EX-10.28 14 a80573ex10-28.txt EXHIBIT 10.28 EXHIBIT 10.28 TASK ORDER NUMBER 2001-001 THIS TASK ORDER NUMBER 2001-001 ("Task Order No. 2001-001") will confirm the mutual understanding and agreement by and between SSP Solutions Incorporated ("SSP"), and each of Electronic Data Systems Corporation and EDS Information Services L.L.C. (collectively "EDS") as to the terms and conditions pursuant to which EDS, itself and through its direct and indirect wholly-owned subsidiaries will perform the Services and produce the deliverables described in this Task Order No. 2001-001. All references to EDS in this Task Order No. 2001-001 will be deemed to include all such subsidiaries, and EDS and SSP may be referred to herein individually as a "party" and together as the "parties." Capitalized terms used in this Task Order No. 2001-001, to the extent not otherwise defined in this Task Order No. 2001-001, shall have the same meaning as in the Agreement as defined below. The terms and conditions of this Task Order No. 2001-001 are as follows: 1. MASTER SERVICES AGREEMENT. This Task Order No. 2001-001 is entered into by the parties under the provisions of that certain Master Services Agreement, dated as of November ____, 2001, by and between each of SSP, EDS and EIS (the "Agreement"), and, except as otherwise provided in this Task Order No. 2001-001, all provisions of the Agreement are applicable to this Task Order No. 2001-001 by this reference. Notwithstanding any thing to the contrary concerning Section 1.5, Conflicts, to the Agreement, the terms and conditions set forth in this Task Order No. 2001-001 shall be deemed to be controlling terms and conditions in the event that any terms and conditions contained herein are in conflict with the terms and conditions set forth in the Agreement. 2. TERM OF TASK ORDER NO. 2001-001. The term of this Task Order No. 2001-001 will begin on December 1, 2001 ("TO#2001-001 Effective Date"), and, unless earlier terminated as provided in the Agreement, will continue through December 31, 2006 ("TO#2001-001 Expiration Date"). The term of this Task Order No. 2001-001 may be extended by mutual written agreement of the parties. 3. EDS SERVICES. During the term of this Task Order No. 2001-001, EDS will perform the Services described in Attachment 1 at the service levels described under Appendix A ("TO# 2001-001 Services"). 4. SSP ROLES AND RESPONSIBILITIES. During the term of this Task Order No. 2001-001, SSP will, at its own cost and expense, have the obligations to EDS described in Attachment 2. 5. SERVICE FEES. For the services performed and the deliverables produced by EDS under this Task Order No. 2001-001, SSP will pay to EDS the charges described in Attachment 3. 6. ADDITIONAL PROVISIONS. In addition to the terms and conditions described under the Agreement, the parties each acknowledge and agree that the following additional provisions will apply to this Task Order No. 2001-001: (a) TERMINATION FOR CONVENIENCE/NO LICENSING CONSENTS. In the event that (a) SSP is unable to obtain the licensing consents on the specified SSP-Vendor Software required for Implementation pursuant to the terms of Schedule 4.1 of the Agreement and (b) SSP and EDS both determine that no alternatives to such Software are available by January 1, 2003, then SSP may at its sole discretion have the option to terminate this Task Order No. 2001-001 upon ninety (90) days prior written notice; provided, however, SSP (i) is not then and does not become in default under this Task Order No. 2001-001 prior to the termination date; and (ii) pays to EDS in addition to its other payment obligations (which includes the aggregate sum of all total amounts due to EDS by SSP Solutions as described under Section 10.6(e) of the Agreement), on or before the termination date, the Delay and Termination for Convenience Fees described under the fee schedule outlined under Schedule 7 of Attachment 3 of this Task Order No. 2001-001. Notwithstanding anything to the contrary within this Task Order No. 2001-001, in the event that SSP terminates this Task Order for convenience pursuant to the terms of this Section 6(a), and elects to purchase Additional Services A-1 from EDS pursuant to the terms of the Agreement, EDS will provide to SSP a prorata credit against the Termination for Convenience Fees as described under Schedule 7 of Attachment 3 up to the full amount paid by SSP to EDS of such fees; provided, however, that (i) such Additional Services would be documented and made subject to the terms of the Agreement to a new Task Order for the Additional Services is executed, (ii) the Additional Services are executed between SSP and EDS within 90 days after SSP's written notice of termination, and (iii) SSP is and remains current on its payment obligations as described hereunder. (b) TAN IMPLEMENTATION INFRASTRUCTURE DELAYS. Notwithstanding anything to the contrary in this Task Order No. 2001-001, SSP, in its sole discretion, shall have the option to delay the commencement of Implementation as described under Sections 3.0 of Attachment 1 to this Task Order No. 2001-001 one time beyond January 1, 2003; provided, however, SSP (i) is not then and does not become in default under this Task Order No. 2001-001 prior to the termination date; and (ii) pays to EDS in addition to its other payment obligations the Delay and Termination for Convenience Fees as described under Schedule 7 of Attachment 3 to this Task Order No. 2001-001. Subject to the terms of Sections 3.0 and 6.0 of Attachment 1, SSP will be required to notified EDS by October 1, 2002, of its intent to delay such Implementation beyond January 1, 2003; otherwise EDS will invoice SSP for the Implementation charges as described under Section 6.0 of Attachment 1 and will initiate Implementation as contemplated by the parties hereunder. Such fees are due and payable to EDS by January 31, 2003. If SSP elects during the period of January 1, 2003 and December 31, 2003 to initiate Implementation pursuant to the terms of Section 3.0 of Attachment 1, EDS will provide to SSP a prorata credit against the Implementation Delay Fees as described under Schedule 7 of Attachment 3 for the remaining period between the commencement date of Implementation and December 31, 2003; provided, however, that SSP is and remains current in its payment obligations including the payment of the Implementation Fees as described under Section 2 of Attachment 3. For the purpose of calculating the credit, EDS will determine the credit based on a 1/12 of $200,000 multiplied by the number of months between commencement of Implementation and December 31, 2003; and such credit will be issued to SSP on the then current monthly invoice for Services. (c) TERMINATION OF PORTION OF SERVICES. Pursuant to the terms of this Section 6(a) of the Task Order No. 2001-001, SSP may terminate a portion of EDS Services as described Section 3.0 and Section 4.0 of Attachment 1 for convenience and without cause any time after January 1, 2003 by providing to EDS 90 days prior written notice; provided, however, SSP will pay, in addition to its other payment obligations described under this Task Order No. 2001-001, either (i) $400,000 after January 1, 2003, or (ii) $200,000 after January 1, 2004. Notwithstanding anything to the contrary, upon the effective date of such termination of this portion of Services, EDS will be relieved of those of its obligations under this Task Order No. 2001-001 as described under Section 3.0 and 4.0 only that are affected by such election to termination this portion of Services. All fees will be due and payable in full to EDS in accordance with the Termination for Convenience Fee schedule defined under Schedule 7 of Attachment 3 and Article VIII of the Agreement. (d) TERMINATION FOR CONVENIENCE. At any time after January 1, 2004, SSP may terminate this Task Order No. 2001-001 for convenience and without cause by providing 90 day prior written notice; provided, however, that SSP (i) is not then and does not become in default under this Task Order No. 2001-001 prior to the termination date of such Services; and (ii) pays to EDS the specified fees described in the Schedule 7, Delay and Termination for Convenience Fee Schedule, outlined under Attachment 3 to this Task Order No. 2001-001. (e) EXCLUSIVE PROVIDER. During the term of this Task Order No. 2001-001, EDS will be SSP A-2 Solutions' Exclusive Provider (as defined below) for certain information technology hosting services of SSP Solutions' proprietary Trust Assurance Network ("TAN"). "Exclusive Provider" means that during the first sixty-one (61) month period after the Effective Date of the Task Order No. 2001-001, SSP Solutions will recommend only EDS as its exclusive provider in hosting the TAN except in the following situations: (i) where the customer has indicated that it does not wish to purchase a combined Alliance Offering, or (ii) where the customer has indicated that it does not wish to transact business with EDS. SSP Solutions will make this information available to the EDS Account Executive as defined under Section 2.1, of the Agreement. SSP Solutions acknowledges and agrees that EDS may provide information technology services (including the EDS Services under each Task Order) for third parties at any EDS facility that EDS may utilize from time to time for performing the EDS Services. Subject to the restrictions on the disclosure of confidential information set forth in Article 7, of the Agreement, nothing in the Agreement or any Task Order (including this Task Order No. 2001-001) will impair EDS' right to acquire, license, market, distribute, develop for itself or others or have others develop for EDS similar technology performing the same or similar functions as the technology and EDS Services contemplated by the Agreement, this Task Order No. 2001-001 or any other Task Order as may be incorporated under the Agreement. 