Applications Attachment 3

Attachment 3 - Services - Applications
Table of Contents
1 Overview................................................................................................................................2
2 Definitions and acronyms.....................................................................................................3
2.1 Definitions.............................................................................................................3
2.2 Acronyms..............................................................................................................8
3 Service Requirements............................................................................................................9
3.1 Included Services..................................................................................................9
3.2 Anticipated Applications Maintenance, Support and Enhancement Growth
Volumes during the Term.............................................................................14
3.3 Excluded Services and Applications...................................................................14
4 Support Services..................................................................................................................15
4.1 Planning and Analysis.........................................................................................15
4.2 Project Management principles...........................................................................15
4.3 Construction/Development.................................................................................17
4.4 Integration and Testing........................................................................................17
4.5 Implementation and Migration............................................................................18
4.6 Emergency Services............................................................................................18
4.7 Application Warranty..........................................................................................18
4.8 Continuous Process Improvement.......................................................................19
4.9 Level 2 Service Desk Problem Management Rectification and Resolution.......19
4.10 Level 3 Service Desk........................................................................................21
4.11 Root Cause Analysis..........................................................................................21
4.12 Training.............................................................................................................22
4.13 Monitoring and Reporting.................................................................................22
4.14 Local Implementation/Deployment..................................................................23
4.15 Managed Asset Management............................................................................23
4.16 Configuration Management/Change Control....................................................23
4.17 Documentation..................................................................................................24
4.18 Security Management and Administration........................................................25
4.19 Business Continuity (BC).................................................................................27
Pass-through Services and Management..................................................................28
Project Initiation.......................................................................................................28
Event Response Services..........................................................................................29
Risk Management.....................................................................................................29
5 Roles and Responsibilities..................................................................................................31
Application Maintenance, Support and Enhancement Roles and Responsibilities..31
Information Security Roles and Responsibilities.....................................................41
6 Service Level Requirements.............................................................................................373
6.1 SLR and Abatement Commencement...............................................................373
6.2 Service Level Requirement Classifications......................................................373
6.3 SLR Details.......................................................................................................373
Page 1
1 Overview
This attachment defines and describes the Customer's requirements for Services in relation to the
System. The Contractor must provide all of the Services relating to applications maintenance,
support and enhancement (which include those Services described as support Services) specified
below.
Where any part of a particular Service is not included or no detail is provided on such part of the
Service, the Contractor is wholly responsible for the provision of that part of the Service.
This attachment consists of the following sections:

a) Defined Terms. This includes a table of acronyms.
b) Service Requirements. This is a statement of the Customer’s Service requirements.
c) Support Services. This describes the Services that will underpin and support the fulfilment
of the Customer’s Service requirements.
d) Roles and Responsibilities. This provides further detail as to the Customer’s Service
requirements and details the parties’ roles and responsibilities for Service provision on a
daily basis.
e) Service Level Requirements (SLRs). These are the standards to which the Contractor will
be required to provide the Services, and the principal means by which the parties will
monitor and manage the Services.
Page 2
2 Definitions and acronyms

2.1 Definitions
In addition to the terms defined in the Contract, the following terms are defined below.
Common Term Definition

AVAILABILITY The percentage of time that a given Service or the System is fully
operational and available when its resources are called upon at a random
point in time. Availability represents a measure of the fraction of time
(expressed as a percentage) during a defined period when the System or
the provided Service is deemed to be equal to or better than a minimum
availability threshold, specified as an MASL in the applicable Service
Levels.
Availability (%) = 100%–Unavailability (%)
Where Unavailability is defined as:
Σ Outage Duration x 100%
Schedule Time–Pre-planned Downtime
Schedule Time = obligatory time for operation of Service or System; and
Downtime = downtime during Schedule Time.
BATCH PROCESSING The processing of non-online applications according to agreed

completion dates and times.
BUSINESS CONTINUITY How each work unit will function if the facilities in which it operates are
(BC) lost due to fire, explosion or other disruption. This includes the
responsibilities of personnel to ensure clear and concise communication
lines are established immediately when an incident impacts on a business
unit’s ability to function and directions for the reporting of Problems to
the relevant authorities both initially and after the Problem has been
Resolved.
BASE OPERATING The Customer’s base operating environment including all associated user
ENVIRONMENT (BOE) and technical Documentation, Updates and New Releases. The BOE
includes Microsoft Windows XP and associated drivers. It excludes the
purchase, licensing and/or creation of standard operating environment
(SOE) and Specialist Software.
CALL A call is counted for each unique Problem involving a separate individual
event that results in opening a Ticket. Calls regarding open Problems,
calls received at the Service Desk that enter the queue and that are
terminated (e.g. user hang up) prior to response, and status calls
regarding open items do not result in opening a Ticket and so are not
counted. For Problems where multiple calls are related to a single point
of failure (that is, calls related to a server Outage), such calls will be
considered as a single call; will not result in opening a separate Ticket;
and will not be aggregated or counted as individual calls for measuring
call volume statistics.
CONTRACT MANAGER The person appointed by the Customer to manage the Contract in
accordance with Attachment 7.
DISASTER An unplanned event that will or is likely to render a key component of
the System and/or applications unavailable for use by the Customer for a
period of greater than 12 consecutive hours (or less than 12 hours at the
Customer’s discretion) and the Contractor has not confirmed that
recovery of the System and/or applications will be achieved within the
maximum allowable downtime specified in the BC SLR.
Alternatively, the Customer may at its sole discretion declare a disaster.
Page 3

DISASTER RECOVERY Ensuring that all parts of the System, including but not limited to,
applications, interfaces and network connections are re-established after a
Disaster.
EVENTS Events are situations that generally require immediate increased levels of
resources, response and Problem Rectification and Resolution to be able
to deal with the situation at the time. Some Events are unpredictable and
occur without warning, and some are predictable and can be managed
and planned. They include, but are not limited to:
• Special events – festivals, sporting events, fetes etc
• Emergency situations – bush fires, floods, storm damage,
accidents etc
• Operational events – taskforce formation, civil marches, public
disturbances, crime sites etc
The Sites requiring Services of this nature include, but are not limited to,
the State Emergency Response Centre (“SERC”), Mobile Response
Units, the Crimes Unit, Covert Operations, Counter Terrorist Areas,
Special Operations, all Regional Operational Policing areas and any
special task force which may be set up for a short time period.
Events are independent; therefore there is a possibility that multiple,
simultaneous Events may be declared by the Customer. Events, however,
are NOT Disasters and therefore do not warrant the implementation of a
Disaster Recovery plan.
IMAC (INSTALLATIONS, Activities performed as pre-scheduled events to install (this means from
MOVES, ADDS AND
the Customer request until the Customer user is able to begin or continue
normal use), remove, relocate, Update, modify or otherwise reconfigure
CHANGES)
the System and/or telecommunications infrastructure components and
applications that are covered by the Services, including but not limited to
activation of data points. IMACs are included in the Services and will be
performed at no additional charge to the Customer. One IMAC is counted
for each unique action that occurs during normal business hours and can
normally be completed within four full-time equivalent (FTE) work
hours. In the event that IMAC-related work must be performed outside of
normal work hours on a Business Day, due to operating/scheduling
constraints, the parties shall mutually agree on how these IMACs will be
handled. Repeat visits to correct Problems that arise or result from
implementing IMACs shall be considered Problems, and will not be
included under the IMAC count. If multiple Updates or reconfigurations
are scheduled for a single piece of equipment, only one IMAC will be
counted, unless the time required is significantly greater than four hours
to complete the work.
LEVEL 1 SERVICE DESK The Service Desk which interfaces with users of the System or Services
and, where appropriate, a Level 2 Service Desk, with regard to the
logging of Calls and the Rectification and Resolution of Problems.
LEVEL 2 SERVICE DESK The Service Desk to be provided by the Contractor as per this
Attachment, which will liaise with the Level 1 Service Desk (and where
necessary any Level 3 Service Desk) in the process of Rectifying and
Resolving Problems associated with the Services or the System.
LEVEL 3 SERVICE DESK The Service Desk which Rectifies and Resolves Defects or manages the
Rectification and Resolution of Defects in applications that cause
Problems that cannot be Rectified and/or Resolved by the Level 2 Service
Desk.
Page 4

