Diagnostic / Auditing Services
Any diagnostic or auditing services performed by Entech may require Entech to install a small amount of code (“Diagnostic Code”) on one or more of the devices attached to the System. The Diagnostic Code is deleted in its entirety after the testing process concludes. No personal information or personal data reviewed or copied by Entech at any time during the testing process. No files will be erased, modified, opened, reviewed or copied at any time during the testing process. The Diagnostic Code will not install or create any disabling device, or any backdoor or hidden entryway into the System. The results of the diagnostic testing will be kept confidential by Entech.
You grant Entech permission to access the System for the purpose of conducting the diagnostic testing, and agree to hold Entech harmless from and against any and all incidents or damages that may occur during or as a result of the testing process, regardless of the cause of such damages including but not limited to data loss due to events beyond Entech’s reasonable control, network or communication outages, and deficiencies or errors in any of hardware or equipment that may interrupt or terminate the diagnostic testing process.
The testing process is for diagnostic purposes only. The process is not intended, and will not be used, to correct any problem or error in the System. Entech does not warrant or represent that the testing process will result in any particular outcome, or that any particular issue, hardware or software configuration will be correctly detected or identified.
Maintenance Services
Unless otherwise indicated in this SOW, maintenance services will be applied in accordance with the recommended practices of the managed services industry. Client understands and agrees that maintenance services are not intended to be, and will not be, a warranty or guaranty of the functionality of any particular device, or a service plan for the repair or remediation of any particular managed hardware or software. Repair and/or device remediation services are not covered under Entech’s maintenance service plan, and shall be provided on an hourly basis to Client.
Monitoring Services; Alert Services
Unless otherwise indicated in this SOW, all monitoring and alert-type services are limited to detection and notification functionalities only. These functionalities are guided by Client-designated policies, which may be modified by Client as necessary or desired from time to time. Initially, the policies will be set to a baseline standard as determined by Entech; however, Client is advised to establish and/or modify the policies that correspond to Client’s specific monitoring and notification needs.
Network Infrastructure Services
Unless otherwise indicated in this SOW, network infrastructure services will be applied in accordance with the recommended practices of the managed services industry. Client understands and agrees that network infrastructure services are not intended to be, and will not be, a warranty or guaranty of the functionality of any particular network device or a “service plan” for the repair or remediation of any particular managed hardware or software. Network infrastructure services includes the tool(s) and labor to effectively monitor, manage and remediate issues with network security, wifi access points (public and private networks), network switches, routers, firewalls, VPNs, internet connections, software, hardware, servers, workstation, and printers.
Tier 1 Telecommunication Support Services
Unless otherwise indicated in the SOW, Entech will provide Tier 1 support for all telecommunications issues. Telecommunication Services are defined as any network attached device or service used to electronically transmit information. This could be, but is not limited to telephones, faxing, scanning, internet connections and or traditional phone lines. Tier 1 support is defined as the initial support level responsible for basic customer issues. Often the issues can be resolved through documentation, first touch resolution, phone and email support.
Account Management and Partner Success Services
Partner Success Services include (as needed) IT budgeting, IT concept creation, IT roadmap delivery, general IT consulting, IT vendor consulting, IT Project oversight and business review meetings. Suggestions and advice rendered to Client are provided in accordance with relevant industry practices, based on Client’s specific needs. By suggesting a particular service or solution, Entech is not endorsing any particular manufacturer or service provider. Entech is not a warranty service or repair center, and does not warrant or guarantee the performance of any third-party service or solution
The advice and suggestions provided by the Partner Success Management team will be for Client’s informational and/or educational purposes only. The Partner Success Management team will not hold an actual director or officer position with Client, and the Strategy Management team will neither hold nor maintain any fiduciary relationship or position with Client. Under no circumstances shall Client list or place the Strategy Management team on Client’s corporate records or accounts.
Best Practice Health Assessments
The threat landscape is ever evolving and leading organizations must do their part to stay ahead of the risk. With our innovate Best Practice Health Assessment we'll look at the key areas of your business technology and cybersecurity posture and test those areas against industry best practices such as the NIST framework. There was a time where organizations could employ the "set it up and forget about it" methodology, but those days are long since gone. This service helps keep your business current on the subjects of accessiblity, securability and recoverable.