7. The amount of the Work Order Damages Limit for this Task Order No. 2001-001 is an aggregate sum of revenue due to, and charge by, EDS to SSP under this Task Order No. 2001-001 during the previous six (6) months prior to the effective date of the claim or action (the "Aggregate Damages Limit"). IN WITNESS WHEREOF, the parties have duly executed and delivered this Task Order No. 2001-001 by their duly authorized representatives as of November ____, 2001. SSP SOLUTIONS INCORPORATED ELECTRONIC DATA SYSTEMS CORPORATION By: /s/ Marvin Winkler By: /s/ Gordon Adams ---------------------------- ------------------------------ Name: Marvin Winkler Name: Gordon Adams ---------------------------- ------------------------------ Title: Co-CEO Title: Co-CEO ---------------------------- ------------------------------ Date: 11/14/01 Date: 11/16/01 ---------------------------- ------------------------------ EDS INFORMATION SERVICES L.L.C. By: /s/ Gordon Adams ------------------------------ Name: Gordon Adams ------------------------------ Title: Client Executive ------------------------------ Date: 11/16/01 ------------------------------ A-3 ATTACHMENT 1 TO TASK ORDER NO. 2001-001 STATEMENT OF WORK FOR: SSP SOLUTIONS, INCORPORATED ATTACHMENT 1 TO TASK ORDER NO. 2001-001 STATEMENT OF WORK EDS SERVICES This Statement of Work ("Statement of Work") describes and details the Services provided by EDS to SSP. EDS will provide to SSP under such Services hosting and maintenance of SSP's Trust Assurance Network servers and associated devices in accordance with the service levels as defined under Appendix A from within EDS' secure vault located at its Services Management Center ("SMC") in Plano, Texas ("Secure Vault"). The configurations identified in Appendix A are considered in scope for this Statement of Work. 1.0 EDS SERVICE MANAGEMENT CENTER 1.1 PHYSICAL SECURITY AT THE SMC. EDS will maintain physical security and access-control practices at the EDS SMC as defined in the Agreement and further described under this Statement of Work. The EDS SMC will provide the following physical security features to support the SSP Software systems and the associated hardware located in the EDS SMC. - Security guards on duty at all times (which includes twenty-four hours per day, seven days a week, and 365 days a year ("24x7x365")). - Physical barriers and card access at all entrances. - Card key authorization required for EDS buildings located on the EDS campus and all sensitive areas within the EDS SMC. - Access restricted to individuals with a "need for access" only and the appropriate authorization from EDS management. - Monitoring of the SMC facility with security cameras. - EDS will maintain engineering design and facility environmental systems and will manage and support all aspects of the SMC facility, including supervision of all subcontractor maintenance activities. - EDS will provide floor space, power, electrical, air conditioning, uninterruptible power supply ("UPS"), and diesel generator backup facilities in order to meet the agreed-upon Secure Vault environment requirements for SSP as defined under this Statement of Work. - EDS will make available, maintain and pay for the following facility related equipment required for the EDS support staff to perform the performance obligations described under this Statement of Work: (a) Telephones (b) Furnishings (c) Copiers, fax machines (d) Office supplies (e) Microcomputer systems and computer (f) Internet access - No provisions have been made or are included in this Statement of Work with regards to a recovery site in the event of a catastrophic failure at the Secure Vault located at the SMC for back up recovery. A recovery site, if desired and upon request by SSP, can be arranged by EDS at additional charge to SSP, as an amendment to this Task Order No. 2001-001 or documented and evidence through mutual agreement by the parties under a separated Task Order under the Agreement. A - Attachment 1 - 1 1.2 ADDITIONAL SECURITY FEATURES OF THE SECURE VAULT - In addition to the physical security features described under Section 1.1, EDS will provide the additional security features and controls for the Secure Vault. For the purpose of clarification, the Secure Vault is classified as a sensitive area of the SMC which as of the TO#2001-001 Effective Date is located in the basement of the SMC. The exterior walls of the Secure Vault are classified as a "true floor to true ceiling" construction that eliminates any gaps in its perimeters. The Secure Vault is currently constructed with electronic magnetic interface/electronic magnetic radiation ("EMI/EMR") rated protection. Additionally, a signal reference grounding system is installed beneath the Secure Vault, and connected to, the raised floor system to provide additional protection to ground electrical signals. - EDS issues picture identification badges to each EDS employee assigned to the Secure Vault. A separate card reader system controls access to the Secure Vault and access to that reader can only be granted by EDS security personnel from within the Secure Vault. A mantrap with biometric reader provides an additional layer of security protection. 1.3 SUBCONTRACTING Subject to the other provisions of this Article III of the Agreement, EDS may subcontract any portion of the EDS Services to third parties at any time during the term of this Task Order No. 2001-001. EDS will not disclose any confidential information of SSP to any such subcontractor unless and until the subcontractor has agreed in writing to protect the confidentiality of such confidential information in the manner required by Section 7.4 of Agreement and then only to the extent necessary for the subcontractor to perform those EDS Services subcontracted to it. EDS will remain responsible for the obligations performed by any of its subcontractors to the same extent as if such obligations were performed by EDS. 2.0 EDS OWNED ASSETS - EDS will provide at its own expense the hardware and EDS-Vendor Software as detailed in Appendix B of this Statement of Work to support (i) the SSP Trust Assurance Network platform which will reside within the SMC in Plano, Texas; and (ii) the Test and Integration Lab as defined under Section 5.0 of this Statement of Work. Additionally, EDS will maintain third party hardware and software maintenance support services as required for EDS to perform its obligations described under this Task Order No 2001-001. - Changes to the compute assets as listed under Appendix B to support the SSP Trust Assurance Network platform will be mutually agreed upon between the parties. 3.0 IMPLEMENTATION, INTEGRATION, AND TEST Implementation, integration and testing Services as described under this Section 3.0 are those start-up activities that EDS will perform which are necessary to support the ongoing requirements of hosting a compute environment or a complete replacement of an existing compute environment for the SSP Trust Assurance Network platform ("Implementation"). Subject to the parties assumptions and terms and conditions described under Section 6.0, EDS estimates that Implementation will require approximately 90 days to complete after receipt of (i) SSP's advance notification to initiate Implementation; (ii) SSP's payment of Implementation charges in full; and (iii) the SSP Software and SSP-Vendor Software; implementation schedule will be mutually agreed upon between the parties. - EDS will plan and prepare for the establishment of ongoing maintenance Services to support the complete implementation, of the SSP hosting environment including facility preparation, system and related system software installations, backups, security, request management, service metrics, testing, business continuity requirements, and ongoing operation in accordance with SSP's business requirements as provided to EDS using the EDS planning and project management methodology. Such planning and preparation will be provided by EDS to SSP at no additional cost. A - Attachment 1 - 2 - EDS will communicate to SSP any service issues or implementation concerns through the site-specific communication process to SSP. - EDS will use commercially reasonable efforts to ensure proper environmental preparation such as raised floor, power requirements, and HVAC are in place and will install the defined hardware equipment and software systems as described under Section 2.0 of this Statement of Work. - EDS will perform tests required to validate that the SSP Trust Assurance Network platform are operational and conforms to established manufacturer's specifications. Results of the testing will be documented by EDS and provided to SSP upon request. SSP will provide to EDS with a set of testing and evaluation measurement procedures to perform periodic tests to evaluate conformation to agreed upon performance standards for SSP Software or SSP-Vendor Software. Results of these tests, which will be treated as confidential information, will be provided to SSP from EDS upon written request. - EDS will conduct a final review of the Implementation with SSP to verify that requirements have been met which will include (i) facilitating a SSP on-site walk through inspection of the Secure Vault, at SSP's expense, at a mutually agreed upon time, (ii) verification that the SSP Trust Assurance Network platform is configured and activated in accordance with technical specification defined under the project plan; and (iii) SSP can successfully execute a SSP Software or SSP-Vendor Software application as mutually identified and agreed upon by the parties. - EDS will facilitate the loading and configuration of any and all SSP Software, SSP-Vendor Software, and/or EDS-Vendor Software on the hardware component as described under Appendix B in the EDS Secure Vault environment. Loading of SSP application software (which consists of SSP Software and SSP-Vendor Software) is the responsibility of SSP and may require SSP personnel or other third party representatives of SSP to be on-site. EDS will assist SSP as required. EDS will be responsible to coordinate the installation of all EDS-Vendor Software designated to support the SSP Trust Assurance Network platform environment as described under Appendix 2.0. 