Managed Cloud Security - Service Terms
The terms in this section, called the “service terms”, apply to a group of services or a specific service within a group. The terms in this section apply to TELUS Managed Cloud Security Service.
1.0 Cloud Security Platform
1.1 General Description
TELUS Managed Cloud Security Service is a TELUS managed security service, powered by Palo Alto Networks Prisma Access security platform (the “Cloud Security Platform”), that implements, enables, manages and monitors your security incidents based on the security policies defined by you.
1.2 Service Elements
Service Options
TELUS Managed Cloud Security Service provides solution with 2 options:
- Managed Cloud Security for Remote Network
- Managed Cloud Security for Remote Access VPN Users
Managed Cloud Security for Remote Networks option is based on the aggregated bandwidth going through your firewall at any given time estimated based on type and number of security features enabled, packet size, number of VPNs, speed of each site access that determine the required bandwidth.
Managed Cloud Security for Remote Users option is based on the number of remote access VPN connections required. TELUS Managed Cloud Security Service provides consistent security for users who are connecting to their corporate network or the internet.
Service Elements and Parties Responsibilities
The chart below specifies the TELUS Managed Cloud Security Service elements and features (“Service Elements”) and your and our related responsibilities.
Remote Network and Remote User Instantiation and Set-up
| Service Element | Your Responsibility | Our Responsibility | Bill Method |
|---|---|---|---|
| Create Security Zone (Trust and Untrust) on the Cloud Security Platform | ✖ | ✔ | Included in one-time charge |
| Configure Remote Network/Remote User | ✖ | ✔ | Included in one-time charge |
| Build Template for Cloud Security Platform | ✖ | ✔ | Included in one-time charge |
| Build Template Stack for Cloud Security Platform | ✖ | ✔ | Included in one-time charge |
| Add Device Group to Device Group Hierarchy for Cloud Security Platform | ✖ | ✔ | Included in one-time charge |
| Configure your Security Policy to allow traffic from Remote Network/Remote User to Service Connection to allow traffic to the Internal Resource | ✖ | ✔ | Included in one-time charge |
| Configuration of security policies (provided by you) | ✖ | ✔ | Included in one-time charge |
| Maintenance of Cloud Security Platform | ✖ | ✔ | Included in monthly fixed charge |
| Ensuring that Cloud Security Platform software are at version levels certified and supported by the applicable vendor and supported by us | ✖ | ✔ | Included in monthly fixed charge |
Use of TELUS Systems & Infrastructure
| Service Element | Your Responsibility | Our Responsibility | Bill Method |
|---|---|---|---|
| Operate our trouble ticketing system to track and report on current and historical problems for TELUS Managed Cloud Security Service | ✖ | ✔ | Included in monthly fixed charge |
Cloud Security Platform Management
| Service Element | Your Responsibility | Our Responsibility | Bill Method |
|---|---|---|---|
| Monitor (7 x 24) Cloud Security Platform for availability and functioning. | ✖ | ✔ | Included in monthly fixed charge |
| Update you for any maintenance related activities on the Cloud Security Platform | ✖ | ✔ | |
| Patch Management: Receive and test patches before implementation on the Management tools. Standard Policy is N-1 based on TELUS/Vendor approved patches / versions. Emergency patches are implemented as released by vendor and approved by you. | ✖ | ✔ | Included in monthly fixed charge |
| Provide a designated contact with which we can communicate status of the TELUS Managed Cloud Security Service | ✔ | ✖ | Included in monthly fixed charge |
| Provide a single point of contact and create a trouble ticket and follow the ticket through resolution. | ✖ | ✔ | Included in monthly fixed charge |
Valid Vendor Maintenance Agreements
| Service Element | Your Responsibility | Our Responsibility | Bill Method |
|---|---|---|---|
| Have a valid maintenance agreement with the service vendor. | ✖ | ✔ | Included in monthly fixed charge |
Software, Managed Services or Configuration Failures
| Service Element | Your Responsibility | Our Responsibility | Bill Method |
|---|---|---|---|
| First level troubleshooting and problem diagnosis of your TELUS Managed Cloud Security Service that appear to be impacted by the Cloud Security Platform configuration. | ✔ | ✖ | |
| Assist with Cloud Security Platform troubleshooting and problem diagnosis with approved contact | ✖ | ✔ | Included in monthly fixed charge |
Security Management
| Service Element | Your Responsibility | Our Responsibility | Bill Method |
|---|---|---|---|
| Define business rules for security appliance configuration and changes | ✔ | ✖ | |
| 24x7 logging of Cloud Security Platform listed in the Service Charges section | ✖ | ✔ | Included (logs stored for up to three (3) months |
1.3 Yours Responsibilities
Use
You consent to and represent that you have obtained the consent of all your users for, the collection, use and disclosure by us and our vendor of your users’ personal information collected in connection with provision and use of the Managed Cloud Security Service (whether previously collected or to be collected). We will use such information solely for the purposes of providing the TELUS Managed Cloud Security Service in accordance with our Privacy Commitment published at https://www.telus.com/support/privacy-policy
1.4 Service Performance
Availability
TELUS Managed Cloud Security Services come with a Service Availability Target performance commitment. Where we fail to achieve the Service Availability Target in any month we will provide you with the applicable credit indicated in the table below. The payment of the credit is your sole remedy for a failure by us to meet the Service Availability Target and such a failure will not be considered a breach or default of this agreement by us.
| Measure | Performance Target | Total Monthly Outage Time | Credit Amount on the applicable monthly fixed charges |
|---|---|---|---|
| Service Level Availability Availability = (Total-Downtime-Excluded) x100 (Total-Excluded) | 99.99% | Less than 98% | 5% |
Total = Total # of minutes in a calendar month
Downtime = Time the service was down
Excluded = Excluded time as specified below
The Service Availability Target is the percentage of time in a calendar month that the Managed Cloud Security Service should be available for your use on a per location basis.
