Managed Secure Infrastructure


 

1) Scope of Services
The following services and support (collectively, “Services”) can be provided under the terms of this SOW. Some services below are delivered on an as needed basis throughout the term of the SOW. Definitions of Services are provided for your review at www.entechUS.com/ims-sow-definitions.


A. Services:

i. Centralized Managed Infrastructure:

a) Diagnostics / Auditing Services
b) Maintenance Services
c) Monitoring Services; Alert Services
d) Network Infrastructure Services
e) Tier 1 Telecommunication Support Services

 

ii. IT Strategy and Administration:

a) Account Management & Strategy Services
b) Best Practice Health Assessments
c) IT Planning & Budgeting
d) Procurement
e) IT Asset Management & Documentation
f) Centralized Reporting

 

iii. Standard Cybersecurity Services:

a) Next Generation Anti-Virus / Endpoint Detection & Response (EDR)
b) Patch Management
c) DNS Filtering
d) IT & Cybersecurity Policies
e) Ransomware Protection
f) Dark Web Monitoring
g) User Awareness Training & Testing
h) Security Policy Vault
i) Phishing Attack Testing & Reporting
j) Firewall Management and Maintenance


iv. Advanced Cybersecurity Services:

a) Multi-factor Authentication
b) Hard Drive Encryption for all mobile workstations
c) Active Directory Change Control
d) Internal & External Vulnerability Scanning
e) Annual Cybersecurity Threat Report & Roadmap


v) Complete Managed Cybersecurity:

a) Security Incident Event Management (SIEM)
b) Security Operations Center (SOC)
c) Remote Secure Gateway for all Mobile workstations


vi) End-user and Infrastructure Support:
The Service Desk provides a point of escalation for your staff when they have an issue or question. The Entech staff is available during business hours to log issues and support your team. You can contact the IT Service Desk via email or phone. We commit to responding to your question promptly (response times based on severity). If you are contacting us to escalate a service outage, we will route the call to our technical center for prompt attention.

Should your team detect an issue with a service or device outside standard business hours, you can contact the Emergency Support team to report the issue. Entech’s team (security or network, as appropriate) will investigate the issue and act appropriately.


a) As needed remote technical support will be provided during the hours of 7:30am – 5:30pm EST Monday through Friday.


b) As needed onsite technical escalation support will be provided during the hours of 7:30am – 5:30pm EST Monday through Friday. Service Provider reserves the right to determine whether issues require onsite support.


c) As needed remote after-hours technical support will be provided for “emergency” support issues during the hours of 7:00am - 9:00pm EST Monday through Friday and 8:00am – 6:00pm Saturday through Sunday. Emergency issues are defined as a substantial interruption in business process for a company executive, division or location, for which no reasonable workaround is readily available.


d) As needed onsite after-hours technical support will be provided for “emergency” support issues during the hours of 7:00am - 9:00pm EST Monday through Friday and 8:00am – 6:00pm Saturday through Sunday. Emergency issues are defined as a substantial interruption in business process for a company executive, division or location, for which no reasonable workaround is readily available.

 


B) Locations/Buildings Covered:

i) Services, as defined in this SOW, are available for all client locations as follows:

a) On-Site Services – Available to all client staff & locations within Entech current serviceable area.

b) Remote Services – Available to all client staff & locations with internet connectivity.

 

ii) Any client staff or locations that require on-site support, but are outside of Entech’s current serviceable area, Entech will coordinate & schedule support services with a qualified local resource, and client will be invoiced for service rendered directly by local provider.

 

2) Termination

A) By Client:
The Client shall have the right to provide 60 days’ written notice to terminate this SOW as defined in Section 12(p) of Entech’s Master Service Agreement, either with or without cause.

B) By Entech:

Entech shall have the right to immediately terminate this SOW by providing written notice to Customer on the following terms:

i) Entech shall have the right to provide 60 days’ written notice to terminate this SOW as defined in Section 12(p) of Entech’s Master Service Agreement, either with or without cause.

ii) For any delay in payment by Client in excess of thirty (30) days after the date on which such payment is due; or

iii) Thirty (30) days following the date Entech gives Client written notification of a breach of an obligation of Client hereunder (other than non-payment), provided Client has not cured the cause for breach within such thirty-day (30-day) period.

C) Payment upon Termination.

In the event that this SOW is terminated by a party for any reason, Client shall remain obligated to pay Entech any and all amounts due and owing to Entech for services rendered through the effective date of such termination. Client agrees that all open invoices must be paid in full prior to the final day of service or within ten (10) calendar days after the final invoice is received. Client acknowledges that Entech cannot begin Offboarding Services or release client-specific information (such as passwords or documentation) until Client has paid all open balances on their account with Entech.

D) Notices.

Delivery of any notices (material breach, non-renewal, etc.) regarding this SOW is defined in Section 12(p) of Entech’s Master Service Agreement.

 

3) Assumptions / Minimum Requirements / Exclusions
The scheduling, fees and provision of the Services are based upon the following assumptions and minimum requirements are that all computers on the Client network must have an Entech management agent installed on them.


The following services are expressly excluded under managed SOW’s:

 

A) Onsite or remote support required to remediate issues resulting from inadequate or deficient Client hardware or arising from Client’s failure to implement the Minimum Requirements. Service Provider will notify Client in writing any time Client’s network, equipment or environment falls outside of the Minimum Requirements, either end-of-life, or standard best practice.

B) Remediation of Cybersecurity Events, Incidents or Breaches.

C) Entech requires support agreements be maintained and up to date with any of Client’s Line of Business application providers. Entech will facilitate support and act as liaison on Client’s behalf with these providers.