4.0 ON-GOING SERVICES 4.1 SYSTEMS MANAGEMENT - EDS will monitor (i) hardware and system software, (ii) process status and (ii) environmental controls; and will engage in problem management actions based on detected problems or issues. The EDS system operator will identify, escalate and document problems using the current EDS problem management process in effect at the time of the documented problem. - EDS will perform routine system operation functions and system console operations actions such as power on/off, system reboots, and start/stop/reset system processes in accordance with the processing requirements and procedures as provided by SSP and mutually agreed upon by the parties. EDS will also perform required device intervention as deemed necessary to maintain the systems operations. - EDS will review with SSP on a annual basis a list of SSP designated personnel authorized to request Software Changes to SSP Software, updates, tests, or reports. All SSP Software Changes will be supplied by SSP to EDS at the SMC via a computer diskette (CD) containing appropriate changes, with certification that the SSP Software has been appropriately screened and are absent of viruses, Trojans or malicious code. 4.2 CONFIGURATION MANAGEMENT EDS will provide the following Managed Services in the Secure Vault as described below in accordance with the allocated schedule of base hours per month as defined in Attachment 3 ("Base Hours"). In the event that SSP requests in addition to these Base Hours such additional test or integration Services that exceed the Base Hours as defined, EDS will provide SSP with an estimate of hours projected to complete the work requested and obtain from SSP a request authorization to proceed. Hours over the Base Hours will be charged at a time and material basis at the per hour rates as described in Attachment 3. A - Attachment 1 - 3 4.2.1 SOFTWARE CONFIGURATION MANAGEMENT - Upon a mutually agreed upon project schedule, EDS will install and upgrade all system-level software (such as the operating system and other non-application EDS-Vendor Software) or any application software (such as SSP Software or SSP-Vendor Software) requiring "super user access" or its equivalent privileges under the Secure Vault environment. The current operating system and system environment which includes both the system-level software and application software will be backed up by EDS before implementing any upgrades or any other software configuration changes to the system operating environment. Notwithstanding anything to the contrary with this Section 4.2.1, SSP will be responsible to provide EDS with any and all SSP Software or SSP-Vendor Software updates or other Software configurations via CD containing appropriate changes, with certification that the SSP Software or SSP-Vendor Software upgrade or software configuration changes have been appropriately screened and are absent of any viruses, Trojans or malicious code. - EDS will coordinate all software configuration changes through EDS' SMC's change management process. For any and all high impact or high-risk changes as determined by EDS, EDS will (i) gather SSP's compute requirements, (ii) establish a work plan, and (iii) use commercially reasonable efforts to develop a test plan to ensure the smooth implementation of the software configuration changes to SSP Software or SSP-Vendor Software. Additionally, in the event that application testing is requested by SSP to ensure the effectiveness of the software configuration changes, the parties will deem such request as Additional Services (defined under the Agreement) and each will mutually negotiate in good faith the provisions of such Additional Services under a separate Task Order as described under the Agreement. - EDS will provide problem escalation and will use commercially reasonable efforts to interact with EDS third-party suppliers as necessary to perform its obligations under this Statement of Work. Additionally, in the event that system problems are identified with the SSP Software or SSP-Vendor Software, SSP will work cooperatively with EDS upon EDS' request to provide problem escalation with its SSP third party suppliers in a timely and efficient manner. SSP will use commercially reasonable efforts to interact with SSP third-party suppliers as necessary for EDS to perform its obligations described under this Statement of Work. - EDS will manage and apply corrective maintenance to all system-level software (which includes all EDS-Vendor Software operating systems and other non-application software as described under Appendix B.) - EDS will document and track all Software configuration management problems on the EDS-Vendor Software, SSP Software and SSP-Vendor Software supporting the SSP hosting environment using the EDS SMC site change management process. In the event that (i) any system Software component within the SSP hosting environment fails or does not perform in accordance with its designated specifications as documented, and (ii) EDS installed such EDS-Vendor Software system-level or non-application software, EDS will take ownership of the problem at its expense and initiate a problem fix through resolution. EDS will use commercially reasonable efforts to identify and implement any short-term fixes to eliminate the immediate problem and will identify a permanent corrective action with appropriate follow-up to ensure the fault is eliminated from the operating environment. In the event that (i) any application Software component (including SSP Software and SSP-Vendor Software) within the SSP hosting environment fails or does not perform in accordance with its designated specifications as documented, and (ii) EDS installed such application Software as a result of restrictions regarding the "super user access" or its equivalent privileges, EDS will notify SSP as reasonably possible and coordinate with SSP a problem resolutions. For the purpose of clarification, SSP is at its expense responsible for the resolution of any and all problems through resolution. - EDS will inventory and track on an on-going basis any and all system-level Software components and Software configuration changes to the EDS-Vendor Software which includes all operating system and other non-application software that make up the SSP Trust Assurance Network platform environment along with any and all application software (SSP Software and SSP-Vendor Software) installed on the SSP Trust Assurance Network platform. A - Attachment 1 - 4 - EDS will allow the installation of all application Software, Software upgrades and/or any software configuration changes to such application Software by SSP (which includes any and all SSP Software and SSP-Vendor Software during initial installation or any software upgrades thereinafter) after an installation plan has been submitted by SSP and mutually accepted by the parties. Subject to the terms of Article VI, SSP and its personnel representatives designated for installing the specified SSP Software and/or SSP-Vendor Software (such as SSP's technology partners, SSP's employees or EDS personnel) must (i) be approved in advance by EDS for entry into the secured area, and (ii) must comply with all EDS' corporate security standards as provided by EDS for the SMC while on-site to perform such installation services. Testing and certification of proper installation must be verified in accordance with rules defined under Sections 3.0, 4.2 and 5.0.1 of this Statement of Work. 4.2.2 HARDWARE CONFIGURATION MANAGEMENT - After initial Implementation, additional hardware upgrades will not be provided by EDS unless such upgrades are deemed by EDS at its sole discretion as necessary to (i) fix problems, (ii) add additional functionality or (iii) add security to the SSP Trust Assurance Network platform environment. - EDS will coordinate all hardware configuration changes through the change management process in effect at the SMC site. For all high-impact or high-risk changes as determined by EDS, EDS will (i) gather SSP's compute requirements, (ii) coordinate with any EDS third-party suppliers, and (iii) use commercially reasonable efforts to establish a work plan to ensure a smooth implementation that meets agreed-upon maintenance requirements. As necessary, EDS will handle technical coordination with third-party suppliers. - EDS will document and track any and all hardware configuration management problems using the SMC site problem management process. If any system hardware component fails within the SSP Trust Assurance Network platform, EDS will escalate and coordinate with its third-party suppliers to initiate a system fix through to resolution. EDS will use commercially reasonable efforts to work with its third party suppliers to identify and implement any short-term fixes to eliminate the immediate problem; and will identify a corrective action with appropriate follow-up to ensure the fault is eliminated from the SSP Trust Assurance Network platform environment. - EDS will inventory and track on an on-going basis any and all SMC data center and Trust Assurance Network platform hardware components and changes, including information about hardware shipping and receiving, raised-floor space requirements, equipment placement, cabling, fiber, and connectivity details that make up the SSP Trust Assurance Network platform environment. 