MANAGED ASSET Includes Software, applications, hardware, Documentation, facilities,
intellectual property and all associated peripherals to be managed by the
Contractor and recorded as part of the Managed Asset register. Managed
Asset includes leased assets.
MEASUREMENT INTERVAL Any specified period within which the metrics shall be measured and
(A.K.A MEASUREMENT reported on for determining the Contractor’s performance to the SLRs.
This takes into consideration the impact of continuous outage. For
PERIOD) example, a 28 day month measurement interval for a 99 percent
Minimum Acceptable Service Level for a 24x7 System would allow 6.7
hours of a continuous outage, with no other outages during the month. A
weekly interval would only allow 1.6 hours of a continuous outage.
MINIMUM ACCEPTABLE The lowest level of acceptable Service performance before service credits
SERVICE LEVEL (MASL) apply for non-performance during a defined period.
OUTAGE An event where the Service or a defined component of the System

becomes unavailable, excluding scheduled or planned downtime. Each
Outage will be counted incrementally, regardless of whether the same
Problem occurs several times over a Measurement Period. If multiple
users experience the same Problem simultaneously on a single occasion
then this will be counted as only one Outage.
PROBLEM A single event in relation to the System or a Service requiring a
Contractor response, typically identified by a user making a Call, the
Contractor, a third party or any automated warning system. The Customer
will determine the Severity Level of each reported Problem. Repeat visits
to correct Problems that arise from previously implemented IMACs are
considered Problems, not IMACs, and will not be added to the IMAC
count. The Contractor will provide the Customer with an escalation
procedure (to be approved by the Customer) for Rectification and
Resolution of reported Problems.
PROCEDURES MANUAL A manual describing how the Contractor will perform and deliver the
Services, including the provision of Documentation (e.g., processes,
specifications) that provide further details of such activities. This must be
suitable for use by the Customer, such that the Customer can fully
understand, operate and exploit the System and the Services. The
Procedures Manual must include detailed descriptions of:
• How the Contractor will provide the Services;
• How the Contractor and the Customer will interact;
• Communication protocols between account management and
technical personnel;
• Quality assurance procedures;
• The Contractor’s interaction with the Customer’s other IT
service providers, third party vendors and internal support areas;
• Change management procedures;
• Procedures for initiating requests for Service and project work;
• Maintenance windows;
• Problem management and escalation procedures; and
• Other standards and procedures pertinent to the Customer’s
interaction with Contractor in obtaining the Services.
Page 5

PROJECT ESTIMATION A set of disciplines and techniques that allow an IT professional to
METHODS AND TOOLS quantify labour and materials to determine schedule and cost, which is
adjusted for risk. Project estimation tools provide a series of questions
that allow the professional to input values to a system. The system
provides a common frame of reference for the Contractor and the
Customer to understand how costs and schedules were derived.
RECTIFY / RECTIFICATION Rectification occurs when the functionality of the System or every
application is available to the end user of the System or application such
that business operations can occur with minimal interruption or
impediment. Implementing a satisfactory Workaround is rectification.
Rectification can be achieved even though the root cause of a Problem
has not been Resolved. In some cases, Rectification can only be
achieved by Resolution of the Problem. Rectification is not achieved
until the Customer is satisfied that the Problem has been Rectified.
RELIABILITY The maximum acceptable number of individual Problems including
Outages, failures, batch overruns or dropouts during a Measurement
Interval.
RESOLVE / RESOLUTION To repair, replace, reconfigure, re-install, re-route, or otherwise provide a
complete solution to a Problem that returns the System and/or end-user(s)
to non-degraded full functionality. Resolution requires the root cause of
a reported Problem to be identified and also requires the correction of
both the results and the cause of the Problem. A Workstation Problem at
a virtual office/remote access (VORA) Site is considered “resolved” by
the overnight shipment of a repaired or a replacement Workstation that is
fully operational. Implementing a Workaround is not resolution. Subject
to the next sentence, resolution is achieved when the Contractor has
notified the Customer that the part of the System which caused the
Problem is ready for Acceptance Testing. If the Acceptance Tests are not
passed, then resolution has not been achieved and the same Problem
remains unresolved. In this event, the time between the notification that
the part of the System which caused the Problem is ready for Acceptance
Testing and its failure to pass the Acceptance Tests is not counted as time
during which resolution was not achieved.
ROOT CAUSE ANALYSIS A Problem analysis process undertaken to identify and quantify the
underlying cause(s) of a Problem, and document the necessary corrective
actions to be taken to prevent recurring Problems/trends which could
result in Problems. This process is further defined in clause 4.11.
SERVICE DESK The centralised mechanism in place to respond to Problems and to
communicate information regarding the Rectification and Resolution of
Problems.
STANDARD OPERATING The Customer's standard operating environment Software including all
ENVIRONMENT (SOE) associated user and technical Documentation, Updates and New
Releases.
Page 6

SEVERITY LEVEL The Customer defined category that identifies the degree of problem
importance and associated Contractor response requirements attributed to
such a problem. Problems are categorised as Severity Level 1 to 3 only,
with Severity Level 4 being specifically related to user inquiries,
assistance, information or non-urgent help. Unless otherwise specified by
the Customer, the Contractor must accept the Severity Level that is
assigned to any Problem by the Level 1 Service Desk.
• Severity Level 1: A business critical function is not operational,
impacting major Customer business processes.
• Severity Level 2: A major function impacting Customer business
processes is not operational, resulting in disruption to the business.
• Severity Level 3: Part of the System is not operational but is not
immediately impacting Customer business functions.
• Severity Level 4: User inquiries, assistance, information or non-
urgent help.
SPECIALIST SOFTWARE All of the Software that is not included within the SOE or BOE.
TICKET A unique logical electronic record that the Contractor will create, update,
maintain and archive for each Call. A Ticket is used to record all
Customer user/Contractor interaction pertaining to a Problem and all
Contractor-related actions, and corresponding date/time, taken to Rectify
and Resolve a Problem, from the time it is first reported to the Service
Desk until Problem Resolution and closure by the Service Desk. Also, it
is used for application change-control traceability.
VORA Virtual Office/Remote Access (VORA) pertaining to the Customer's
remote users whose offices are either permanently or temporarily located
outside of Customer premises and who connect to the Customer's
network via remote access facilities (that is, VPN, Dial-up) using a laptop
or desktop PC, and have different service requirements from the
Customer's IT-managed/staffed business facilities.
WORKAROUND A process established by or approved by the Customer that the Contractor
or the Customer can implement as an alternate method of System or
process functionality in the event of a Problem. The alternate method
allows the System or affected process(es) to deliver the Customer an
acceptable level of business operations continuity until Resolution can be
implemented.
Page 7

