Incident Management Procedure. Should the CP identify a problem with the Services, the CP must contact the KCOM Technical Support Team the contact details of which can be found in the Customer Service Plan. The KCOM Technical Support Team will first undertake a series of first line diagnostic tests. If at this stage the problem is resolved, the KCOM Technical Support Team will close the incident ticket and confirm that the incident is resolved. It is the CP’s responsibility to confirm to the End User that the incident is resolved. If first line diagnostics do not resolve the incident, a ticket will be raised for an Version 2 04/12/18 Service Operations Manual engineer to conduct further investigations on the incident and attend the End User Site to resolve the problem if deemed necessary. Following successful engineer investigation the KCOM Technical Support Team will inform the CP that the incident is resolved. The CP will then be responsible for informing the End User that the incident is resolved. The CP can request an expedited service which offers a faster TTR than the contracted TTR which applies to an Exchange Line provided pursuant to the KCOM Line Rental Agreement. The CP must request an expedited service at the time of reporting the relevant incident. If KCOM is unable to offer an expedited service for a particular incident KCOM will advise the CP. The Time to Resolve (TTR) period shall begin once the CP notifies the KCOM Technical Support Team of the incident. The TTR incident shall cease upon notice to the CP by the KCOM Technical Support Team of an incident resolution. KCOM will record the duration of the TTR period in order to be able to comply with KCOM’s obligations under Schedule 5 of the KCOM Line Rental Agreement. Where the CP has requested an expedited TTR as described in Schedule 5 of the KCOM Line Rental Agreement, the TTR will commence from the time that KCOM confirms to the CP that it accepts the request for an expedited service. If KCOM is prevented from resolving an incident within the TTR as a result of not being able to gain access to the End User Site (subject to KCOM providing prior notice wherever possible), the time period until KCOM physically gains access shall be deducted from the TTR calculations for the purpose of calculating any Service Credits that may be payable. To diagnose and resolve any suspected incidents rapidly and effectively, the CP should endeavour to ensure the CP is in possession of the following information when contacting the KCOM ...
Incident Management Procedure. The Digital Content Provider shall respond to an incident resulting in the LEA’s loss of use or functionality of the Digital Content Product (“Incidents”) in accordance with time intervals and other requirements corresponding to the applicable Incident priority levels set forth in the below table. Incident priority levels will be reasonably determined by the Digital Content Provider in a manner consistent with the below descriptions. The LEA shall provide commercially reasonable assistance to the Digital Content Provider in connection with the Digital Content Provider’s efforts to respond to an Incident. Incident Priority Incident Description Response Time Service Level* Priority 1: • Service is down or unavailable; or • Service function is so severely impacted that there is, or if the Incident is not resolved there will likely be, a halt to LEA’s business; or The Digital Content Provider will respond to and commence efforts to fix a Priority 1 Incident within 2 hours after notification of such Incident from MCPS. The Digital Content Provider shall acknowledge receipt of the LEA’s Incident Priority Incident Description Response Time Service Level* • >95% of the end users at a school are unable to access or use the service. initial notification of a Priority 1 Incident within 1 hour, and shall provide status updates thereafter. Priority 2: • Service functionality is substantially impacted or significant service performance degradation is experienced with high impact to the LEA’s business operations affecting 75% to 95% of the end users at a school. The Digital Content Provider will respond to and commence efforts to fix a Priority 2 Incident no later than 12 hours after notification of such Incident from the LEA. The Digital Content Provider shall acknowledge receipt of the LEA’s initial notification of a Priority 2 Incident within 2 hours, and shall provide status updates thereafter.
Incident Management Procedure. This describes at a minimum how the consequences of incidents will be limited for the Principal's data, what steps are to be taken upon the discovery of a security incident and which people are responsible for dealing with the incident to restore the situation to normal. The Contractor confirms that it fulfils the following technical and organisational requirements: The data obtained from or via the Principal will not leave the borders of the European Economic Area. Should it leave these borders, the Contractor must supply the necessary guarantees to prove that the transfer meets Chapter V of the General Data Protection Regulation (Transfer of personal data to third countries or international organisations). The networks over which this data is sent (wired or wireless, from, to or between applications, or via a platform managed by the Contractor, including but not limited to LAN Services, Wide Area Network Services, data centre interconnectivity services, load balancing, SAN switch interconnects and services supplied over Voice over Internet Protocol (VoIP)) have been secured in accordance with the defence-in-depth principle and appropriate techniques are used for the transmission of sensitive data. The hardware (including VMs) has been equipped with sufficient monitoring and security systems to prevent and analyse data breaches. The information systems used have been placed in identified and protected premises to which access is limited. All server systems have been equipped with prevention and detection mechanisms, as well as a means of containing viruses and other malware, and all server systems should have undergone a hardening process. All server systems have been equipped with a patch management process (implemented and documented). All patches for server systems are tested in an acceptance environment prior to roll-out. The systems are subjected to a penetration test and/or ethical hacking at least once a year, preferably in collaboration with the Principal. The Contractor guarantees its ability to demonstrate the implementation of these measures through external reporting, drawn up once every 3 years at a minimum and in accordance with a carefully described format. On submitting the tender, the Contractor will include the latest external reporting or a document that indicates when, by whom and on what basis the reporting is drawn up. The Contractor may never decide to alter the Principal's personal data - be it in a manual or automated manner - sav...
Incident Management Procedure. The security of our data and that of our customers is of immense importance to us, at Cloud Direct. Therefore, any suspected incidents are dealt with swiftly and treated with the upmost importance in line with our processes. In line with our Security Incident Management Procedures, we define a security incident most commonly as: • Abuse (Internet, E-mail, Viruses, Malicious Activity, Sharing Passwords). • Access (Unauthorised access to company locations such as data centres, systems or information). • Loss or theft (Loss or the theft of information stored on media, in documents or held on company or service systems, laptops and other devices). • Non-compliance with company and service information security policies or guidelines. • Any observed or suspected security weaknesses. Customers can expect: • To have the confidentiality and integrity of their information fully assured, whether held within any of our products and services or by Cloud Direct for account purposes. • To be able to enquire about any of Cloud Direct’s, or our products and services’ Security Procedures and receive a timely response. • To be able to report any suspected security concerns and be confident that they will be fully investigated to a point of resolution. A customer would be contacted about Security Incidents, where: • Their information was compromised or lost. • Their product or service would be interrupted as a result of a security incident. • Their product or service had already experienced an outage, to be made aware that it was the result of a security incident and provide the incident details. If a customer wished to report a suspected or known Security Incident, the following process should be observed: • To contact the Technical Services team on 0800 0789 437 or email xxxxxxxxxxxx@xxxxxxxxxxx.xxx, stating the background of the incident and any supporting evidence. • Technical Services would log the incident in accordance with our Security Incident Management Procedures. • If the incident cause, appears to be the fault of Cloud Direct or one of our partners it would be fully investigated to resolution and then fed back to the customer via a report. • If the security incident is the result of a customer’s action or inaction, Cloud Direct would provide advice and assist where possible but ultimately it is the responsibility of the customer to ensure their own security. To provide you with an enterprise-class Azure service and the highest level of customer service as describ...