4.2.3 CHANGE MANAGEMENT - During the term of this Task Order No. 2001-001, EDS will manage all changes to the SSP Trust Assurance Network platform through the change management process described hereunder. For the purpose of clarification, EDS will use commercially reasonable efforts to track, review, and report on all changes made to the SSP Trust Assurance Network platform infrastructure in order to minimize the impact to SSP and comply with EDS' audit requirements. Change request lead-times are based on the amount of time required by EDS to evaluate and adequately plan for the change. All EDS changes will be (i) tracked through a change management system, (ii) undergo technical and internal EDS business reviews, and (iii) are subject to approval by all of EDS' affected groups supporting the SSP Trust Assurance Network platform. When a requested change has been approved and after the change has been executed by EDS, a post review will be completed by EDS in accordance with EDS' technical standards for the Secure Vault. - EDS and SSP each will use commercially reasonable efforts to ensure all changes to the production environment within the SSP Trust Assurance Network platform are successfully tested and approved for production in the EDS Test and Integration Lab, as described in Section 5, of this Statement of Work, prior to production implementation of SSP Software or SSP-Vendor Software, as the case may be. A - Attachment 1 - 5 - SSP will provide EDS with advanced written notice when there is a change in the SSP Trust Assurance Network platform network and EDS will use commercially reasonable effort to completed such changes as requested; provided, however, that such written notice is received by EDS to allow adequate time for EDS to perform its obligations as described hereunder and reasonably apply any appropriate corrections, if required. Such changes include any and all additions, deletions, expansions, and configurations to the SSP Trust Assurance Network platform. - EDS and SSP each will mutually agree to the scope, timeframes, and additional costs, if any, for changes performed in accordance with the terms of this Section 4.2.4. 4.4 CONNECTION TO THE PUBLIC INTERNET - EDS will provide a 1 Mbps standard connection from the dedicated SSP production firewall to the public internet through the Secure Vault's shared internet connection. EDS will maintain a bandwidth capacity that will allow the SSP connection to burst up to 10Mbps. 4.5 SECURITY MANAGEMENT - EDS will manage and support standard security guidelines such as password aging, login verification and control over privileged designated SSP users. All security-related modifications to the system(s) must comply with the EDS audit compliance standards. 4.6 PROBLEM MANAGEMENT - EDS will use the SMC problem management process to managed unplanned service failure events. All service failure problems are tracked by EDS upon receipt using the "Managed Service" problem ticketing system owned and operated by EDS. Problem resolution of the service failure problem is prioritized based on severity levels as described under Section 1 of Appendix A. EDS will open and log a problem ticket in the Managed Service system and all opened problem tickets are reviewed by EDS daily. The problem ticket will be closed by EDS when resolution of the problem has been obtained. Within 30 days after Implementation, EDS will make available to SSP a detailed problem management process document which will described the process and how such processes can be initiated by SSP. - Problems are detected and resolution can be initiated from the Managed Service system through the monitoring of alerts or can be escalated to the EDS Account Executive or Test and Integration Lab, as the case may be. Resolution will be completed in accordance with the following guidelines: (a) A call will be considered received by EDS once it has been logged into the Managed Service problem ticketing system and assigned to EDS' technical support group. (b) Problems will be prioritized according to the assigned severity level as described under Section 1, of Appendix A. (c) All service level measurements and commitments described under Appendix A will be suspended for system failure problems escalated to another technical support group other than EDS or third party vendors designated to support the SSP Trust Assurance Network platform. (d) Service failure problems pending long-term resolution will be placed in `pending' status and the service level commitments for such problems will be suspended. (e) The SSP site contact will be available for assistance in problem resolution. If not available, the resolution timer will be suspended until the SSP site contact is available. - EDS retains responsibility of managing all problem tickets that may be placed in a suspended or pending status while such problem tickets are escalated for resolution and will perform following up in accordance with the then current problem escalation procedures in effect until final resolution has been obtained. A - Attachment 1 - 6 5.0 TEST AND INTEGRATION LAB EDS will provide to SSP the following test and integration lab Services as described under Sections 5.1, 5.2, 5.3 and 5.4 ("Test and Integration Lab") during the allocated hours provided per month as defined in the time schedule outline under Attachment 3 ("Base Hours"). In the event that SSP requests of EDS assistance with projects, tests, or other integration services that exceed the Base Hours per month as defined, EDS will provide to SSP an estimate of the projected hours required to complete such requested work and obtain from SSP written authorization to proceed. EDS will provide Test and Integration Lab Services on a time and material basis and all hours over the Base Hours per month will be charged at a rate as shown in Attachment 3. 5.1 FACILITIES AND EQUIPMENT The EDS Test and Integration Lab is currently located in Herndon, Virginia. The Test and Integration Lab will provide the environment for EDS to perform the following Services: - Test and document the ability of SSP's current technology partners, using reasonable combinations possible, to function within the SSP Trust Assurance Network platform environment as described by SSP and provided under documented test plans. - Test SSP hardware and Software technology upon request to function within the SSP Trust Assurance Network platform environment in accordance with mutually defined test plans. - Test actual Software owned by or third party vendor applications licensed to clients of SSP with whom SSP is contracted to perform certain SSP services using its SSP Software before it is presented to the production environment supported by the SSP Trust Assurance Network platform. - Test EDS-Vendor Software, SSP Software or SSP-Vendor Software as potential applications as may be requested for functionality within the SSP hosting environment. - Test technology that is desired to be included in a SSP Software or SSP-Vendor Software application by clients of SSP because of its SSP Trust Assurance Network platform design. An appropriate and complete test plan as prescribed by EDS and SSP must accompany each and every test performed. - Test specific pieces of equipment and Software as provided by SSP for possible inclusion in the SSP Software solution suite. - Test all SSP Software and SSP-Vendor Software updates as provided by SSP before introduction to the production environment in the Secure Vault. - Scan all SSP Software and SSP-Vendor Software to be installed in the SSP hosting environment as submitted by SSP software for known viruses, trojans and other malicious code. Additionally, EDS will scan all EDS Software or EDS-Vendor Software to be installed in the SSP hosting environment for known viruses, trojans and other malicious code. 5.2 EDS COMMUNICATION AND SECURITY ARCHITECT RESPONSIBILITIES - EDS will design and maintain a functioning lab and personnel resources to meet its performance obligations as described under Section 5.1, above. - EDS will work cooperatively with the EDS personnel at the SMC and Secure Vault in Plano, Texas, to locate a production site and enable SSP to establish achievable and measurable acceptance test procedures for the accomplishment of responsibilities. - EDS will develop and distribute basic test plan requirements for all software (including SSP Software, SSP-Vendor Software and EDS-Vendor Software) and hardware testing for submission before testing begins. A - Attachment 1 - 7 5.3 HARDWARE CONFIGURATION - EDS will install and upgrade all system-level hardware and EDS-Vendor Software (such as the operating system and other non-application software) or application software ("SSP Software and SSP-Vendor Software") requiring super user access. EDS will recommend and propose to SSP any system upgrades or replacements as required. SSP will be responsible at its expense to maintain the minimum hardware and software configurations as recommended by EDS. In the event that such minimums are not maintained, EDS may not be able to perform Services and maintain the SSP Trust Assurance Network platform in accordance with the defined service levels as described under Appendix A - The Test and Integration Lab as described under this Section 5.0 will be the model office for the SSP production environment. 5.4 TESTING OF PROVIDER SUPPLIED APPLICATIONS - EDS will through its Test and Integration Lab document any and all new SSP Software applications and SSP-Vendor Software application with their functionality as described in SSP provided forms accompanying any such Software for testing and integration Services. 