WORKSTATION An end-user computing device which comprises the personal computer,
laptop computer and notebook computer and other associated peripheral
devices including:
a) USB memory repositories.
b) Printers.
c) Data point.
d) DVDs/CD rewrites.
e) CD jukeboxes.
f) Monitors.
g) Scanners.
h) Plotters.
i) Speakers.
j) Cables.
k) Modems.
l) Mouse.
m) Docking Station.
n) Media Libraries.
o) PDAs where connected to the LAN,
and any other devices specified by the Customer.
2.2 Acronyms
Acronym Definition
BC Business Continuity
BIOS Basic Input/Output System
BITS Business Information & Technology Services department
BOE Base Operation Environment (Operating System)
COTS Commercial Off-The-Shelf
CPU Computer Processing Unit
DR Disaster Recovery
IDS Intrusion Detection System
IMAC Installations, Moves, Adds and Changes
IT Information Technology
LAN Local-Area Network
LEAP Law Enforcement Assistance Program
MAC Moves, Adds and Changes
MASL Minimum Acceptable Service Level
PDA Personal Digital Assistants
SLR Service Level Requirement
SOE Standard Operation Environment (Approved software)
VPN Virtual Private Network
Page 8
3 Service Requirements
This section describes the Services. The support Services in the following section also
form part of the Services.
3.1 Included Services

3.1.1 Current applications
The Contractor must fully maintain, support, and enhance all of the Customer’s current
applications such that the Customer can fully exploit the functions and features of the
System. Current applications are defined as the Customer's applications that are
currently in a production environment or which are scheduled to be introduced into a
production environment and as at the Contract Date are listed in Attachment 1 and
indicated as being "Supported".
Addition and subtraction of applications will be addressed in accordance with the

change control procedures in the Contract.
3.1.2 General responsibilities

In performing the Services, the Contractor must:
a) Comply with the Customer's policies, regulations, and standards as required by
the Contract.
b) Conform to changes in laws, regulations and policies stipulated or otherwise
mandated by applicable Federal, State and Local governments as required by the
Contract.
c) Report project progress and overall performance against the applicable Service
Levels as required by the Contract.
d) Meet the Service Levels for the Services in accordance with the SLRs.
e) Perform the Services in accordance with the Procedures Manual as approved by
the Customer.
f) Ensure Availability of the System in accordance with the SLRs.
g) Provide and make appropriate use of the systems or tools (hardware or software)
that are required to provide the Services. This includes:
i. The Customer's approved systems for work authorisation, Problem
Rectification and Resolution and project management processes.
ii. The Customer's approved systems for software quality assurance,
configuration management, and document management.
iii. The Customer's approved tools for software, database and interface,
design, development and testing.
iv. The Customer's approved templates, processes, personal tools for
communication (email, phone, pager, etc.) and general functions (PC for
word processing, spreadsheets, etc.).
Page 9
h) Provide the Customer with Personnel resources with the required skills and
competencies to provide the Services at the specified Service Levels. This
includes any technical and non-technical training or induction for initially
assigned Personnel, replacement Personnel, or added Personnel.
i) Provide or facilitate agreed technical and non-technical training, or induction
transition activities for the Contractor's Personnel from the Customer's personnel,
or provide required knowledge transfer from the Customer's personnel to the
Contractor's Personnel or from the Contractor's Personnel to the Customer's
personnel.
j) Coordinate with the Customer and third parties who provide IT services to the
Customer (as required by the Customer) prior to any desired or required changes
to the application(s) and application platform(s) being supported by the
Contractor that may affect the operating performance and/or service level
performance of any IT service environments that may be retained by the
Customer or provided by third parties.
k) Specify, implement, and consistently employ across all projects an industry-
recognised standard effort estimation model and methodology for the purposes of
estimating application maintenance, support and enhancement efforts, which
delivers consistently reliable and accurate effort estimation forecasts and is
appropriate to the application(s) being maintained/supported/developed. As a
minimum, the Contractor must use function points as an estimation tool.
l) Provide the Customer with an agreed level of personnel resources with the
required skills and competencies to provide accurate and timely input to BC
activities including contingency planning meetings for such events and
completing any action items resulting from these activities required to be
provided or facilitated by the Contractor in order to meet the Service Levels.
m) Manage and administer backups, recovery and media management related to the
running of applications. Specifically, the Customer requires access to and
recovery of all files (including email) for a minimum period of 7 years from the
creation of such files. The backup and recovery activities include but are not
limited to working with third parties who provide IT services to the Customer to
ensure that the backups and recoveries are successful. In addition, the Contractor
must maintain a current copy of all supported applications. Such copies are to be
made available to the Customer immediately upon request.
3.1.3 Application Maintenance

The Services include application maintenance, which is all activities associated with
correcting non conforming performance for production application programs and systems
that result in less than 5 working days of effort. These activities include all life-cycle
support activities described above.
Applications maintenance must be provided across all of the Customer's platforms.
Application maintenance activities require the Contractor to ensure that sufficient skilled
resources are available on a full time basis to ensure that all maintenance activities are
completed in a timely manner.
Without limiting the scope of the Contractor's obligations, the Contractor must:
Page 10
3.1.3.1 Correcting non conforming performance

Repair all applications which are in production, to ensure that they function in
accordance with the Service Levels. Full repair/recovery of the application(s) is to be
completed unless otherwise approved by the Customer (in writing) and is to cover all
files/deliverables, including:
a) Databases.
b) Printed reports.
c) Microfiche.
d) Interface files.
e) Web pages.
3.1.3.2 Preventive Maintenance

Provide preventative maintenance for all applications in production such that no events
occur, which if not addressed proactively, could impact applications in production. Such
events include:
a) Changing business volumes.
b) Certified vendor patches or bug fixes provided from the vendor for the
Customer's approved and licensed application software.
c) Special testing for events, such as:
• Public holidays.
• End of financial year.
• End of calendar year.
• Leap years.
• Daylight savings.
3.1.3.3 Adaptive Maintenance

Ensure that application performance is not affected by changes to interfacing
applications, new applications or packages and technical environment changes, which if
not addressed proactively, could impact applications in production. Such events include:
a) Updates of operating software.
b) New/changed equipment.
c) Interface changes.
3.1.3.4 Perfective Maintenance

Ensure that applications operate at peak efficiency with particular focus on areas such
as:
a) System CPU hours.
b) Storage space.
c) Response time.
Page 11
d) Database performance tuning.
3.1.3.5 Release Packaging

Package all software changes into suitable releases for approved application as
approved by the Customer. This includes all activities associated with providing
software version control, both electronic and manual. All releases must conform to the
Customer's approved risk mitigation strategy. The Contractor must develop an ongoing
process for the implementation of a 12-month rolling application release timetable (with
associated variation mechanism). The ongoing process and the initial 12-month rolling
timetable for each application are to be approved by the nominated Customer
representative.
3.1.4 Technical and End-User Support

The Services include technical and end-user support, which is all necessary expert
technical assistance that is required for the tuning of approved applications and utilities
for optimal System performance. This includes expert Level 2 Service Desk and Level
3 Service Desk technical assistance for the Customer's end-users and the Customer's, or
third party's, IT professionals.
3.1.5 Application Enhancement

