance Services

3.1.1.1 Preventive Maintenance

Service Provider shall perform preventative maintenance Services to diagnose and correct latent Problems and other errors in the Applications. Preventative maintenance covers events that, if not addressed proactively, could impact Applications in production, including:

1. Changing business volumes, as advised by STC Customer from time to time 2. Maintaining current release as directed by STC Customer


3. Installation of Application patches with approval from STC Customer 4. Infrastructure dependencies 5. Performance tuning 6. Pre-production execution and performance simulation 7. Special testing for events, such as:

a) Public holidays b) End of financial year c) End of calendar year d) Daylight savings time

3.1.1.2 Adaptive Maintenance

Service Provider shall perform adaptive maintenance Services so that Application performance is not affected by Changes to interfacing Applications, new Applications or packages and technical environment Changes, that, if not addressed proactively, could impact Applications in production, with such Changes including:

1) Upgrades of third-party software or tools, including operating systems or database software.

a) Version Upgrades: Service Provider shall maintain the Applications so as to execute without degradation or error as the underlying operating system or database are upgraded by STC Customer from one version to another within the same release, e.g., from 10.X to 10.Y (release version) with capability to rollback to previous steady state.

b) Release Upgrades: Service Provider shall maintain the Applications so as to execute without degradation or error as the underlying operating system or database are upgraded by STC Customer from one release to another, e.g., from X.0 to Y.0 (release, version) with capability to rollback to previous steady state.

2) New, changed or replaced equipment

3) Interface changes

The MSI coordinates all Changes in the DCS environment.

3.1.1.3 Perfective Maintenance

Service Provider shall perform perfective maintenance Services to optimize performance of the Applications, with particular focus on areas including: general performance tuning (e.g., to improve Application response time), database performance tuning (e.g., storage space, query refinement), etc. Tool or script development to make the Maintenance Services more productive or labor-saving is included in this category.

3.2 Enhancement Services

3.2.1 Minor Enhancement Services

Service Provider shall perform Minor Enhancement Services, including the following:


1. Make an assessment of each Service Request for enhancements received from STC Customer and submit estimates to STC Customer for review. The estimation shall also detail the merit and rationale of the proposed design solution, detailed cost estimates (if a Major Enhancement), resource breakdown, impact analysis of the Change on the existing Application environment(s) (if any), such as system performance, integration, system Availability, etc.

2. Classify the enhancement as a Minor Enhancement or a Major Enhancement, based on the following criteria:

a. Minor Enhancements are any enhancements up to and including 40 hours of effort and the costs are included in the AMS Fixed Fee per Exhibit 4

b. Major Enhancements are any enhancements greater than 40 hours of effort and shall be treated as a Project Service per Exhibit 4

3. Subject to STC Customer’s Written Consent with respect to Service Provider’s response to the applicable Service Request, design, develop, test, and implement each enhancement in accordance with the Service Management Manual.

4. Create, update, and maintain relevant documentation to reflect the implementation of each enhancement.

3.2.2 Request Turnaround Times

Service Provider shall provide their assessment of each Service Request for enhancement received from STC Customer within the turnaround times specified by the associated SLAs, as specified in Exhibit 3 - Service Levels.

3.3 Innovation Services

Service Provider shall provide the innovation services as described below. These innovation services are discrete and separately administered activities, in addition to the Maintenance Services and Enhancement Services described above.

3.3.1 Innovation Service Objectives

DIR expects the Service Provider to deliver innovation services in support of DIR objectives.

3.3.1.1 Innovation Approach

DIR is very interested in benefiting from a relationship with a highly experienced Service Provider that has a deep understanding of the industry, technology and emerging opportunities for improvement. As innovation is widely defined, the Service Provider is asked to supply, as part of the proposed solution, an overview of their innovation approach, and how they typical provide such services. A quarterly meeting should be established to report on innovation strategy and progress. Reporting should include:

a. Initiative identification b. Expected benefits c. Expected impact to business d. Overall approach to implementation e. Status of innovation initiatives


3.4 Application Maintenances Roles and Responsibilities:

Service Provider will perform the Services described in this Section with respect to the Application Maintenance Services.