When we measure and calculate the result we assume each month is 30 days but we include all periods of unavailability over the calendar month except for any period of unavailability that is caused or contributed to by one of the following excusable downtime:
• networks or equipment of another carrier or service provider
• you, your network or your other services
• an event of force majeure as defined in the General Terms and Conditions
• any period of unavailability that occurs when we are performing maintenance activities during planned and unplanned windows
• your equipment, software, technology and/or third-party equipment, software or technology (other than third-party equipment, software or technology under Palo Alto Networks’ control)
• failure of your Internet service provider, utility companies, or other vendor(s) you rely on to access the internet
• mis-configuration of Service features or settings wholly under your control
• your failure to purchase an adequate license to meet the volume or capacity at which it uses the TELUS Managed Cloud Security Service, if the service performance commitment would have been met if not for such failure
• High availability events and scaling events
• Fetching of logs from logging service
• if using BGP (Border Gateway Protocol) with Prisma Access, the route convergence time will be excluded
• any reasonably unforeseeable interruption or degradation in service due to actions or inactions caused by third parties including, but not limited to, force majeure events
• rightful suspension and/or cancellation by Palo Alto Networks of the TELUS Managed Cloud Security Services pursuant to the Palo Alto Networks End User Agreement
Service credits are calculated as a percentage of the monthly fixed charges attributable to the applicable Service and further pro-rated based on the portion of the Service impacted by the outage (e.g., for Managed Cloud Security for Mobile User, the outage impact is measured based on the number of users affected; for Managed Cloud Security for Remote Network, the outage impact is measured in Mbps).
1.5 Changes
Change Requests
In an effort to identify risk and reduce overall impact of changes to your environment, TELUS has implemented a 3-tier support process for change requests that require testing. The request will be processed and TELUS support will determine if the change is within an acceptable level of risk. TELUS will then contact you and negotiate timelines for testing and execution if needed.
Change management processes include the ongoing evaluation, management and tracking of the execution of requests for changes conforming to ITIL best practices.
Requesters in your authorization list provided to TELUS (“Authorization List”) will have access to TELUS change portal tools and will be accepted as valid change requesters. All other change requests from users not on the authorization list will be rejected.
Request submission
Both standard and non-standard change requests can be submitted to an Online Web Interface at Service NOW.
These requests will be reviewed and if a quote is required (non-standard and/or complex change), TELUS will engage all necessary parties to review and assess the request. TELUS will submit a quote back to you for approval as required.
In cases where a statement of work (SOW) is required, TELUS will work with your internal teams to develop the appropriate SOW.
Once the request is submitted via the change request online tool, a security support representative will contact you and we will proceed to work on the change request in accordance with the nature of the change requested (standard or non-standard).
Change Management
The following table outlines the Managed Cloud Security Service Change Management performance objective applicable to standard charges:
| Measure | Indicator | Objective Business hours | After business hours |
|---|---|---|---|
| Response for Standard change request | Elapsed time from receipt of your change request to initial acknowledgement of receipt by TELUS | 15 minutes | 15 minutes |
| Completion for Standard change request | Elapsed time between notification back by TELUS and completion (unless parties agree that the change will be made during scheduled maintenance) | 16 business hours | 16 business hours |
| Response for Expedited change request | Elapsed time from receipt of your change request to initial acknowledgement of receipt by TELUS | 15 minutes | 15 minutes |
| Completion for Expedited change request | Elapsed time between notification back by TELUS and completion (unless parties agree that the change shall be made during scheduled maintenance) | 12 business hours | 12 business hours |
| Response for Emergency change request** | Elapsed time from receipt of your SEV2 trouble ticket priority by TELUS | 15 minutes | 15 minutes |
| Completion for Emergency change request** | Elapsed time between notification back by TELUS and completion (unless parties agree that the change shall be made during scheduled maintenance) | 2 business hours | 2 business hours |
Average acknowledgement of change request notification within a calendar month does not exceed an average of 15 minutes.
** Emergency changes are implemented within 2 business hours following the incident management process and following the pre-qualified assessment. Emergency changes requested through Incident management may have billable time associated with the change if the Emergency is related to a root cause outside of our responsibility or ownership.
__Emergency Change Requests __
If you need to request an emergency change, your authorized contact should call the toll-free number provided in their Welcome Package, provided they have a dedicated number assigned to them. All other customers should call the regular TELUS Managed Security Services toll-free phone number (1-877-263-5300) and mention that the request is for an emergency change request on their Managed Cloud Security Service. An “Emergency change request” should also be submitted through the normal process using the change request web portal to document the requested change and for tracking purpose.
The TELUS Service Desk representative will obtain all required information from the caller and verify that the caller is an authorized change requester. The Emergency Change Request will be assigned as a ticket to our Tier 2 or Tier 3 teams.
1.6 Service cancellation
__TELUS Cancellation right __
We may cancel the Managed Cloud Security service at any time for any reason on 30 days’ prior written notice to you. Should we do so, you will not be liable for the payment of any service cancellation charges in connection with such cancellation
__Cancellation Charge __
When your TELUS Managed Cloud Security Services are cancelled, we calculate the cancellation charge using the table below. The service cancellation charge is a percentage of the total monthly fixed charges remaining for the service period after cancellation.
| Month of the service period at which cancellation occurs | % of monthly fixed charges for the remaining service period after cancellation |
|---|---|
| 0 – 24 months | 100% |
| 25 – 60 months | 50% |