The Services include application enhancement, which is all life-cycle activities, across
all of the Customer's platforms, associated with:
a) Approved "Minor Enhancements" – being enhancements requiring greater than
or equal to 5 days work effort, and less than 25 days work effort; and
b) Approved "Major Enhancements" – being enhancements requiring greater than
or equal to 25 days work effort, and less than 60 days work effort.
Application enhancement includes:
a) Minor Enhancements or Major Enhancements to existing applications;
b) The creation of new applications where the time required to completion is
within the bounds of Minor Enhancements or Major Enhancements; and
c) Integration, testing, implementation, and migration support of any applications
developed or modified by a third party, where the work effort involved is
within the bounds of Minor Enhancements or Major Enhancements.
Application enhancement activities are discrete units of non-recurring work to design,
develop, build, test and/or implement, install or deploy a solution or deliverable, that do
not otherwise form part of the Services. Typically they require the Customer to undergo
more rigorous approval processes, project management and reporting than maintenance
or support activities.
The Contractor must not undertake any application enhancement activities unless the
Customer has approved a "Change Request" in accordance with the Contract.
All anticipated work effort beyond 60 days will be regarded as a "Development
Project". The Contractor may, or may not be requested to bid for any Development
Project. The Contractor will be required to participate in all activities associated with
"Project Initiation", at no additional cost to the Customer.
Page 12
Without limiting the scope of the Contractor's obligations, throughout the Term, the
Contractor must:
3.1.5.1 Requirements Definition

Perform requirements definition, which is all activities associated with the assessment
of the Customer's users' requirements which are needed to determine detailed
application designs. This includes:
a) Conducting interviews, group workshops and surveys.
b) Meeting the Customer's requirements groups and contract management
representatives.
c) Developing functional requirements documents, logical and physical data
models, etc.
d) Undertaking impact analysis to determine BC requirements and the extent of
the impact of the proposed changes, including possible impact to interfacing
systems.
e) Undertaking an "Information System Threat and Risk Assessment", so that
specific security requirements can be documented.
All Documentation produced in the course of these activities is the Customer's property.
3.1.5.2 Design Specifications

Produce application design specifications that meet the Customer's applications
technical architectural standard(s), and identify and describe the most cost-effective
solution to the implementation option under consideration. These activities include:
a) Creating Documentation that specifies all components (including security
controls), program modules, data stores, interfaces, interface components and
associated operations procedures for the Customer's technical environment.
b) Obtaining the Customer's oversight and approval through co-ordination with
the appropriate architectural or technical oversight authority and authorised
Development Project governance representatives.
3.1.5.3 Test and Development and Training Environment

Establish a test, development and training environment to fully support the Customer's
current and future application requirements.
Without limiting the scope of the Contractor's obligations, the Contractor must:
a) Obtain and/or provide the necessary application development tools, testing
tools, change and configuration management tools, project management and
reporting tools, and other software (the “Test, Development and Training
Environment Components”) required to establish and support the Application
Product(s) development and testing environment at agreed Customer Sites.
b) Advise the Customer of appropriate sized hardware requirements, as well as
appropriate license quantities, types and revision levels of application
development, testing and runtime environment software not already owned by
the Customer and available for use.
Page 13
c) In the event that any components are non-generic or are otherwise proprietary,
restricted and/or unique to the Customer's development environment, comply
with any method for the acquisition and disposition of such components that
the Customer determines to be equitable.
The Contractor is not required to maintain or support the infrastructure of the Test,
Development and Training Environment where the Provider of IT services in relation to
the Desktop Tower, or Mainframe Tower (whichever is applicable) is responsible for
maintaining and supporting such infrastructure. In the event that any component of the
Test, Development and Training Environment (including hardware or infrastructure) is
not so supported by another Provider, then the Contractor is required to maintain and
support this component.
The Contractor is required to maintain or support all infrastructure for the Test and
Development environment located in its facilities.
3.2 Anticipated Applications Maintenance, Support and Enhancement Growth

Volumes during the Term
The Contractor must ensure that the Services provided are adequate to meet the
Customer's requirements and the SLRs at all times throughout the Term.
3.3 Excluded Services and Applications

The following services are excluded:
a) COTS licence support and maintenance procurement.
b) Support and maintenance of all applications that the Customer has not
approved.
c) Support and maintenance of all applications not in production as at the Service
Commencement Date or not included as part of the change control process.
d) Specialist application support and maintenance arrangements for Fleetsmart
and BEAMS. The Customer will continue to support these applications via its
existing relationships with third party vendors, however, these may be included
in the future.
e) Services in respect of applications listed in Attachment 1 that are not listed as
"Supported". For the avoidance of doubt, this does not exclude Services in
respect of the interfaces between Not-Supported and Supported (Third Party)
applications and Supported Applications (as those terms are defined in
Attachment 1); only Services in respect of the applications themselves.
Page 14
4 Support Services
The Contractor must provide the Customer with all support Services (which form part
of the Services) and which are all life cycle activities associated with the provision of
the Services by the Contractor.
All support Services are to be provided at no additional cost to the Customer. The
support Services include the following activities:
4.1 Planning and Analysis

Researching new application development trends, products, and services that offer
opportunities to improve the efficiency and effectiveness of the application
environment, as well as for meeting business requirements and delivering new or
improved benefits to government and the broader community.
The Contractor must present such research to the Customer's CIO or the nominated
Customer representative(s) in an agreed, relevant and understandable format.
Such activities include but are not limited to:
a) Investigating and documenting new products and services, such as hardware
components, system software and transmission facilities.
b) Assessing process re-engineering methodologies.
c) Performing operational planning for capacity and performance impact of
researched technologies.
d) Conducting feasibility studies approved by the Customer's CIO or the Customer's
nominated representative for the implementation of new technologies.
e) Performing project estimation using commercial Project Estimation Methods and
Tools that can size applications in function points and can categorise applications
as easy, medium or difficult to facilitate function point pricing.
f) Participating in annual technical and business planning sessions with the
Customer to establish standards, architecture and project initiatives.
g) Conducting quarterly technical reviews and workshops for the Customer on
trends and best practices.
h) Participating in the Customer's business continuance planning process.
4.2 Project Management principles

All activities required to establish reasonable plans for performing the required
Software development and for managing enhancements and potential "Development
Projects". This includes the establishment of visibility into actual progress so that
management can take effective actions when enhancement activities or Development
Project performance deviates from the project plans.
4.2.1 Enhancement activities

Support Services in relation to application enhancement include:
Page 15
a) Providing, maintaining and updating a comprehensive project plan, identifying all