3.4.1 Application Architecture and Architecture Planning

Application architecture and planning Services are defined as setting overall Application strategy, high-level application architecture and Architecture planning associated with the Application portfolio. Architecture services are comprised of maintaining the Application, data and integration architectures.

The following table identifies the Application, architecture and planning Services that Service Provider will perform.

While the following table indicates the STC Customer responsibilities, the STC Customer may choose to retain the Service Provider to assist with those responsibilities. The Service Provider should be prepared to deliver these responsibilities as requested if the Service Provider is retained by an STC Customer to propose or deliver services.

Service Provider will support STC Customer in their review activities (e.g., Technology Solution Group) in alignment with the governance schedule.

The STC Customer or application developer would be responsible for logical and physical database design. Physical DBA and security (administration) in the DCS production environment (not development/test) are managed by the DCS SCP.

Table 1. Application Strategy and Architecture Obligations

Application Architecture Roles and Responsibilities Service Provider

STC Customer

1. Maintain “End State” Application Architecture X

2. Develop and maintain Application Roadmap X

3. Develop and maintain release specific Application Architectures X

4. Participate in Application Architecture planning and recommend Application Architecture design

X

5. Define Functional Architecture X

6. Define Application Integration Architecture X

7. Recommend software technologies, packages, and tools within the framework of this Schedule as required by STC Customer.

X

8. Evaluate and select software technologies, packages, and tools, recommended by the provider, as required.

X

9. Conduct feasibility studies for the implementation of new technologies X

10. Collaborate with STC Customer infrastructure architecture team X

11. Manage STC Customer IT standards review boards X


12. Support STC Customer at standards review boards X

13. Approve IT standards X

14. Submit recommendations for applications testing strategy X

15. Review and approve applications testing strategy X

16. For Applications purchased directly by the STC Customer, ensure that STC Customer and its designee has the legal authority to modify or enhance the Application.

X

17. For Applications purchased by the Service Provider on behalf of the STC Customer, ensure that all Required Consents are obtained.

X

Data Architecture Roles and Responsibilities Service Provider

STC Customer

1. Maintain Logical Data Model for Transactional and Reporting requirements

X

2. Develop and maintain physical database X

3. Provide Master Data Standards to STC Customer X

4. Establish Data Quality requirements X

5. Support Data Quality assessments X

6. Submit recommendations for data validation strategy X

7. Review and approve data validation strategy recommendations X

3.4.2 Application Planning and Analysis

Application planning and analysis Services are the activities associated with the research of new application development trends and include investigation of opportunities to improve the efficiency and effectiveness of STC Customer’s Applications. The following table identifies the planning and analysis Services that Service Provider will perform. Table 2. Application Planning and Analysis Obligations

Planning and Analysis Roles and Responsibilities Service Provider

STC Customer

1. Recommend process re-engineering methodologies X

2. Approve process re-engineering methodologies X

3. Implement process re-engineering methodologies X

4. Conduct technical reviews to identify opportunities for improvement X

5. Monitor technical trends through independent research; document and report on products and services with potential use for by STC Customer

X

6. Perform business liaison function to operational units X

7. Perform business planning for capacity and performance X

8. Analyze past performance and problem history to plan for application design changes.

X


Planning and Analysis Roles and Responsibilities Service Provider

STC Customer

9. Develop plans for availability, capacity, reliability and testing X

10. Recommend overall systems development life cycle process improvements

X

11. Participate in annual technical and business planning sessions to establish standards, architecture and project initiatives

X X

12. Perform application operational assessments for capacity and performance purposes

X

13. Recommend potential improvements to application security architecture X

14. Identify possible product and software tool enhancement opportunities for improved performance and potential cost savings

X

15. Performing estimation using an agreed upon estimation methodology and tool

X

16. Approve projects to implement product enhancement opportunity X

3.4.3 Application Requirements Definition

Application requirements definition Services are the activities associated with the definition and assessment of requirements for Enhancements that are used to determine detailed application design related to Enhancements.

The following table identifies the requirements definition Services that Service Provider will perform.

Table 3. Application Requirements Definition Obligations (for Enhancements)

Requirements Definition Roles and Responsibilities Service Provider

STC Customer

1. Act as primary point of contact with the business to define, gather, document, refine, and prioritize business requirements.