IT Planning & Budgeting
The world of IT is ever-evolving, requiring continuous resources and dedicated effort to ensure your strategy aligns with current technology and business objectives. For some organizations, hiring and retaining a full-time executive IT role—such as a chief information officer (CIO)—is not always possible. Partnering with a trusted managed services provider (MSP) for these services allows you to outsource your IT strategy and planning to an experienced consultant.
Our team draws from years of experience in working with institutions from a wide range of sizes and varying markets to provide objective feedback. Your is available to offer guidance on almost any topic relating to IT or compliance, including how you can best leverage technology to achieve your goals and develop an IT infrastructure road map complete with a fiscal and time based budget.
We approach issues from a risk mitigation and business perspective and provide practical, actionable and reasonable feedback to mitigate risk without sacrificing completion of business objectives. Such guidance is valuable for all organizations but may be especially beneficial for those experiencing rapid growth.
Procurement
Equipment and software procured by Entech on Client’s behalf (“Procured Equipment”) may be covered by one or more manufacturer warranties, which will be passed through to Client to the greatest extent possible. By procuring equipment or software for Client, Entech does not make any warranties or representations regarding the quality, integrity or usefulness of the Procured Equipment. Certain equipment or software, once purchased, may be not be returnable or, in certain cases, may be subject to third party return policies and/or re-stocking fees, all of which shall be Client’s responsibility in the event that a return of the Procured Equipment is requested.
Entech is not a warranty service or repair center. Entech will facilitate the return or warranty repair of Procured Equipment; however, Client understands and agrees that the return or warranty repair of Procured Equipment is governed by the terms of the warranties (if any) governing the applicable Procured Equipment, for which Entech shall be held harmless.
IT Asset Management & Documentation
IT asset management (also known as ITAM) is the process of ensuring an organization's assets are accounted for, deployed, maintained, upgraded, and disposed of when the time comes. Put simply, it's making sure that the valuable items, tangible and intangible, in your organization are tracked and being used. With our fully managed solutions we provide comprehensive management of your IT assets. Examples of documentation include warranty information, maintenance agreements and proof of purchase (if purchased through Entech); it is helpful to centrally store these to support ongoing maintenance throughout the asset lifecycle. Central storage of IT asset documents should be a key focus of any IT asset management effort.
Centralized Reporting
Reports provided by Entech on client’s behalf are created by gathering, storing, analyzing and accessing data that resides on Entech “owned” databases. Entech reserves the right to charge outside of this SOW for customized reporting or BI services throughout the life of this SOW.
Next Generation Anti-Virus / Endpoint Detection & Response (EDR)
Entech’s anti-virus / anti-malware solution will generally protect the Client’s system from becoming infected with new viruses and malware (“Viruses”); however, viruses that exist on the Client’s system at the time that the security solution is implemented may not be capable of being removed without additional services, for which a charge may be incurred.
Any security solution may be circumvented and/or rendered ineffective if a user, either intentionally or unintentionally, downloads or installs malware (such as a rootkit) onto the user’s system. Client is strongly advised to educate their staff to refrain from downloading files that are sent by unknown users, and/or users or files whose origination cannot be verified. Entech does not warrant or guarantee that all viruses and malware will be capable of being removed, or that all forms of viruses and malware will be timely detected or removed.
Patch Management
Entech shall keep all managed equipment and software current with critical patches and updates (“Patches”) as such Patches are released generally by the manufacturers of the applicable hardware or software. Patches and updates are developed by third party vendors and, on rare occasions, may make the System, or portions of the System, unstable, or cause the managed equipment or software to fail to operate properly even when the Patches are installed correctly. Entech shall not be responsible for any downtime or losses arising from or related to the installation or use of any Patch, provided that the Patch was installed in accordance with manufacturer’s instructions. Entech reserves the right, but not the obligation, to refrain from installing a Patch if Entech is aware of technical problems caused by a Patch, or believes that a Patch may render the System, or any portion of the System, unstable.
DNS Filtering
Entech will provide added threat protection using DNS (Domain System Name) filtering. DNS Filtering combines cloud – delivered security and advanced threat intelligence for an added layer of on and off network coverage. Additional features like protecting guest wifi protection, web/content filtering or cloud service reports can be provided.