D) Software Licensing – Entech does not support unlicensed software. Client represents and warrants that all installed software is licensed, and shall indemnify and hold Entech harmless for the use or installation of any unlicensed software that results in damages or liability, or the threat of damages or liability, including but not limited to the termination of Entech’s rights or contracts, together with costs and attorney fees to defend such claims. In the event that Client has any unlicensed software on premises, Client is responsible for notifying Entech of such so that a remediation plan can be prepared and implemented to assist Client in achieving 100% license compliance. Cost of consumables, replacement parts, hardware, software, shipping, network upgrades and associated services are outside the scope of this Agreement. Entech will provide consultative specification, sourcing guidance and/or Time and Material/Project offerings.

E) Labor expended on troubleshooting custom applications or devices that do not have active support agreements. This includes software, hardware, phone systems, network copiers, etc.

F) Restoration of lost data from a device, not managed and captured via a managed data protection (DR/BC) statement of work, is outside the scope of any and all agreements.

G) Service or repairs made necessary by the alteration or modification of equipment other than as authorized or performed by Service Provider.

 

H) ISP / Telephony provider outage – Entech does not maintain or support any external ISP (Internet Service Provider) or telephone service provider connectivity. This service is solely the responsibility of the ISP or telephone service provider. Entech can act as technical contact on Client’s behalf in communication to outside vendors.

 

I) Support services required or requested outside the scope of this agreement may not be exchanged for days or services within this Agreement. Outside of scope support services are available and will be provided on either a Time and Material, or Project basis.

 

J) Projects: A Project is defined as a temporary (defined beginning/end) and planned one-time endeavor. Projects are unique in that it is not routine operation, but a specific set of operations designed to accomplish a singular goal. Projects are out-of-scope under this SOW, and must be agreed upon and managed in a separate SOW. Examples of Projects can be, but are not limited to: server installations or migrations, server reconfigurations, cloud migrations, workstation installations, moves, or rebuilds, (if workstations are not procured through Service Provider), structured wiring, equipment relocation, new software installations, software upgrades, core network upgrades and replacements, regulatory/compliance/legal audits (eg. PCI, HIPAA, software compliance, Microsoft SAM audits, etc.) and/or endeavors that require multiple Service Provider resources.

 

K) Risk of Data Loss - Client assumes all risk of data loss from any and all causes or in any way related to or resulting from the repair or service of computer hardware, software or other equipment by Entech. Client hereby releases Entech from any claim or liability related to data loss for any reason whatsoever.

 

L) After-hours, non-emergency support labor. See Scope of Services Section A.vi. for the definition of “emergency”. After-hours support will be billed at 1.5x the Service Provider’s then-current standard hourly rate if required.

 

M) Non-emergency support labor performed on Entech observed Holidays (listed below). See Scope of Services Section 1. A.vi. c. for the definition of “emergency”. If required, non-emergency support will be billed at 2x the Service Provider’s then-current standard hourly rate.

i. Entech observed holidays

• New Year’s Day
• Memorial Day
• Independence Day
• Labor Day
• Thanksgiving Day
• Thanksgiving Friday
• Christmas Day


4) Fees
Unless alternate terms are approved by Entech’s finance department, you agree to maintain an up-to-date pre-authorized method of payment inside Entech’s online payment portal. All agreement invoices are automatically paid on the invoice’s due date by your pre-authorized method of payment selected inside Entech’s online payment portal. If you wish to pay through an alternate payment method, it must be received at least one day prior to the due date; otherwise, the method inside the online payment portal will automatically run.


A) Entech reserves the right, but not the obligation, to charge a 5% collections premium on each invoice where an up-to-date, pre-authorized method of payment is not maintained and active inside Entech’s online payment portal.


B) The prices set forth in this SOW for the Services described will remain in effect for the first twelve (12) months of the term of this SOW. Thereafter, at the start of each consecutive agreement year, Entech reserves the right, but not the obligation, to increase the monthly fee for the Services up to five percent (5%), at Entech’s discretion. The fee increase will be reflected on the next invoice and without a formal written notice to Client.



5) Users & Equipment Covered
Entech reserves the right to renegotiate rates based on additions of locations, users, hardware, software, hardware support requirements, and/or services as well as modify this Agreement (or any portion thereof) with a 30-day notice.

Any additional devices added to the network without the consent or acknowledgement of Entech will not be honored or supported by Entech under this agreement.


6) Health Insurance Portability and Accountability Act (HIPAA)
Entech understands that our clients in the Healthcare industry are “Covered Entities” under the Health Information Portability and Accountability Act (“HIPAA”) privacy regulations. As HIPAA Covered Entities, our clients are legally obligated to maintain the privacy of all individually identifiable patient information that they create or receive. While Entech is not a HIPAA Covered Entity, we recognize the impact that the HIPAA privacy regulations have on our clients. Entech, Inc., remains committed to interacting with our clients in a responsible manner, and to maintaining the privacy of individually identifiable patient information that we receive on-the-job, consistent with applicable law and regulations. Entech has implemented an information security program and is committed to protecting PHI in accordance with the SOC 2 Security Principle and Criteria.

Entech has trained our employees and subcontractors about the requirements of the HIPAA privacy and security regulations. When visiting a client’s site, Entech employees and subcontractors must comply with customer requests designed to minimize the occurrence and effect of incidental disclosures of individually identifiable patient information.


Entech will provide our services to our clients in the Healthcare industry, always ensuring we are in compliance with HIPAA regulations.

 

 

Last revised April 11, 2022