X

2. As required, participate in the development of business requirements under the oversight of the STC Customer

X

3. Approve business requirements documents X

4. Conduct interviews, group workshops and surveys to determine Functional and End User Requirements

X

5. Under the oversight of the STC Customer, conduct interviews to determine Functional and End User Requirements.

X

6. Update Technical requirements to support Business and Functional Requirements

X

7. Update Functional Requirements documents, and conceptual data model

X

8. Update logical and physical data models X

9. Review and approve requirements and data models X


Requirements Definition Roles and Responsibilities Service Provider

STC Customer

10. Maintain the Traceability Matrix for business to functional to technical requirements

X

11. Conduct value assessments of Functional Requirements and generate an impact analysis, including affected systems.

X

12. Recommend and document acceptance test criteria for STC Customer approval

X

13. Approve acceptance test criteria X

3.4.4 Application Design Specifications

When undertaking Enhancements, Service Provider will perform application design to maintain design specifications and keep them current and ensure that they meet STC Customer’s technical architectural standards and identify and describe the most cost-effective solution for the Enhancement under consideration. Service Provider shall:

a. Incorporate STC Customer’s architectural guidelines into the design, including application extensibility, maintainability, scalability, robustness and reliability.

b. Obtain STC Customer oversight and approval through coordination with the appropriate STC Customer architectural or technical oversight authority.

The following two (2) tables further identify the application design specification Services that Service Provider will perform.

Table 4. High-Level Application Design Obligations (for Enhancements)

High-Level Design Activities Roles and Responsibilities Service Provider

STC Customer

1. Update the high-level, functional design document from the Business, Functional and Non-Functional Requirements, including design features, security, user interface changes, and performance requirements.

X

2. Incorporate application level security rigor into the application design when performing Enhancements.

X

3. Develop technical risk assessment and mitigation strategy when undertaking Enhancements

X

4. Develop and provide cost and schedule estimates related to Enhancements

X

5. Update application technical design and environment configuration based on STC Customer design specifications standards and requirements including IT architecture, functional, performance, Availability, Maintainability, security and IT continuity and disaster recovery requirements

X

6. Determine and document required component upgrade, replacement and/or conversion specifications (e.g., software and their associated hardware and networks)

X

7. Provide application configuration instructions that support the prototype

X


High-Level Design Activities Roles and Responsibilities Service Provider

STC Customer

8. Update high-level logical data model X

9. Review and accept the high-level design document X

10. Approve planned technology to support application X

Table 5. Detailed Application Design Obligations (for Enhancements)

Detail Design Activities Roles and Responsibilities Service Provider

STC Customer

1. Assist STC Customer to refine design standards and documentation X

2. Update the detailed design document with support from STC Customer for the Business, Functional and Non-Functional Requirements and high-level design

X

3. Update design to ensure ongoing compliance with STC Customer security policies, including external and STC Customer role based security models

X

4. Review and approve updated design documentation related to Enhancement(s)

X

5. Update technical requirements, logical and physical data models to address the Enhancement(s)

X

6. Review and approve updated technical requirements and physical data models for consistency with documented requirements

X

7. Develop and implement rigorous Unit Testing cases, with the goal of their continued reuse in subsequent Regression Testing

X

8. Update implementation and deployment policies, Enhancement schedules, and staffing requirements to meet deployment and delivery requirements

X

9. Provide revised application development and implementation cost and schedule estimates for the Enhancement(s)

X

3.4.5 Programming/Development

Programming and/or development Services are the activities associated with the programming, development, scripting, configuring or customizing of Application modules using the information from the previous phases (i.e., the phases described in prior Sections) as critical input. Programming/development can be accomplished by Service Provider’s custom development, customization of commercial off-the-shelf products or implementation of commercial off-the-shelf packages.

The following table identifies the programming/development Services that Service Provider will perform.