Any security solution may be circumvented and/or rendered ineffective if a user, either intentionally or unintentionally, downloads or installs malware (such as a rootkit) onto the user’s system. Client is strongly advised to educate their staff to refrain from downloading files that are sent by unknown users, and/or users or files whose origination cannot be verified. Entech does not warrant or guarantee that all viruses and malware will be capable of being removed, or that all forms of viruses and malware will be timely detected or removed.
In order to improve security awareness, you agree that Entech or its designated third-party affiliate may transfer information about the results of processed files, information used for URL reputation determination, security risk tracking, and statistics for protection against spam and malware. Any information obtained in this manner does not and will not contain any personal or confidential information.
IT & Cybersecurity Policies
From time to time, Entech may provide Client with sample (i.e., template) policies and procedures for use in connection with Client’s business (“Sample Policies”). The Sample Policies are for Client’s informational use only, and do not constitute or comprise legal or professional advice. The Sample Policies are not intended to be a substitute for the advice of competent counsel. Client should seek the advice of competent legal counsel prior to using the Sample Policies, in part or in whole, in any transaction. Entech does not warrant or guaranty that the Sample Policies are complete, accurate, or suitable for Client’s specific needs, or that Client will reduce or avoid liability by utilizing the Sample Policies in its business operations.
Ransomware Protection
Purpose built security software and/or hardware to counter the threat ransomware. Due to the significance of this threat, multiple methods may be deployed to create layers of defense. This can include hardware and/or software designed to detect, prevent and rollback malicious actions, bolstering perimeter defenses to stop the threat at the edge of the network, or a comprehensive business continuity or disaster recovery (BCDR) solution.
Dark Web Monitoring
The Dark Web is contained within the “Deep Web”- a sub-layer of the internet that is hidden from conventional search engines. Search engines like Google, BING and Yahoo only search .04% of the indexed or “surface” Internet. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web. Dark Web monitoring offers detection if a user’s digital credentials (email addresses, username and password) have been compromised and are being trafficked on criminal sites that sell credentials; open document repositories that post credentials publicly; internet relay chat (IRC); and social media sites found only on the Dark Web. Client can establish specific domains or other unique identifiers to search. Service Provider will run real-time and daily digest notification when matching data is found.
User Awareness Training
Entech will provide internet-based training for client’s employees regarding the the protection of various information assets of the organization. This will be done via a learning management system and target training’s per employee per the results of the various security campaigns. The goal of this service is to have employees understand that there are people actively trying to steal data that is stored within your organization’s computers. (This often focuses on user names and passwords, so that criminal elements can ultimately get access to bank accounts and other high-value IT assets.)
Security Policy Vault
Store your IT security policies in a centralized online portal so they can be easily referenced by your staff. Our portal also allows you to provide a description of the policy so it’s easily searchable by your staff. Documents can be downloaded and reviewed easily. The policy vault also includes 10 different sample IT Policies that can be customized to fit your individual business needs.
Phishing Testing & Reporting
Our ongoing phish testing is a program that sends a realistic but fake phishing email to your staff in order to see how they respond and who carries the risk. This testing is used to gauge the effectiveness of phishing training programs that are designed to help your employees spot phishing emails and to handle them appropriately. You'll get a custom dashboard where management can see the results on a per-employee basis with scoring metrics.
Firewall Management & Maintenance
A managed firewall service, provided by a team of security experts, offers solutions that cover the administration, operation, monitoring, and maintenance of your firewall infrastructure.
Managed Firewall/Firewall as a Service
Entech will provide a next-generation firewall appliance during the term of this SOW. This appliance is and will remain the property of Entech during and after the expiration of this SOW. In addition to the physical appliance, Entech will ensure the appliance is licensed with SonicWall’s Comprehensive Gateway Security Suite (or a comparable service) that can include gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control, content filtering and firmware updates.
Any security solution may be circumvented and/or rendered ineffective if a user, either intentionally or unintentionally, downloads or installs malware (such as a rootkit) onto the user’s system. Client is strongly advised to educate their staff to refrain from downloading files that are sent by unknown users, and/or users or files whose origination cannot be verified. Entech does not warrant or guarantee that all viruses and malware will be capable of being removed, or that all forms of viruses and malware will be timely detected or removed.
In order to improve security awareness, you agree that Entech or its designated third-party affiliate may transfer information about the results of processed files, information used for URL reputation determination, security risk tracking, and statistics for protection against spam and malware. Any information obtained in this manner does not and will not contain any personal or confidential information.
information.