6.0 ASSUMPTIONS EDS relies upon the assumptions, data, and instructions provided by SSP within this Task Order No. 2001-001 to estimate the skill sets and amount of time needed to meet the TO#2001-001 Services obligations as described hereunder. In the event that the assumptions, data, and/or instruction concerning these obligations increase either resources and the cost estimates as a result of unclear assumptions, incorrect or incomplete data, or erroneous instructions supplied to EDS by SSP, SSP will negotiate in good faith with EDS a change request to reflect the required additional associated costs to this Task Order No. 2001-01. - It is acknowledged by the parties that the SSP Trust Assurance Network platform environment will not be activated until January 1, 2003 ("Projected Activated Date"). The parties each acknowledge and agree that in order to prepare, install, and complete Installation by the Projected Activated Date, Installation must be initiated no later than the month of October 2002; provided, however, EDS receives in full SSP's payment of the Implementation Fees as described under Attachment 3. EDS will commence Implementation in accordance with the terms of Section 3.0 of the Statement of Work. The forgoing notwithstanding, between the period of January 1, 2002 and December 30, 2002, SSP may desire to initiate Implementation prior to the Projected Activated Date in order to activate the SSP Trust Assurance Network platform earlier than what the parties contemplate hereunder. In the event that SSP elects at its discretion to initiate such Implementation prior to the Projected Activated Date, SSP will provide (i) advance written notice to EDS as required pursuant to the terms of Section 3.0 of this Statement of Work any time between January 1, 2002 and October 1, 2002 and (ii) pay to EDS the Implementation charges and other on-going reoccurring monthly fees as described under Attachment 3. Such monthly charges will be adjusted and invoiced accordingly to reflect the additional months such EDS Services will be perform and SSP will pay EDS all amounts due and owning in accordance with Article VIII of the Agreement. In the event that SSP has not provided advance written notice to EDS initiating Implementation by October 1, 2002 and if SSP has not elected to delay Implementation an according to Section 6 of the Task Order No. 2001-001 and Attachment 3, Section 7, EDS will invoice SSP for the Implementation Services fees and SSP will pay EDS in full pursuant to the terms of Article VIII, of the Agreement, and will initiate Implementation upon payment of such fees in accordance with Section 3.0. - This Task Order No. 2001-001 does not include test equipment for performing application testing or application development services. Application testing and application development services may be available to SSP from the Test and Integration Lab at an additional charge upon mutual written agreement. - Under EDS' Security Management Services, SSP may request EDS and EDS may agree to perform other information assurance offerings as agreed upon from time to time. EDS Security Management Services offers options at additional cost to SSP Trust Assurance Network platform which can enhance the protection of both EDS' and SSP's information assets from internal and external threats. This is accomplished through establishment and enforcement of operating policies. EDS acknowledges that A - Attachment 1 - 8 SSP's customers will require different levels of security to support their business, therefore, EDS will extended service options that allow SSP to tailor its SSP Trust Assurance Network platform to meet the level of security accordingly with its customer's needs. Extended security service offerings in the Secure Vault may include: (a) threat detection (CERT, CIAC, vendor bulletins), (b) server virus protection and repair, (c) intrusion detection (network and server agent), (d) incidence response procedures, (e) ongoing vulnerability scanning, and (f) policy and standards development. The parties each acknowledge and agree that these Security Management service options have additional terms and conditions regarding the provisioning of services and such terms and conditions are not adequately address under this Task Order No. 2001-001. Thus, the parties each agree in the event that SSP may desire to purchase such extended Security Management Services options, the parties will each negotiated in good faith and document the scope of such services, pricing and other additional terms and conditions as may be required under a separate Task Order to the Agreement. - During the period of time between the TO#2001-001 Effective Date and the commencement of Implementation as described under Section 3.0, the parties each acknowledge that the hardware and Software components described under Appendix B may require changes due to technical changes in the industry or pursuant to SSP's technical requirements. To the extent that these changes may result in changes in the EDS Services and additional costs, the parties will negotiate in good faith with regard to any adjustments to this Task Order No. 2001-001 that may be necessary as a result of such changes. A - Attachment 1 - 9 ATTACHMENT 2 TO STATEMENT OF WORK SSP'S ROLE 1. SSP acknowledges and agrees that EDS' ability to perform the EDS Services in accordance with this Statement of Work is contingent upon SSP's timely performance of those obligations assigned to SSP hereunder and elsewhere in the Agreement. 2. SSP and SSP representative(s) will conform to EDS physical security policies while on EDS premises during all site visits. 3. SSP will work cooperatively with EDS to review the implementation schedule and test plan. SSP will also attend the final implementation, integration, and testing review as described under Section 3.0 of this Task Order No. 2001-001 to verify that all implementation requirements have been met. 4. SSP will provide to EDS at least one primary and one backup communication focal point contacts for service requests, security authorizations, support issues, and business continuity requirements. 5. SSP will maintain and keep current lists of any and all SSP representatives authorized to request from EDS or provide approval on behalf of SSP system reboots. Additionally, SSP will provide to EDS upon request and from time to time, a list of (i) all SSP representatives authorized to request from EDS or provide approval on behalf of SSP system reboots, and (ii) any individuals authorized to request or approve system restorations and changes to the business components of the SSP Data backup plan. 6. SSP will provide, and keep current, lists of contacts for communication of changes and escalation of hardware or software configuration management issues and problems. 7. SSP will communicate to EDS any changes in authorization and annually review authorized SSP contacts and backup personnel who are responsible for defining and authorizing logon identification (ID) and controlled file access. 8. SSP will provide to EDS upon request and keep current a list of all SSP hardware, SSP Software, SSP-Vendor Software and middleware used in the SSP solution suite and the associated architecture diagrams and documentation. 9. Pursuant to the terms of Schedule 4.1, SSP Solutions will provide, or cause to be provided, to EDS the right to access SSP Software and SSP-Vendor Software as licensed to SSP Solutions by a vendor if such is required for EDS to perform the Services, but for no other purpose. EDS will assist SSP in determining whether SSP will need to obtain any consents, licenses or other rights from vendors as contemplated under this Task Order No. 2001-001. SSP will be responsible for obtaining any such consents, licenses or other rights and for finding an alternative solution in the event a vendor refuses consent. 10. If required, SSP will provide to EDS at no charge to EDS the SSL certificates required for the "Test" and "Production" servers. 11. SSP will use commercially reasonable efforts to provide EDS with timely notification and management approval as required for EDS to meet its performance obligations described under this Task Order No. 2001-001. 12. CONTINGENT RIGHTS. The parties each acknowledge that as of the TO#2001-10 Effective Date, SSP does not yet possess all intellectual property or consent rights necessary to affect the intent of this Task Order No. 2001-001 pursuant to the terms of Schedule 4.1 of the Agreement. Subject to the terms of Sections 6.5 and Schedule 4.1 of the Agreement, it is expressly understood by the parties that SSP will use commercially reasonable effort to secure the requisite intellectual property and licensing consent rights as required for EDS to perform its obligations described hereunder as expeditiously as possible. In the event that SSP is unable to obtain such rights for EDS as required to the SSP Solutions Software and/or the SSP Solutions-Vendor Software (as defined in Section 6.1 of the Agreement) any time prior to January 1, 2003, SSP may terminate for its convenience and without cause this Task Order by providing EDS 90 days prior written notice as described under Section 6(a) of this Task Order No. 2001-001. A - Attachment 2 - 1 ATTACHMENT 3 TO TASK ORDER NO. 2001-001 CHARGES In consideration for the TO#2001-001 Services performed by EDS under this Task Order, SSP will pay to EDS the following charges as outlined under this Section 1 of Attachment 3. Subject to the terms and conditions of the Agreement, any mutually agreed upon additional requirements to this Task Order No. 2001-001 which are mutually agreed upon between the parties will require either (i) a separated executed Task Order to the Agreement or (ii) an amendment to this Task Order No. 2001-001. SSP will pay any and all amounts due and owing to EDS in accordance with the payment terms and conditions described under Article VIII, of the Agreement. The recurring monthly charges described under this Attachment 3 are subject to the annual adjustment charges as described in Section 5, below. 1. ACCOUNT AND TEST & INTEGRATION LAB MANAGEMENT FEES During the term of this Task Order No. 2001-001, SSP will pay the monthly re-occurring fees as specified below for account management and Test & Integration Lab management Services ("Account & Lab Management Fees"). For the purpose of clarification, such Account & Management Fees reflected in calendar years 2004, 2005, and 2006 the resource allocation change described under Section 2.1 for the leverage part time EDS Account Manager.
2. IMPLEMENTATION FEES/SSP HOSTING ENVIRONMENT The Implementation fee is a one-time charge for Services performed pursuant to the terms of Section 3.0. Implementation Services will commence upon receipt of SSP's payment in full.
IMPLEMENTATION ONE TIME FEE -------------- ------------ $45,200.00 An one time fee due and payable in full to EDS at the earlier of either (i) an advance written notice by SSP approving the commence of Implementation Service prior to October 1, 2002 (pursuant to Section 3.0), or (ii) upon receipt of EDS' October 2002 invoice which activates of Implementation Services pursuant to the terms of Sections 3.0 and 6.0.