Table 6. Programming and Development Obligations (for Enhancements)


Programming and Development Activities Roles and Responsibilities Service Provider

STC Customer

1. Review STC Customer’s existing technical standards (e.g. naming.) X

2. Recommend programming, development, and technical documentation

policies, procedures, and standards in conformance to Software Engineering Institute (SEI) requirements where applicable

X

3. Review and establish programming, development, and technical documentation, policies, procedures, and standards

X

4. Establish overall programming and development schedule X

5. Provide overall programming and development module delivery schedule for STC Customer acceptance

X

6. Approve overall programming and development module delivery schedule

X

7. Perform all necessary technical design, programming, development, unit and string testing, scripting, configuring or customizing of application modules as required to develop and implement the design plans and specifications

X

8. Perform application database administration functions X

9. Recommend modifications and performance-enhancement adjustments to system software and utilities based on STC Customer performance standards

X

10. Manage all programming and development efforts using industry-standard project management tools and methodologies

X

11. Conduct predetermined development status reviews and provide written report on results to STC Customer

X

3.4.6 Application Implementation and Data Migration

Application implementation and data migration Services are the activities associated with the installation and migration of new or upgraded components to the production environment as well as Services for providing support for development of localization to region- or state-specific business practices and local, legal, regulatory and statutory needs.

The following table identifies the Application implementation Services that Service Provider will perform.

Table 7. Application Implementation and Data Migration Obligations

Implementation and Data Migration Activities Service Provider

STC Customer

1. Create implementation plan outlining the scope, approach and execution planned for the deployment

X

2. Coordinate and assist with deployment and support activities with STC Customer and its designees as directed by STC Customer

X


Implementation and Data Migration Activities Service Provider

STC Customer

3. Maintain in the Service Management Manual implementation and migration procedures that meet requirements and adhere to policies defined by STC Customer

X

4. Assist STC Customer in coordinating and reviewing all implementation and migration plans, in accordance with Change management policies

X

5. Upon STC Customer request and approval install new or enhanced in-scope components (e.g., software, middleware, utilities, configurations) within the development environment

X

6. Upon STC Customer approval, within the development environment perform Applications Services component upgrades as a result of new and enhanced architectures and STC Customer upgrade plans and requirements (e.g., hardware, software, middleware, utilities, networks, peripherals, configurations)

X

7. Coordinate implementation and migration support activities with STC Customer

X

8. Perform appropriate tests on all installs, moves, adds and Changes per requirements

X

9. Provide STC Customer personnel with training related to the implementation of enhanced products and Services per STC Customer’s requirements, including training related materials

X

10. Create “go/no-go” checklist and conduct the “go/no-go” meetings X

11. Approve production implementation “go/no-go” decisions X

12. Deploy system X

3.4.7 Application Services Documentation

Service Provider will create (where there is no material or useful documentation), update and enhance documentation for all Applications in scope in connection with Application Maintenance Services, including:

a. System specifications and documentation b. Site and system security plans c. End-user documentation d. Updates and release notes.

The following table further identifies the documentation Services that Service Provider will perform.

Table 8. Application Services Documentation Obligations

Application Services Documentation Obligations Service Provider

STC Customer

1. Recommend specifications and documentation format and content per STC Customer requirements

X

2. Approve documentation format and content X


Application Services Documentation Obligations Service Provider

STC Customer

3. Create adequate level documentation (for ongoing support and maintenance activities) for applications where there is no material or applicable documentation.

X

4. Provide and update system specifications and technical documentation X

5. Develop and update operational processing flow X

6. Provide and update system installation, support, configuration and tuning documentation

X

7. Provide and update Application hardware and system software requirements documentation

X

8. Provide and update logical and physical data model related documents X

9. Provide and update system and Application security procedures X

10. Provide and update standard operating procedures in support of Application characteristics and features

X

11. Prepare updates and release notes X

12. Document version control for all documentation for which Service Provider is responsible

X

13. Assist STC Customer in developing (a) an Application disaster recovery process or plan and (b) the associated documentation

X

14. Approve documentation X

3.4.8 Application Training and Knowledge Transfer

Following transition, and as frequently required and suggested by STC Customer, Service Provider shall conduct all the necessary training programs for Service Provider Personnel so as to preserve and enhance the knowledge and understanding of the Applications. Service Provider shall provide base training to key STC Customer personnel when Service Provider develops a new functionality.