Multi-Factor Authentication
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.
Hard Drive Encryption For All Mobile Workstations
Entech leverages full volume drive encryption for mobile workstations to protect data while at rest. By default, it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.
Active Directory Change Control
Efficient management of Active Directory is impossible without knowing and controlling what is happening in the system. This makes change management of Active Directory one of the most critical processes for organizations today. In addition to planning, requesting and implementing changes to Active Directory configuration and Group Policy objects (GPOs), organizations need to be able to evaluate all changes, which requires an established Active Directory change control process.
Our Auditor for Active Directory facilitates Active Directory change control process by automating Active Directory change tracking and reporting. We can easily see who made a critical change, when the change occurred, and what exactly was changed, including the before and after values. This helps keep all changes made to AD and GPOs under tight control.
Internal & External Vulnerability Scanning
The Entech Internal & External Vulnerability scanning provides your organization with a clear understanding of the risks present on your network (internally and externally facing). External threats are those posed by external sources such as hackers, viruses, and trojans to your systems that are accessible via the internet. Typical systems include firewalls, routers, VPN concentrators, web sites, email, and domain name servers. Entech will run a series of tests to clearly define any vulnerabilities, identify possible threats that the vulnerabilities pose and provide detailed recommendations on how to fix any deficiencies.
Annual Cybersecurity Threat Report & Roadmap
Our annual risk assessments are based on the internationally recognized NIST Cybersecurity Framework. NIST-based assessments are designed to be used as a guideline to be better prepared in identifying, detecting, and responding to security risks—on and off the network. We will review the results of the risk assessment to help you prioritize and budget, building a roadmap to address gaps in your business cyber security posture.
Security Incident Event Management (SIEM)
Entech’s SIEM (Security Information and Event Management) solution will provide real-time detection and analysis of security alerts that are identified on the network. This may require the installation of one or more (depending on traffic volume) small security appliances. The security appliance must always have an Internet connection. The security appliance and the alerts will be monitored and validated by Entech’s SOC.
Security Operations Center (SOC)
Using the SIEM system, the SOC is responsible for monitoring and analyzing all incoming security alerts. The SOC is staffed 24/7/365 days per year.
Entech will respond to alerts and begin triaging them once they have been received from the SOC during normal business hours. The nature of security alerts normally means there is an evaluation process as to the validity and threat level of the alert. If the threat level of the alert is determined to be high, then someone from our security team will call the client within one hour from the time the threat was classified as high. Low and medium level threats will be communicated to the client within four hours of the alert being categorized.
Remote Gateway for All Mobile Workstations
Business agility and Work-From-Anywhere has compliance a businesses ability's to secure it's information and end points. As such, we leverage tools that consolidates your gateway security appliances into integrated, cloud-based security services. Since it’s security as a service, there’s no physical or virtual hardware to deploy or manage. With this solution you can easily grow with your security needs keeping pace.
Third-Party Data Recovery
From time to time, Entech may use a third-party vendor to recover data from failed storage devices. If this need arises Entech guarantees it will work with a vendor that adheres to the client’s specific security policies and follows NIST mandated guidelines to provide adequate data and information security throughout the process.
Entech is not a warranty service or data recovery center. Entech will facilitate the handing, shipping, communication and returning of the data; however, Client understands and agrees that the recovery of data is governed by the terms of the third-party vendor (if any), for which Entech shall be held harmless.
Downtime & Maintenance Expectations
Scheduled Downtime. For the purposes of this SOW, Scheduled Downtime will mean those hours, as determined by Entech but which will not occur between the hours of 7 AM and 6:00 PM EST (or EDT, as applicable), Monday through Friday without your authorization or unless exigent circumstances exist, during which time Entech will perform scheduled maintenance or adjustments to its network. Entech will use its best efforts to provide you with at least twenty-four (24) hours of notice prior to scheduling Scheduled Downtime.
Client-Side Downtime. Entech will not be responsible under any circumstances for any delays or deficiencies in the provision of, or access to, the Services to the extent that such delays or deficiencies are caused by your actions or omissions (“Client-Side Downtime”).
Integration Project Exception. You acknowledge and agree that for the first thirty (30) days following the commencement date of a SOW, the Response Time commitments described in this Agreement will not apply to Entech, it being understood that there may be unanticipated delays due to Entech’s initial startup activities with you (the “Integration Project Exception”).