critical path dependencies, staffing resources, major milestones and project
deliverables.
b) Providing weekly status reviews and progress reports.
c) Creating a Personnel plan identifying the Contractor's Personnel assigned to the
work.
d) Assigning Personnel who have experience and expertise in the appropriate
application domain and software development to such work.
e) Assigning a project manager to actively manage the performance of the work and
to be responsible for acquiring commitments and developing the project plan for
that project.
f) Sufficiently training project team Personnel to ensure that they perform all
necessary roles and assume all necessary responsibilities.
g) Implementing all tools and processes required to support the provision of the
Services. Such tools and processes include:
i. Project management reporting.
ii. Design, coding and testing.
iii. Configuration management.
iv. Quality assurance.
h) Creating a "Statement of Work" for each discrete task which includes:
i. A defined scope of work.
ii. Technical goals and objectives.
iii. Identification of customers and end users.
iv. Standards.
v. Assigned responsibilities.
vi. Cost and schedule constraints.
vii. Dependencies between the project team and other organisations.
viii. Resource constraints and goals.
ix. Planning assumptions.
x. The parties’ responsibilities.
i) Creating a "Risk Assessment Plan" (“RAP”) for each discrete task which
identifies the risks associated with the cost, resource, schedule, and technical
aspects of the project. The risks must be analysed and prioritised based on their
potential impact to the project and the RAP must specify contingencies and
mitigation strategies for the risks that are identified.
j) Implementing a Customer approved program change control process that
identifies, evaluates and assesses any change that impacts the work (cost, timing,
risk).
Page 16
4.2.1.1 Activities
Reviewing the progress and management of each discrete task with the Customer's
senior management (Program and Customer) or nominated representative on a regular
basis as specified by the Customer or otherwise weekly. This includes reviewing and
reporting to the Customer on the following criteria:
a) Completions and progress towards completion of milestones, compared to the
project plan.
b) Funds expended, compared to the project plan.
c) Latest forecast of schedule and expenditures (to end of program).
d) Changes to approved or previously assigned resources.
e) Changes to project plan estimates or assumptions.
f) Conflicts and issues that are not resolvable at lower levels.
g) Software project risks.
h) Action items, all of which must be assigned, reviewed, and tracked to closure.
The Contractor must prepare summary reports from each meeting and distribute such
reports to the affected groups and individuals.
4.2.2 Development Projects

The same requirements as listed in Section 4.2.1 apply to development projects. The
Contractor must complete these requirements in such detail as the Customer requires.
The detail required in relation to a development project will be significantly greater
than that required for an enhancement task.
4.3 Construction/Development
All activities associated with the construction and/or development of application
modules. The Contractor must use the information from previous phases as critical
input when constructing and/or developing every application module. The Contractor
can construct an application module by in-house custom development, customisating
commercial off-the-shelf (COTS) products or implementing COTS packages.
4.4 Integration and Testing

All activities necessary to ensure that all individual program components that are
configured with, or added to, the support applications environment work together
properly and perform all of the intended functions. This includes application interfaces
to other support applications in production. Such activities include:
a) Performing all appropriate life-cycle integration and development tests (e.g., unit
testing, socialisation, end-to-end testing, stress testing, regression testing, etc.).
b) Selective random independent testing, where the random selection includes some
complex modules (i.e. independent verification and validation testing).
c) User acceptance and quality assurance testing.
d) Maintaining test data.
e) Staging systems before implementation.
Page 17
f) Performing modifications and performance enhancement adjustments to the

Customer's System and Software and utilities as a result of changes to
architectural standards.
g) Managing the integration lab facility.
4.5 Implementation and Migration

All activities associated with the installation and migration of new and upgraded
components to the Customer's production environment. Such activities include:
a) Installing new or enhanced functions or features.
b) Installing, or assisting third parties with the installation of new or enhanced
configuration and system management tools to operate within the support
application environment.
c) Performing data migration from existing systems to new systems, by either
electronic or manual methods.
d) Delivering all necessary system code and Documentation and user
Documentation.
e) Conducting pre-installation Site surveys.
f) Supporting test to production turnover implementation.
g) Distributing Software to Workstations and installing Software.
h) Conducting tests of documented BC procedures including all activities necessary
for backup and restoration of data and applications.
4.6 Emergency Services

All activities necessary to provide application enhancements and maintenance, as
specified above, to support the Customer's user requirements under emergency
conditions while maintaining the Service Levels. Emergency events may increase work
volumes substantially within a short period of time and may persist for a specified or an
indeterminate duration. The Contractor must provide a structured process for
supporting, managing, monitoring and reporting actions related to unanticipated
changes in operational requirements.
4.7 Application Warranty

All activities associated with repairing Defects in Contractor developed production
application programs and systems, where such Defects are discovered within 180 days
of the application being placed into a production environment. This includes all
life-cycle support activities described in Section 3.1 above, as well as any activities
necessary to repair Defects to enable applications to perform in accordance with the
documented specifications and operational functionality.
Application warranty services shall be provided at no additional charge to the
Customer, even where such activities amount to minor enhancements. Full correction of
the application(s) Defect is to be completed unless otherwise approved by the
Customer, and the corrected code shall be fully tested to ensure that no regression errors
are introduced. This shall include updating all Documentation and related
files/deliverables, such as:
Page 18
a) Databases.
b) Printed reports.
c) Technical manuals.
d) Interface files.
e) Web pages.
4.8 Continuous Process Improvement

Establishing, implementing, managing and maintaining a set of processes and
procedures with which the Contractor must continually monitor and analyse its service
delivery methods and procedures. Such processes and procedures must be industry
recognised best practice and must ensure that the Contractor identifies all weaknesses
and opportunities for improvement in its Service delivery methods and procedures. The
Contractor must systematically implement those improvements.
The Contractor must provide quarterly reports on its continuous process improvement
activities and provide the Customer with the opportunity to have input into the process.
The Contractor must extend the benefits of these continuous process improvements to
the Customer through appropriate means such as cost containment or fee reduction, or
improvements to service delivery levels, increased productivity and the reduction in
defects.
4.9 Level 2 Service Desk Problem Management Rectification and Resolution

4.9.1 Level 2 Service Desk
All activities associated with the provision and operation of a Level 2 Service Desk.
A Provider will provide the Level 1 Service Desk to the Customer. This Level 1 Service
Desk will assign and escalate all Problems related to the System or Services to the
Contractor.
As part of the provision and operation of a Level 2 Service Desk, the Contractor must:
a) Provide Level 2 Service Desk support for the System and all of the Services
(including onsite support for Problem Rectification and Resolution).
b) Manage and resolve all Problems (including assignment and escalation to third
parties or the Level 3 Service Desk (if applicable) and provide management,
monitoring and feedback of such Problem Rectification and Resolution activities
to the Level 1 Service Desk).
c) Provide progress feedback to the Level 1 Service Desk during the Rectification
and Resolution process as per the SLRs.
The Level 1 Service Desk will monitor all Problems through to Resolution and will
provide feedback to the affected user(s).
4.9.2 Level 2 Problem Management

As part of the operation of the Level 2 Service Desk, the Contractor must implement
and maintain Problem management policies and procedures that significantly decrease
the number of Problems which occur by Resolving any Defects within the
application(s) in the System. The Contractor's policies and procedures must address,
Page 19
and the Contractor must report on, all aspects of its policies and the specific
implementation of those policies with respect to:
a) Problem control.
b) Error control.
c) Proactive prevention of Problems.
d) Identifying Problem trends.
e) Contingency planning and Disaster Recovery.
Without limiting the scope of the support Services or the Contractor's obligations, the
Contractor must:
a) Package and release Updates for all Problems in accordance with approved
change management and configuration management procedures. These include
New Releases necessary for the Rectification and Resolution of Problems,
including Software application configuration and operation errors that have been
escalated by the Customer's Personnel or users (whether through the Service Desk
or otherwise).
b) Provide a single point of contact for receiving, logging, and tracking all Problems
escalated to the Contractor's Level 2 Service Desk.
c) Troubleshoot all reported Problems to determine the probable cause of the
reported Problem.
d) Recommend and implement Rectification of each Problem until a permanent
Resolution can be implemented.
e) Track all Problems to Resolution to ensure that all necessary corrective action is
provided through to Resolution.
f) Escalate unknown errors and identified Problem trends in accordance with the
policies and procedures developed for Problem management.
g) Provide progress reports to the Customer throughout the Problem Rectification
and Resolution process, via the Service Desk.
h) Ensure that key application support personnel are able to be reached during off-
shift hours via pagers or cell phones.
4.9.3 Level 2 Problem Monitoring and Reporting