3. PRODUCTION & SYSTEM MANAGEMENT FEES Commencing upon Implementation completions, SSP will pay the monthly re-occurring fees as specified below for on-going production and System Management Services as described under Section 4.0 ("Production & System Management Fees"). The Production & System Management Fees are invoiced in advance; and EDS will prorate the first month's fees between the period from Implementation completion through the last day of the first calendar month which SSP's Trust Assurance Network platform is activated; and, then, invoice for a full calendar month thereinafter. A - Appendix A - 1
PRODUCTION SYSTEM MANAGEMENT MONTHLY FEES INVOICING MONTHS INVOICING PERIOD ---- ---------------- ---------------- $ 58,690.00/Month 36 Months A reoccurring monthly Service fee invoiced in advance for the first thirty-six (36) month period immediately following completion of Installation. $ 60,450.00/Month Month 37 through end A reoccurring monthly Service fee invoiced in of the Agreement Term advance and commencing upon the thirty-seventh (37th) month of ongoing production and System Management Services after completion of Implementation for a period to extend through and until the expiration or termination of the Agreement.
4. If the EDS Services described in Section 4.0 of Attachment 1 to this Statement of Work (excluding system monitoring) exceeds more than 80 hours per month, the additional hours of Services provided by EDS upon SSP's request will be billed at the then current EDS commercial billing rate as described under Section 6.0, Rates and Hours, of this Attachment 3. 5. ANNUAL ADJUSTMENT TO CHARGES. Unless otherwise expressly provided in this Task Order No. 2001-001 with respect to the charges to be paid thereunder and subject to the terms and conditions of Schedule 8.3 of the Agreement, the parties acknowledge and agree to use the Employment Cost Index for Total Compensation (not seasonally adjusted), Private Industry Workers, White-collar occupations excluding sales, June 1989 = 100 (the "ECI"), as the basis for annual adjustments to all charges to be paid by SSP to EDS under this Task Order for those stipulated in Section 4 of this Attachment 3 (the "ECI Adjustable Charges"). 6 RATES AND HOURS 6.1 PRODUCTION ENVIRONMENT EDS has included the following hours for changes to the production environment as follows:
HOURS INCLUDED JOB CODE CLASSIFICATION MONTHS PER MONTH RATE ------ --------- ---- Implementation through TO#2001-001 80 Level 5 Expiration Date
6.2 TEST AND INTEGRATION LAB EDS has included the following hours for Test and Integration Lab Services as follows:
JOB CODE CLASSIFICATION MONTHS HOURS INCLUDED PER MONTH RATE ------ ------------------------ ---- 2 - 61 25 Level 6
6.3 RATES SSP may request additional hours of Production Environment and/or Test and Integration Services at the time and material rates shown below. EDS publishes commercial billing rates ("CBR") annually and will apply the defined discount as outlined below to the then current CBR per hour in effect for the A - Appendix A - 2 specific EDS resource skill category as shown under table 9.3 below. These charges will be billed to SSP in arrears on a time and material basis following the month that EDS provides Services to SSP.
7. DELAY AND TERMINATION FOR CONVENIENCE FEE SCHEDULE
FEES SSP ELECTION PAYMENT TERMS ---- ------------ ------------- $450,000 Termination for In the event that (a) SSP is unable to obtain the intellectual Convenience of property rights or licensing consents as specified required for Task Implementation pursuant to the terms of Schedule 4.1 any time Order/Licensing prior to January 1, 2003, and (b) no other alternatives to such Software can be identified by the parties, SSP may terminate for convenience and without cause this Task Order No. 2001-001 upon 90 days prior written notice; provided, however, SSP (i) is not then and does not become in default under this Task Order No. 2001-001 prior to the termination date; and (ii) pays to EDS, on or before the termination date, the specified fees described in the fees column due to EDS. $200,000 Implementation In event that SSP elects to exercise its option to delay Delayed Implementation after January 1, 2003, SSP will pay, in addition to its other payment obligations described under this Task Order No. 2001-001, the specified fees described in the fees column. Such fees are due and payable to EDS by January 31, 2003. For purpose of clarification, SSP may delay Implementation as described under this Task Order No. 2001-001 one time. In the event that SSP does not elect to initiate Implementation by or upon January 1, 2004, SSP may either (a) terminate a portion of EDS Services as described for the Implementation of the TAN as described below, or (b) terminate the entire Task Order No. 2001-001 pursuant to the terms of described below by providing 90 day prior written notice. $400,000 or Termination Subject to the terms of Section 6.0 of this Task Order No. $200,000 Implementation of 2001-001, SSP may elect to terminate the EDS support of the TAN Services and (Section 3.0 and Section 4.0 of Attachment 1) for convenience and Ongoing Support without cause after January 1, 2003; provided, however, SSP will of TAN (a) provide to EDS 90 days prior written notice, and (b) pay, in addition to its other payment obligations described under this Task Order No. 2001-001, either (i) $400,000 after January 1, 2003, or (ii) $200,000 after January 1, 2004. Notwithstanding anything to the contrary, upon the effective date of such termination of this portion of Services, EDS will be relieved of those of its obligations under this Task Order No. 2001-001 as described under Section 3.0 and 4.0 only that are affected by such election to termination this portion of Services. $400,000 Termination of SSP may terminate Task Order No. 2001-001 for convenience and Task Order No. without cause after January 1, 2004 by providing EDS with 90 days 2001-001 prior written notice; provided, however, SSP (i) is not then and does not become in default under this Task Order No. 2001-001 prior to the termination date; and (ii) pays to EDS, on or before the termination date, the specified fees described in the fees column due to EDS.
A - Appendix A - 3 APPENDIX A TO TASK ORDER NO. 2001-001 BASE SERVICE AND SERVICE LEVELS A-1 AVAILABILITY AND FAULT RESOLUTION EDS will provide a fault management process to monitor the EDS Services for error conditions and notify appropriate technical personnel to initiate fault resolution. The following table describes the components of the EDS fault management process. For clarification purposes, the "5 x 13" support schedule coverage described hereunder means 7:00 a.m. to 8:00 p.m. Central Time, Monday through Friday; excluding national holidays.
DESCRIPTION SERVICE LEVEL ----------- ------------- MONTHLY SERVICE AVAILABILITY Service Level: 99% System Availability for non-redundant servers. System availability is measured monthly, exclusive of scheduled downtime. EDS is not responsible for application or Internet availability. PROACTIVE MONITORING OF SERVICE AVAILABILITY COVERAGE: 5 x 13 SERVICE LEVEL: EDS personnel will automatically be notified within 15 minutes of a system outage RESOLUTION OF SEVERITY 1 ISSUES - Severity 1 issues COVERAGE: 5 x 13 are those serious failures that cause the SSP SERVICE LEVEL: Estimated time to repair will be servers to be off-line. Examples are failure of EDS provided to SSP within 1 hour of fault operated routers, system disk failures in notification. non-replicated server, etc. RESOLUTION OF SEVERITY 2 ISSUES - Severity 2 issues COVERAGE: 5 x 13 are those moderately severe faults where users may SERVICE LEVEL: Estimated time to repair will be notice a degraded system performance. Examples are provided to SSP within 1 hour of fault failures in EDS access lines to the Internet, EDS notification. operated routers, failed disk in array, etc. RESOLUTION OF SEVERITY 3 ISSUES - Severity 3 issues COVERAGE: 5 x 13 are those minor faults that SSP may not notice and SERVICE LEVEL: Estimated time to repair will be cause little disruption of service. Examples are provided to SSP within 1 hour of fault notification rebooting a server or router, memory short-runs, and restarting aborted processes. RESOLUTION OF SEVERITY 4 ISSUES - Severity 4 issues COVERAGE: Regular Business Hours (8am - 5pm are for non-outage situations and are usually Central time, Monday - Friday) requests for information. An example of a Severity SERVICE LEVEL: The client will be contacted with 8 4 issue would be a request for the version of hours of the initial request software on a server.
