Datasheet
INTC-7816-01 02/2008 Page 15 of 18
4.1 SLA Guarantees
The SLA guarantees described below comprise the measured metrics for delivery of MSS for UTM.
Unless explicitly stated below, no additional guarantees or warranties of any kind shall apply to services
delivered under MSS for UTM. The remedies for failure to meet the SLA guarantees are specified in the
section entitled “SLA Remedies”, below.
a. Security Incident identification guarantee (available for the full monitoring service option only) – IBM
will identify all Priority 1, 2, and 3 level Security Incidents based on Agent event data received by
the SOCs. IBM will determine if an event is a Security Incident, based on the Customer’s business
requirements, network configuration, and Agent configuration.
b. Security Incident response guarantee (applies to all service levels, with or without the full monitoring
service option) - IBM will respond to all identified Security Incidents as follows:
(1) Reporting only service option – IBM will respond to all identified Security Incidents within 30
minutes of identification. The Customer’s designated Security Incident contact will be notified
via e-mail for Priority 1, 2 and 3 Security Incidents.
(2) Full monitoring service option - IBM will respond to all identified Security Incidents within 15
minutes of identification. The Customer’s designated Security Incident contact will be notified
by telephone for Priority 1 Security Incidents and via e-mail for Priority 2 and 3 Security
Incidents. During a Priority 1 Security Incident escalation, IBM will continue attempting to
contact the designated Customer contact until such contact is reached or all escalation
contacts have been exhausted.
Operational activities related to Security Incidents and responses are documented and time-
stamped within the IBM trouble ticketing system, which shall be used as the sole authoritative
information source for purposes of this SLA guarantee.
c. Policy change request acknowledgement guarantee – IBM will acknowledge receipt of the
Customer’s policy change request within two hours of receipt by IBM. This guarantee is only
available for policy change requests submitted by a valid security contact in accordance with the
provided procedures.
d. Policy change request implementation guarantee:
(1) Standard level - the Customer policy change requests will be implemented within 24 hours of
receipt by IBM unless the request has been placed in a “hold” status due to insufficient
information required to implement the submitted policy change request.
(2) Select and Premium levels - the Customer policy change requests will be implemented within
eight hours of receipt by IBM unless the request has been placed in a “hold” status due to
insufficient information required to implement the submitted policy change request.
This guarantee is only available for policy change requests submitted by a valid security contact in
accordance with established procedures. Further, this guarantee is based on actual time of
implementation, and not on the time that the Customer was notified the request was completed.
e. Emergency change request implementation guarantee (available for the Premium service level only)
– IBM will implement Customer emergency policy change requests within two hours of the
Customer’s declaration of emergency (by telephone) following change submission through the
Virtual-SOC.
This guarantee is only available for policy change requests submitted by a valid security contact in
accordance with established procedures. Further, this guarantee is based on actual time of
implementation, and not on the time that the Customer was notified the request was completed.
IBM will promptly notify the Customer upon implementation of a change request by telephone, e-
mail, fax, pager, or electronic response via the Virtual-SOC and will continue attempting to contact
the designated Customer contact until a contact is reached or all escalation contacts have been
exhausted.
f. Proactive system monitoring guarantee:
(1) Standard level - the Customer will be notified within 30 minutes after IBM determines the
Customer’s managed UTM device is unreachable via standard in-band connectivity.