As part of the operation of the Level 2 Service Desk, the Contractor must also provide a
reporting capability which identifies the following metrics for a specified (ad hoc) time
period or as otherwise required by the Customer:
a) Number of open Tickets.
b) Average age (in hours) of open Tickets until Rectification and Resolution.
c) Percentage of Tickets resolved during the first call.
d) Average time to Rectification and Resolution (in hours) for closed Tickets.
e) Total hours of Contractor resource time expended for closed Tickets.
f) Hours of downtime by application.
Page 20
g) Number of repeat Calls about the same application. A repeat call is one that is
made after an attempt has been made to Rectify and/or Resolve a Problem.
4.10 Level 3 Service Desk

All activities associated with the provision and operation of a Level 3 Service Desk.
As part of the provision and operation of a Level 3 Service Desk, the Contractor must
support all applications and Services that it directly manages and supports. The Level 3
Service Desk is responsible for all support provided by any third party in relation to an
application that is in (or scheduled to be in) the Customer's production environment.
The Contractor must work closely with any third party that is providing management
and support for such an application.
As part of the operation of the Level 3 Service Desk, the Contractor must also provide a
reporting capability in relation to the support provided by the Level 3 Service Desk
which identifies the following metrics for a specified (ad hoc) time period or as
otherwise required by the Customer:
a) Number of open Tickets.
b) Average age (in hours) of open Tickets until Rectification and Resolution.
c) Percentage of Tickets resolved during the first call.
d) Average time to Rectification and Resolution (in hours) for closed Tickets.
e) Total hours of Contractor resource time expended for closed Tickets.
f) Hours of downtime by application.
g) Number of repeat Calls about the same application. A repeat call is one that is
made after an attempt has been made to Rectify and/or Resolve a Problem.
4.11 Root Cause Analysis

All activities associated with the implementation of a process that will cause the
Contractor to understand and prevent recurring Problems/trends which could result in
Problems. Without limiting the scope of the support Services or the Contractor's
obligations, the Contractor must:
a) Ensure that its Personnel on the Service Desk and any other support Personnel have
access to the Problem Rectification and Resolution database to view the history of
previous application Problems and their Rectifications and Resolutions.
b) Conduct a Root Cause Analysis of all such Problems or failures, including all
Severity Level 1 and Severity Level 2 Problems, within two days of the Problem
occurring unless an alternative timeframe is agreed with the Customer.
c) Assign appropriate resources to identify and remedy such Problems or failures, and
track and report on any consequences of such Problems or failures.
d) Provide the Customer with a written report detailing the cause of and procedure for
correcting such Problems or failures within five days of the Problem occurring.
Provide updates on a monthly basis until the underlying defect resulting in the
Problems or failures is corrected. The Customer reserves the right at its own
discretion to conduct its own review. The results of such reviews must be
implemented by the Contractor.
Page 21
e) Substantiate to the Customer that all reasonable actions have been taken to prevent
recurrence of such Problem or failure.
Note: These Services are provided in consultation with the Customer and other
Providers.
The Contractor must provide the Customer with access to the raw data used to conduct
every Root Cause Analysis. The Customer may, at its own discretion, conduct
independent reviews and analysis of any Problems, failures or the Contractor's Root
Cause Analysis recommendations. The Customer's review outcomes must be actioned
by the Contractor if the Customer requires this to be done.
4.12 Training
All activities associated with the improvement of skills for the Contractor's Personnel
and the Customer’s IT technical staff (and business managers, at the Customer's sole
option) through education and instruction. Additionally, training includes the initial end-
user training on new and current applications and Services. Training services are
provided to the Customer's end users for improving “how-to-use” skills related to
systems and applications. Delivery methods that are offered for training include
classroom style and computer-based instruction.
In accordance with the Contract, the Contractor must utilise Personnel with appropriate
skills and knowledge to satisfy all of its Contractual requirements.
4.13 Monitoring and Reporting

All activities associated with ongoing health checks, Service Level performance
reporting, review of error logs, status reporting, and Problem management (ongoing
surveillance, tracking, escalation, Rectification, Resolution, and tracking of Problems)
of application enhancement and support activities. These Problem management
activities require the Contractor to integrate and coordinate its Level 2 Service Desk
support Services with the Level 1 Service Desk. All Reports specified in Attachment 6
(Reports) must be provided when required by that Attachment.
Contractor must:
a) Provide monthly Service Level performance reports.
b) Provide monthly staffing utilisation reports.
c) Provide monthly milestone achievement review and performance reports.
d) Provide an electronic copy of a consolidated list of applications being maintained
with related information on a monthly basis.
e) Conduct and complete a function count prior to any release using the most recent
International Society of Function Point User Group (IFPUG) standards.
f) Use a Customer approved reporting format and assessment criteria, provide the
Customer with a consolidated list of development and major enhancement
projects in progress, including project status, as required by the Customer or, at a
minimum, on a monthly basis.
Page 22
4.14 Local Implementation/Deployment

All activities associated with providing support for enhancement of the Customer's
authorised local adaptations of the application development product(s) and providing
on-site deployment and integration of the applications. The Contractor must provide
integration teams that will receive direction from the Customer's business-unit liaisons
for deployment of the application development product(s). Local
implementation/deployment activities include all the applicable Services described in
Section 3 above, which shall be performed in accordance with the Service Levels and
the parties' defined roles and responsibilities.
4.15 Managed Asset Management

All activities associated with input to and the continuous maintenance of the Managed
Asset register (which is maintained by Provider responsible for the Desktop Tower) for
all of the Customer's Managed Assets. Managed Assets includes, but is not limited to all
applications including Specialist Software which are in, or are scheduled to be in, the
Customer's production environment.
Contractor must:
a) Provide updates to the Managed Asset register database according to defined
procedures.
b) Ensure all inputs to the Managed Asset register are accurate and fully up to date.
c) Track all Managed Assets (by user, location, Managed Asset ID, finances, version
as appropriate) and ensure third party agreements for services are in force as
needed to meet SLRs.
d) Assist the Customer and third parties in auditing the Managed Assets.
e) Coordinate the termination, disposal of and relocation of Managed Assets as
needed/specified by the Customer in accordance with the Customer security
policy (For example, sanitise desktop and server hard disk drives).
f) Advise the Customer in a timely manner of expiration and renewal requirements
for Customer owned software licences and third party support agreements. At a
minimum, such notice is to be given to the Customer three months prior to such
expiration.
g) Report on the Managed Asset register inputs on both an ad hoc and a
defined/structured basis. This includes, but is not limited to tracking Managed
Assets and advising the Customer three months in advance of expiration and
renewal requirements for Contractor-owned software licences.
4.16 Configuration Management/Change Control