Service Provider shall share with STC Customer the experience that Service Provider has gained from daily Problem handling via knowledge sharing sessions, best practices sessions, training programs, etc., to improve the overall knowledge base of the Applications. Service Provider will provide STC Customer with copies of all instructor manuals and other training materials created or used by Service Provider Personnel in conducting such training.

The following table further identifies the Application training and knowledge transfer Services that Service Provider will perform.

Table 9. Application Training and Knowledge Transfer Obligations

Application Training and Knowledge Transfer Obligations Service Provider

STC Customer

1. Develop training and knowledge transfer plans X


Application Training and Knowledge Transfer Obligations Service Provider

STC Customer

2. Approve training and knowledge transfer plan in the project plan X

3. Create and update technical training materials X

4. Provide technical training assistance and knowledge transfer to existing STC Customer support personnel, during deployment as requested

X

5. Provide and update training materials related to the technical aspects of Applications to STC Customer as applicable

X

6. Support STC Customer’s training of its help desk agents, including supporting STC Customer’s development of dialogue scripts

X

7. Develop, document and maintain in the Service Management Manual Training and knowledge transfer procedures that meet STC Customer’s requirements and adhere to policies defined by STC Customer

X

8. Develop, maintain and deliver training program to instruct STC Customer personnel on the provisions included within the Services (e.g., “rules of engagement,” requesting Services)

X

9. Develop, implement and maintain an STC Customer-accessible knowledge database/portal

X

10. Develop, maintain and implement knowledge transfer procedures so that key STC Customer staff understand key components of the Enhancements and/or Deliverables

X

11. Participate in STC Customer-delivered instruction on the business and technical environment

X

12. Develop, document and deliver training requirements that support the ongoing provision of the Services, including refresher courses as needed and instruction on new functionality

X

13. Take training classes as needed to remain current with systems, software, features and functions for which Service Provider is providing maintenance and support hereunder, in order to improve Service performance (e.g., ITIL, first-contact resolution)

X

14. Provide training when substantive (as defined between STC Customer and Service Provider) technological Changes (e.g., new systems or functionality) are introduced into STC Customer environment, in order to facilitate full exploitation of all relevant functional features

X

3.4.9 Environment and Facilities Support

Environment and facilities support Services are the activities associated with maintaining Service environmental requirements at environments hosted through the DCS program and STC Customer facilities.

The following table identifies the environment and facilities support Services that Service Provider will perform.


Table 10. Environmental and Facilities Support Obligations

Environmental and Facilities Support Obligations Service Provider

STC Customer

1. Recommend environment and facilities support requirements, e.g., physical security and access, at STC Customer facilities, if applicable

X

2. Review and approve STC Customer environment and facilities support requirements

X

3. Identify requirements for STC Customer environment for Service Provider-supported components, if any, e.g., PC, Wireless, LAN, WAN impact to STC Customer

X

4. Once initially developed by the Service Provider, assist STC Customer to further develop, document and maintain in the Service Management Manual environment and facilities support procedures that meet requirements and adhere to policies defined by STC Customer

X

5. Approve changes to Service Management Manual X

6. As related to Service Provider’s remote network connections, Citrix and PC environments, develop and recommend improvement plans for STC Customer monitoring as needed to maintain an effective and secure computing environment

X

7. Coordinate the implementation of all approved Service Provider side upgrades and installations

X

8. Perform facilities support activities in conformance with the requirements of defined Change management processes

X

3.4.10 Non-Production Environment Support

STC Customer routinely schedules non-production environment activities, such as environment upgrades to latest code level, data refreshes from production, weekly builds, etc. Each time an environment is brought down or up, Service Provider shall be required to perform QA Services for the environment by conducting an Integration Test to confirm all Applications are functioning as expected. Service Provider shall support the defect resolution process for any defects raised as part of the Integration Test.

Service Provider shall support defect fixing during user acceptance testing and end-user training in STC Customer’s non-production environments.

3.4.11 Support of IT Infrastructure Management

Service Provider shall support STC Customer’s testing of Functional and Non-Functional Requirements of Applications to confirm systems are functioning as expected after infrastructure Changes have been implemented. Service Provider will advise on the infrastructure configuration that affects application development.