A-2 SERVICE AVAILABILITY "Service Availability" is defined as the amount of time per month the SSP Trust Assurance Network platform system is available for receiving, processing and reacting to transactions from the requesting party; exclusive of scheduled downtime. The EDS Services are comprised of EDS' access to the Internet and the server hardware, and operating system. The EDS Services do not include the Internet or SSP's application. The measurement for availability is the amount of time during the month that the EDS Service is available and able of receiving, processing, and responding to transactions from the requesting and/or authorizing party, excluding scheduled and other customer approved maintenance downtime and service faults caused A - Appendix A - 4 by SSP Software or SSP-Vendor Software. System downtime is the amount or duration of time that the EDS Service is neither available nor capable of processing transactions from the requesting party. Service Availability will be calculated by measuring the availability of servers using the following formula: % AVAILABILITY = TAT-TDT ------- TAT Where: TAT = Total Available Time during the aggregate scheduled uptime. TDT = Total Down Time, equal to the sum of all down time during any month. A-3 SYSTEM MONITORING - System monitoring consists of monitoring the availability and utilization of system resources as described below. System availability is monitored through cyclic polling of system resources and by processing alerts that are generated by system resources. When alerts are detected, the event is recorded and escalated in accordance with the problem management procedures. - Managed Services maintain the ability to monitor the availability of a system device that has an IP address (using public IP addresses). Additional alert monitoring can be performed on devices with SNMP compliant software enabled on it. System devices include: (a) Production servers - NT, UNIX (b) Network Devices - Switches, Routers, Firewalls - EDS' production services maintain the ability to monitor the system resources applicable to the device. It is important to note that monitoring does not always apply to the application(s) running on the device. EDS' Managed Services will make every effort to monitor applications (including SSP Software and SSP-Vendor Software) running on the devices. - EDS' production services procures the devices to be monitored with baseline alerts and thresholds. Once implemented, the service collects data for a period of time to obtain a baseline measurement. From this baseline, alerts and thresholds are customized to the requirements of the device and SSP. EDS' Managed Services will revise these settings as required to ensure that the alerts and thresholds reflect the required information for that device. - The resources that can be monitored on a device are dependent on the SNMP capabilities of the device or the agent installed on the device. The following charts outlines a sample set of resources that can be monitored on NT and UNIX servers, given the standard agents recommended by EDS' Managed Services. Refer to the costing section of this document for the actual list of agents for SSP.
RESOURCES NT UNIX --------- -- ---- CPU Utilization X X Disk Utilization X X Page File Usage X X Memory Bytes Available X X Work Item Storages X System Errors X X Disk Performance X File System Usage X Memory Usage X Volume Free Space X
A-4 REPORTING Once the SSP Trust Assurance Network platform has been activated, EDS will prepare the following reports, which will be provided to SSP after all data is made available under an agreed upon monthly A - Appendix A - 5 schedule. All monthly reports will be provided to the SSP, 10 business days after the agreed upon cut-off date, unless otherwise specified.
REPORT TITLE DESCRIPTION FREQUENCY - ------------ ----------- --------- Availability Report Reveals the time the system was available (termed Monthly up-time). Up-time excludes scheduled maintenance. This report only shows whether a device is communicating on the network.
A-5 PERFORMANCE REPORTING Upon activation of the SSP Trust Assurance Network platform environment, EDS will provide to SSP performance reporting which involves the data collection and reporting for the SSP Trust Assurance Network platform servers. This service is packaged and will not be offered separately from the System Monitoring Service. The following outlines the reports, which will be provided to SSP in accordance with the terms of this Section A-5. All monthly reports will be provided to the SSP and the EDS Account Executive, 10 business days after the agreed upon cut-off date when data become available, unless otherwise specified.
REPORT TITLE DESCRIPTION FREQUENCY - ------------ ----------- --------- DISK UTILIZATION Details the amount of disk usage by server. It shows Monthly the space used, the amount of free space and percent of total space used. CPU UTILIZATION Shows the server's processor usage. Monthly
A-6 SYSTEM BACKUP & RECOVERY The EDS Services include backup and restoration of the SSP Trust Assurance Network servers. This includes the operating system, the application, and databases (if included in SSP Trust Assurance Network platform environment). EDS will generate such backups as necessary during the provision of the EDS Services. All restores are provided on a time-and-materials basis.
DESCRIPTION SERVICE LEVEL ----------- ------------- BACKUP SERVICES - OPERATING SYSTEM AND BACKUP: 1 incremental per day; 1 full per week APPLICATION ON-SITE TAPE STORAGE: last 2 versions of each incremental backup file RESTORATION FROM ON-SITE TAPE COVERAGE: 5 x 13 SERVICE LEVEL: 2-hour response to begin the recovery process within regular business hours
A - Appendix A - 6 APPENDIX B TO TASK ORDER NO. 2001-001 SYSTEM INVENTORY HARDWARE INVENTORY Owner: EDS
SYSTEM QTY MFG PART NUMBER DESCRIPTION - ------ --- --- ----------- ----------- PKI-CABINET 2 Compaq CPQ#120663-B21 Rack-42U Rack-9142 (ships on flat pallet) EDS#733-03210 PKI-CABINET 2 Compaq CPQ#169940-B21 Rack-Rack Blanking Panel Kit EDS#736-12640 PKI-CABINET 1 Compaq CPQ#120669-B21 Rack-Baying Kit (Coupling Kit) EDS#733-03250 PKI-CABINET 2 Compaq CPQ#120677-B21 Roof Mounted Fan Kit 110V EDS#731-03780 PKI-CABINET 1 Compaq CPQ#120673-B21 Stabilizer Option Kit EDS#736-12620 PKI-CABINET 1 Compaq CPQ#120670-B21 Rack-Sidewall Kit (only for Rack 9142) EDS#733-03260 PKI-CABINET 4 Compaq CPQ#207590-D71 Rack -Low Voltage 24Amp PDU (5-15R Outlets) EDS#725-05020 PKI-CABINET 1 Raritan DataComm#DSD2197 16 port MasterConsole II Single User KVM Switch PKI-CABINET 8 Raritan DataComm#DSD1938 13 ft. CPU Cable PKI-CABINET 8 Raritan DataComm#DSD1936 20 ft. CPU Cable PKI-CABINET 1 DataComm DataComm#DCA1607YW 25 Pack, 20 foot networking CAT5 cables PKI-CABINET 1 IBM 28L3673 Mouse PKI-CABINET 1 IBM 63324HN Monitor PKI-CABINET 1 IBM 28L3621 Keyboard PKI-NetworkPlano Vault 1 Cisco WS-C3524-XL-EN Catalyst 3524 XL Enterprise Edition PKI-NetworkPlano Vault 1 Cisco CAB-AC Power Cord, 110V x-Sides DB Server 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, EDS#205-43062 Cable-CPU 12ft Cable x-Sides DB Server 1 Compaq CPQ#187602-B21 HW-PIII 1GHz 256k CPU Kit EDS#210-37680 x-Sides DB Server 2 Compaq CPQ#176496-B22 36.4GB 10K Ultra3 SCSI HotSwap 1" Drive EDS#605-10950 x-Sides DB Server 2 Compaq CPQ#128279-B21 512MB 133 MHz SDRAM (1x512MB DIMM) EDS#625-06530 x-Sides DB Server 1 Compaq CPQ#174830-B21 PCB-NC3123 Fast Ethernet NIC 10/100 WOL EDS#508-66340 x-Sides Web Server 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, EDS#205-43062 Cable-CPU 12ft Cable x-Sides Web Server 1 Compaq CPQ#187602-B21 HW-PIII 1GHz 256k CPU Kit EDS#210-37680 x-Sides Web Server 2 Compaq CPQ#142673-B22 18.2-GB Pluggable Universal 1" WideUltra3 EDS#605-07970 10K HDD x-Sides Web Server 2 Compaq CPQ#128279-B21 512MB 133 MHz SDRAM (1x512MB DIMM) EDS#625-06530 x-Sides Web Server 1 Compaq CPQ#174830-B21 PCB-NC3123 Fast Ethernet NIC 10/100 WOL EDS#508-66340 ENS Server 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, EDS#205-43062 Cable-CPU 12ft Cable ENS Server 3 Compaq CPQ#176496-B22 36.4GB 10K Ultra3 SCSI HotSwap 1" Drive EDS#605-10950