All activities necessary to administer and adhere to a standard change management
process for the Services that aligns and complies with the Customer's policies,
procedures and standards, as set out in the Procedures Manual approved by the
Customer. The change management process will include impact analysis, contingencies,
risk management, planning/implementation, approval, post-change review and back-out
processes.
Page 23
Without limiting the scope of the support Services or the Contractor's obligations, in
making changes to the Services, the Contractor must:
a) Eliminate or minimise disruptions to the Customer's users caused by the
implementation of any change.
b) Without limiting paragraph a), implement changes according to a mutually-agreed
schedule between the parties.
c) Eliminate or minimise the number of change “back-outs” caused by ineffective
change planning or implementation.
d) Eliminate or minimise the number of Problems caused by change.
e) Eliminate or minimise the Outages caused by change.
f) Manage changes to individual components and coordinate changes across all
components that comprise an end-to-end solution to minimise disruption to the
Services and the Customer’s business.
g) Document all changes to the Services.
h) In conjunction with the Customer (and Customer specified third parties), ensure
that all change management processes facilitate communication, and that tested
back-out plans exist to provide a high degree of success. The Contractor
acknowledges that the stability of the production environment is critical to the
Customer's business. Accordingly, the Contractor must employ all reasonable
safeguards to ensure continuity of the Customer's business operations when
changes to the production environment or the Services are initiated or
implemented.
i) Plan and communicate scheduled changes in advance in accordance with the
Customer’s business requirements. The Contractor must use the change
management process to plan, coordinate, monitor and communicate the changes
that affect the Services.
4.17 Documentation
All activities associated with the creation and maintenance of the Documentation
relating to the System and the Services and the provision of such Documentation to the
Customer. These activities include maintaining and managing copies of all such
Documentation in a technical library.
Contractor must:
4.17.1 General
Develop, revise, maintain, store, retrieve, reproduce and distribute information in hard
copy and electronic form. The types of documents include:
a) End-user documentation.
b) Standard operating procedures (including but not limited to the Procedures
Manual).
Page 24
4.17.2 The Procedures Manual

a) Ensure that the Procedures Manual is complete and in such a form that the
Customer can fully understand, operate and exploit the System and the Services.
b) Periodically, and on at least an annual basis, update the Procedures Manual to
reflect changes in operations or procedures. Updates of the Procedures Manual will
be provided to the Customer for review, comment and approval (not to be
unreasonably withheld), provided that the Contractor must incorporate the
reasonable comments or suggestions of the Customer into every revised Procedures
Manual.
c) Perform the Services in accordance with the Procedures Manual.
4.18 Security Management and Administration

4.18.1 Overview
This clause defines and describes the Customer's requirements for the provision of
security services relating to the System and for the System.
4.18.2 Current Environment
The Customer's requirements and the Contractor's obligations for the provision of
security services relating to the System must be read in conjunction with the detail
provided in Attachment 1 (Current Environment).
The Customer creates and manages information that varies in sensitivity from some
that may be made freely available to the public (classified as PUBLIC DOMAIN) to
information that, should a breach of confidentiality occur, could lead to serious injury
or death (classified as HIGHLY PROTECTED).
The classification scheme currently used by the Customer is that defined in the
Commonwealth of Australia’s Protective Security Manual (2000) for non-national
security classified information.
Previous analysis has identified that both the quantity and geographic distribution of
PROTECTED information across the Customer's network (i.e. the LAN and WAN
environments) is sufficiently great to require security controls for the general network
that will ensure appropriate protection for information classified as PROTECTED.
Workgroups managing HIGHLY PROTECTED information will also require
additional security controls to ensure appropriate protection for information classified
at that level.
The Customer does not currently have access to its security protocol information.
However, as identified in the document “Enterprise Security Strategy - Gap Analysis”,
the Customer recognises that the current solution is not sufficient to fully meet
Commonwealth Security Standards.
4.18.3 Security Requirements for the current environment
The Contractor must do everything associated with the provision, management and
administration of security of the System as required by the Customer. The Customer’s
requirements for the provision of security services relating to the System are detailed
below and in section 5 of this Attachment (Roles and Responsibilities). These
requirements are to be fulfilled as part of the core managed services.
Page 25
Without limiting the scope of these Services or the Contractor's obligations, the
Contractor must:
a) Do everything necessary for maintaining the security of the System.
b) Liaise with and provide relevant information to other persons assigned
responsibility for the security of any part of the Customer's IT environment.
4.18.4 Security Policies & Procedures
As a minimum, the Contractor must fully comply with all aspects of the Customer's
Enterprise Information Security Policy, the following security policies, standards and
guidelines and all policies, procedures and standards in Attachment 9 in all their
interactions with the Customer and in the performance and provision of the Services
(including any security service). Where, in the Customer's Enterprise Information
Security Policy, compliance to the Commonwealth information security policies and
standards is currently discretionary, the Contractor must treat those references as
requiring mandatory compliance.
The following is an adapted extract from the Customer's Enterprise Information
Security Policy with which the Contractor must comply.
“The development and management of all Victoria Police information Systems must
be fully compliant with the following policies, standards and guidelines (or their
successors or as amended):
(i) IT&T-14: Information Security Policy (Victorian Government, May 1999);
(ii) IT Network and Application Security Best Practice Statements
(Multimedia Victoria, February 1999);
(iii) Information Technology —Code of Practice for Information Security
Management [AS/NZS ISO/IEC 17799:2001] (Standards
Australia/Standards New Zealand);
(iv) Information Security Management Part 2: Specification for Information
Security Management Systems [AS/NZS 7799.2:2003] (Standards
Australia/Standards New Zealand);
(v) Information Security Risk Management Guidelines [HB 231:2004]
(Standards Australia); and
(vi) Guidelines for the Management of IT Security [AS13335 (Set): 2003]
(Standards Australia).
However, as the documents listed above are relatively non-prescriptive, the
information security control measures implemented in relation to the Customer's
information systems must also be fully compliant with the policies, standards and/or
guidelines defined in the following (or their successors or as amended):
(i) Commonwealth Protective Security Manual (2000 edition, Attorney
General’s Department, Commonwealth of Australia);
(ii) ACSI 33: The Australian Government Information Technology Security
Manual: (2004 edition, Defence Signals Directorate [DSD], Department of
Defence, Commonwealth of Australia);
Page 26
(iii) Gateway Certification Guide (Ver. 3 2004 edition, Defence Signals

Directorate [DSD], Department of Defence, Commonwealth of Australia);
(iv) Security Equipment Catalogue, Security Construction and Equipment
Committee (SCEC), Commonwealth of Australia; and
(v) Key Management Plan Guidance [July 2003] (Information Security Group,
Defence Signals Directorate)”.
4.19 Business Continuity (BC)

All activities associated with the provision to the Customer of BC support, including
BC planning and strategy development, strategy implementation, capability testing,
rehearsals and ongoing management of BC for each component of the System. In
undertaking such activities, the Contractor must take into account and minimise their
impact on all other elements of the Customer's IT environment. The Customer will
retain responsibility for Business Continuity for non-IT resources within each of its
individual business units. The Contractor must coordinate its BC activities with those of
third parties who provide similar services to the Customer in relation to other parts of
the Customer's IT environment and consistently meet or exceed the BC SLRs.
Without limiting the scope of the support Services or the Contractor's obligations in
accordance with the Customer's policies, procedures and standards, the Contractor
must:
a) Appoint and maintain an ‘on call’ (24x7) BC Manager to manage ongoing BC
requirements including preparation activities, capability testing and emergency
response. The Contractor's BC manager will be expected to liaise directly with the
Customer's BITS BC Coordinator.
b) Provide recovery of IT resources, within the System, in timeframes that meet the
Recovery Time Objectives (RTO), including restoration from backups stored offsite,
as specified in SLRs.
c) Ensure the continuance of electronic communication with other departments,
agencies and jurisdictions in the event of an emergency.
d) Undertake a 6 monthly test of BC procedures.
e) Report on the outcomes of the test as soon as practicable after the test. Before,
during and after rehearsals and tests, the Contractor must provide advice, analysis
and suggestions for improvement, and implement improved BC processes (where
shortfalls are identified).
f) Ensure minimum downtime and data loss.
g) Maintain data integrity, including security and access rights.
h) Maintain network security.
i) Minimise any negative impact on the Customer’s business operation.
j) Maintain the Customer's users' satisfaction.
k) Ensure that all BC documents are current and valid.
l) Ensure that the Contractor's staff involved in recovery procedures are fully trained
in the requirements of the plans.
Page 27
The Customer may at its sole discretion review the outcomes of BC testing and reviews.
The Contractor must implement the Customer's recommendations made as an outcome
of such reviews.
4.19.1 Contractor Reporting
The Contractor must report to the Customer any incidents related to the mandatory
requirements such as raising of alarms, security breaches etc. Additional details of this
reporting will be specified by the Customer.
Pass-through Services and Management