3.4.12 Infrastructure Services

Infrastructure services are Service Provider activities associated with the maintenance and support of the underlying infrastructure (e.g., local and wide area networks, remote access, firewalls and other software, and routers, bridges, PCs, and other hardware) within the Service Provider Sites, facilities and environment, and connecting WAN, that are necessary for Service


Provider to perform the Application Maintenance Services. Service Provider shall provide the infrastructure services necessary to meet Application Maintenance Services requirements.

The following table further identifies the infrastructure Services that Service Provider will perform.

Table 11. Infrastructure Services Obligations

Infrastructure Services Obligations Service Provider

STC Customer

1. Participate in and provide assistance to STC Customer in (a) Problem determination and debugging, (b) performance improvement, (c) upgrade testing, and (d) security control and associated testing.

X

2. For STC Customer servers necessary to execute Service Provider’s tools, Service Provider will participate in and provide assistance to STC Customer in related server: (a) Problem determination and debugging, (b) performance improvement, (c) upgrade testing, and (d) security control and associated testing. Such Service Provider efforts will be performed by an appropriately qualified, competent member of the Service Provider Personnel.

X

3. Independent of site location, Service Provider provided PCs and their resident software shall be serviced and maintained (including Problem resolution) by Service Provider resources.

X

3.5 Application Quality Assurance Services

a. The Services described in this Section shall be referred to as the “QA Services.” Service Provider shall provide the QA Services with respect to all Applications. QA Services are a systematic, planned set of actions necessary to provide confidence the software development and maintenance processes executed as a part of Application Maintenance conform to established Functional and Technical Requirements as well as with the managerial requirements of keeping the schedule and resources within budgetary confines. Service Provider shall provide STC Customer with appropriate visibility into the QA Services processes that Service Provider uses and of the results as related to the Application being worked upon.

b. Service Provider will validate that all the activities necessary to design, develop and implement any Changes are not only effective and efficient for quality assurance and control but also geared towards continuous quality improvement. Service Provider will support and suggest improvements for all QA Services conducted and processes adopted by STC Customer.

c. Service Provider shall perform the QA Services throughout the entire SDLC. QA Services include the following:

1. A quality management approach

2. Effective software engineering technology (methods and tools)


3. Formal technical reviews applied throughout the SDLC process

4. A multi-tiered application integration and testing strategy, and implementation

5. Control of software documentation and the changes made to it

6. A procedure to measure compliance with software development standards

7. Measurement and reporting mechanisms (for projects larger than one million dollars [$1,000,000] are required per the Texas Project Delivery Framework.) See DIR website for details: http://dir.texas.gov/View-Resources/Pages/Content.aspx?id=16

3.5.1 Application Integration and Testing

Application integration and testing are the Services associated with confirming the individual Application components work together properly and perform their specified functions. This includes Interfaces to other Applications already in production at, or being developed by, STC Customer or third parties as stated in the applicable requirements documents.

Provider and STC Customer will report defects based on the following scale:

a. Severity 1 (Critical) – Functionality, product or service will not run, aborts spontaneously, or is providing or will result in serious information errors or information corruption; it affects the end customer.

b. Severity 2 (Major) – Functionality, product or service runs, but major information errors are possible, or a major part of the functionality is unavailable; it may affect the end customer.

c. Severity 3 (Minor) – Minor information errors are possible, or a minor part of the functionality is unavailable, with no significant impact on the customer.

d. Severity 4 (Usability) – The system does not produce functional errors, may have some intermittent and manageable usability issues such as transactional or batch performance or screen refresh rates, which impact productivity.

e. Severity 5 (Cosmetic) – Minor errors are possible that affect the appearance of a functionality, product or service with hardly any impact on the customer.

The following table identifies the Application integration and testing Services that Service Provider will perform.

Table 12. Application Integration and Testing Obligations

Application Integration and Testing Activities Obligations Service Provider

STC Customer

1. Develop an overall test plan that documents the test strategy, test coverage, test scenarios, test bed, test data, test methods, test schedule and responsibilities to accomplish quality assurance of the affected system

X

2. Approve test plan X

http://dir.texas.gov/View-Resources/Pages/Content.aspx?id=16

http://dir.texas.gov/View-Resources/Pages/Content.aspx?id=16



STC Customer

3. Service Provider shall mask sensitive information in the STC Customer provided data. Service Provider shall create test cases and suitably use the STC Customer-provided data for generating test data to perform all appropriate testing, including: Unit Testing, End-to-end Testing, Stress Testing, Regression Testing. Service Provider shall perform all such testing.