A - Appendix B - 1
SYSTEM QTY MFG PART NUMBER DESCRIPTION - ------ --- --- ----------- ----------- ENS Server 1 Compaq CPQ#128279-B21 512MB 133 MHz SDRAM (1x512MB DIMM) EDS#625-06530 TxG AppServer 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, EDS#205-43062 Cable-CPU 12ft Cable TxG AppServer 1 Compaq CPQ#142673-B22 18.2-GB Pluggable Universal 1" WideUltra3 EDS#605-07970 10K HDD TxG AppServer 1 Compaq CPQ#128277-B21 128MB Registered 133MHz SDRAMM DIMM EDS#625-06510 PICH 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, EDS#205-43062 Cable-CPU 12ft Cable PICH 1 Compaq CPQ#142673-B22 18.2-GB Pluggable Universal 1" WideUltra3 EDS#605-07970 10K HDD PICH 1 Compaq CPQ#128277-B21 128MB Registered 133MHz SDRAMM DIMM EDS#625-06510 TxG Database 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, EDS#205-43062 Cable-CPU 12ft Cable TxG Database 1 Compaq CPQ#142673-B22 18.2-GB Pluggable Universal 1" WideUltra3 EDS#605-07970 10K HDD TxG Database 1 Compaq CPQ#128277-B21 128MB Registered 133MHz SDRAMM DIMM EDS#625-06510 TxG Replication Server 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, EDS#205-43062 Cable-CPU 12ft Cable TxG Replication Server 1 Compaq CPQ#142673-B22 18.2-GB Pluggable Universal 1" WideUltra3 EDS#605-07970 10K HDD TxG Replication Server 1 Compaq CPQ#128277-B21 128MB Registered 133MHz SDRAMM DIMM EDS#625-06510 Web Authenication 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, Server EDS#205-43062 Cable-CPU 12ft Cable Web Authenication 1 Compaq CPQ#142673-B22 18.2-GB Pluggable Universal 1" WideUltra3 Server EDS#605-07970 10K HDD Web Authenication 1 Compaq CPQ#128277-B21 128MB Registered 133MHz SDRAMM DIMM Server EDS#625-06510 Personalization Proxy 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, Server EDS#205-43062 Cable-CPU 12ft Cable Personalization Proxy 1 Compaq CPQ#142673-B22 18.2-GB Pluggable Universal 1" WideUltra3 Server EDS#605-07970 10K HDD Personalization Proxy 1 Compaq CPQ#128277-B21 128MB Registered 133MHz SDRAMM DIMM Server EDS#625-06510 Challenge Publisher 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, EDS#205-43062 Cable-CPU 12ft Cable Challenge Publisher 1 Compaq CPQ#142673-B22 18.2-GB Pluggable Universal 1" WideUltra3 EDS#605-07970 10K HDD Challenge Publisher 1 Compaq CPQ#128277-B21 128MB Registered 133MHz SDRAMM DIMM EDS#625-06510 OneName Application 1 Sun A34-ULD1-512MFA1 **Enterprise 220R Server, one 450MHz Server Ultrasparc II processor, 4MB, 512MB, 18GB, internal DVD, Solaris server license, one powersupply, 10/100 Ethernet OneName Application 2 Sun X7004A 256MB (2x128MB DIMMs) Server OneName Application 1 Sun 5237A Internal 18.2 Gbyte, 10K RPM UltraSCSI disk Server drive, 1" high OneName Application 1 SUN X3668A PGX32 8&24 Color Frame Buffer, Software on Server CD, Video adapter cable (only for PCI systems). OneName Application 1 Sun X311L Localized Power Cord Kit North America Server OneName Database 1 Sun A34-ULD1-512MFA1 **Enterprise 420R Server, one 450MHz Server Ultrasparc II processor, 4MB, 1GB, 18GB, internal DVD, Solaris server license, one powersupply, 10/100 Ethernet
A - Appendix B - 2
SYSTEM QTY MFG PART NUMBER DESCRIPTION - ------ --- --- ----------- ----------- OneName Database 1 Sun 5237A Internal 18.2 Gbyte, 10K RPM UltraSCSI disk Server drive, 1" high OneName Database 1 SUN X3668A PGX32 8&24 Color Frame Buffer, Software on Server CD, Video adapter cable (only for PCI systems). OneName Database 1 Sun X311L Localized Power Cord Kit North America Server PKI Monitoring 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, EDS#205-43062 Cable-CPU 12ft Cable PKI Monitoring 1 Compaq CPQ#142673-B22 18.2-GB Pluggable Universal 1" WideUltra3 EDS#605-07970 10K HDD PKI Monitoring 1 Compaq CPQ#128277-B21 128MB Registered 133MHz SDRAMM DIMM EDS#625-06510 PKI Monitoring 1 IBM 203-89980 COE Netvista A40P PKI Monitoring 1 IBM IBM# 63320HN 17" Color Monitor E74 (White) EDS# 402-73750 Backup 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, EDS#205-43062 Cable-CPU 12ft Cable Backup 1 Compaq CPQ#142673-B22 18.2-GB Pluggable Universal 1" WideUltra3 EDS#605-07970 10K HDD Backup 3 Compaq CPQ#128277-B21 128MB Registered 133MHz SDRAMM DIMM EDS#625-06510 Backup 1 Compaq CPQ#146196-B24 Tape-Internal 40/80 GB DLT Drive EDS#608-49320 Backup 1 FujiFilm FUJ#26112088 SUP-DLTtape IV DLT Tape Cartridge ( 28 EDS#714-07360 Tapes ) Firewall 1 Nokia *NBB8660000 Nokia IP650 Base System: Includes 256 MB of RAM, Redundant Power Supply and necessary Power Kit Firewall 1 Nokia *NCZ0501000 US Power Kit Firewall 1 Compaq CPQ#193706-001 Proliant DL380 1GHz 256k, 128MB, 18.2GB, EDS#205-43062 Cable-CPU 12ft Cable Firewall 1 Compaq CPQ#142673-B22 18.2-GB Pluggable Universal 1" WideUltra3 EDS#605-07970 10K HDD Firewall 1 Compaq CPQ#128277-B21 128MB Registered 133MHz SDRAMM DIMM EDS#625-06510
Notes: 1. No spare hardware is included. Hardware configuration is not to change after system acceptance unless amended by contract or required for repair. 2. The hardware inventory indicated above is based on configurations provided by SSP and is not based upon any capacity or performance assumptions. SOFTWARE INVENTORY Owner: EDS
SYSTEM QTY MFG PART NUMBER DESCRIPTION - ------ --- --- ----------- ----------- x-Sides DB Server 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server, SQL Server License x-Sides DB Server 1 Microsoft EDS#824-19409 Windows NT Server Media x-Sides Web Server 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server, SQL Server License x-Sides Web Server 1 Microsoft EDS#824-19410 Windows 2000 Server Media ENS Server 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server, SQL Server License TxG AppServer 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server, SQL Server License
A - Appendix B - 3
SYSTEM QTY MFG PART NUMBER DESCRIPTION - ------ --- --- ----------- ----------- PICH 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server, SQL Server License TxG Database 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server, SQL Server License TxG Replication Server 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server, SQL Server License Web Authenication 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server Server, SQL Server License Personalization Proxy 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server Server, SQL Server License Challenge Publisher 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server, SQL Server License OneName Application 1 Sun SOLMS-070W999 Solaris 7 Standard Server Server OneName Database 1 Sun SOLMS-070W999 Solaris 7 Standard Server Server PKI Monitoring 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server, SQL Server License PKI Monitoring 1 Microsoft EDS#824-19410 Windows 2000 Server Media PKI Monitoring 36 EDS COE Software Backup 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server, SQL Server License Firewall 1 Nokia *NRZ6002000 Strong Encryption Firewall 1 CheckPoint CPVP-VFM-U-3DES-V41 VPN and Firewall Module Firewall 1 CheckPoint CPVP-VSR-5000 VPN-1 SecuRemote Feature Firewall 1 Microsoft EDS#828-18841 BackOffice Server License, Windows NT Server, SQL Server License
Note: Software configuration is not to change after system acceptance unless amended by contract or required for bug fixes. A - Appendix B - 4