X

4. Collaborate with STC Customer in creation of test environment and data where required by support, Enhancement or Project, including demonstration of requirements traceability to verify the requirements as specified in the requirements document have been satisfied

X

5. Conduct Regression Testing per test plan requirements X

6. Conduct system testing per test plan requirements (functional and non-functional)

X

7. Conduct performance testing per test plan requirements X

8. Conduct disaster recovery testing per test plan requirements X

9. Manage the STC Customer functional, Integration Test, and Regression Testing environments and associated test data including creation and maintenance during the testing period

X

10. As required by STC Customer, provide defect tracking system X

11. Provide shared access to the mutually agreed defect tracking system for purposes of allowing STC Customer to initiate, track, and report STC Customer found defects (e.g., testing verification)

X

12. Correct defects found as a result of testing efforts X

13. Support STC Customer for functional and non-functional testing of Applications to confirm systems are functioning as expected after infrastructure Changes have been implemented

X

14. Develop, document and maintain in the Service Management Manual integration and testing procedures that meet STC Customer requirements and adhere to policies defined by STC Customer

X

15. Maintain software release matrices across development, quality assurance, and production environments and networks

X

16. Conduct Integration Test and security testing for all new and upgraded in-scope application software, including the associated equipment and networks to include Unit Testing, system, Integration Test and Regression Testing based on requirements defined in requirements and design documents

X

17. Assess and communicate the overall impact and potential risk to related components prior to implementing Changes

X

18. Stage new and upgraded software or Services to smoothly transition into existing environment based on requirements defined in requirements and design documents

X

19. Perform modifications and performance-enhancement adjustments to the STC Customer Applications and Interfaces in order to address Changes in architectural standards or additions and upgrades to the environment.

X



STC Customer

20. Test new releases of Applications and Interfaces as set forth in Service Proposal, to verify required performance and functionality is maintained in conformance with the Service Levels

X

21. Support in-scope application associated middleware required to integrate software and hardware

X

22. Perform Configuration Management and Change Management activities related to integration and testing

X

3.6 Disaster Recovery Services

In the event of a declared disaster, Service Provider shall perform recovery of all Work Product and functions associated with a Solution Order. The Service Provider disaster recovery Services will be performed per responsibilities identified in the disaster recovery plan for each Business Application in the Supported Applications List. Disaster recovery Services will be commensurate with the environment to include, but not limited to, affected:

(i) MAS managed cloud environments (ii) MAS premises (iii) STC Customer premises (iv) DCS Data Centers

3.7 Third Party Software Acceptance

3.7.1 Description

STC Customer may designate new Applications (developed either by STC Customer or STC Customer’s Third Party Software developers) to be added to the Supported Applications List, or modifications to existing Applications in the Supported Applications List (modified either by STC Customer or STC Customer’s Third Party software developers), to be subjects of the Application Maintenance Services. Detailed information gathered by the STC Customer or the Service Provider will be documented in Attachment 2-A in support of this acceptance process. This section describes the process by which Service Provider and STC Customer prepare for such new or modified Application to become a subject of the Application Maintenance Services (“Third Party Software Acceptance”), and the limited circumstances in which Service Provider may decline to support such a new or modified Application. For the avoidance of doubt, the provisions herein shall not apply to, and Service Provider may not decline to support, any such Application that was developed or modified by Service Provider.

This section does not limit Service Provider’s obligations to perform any other Services with respect to those Applications designated by STC Customer without the obligation to follow the process set forth in herein.

3.7.2 Third Party Software Acceptance Process

Service Provider’s responsibilities include the following:

1. Performing Third Party Software Acceptance activities for Application Software developed by STC Customer or STC Customer’s Third Party Software developers.

2. Developing a process and related materials (including templates, training material, checklists and examples) that will be used by Service Provider and STC Customer to assume production support responsibility and accept Application Software from sources


other than Service Provider. Such process and related materials will be consistent with the provisions herein, subject to final review and approval by STC Customer and will constitute Work Product under the Agreement.

3. Meeting with STC Customer and STC Customer’s Third Party Software developers prior to or upon commencement of the Application modification or development to review STC Customer’s acceptance criteria for Third Party Software Acceptance and communicating activities required to implement the Application Software into STC Customer’s production environment.

4. Reviewing and validating STC Customer’s or STC Customer’s Third Party Software developer-provided proof of conformance with the applicable acceptance criteria for Third Party Software Acceptance.

5. Reviewing STC Customer Application architecture overview documents to confirm skill sets required to support the new Application Software and identifying all gaps in Service Provider’s resource skills.

6. Providing to STC Customer a price quote, which will be subject to the provisions of Exhibit 4 –Service Provider Pricing Form (MAS) regarding the addition of new Applications that comply in all material respects with the applicable acceptance criteria, to perform production support for the new Application Software.

7. Managing and coordinating Third Party Software Acceptance activities with STC Customer and Third Party Software developers.

8. Create and utilize a documented process approved by STC Customer for performing knowledge transfer between STC Customer and STC Customer’s Third Party Software developers and Service Provider Personnel.

9. Creating a plan for Third Party Software Acceptance that defines the work to be performed, responsible party, estimated duration and effort, and presenting such plan to STC Customer for STC Customer’s review and approval. Such plan will be consistent with the provisions herein and will constitute Work Product under the Agreement.

10. Participating in training sessions, planning meetings, and review meetings associated with Third Party Software Acceptance.

11. Testing the Application Software for conformance with the applicable acceptance criteria for Third Party Software Acceptance.

12. Providing timely status updates to STC Customer throughout the Third Party Software Acceptance process.

13. Identifying documentation needed for implementation of the Application Software into the production environment and, subject to Section 4.2 of the Agreement, providing alternative proposals when such documentation is not available.

3.7.3 Resolving Issues with Third Party Software Acceptance

Service Provider’s responsibilities include the following:

1. Providing written notification of each failure of the Application Software to comply with the applicable acceptance criteria during the Third Party Software Acceptance testing cycle (including whether such failure would reasonably prevent Service Provider from accepting the Application Software; provided, that Service Provider may not decline to support an Application that complies with the applicable acceptance criteria in all material respects) and proposing alternatives for correcting or mitigating the failure. Notification shall be provided by Service Provider to STC Customer (and STC Customer’s Third Party Software developers, if requested by STC Customer) within two (2) Business Days of Service Provider’s discovery of the failure of the Application Software to meet the applicable acceptance criteria.


2. Producing a written report explaining the reasons why Service Provider cannot reasonably accept an Application for support, and presenting such written report and findings to STC Customer (and Third Party Software developers, if requested by STC Customer) within five (5) Business Days of completing the Third Party Software Acceptance activities.

3. Re-executing the Third Party Software Acceptance cycle within five (5) Business Days of receiving fixes to the non-conforming items, unless another date has been reasonably requested by STC Customer.

4. Working with STC Customer’s Third Party Software developers to timely resolve all issues in order to accept Third Party Software

3.8 Accessibility Requirements

Applications maintained by Enterprise Services and used by Texas state employees or members of the public must comply with EIR accessibility technical standards as defined in 1TAC 206. 50, 1TAC206.70, 1TAC 213, and WCAG 2.0 level AA.

3.9 Assumptions, Dependencies and Constraints

Assumptions, Dependencies and Constraints will be defined if the Service Provider is engaged

by an STC Customer to propose or deliver services.

https://texreg.sos.state.tx.us/public/readtac$ext.TacPage?sl=R&app=9&p_dir=&p_rloc=&p_tloc=&p_ploc=&pg=1&p_tac=&ti=1&pt=10&ch=206&rl=50

https://texreg.sos.state.tx.us/public/readtac$ext.TacPage?sl=R&app=9&p_dir=&p_rloc=&p_tloc=&p_ploc=&pg=1&p_tac=&ti=1&pt=10&ch=206&rl=70

https://texreg.sos.state.tx.us/public/readtac$ext.ViewTAC?tac_view=4&ti=1&pt=10&ch=213

https://www.w3.org/TR/WCAG20/

attachment to managed application services service...

Documents