All activities associated with managing Third Party Contracts. Without limiting the
scope of the support Services or the Contractor's obligations, the Contractor must on-
charge directly to the Customer amounts invoiced by a third party contractor under a
managed Third Party Contract, without adding any margin or mark-up. The Contractor
must also provide commercial and technical management of the third party contractors
specified by the Customer.
Project Initiation
All activities necessary for the Contractor to comply with the procedures in Attachment
19 and the Procedures Manual when initiating, assessing or implementing projects.
These activities relate to all projects, including those that the Contractor may be
required to undertake, be engaged for as a development project, or in support of a third
party engaged for a development project.
Project initiation activities include, but are not limited to:
a) Developing an initial project plan, identifying all critical path dependencies,
staffing resources, major milestones and project deliverables.
b) Developing reporting requirements.
c) Creating a development project Personnel plan identifying the Personnel assigned
to the development project.
d) Identifying any project inhibitors and mitigation strategies to ensure that the
project can be undertaken in a viable manner.
e) Developing RFT evaluation criteria.
f) Creating a development project Statement of Work (SOW) which includes:
i. A defined scope of work.
ii. Technical goals and objectives.
iii. Identification of customers and end users.
iv. Standards.
v. Assigned responsibilities.
vi. Cost and schedule constraints.
vii. Dependencies between the development project team and other
organisations.
viii. Resource constraints and goals.
Page 28
ix. Planning assumptions.

x. The parties’ responsibilities.
g) Creating a development project Risk Assessment Plan (“RAP”) which identifies
the risks associated with the cost, resource, schedule, and technical aspects of the
project. The risks must be analysed and prioritised based on their potential impact
to the project and contingencies and mitigation strategies for the risks that are
identified must be detailed.
h) Designing a project change control process that identifies, evaluates, assesses any
change that impacts the development project (including any impact on cost,
timing, or risk).
Event Response Services
All activities necessary to support the Customer during an Event. This includes
assistance with the delivery, configuration, installation and connection of hardware and
Software to communication service providers in nominated short time periods. It also
may include the Contractor being obliged to provide fast responses, Rectifying and
Resolving Problems within short timeframes and, in relation to the System, and
providing dedicated onsite assistance. The Contractor must be able to cater for multiple
simultaneous Events.
Contractor must:
a) Make available resources (Personnel and equipment) that can be activated when
the Customer declares an Event.
b) Provide support on an as needed basis to deal with an Event to the Customer's
satisfaction.
c) Cooperate with and provide resources and Services (as part of the support
Services) to any Provider of Event related services to the Customer.
Risk Management
All activities associated with minimising the Customer's risk that is associated with the
Services. Such activities include the Contractor developing, implementing and
maintaining a thorough risk mitigation plan for provision of the Services that aligns
with the Customer’s policies, procedures and standards. The risk mitigation plan must
be approved by the Customer and must adequately address the issues of risk
identification (being anything that has the potential to impede the Customer or the
Contractor from achieving its objectives) and risk classification (i.e. the likelihood and
consequence of each risk). It must also involve the Contractor actively tracking and
mitigating each risk throughout the Term.
The risk mitigation and management activities are in addition to the Contractor's BC
obligations.
Contractor must actively:
a) Identify and prioritise organisational, operational and strategic risk.
b) Adopt an integrated approach to risk management that involves all relevant
internal and external stakeholders including support from the Customer’s senior
Page 29
management.
c) Ensure risk management becomes part of day to day management.
d) Provide Personnel with the policies, procedures and training necessary to manage
risks.
e) Develop appropriate strategies to ensure that identified risks and options for
treatment are communicated to stakeholders at all levels.
f) Monitor its strategic risk profile and achieve continuous improvement in risk
management.
g) Prepare reports on the risk management strategy and its implementation, as and
when required by the Customer, in a form that the Customer can submit to VMIA
to satisfy the Customer's obligations under the Financial Management Act 1994
and Victorian Managed Insurance Authority Act 1996.
Page 30
5 Roles and Responsibilities

Application Maintenance, Support and Enhancement Roles and
Responsibilities
The following table identifies the underlying roles and responsibilities associated with
the provision of the Services (including all required Updates). An “X” is placed in the
column under the party that will be primarily responsible for performing the task. The
Customer's responsibilities are indicated in the column labelled "Customer". The
Customer is designated the responsible party for performing tasks which must be
performed by the Contractor or a third party where the Customer has retained
provisioning or management responsibility.
Where no detail is provided on a specific part of a Service, the Contractor is wholly
responsible for the provision of that part of the Service, unless otherwise advised by the
Customer.
Application Maintenance, Support and Enhancement Contractor Customer

Roles and Responsibilities
1. Application Maintenance
1.1 Define maintenance and support policies and procedures. X
1.2 Approve maintenance and support policies and X

procedures.
1.3 Dispatch technicians to the point-of-service location, if X
required.
1.4 Perform diagnostics on hardware, Software, peripherals X
and services (as appropriate).
1.5 Install manufacturer field change orders, service packs, X
firmware and software maintenance New Releases, BIOS
Updates, etc.
1.6 Perform Software distribution and version control, both X
electronic and manual.
1.7 Perform code efficiency and stress testing. X
1.8 Replace defective parts and systems, including preventive X
maintenance according to the manufacturer’s published
mean- time-between rates.
1.9 Perform routine system management on support X
applications such as system tuning.
1.10 Provide preventive maintenance. X
1.11 Provide adaptive maintenance. X
1.12 Provide perfective maintenance. X
1.13 Provide release packaging of Software changes. X
1.14 Approve release packaging of Software changes. X
Page 31

1.15 Establish the priority of service requests. X
2. Technical and End User Support
2.1 Define technical support policies and procedures. X
2.2 Approve technical support policies and procedures. X
2.3 Test, install and tune technical environment hardware, X
Software, peripherals and services.
2.4 Manage hardware, Software, peripherals, and Services to X
optimise Service Levels and minimise the Customer's
resource requirements.
2.5 Perform system backups in accordance with established X
procedures.
2.6 Coordinate Level 2 Service Desk interaction and response X
with the Level 1 Service Desk.
2.7 Provide Level 2 Service Desk technical assistance and X
production support.
2.8 Coordinate Level 3 Service Desk interaction and response X
with the Level 1 Service Desk and the Level 2 Service
Desk.
2.9 Provide Level 3 Service Desk technical assistance and X
production support.
3. Applications Enhancement
3.1 Requirements Definition
3.1.1 Define requirements determination standards. X
3.1.2 Coordinate end-user interaction with the Level 1 Service X
Desk.
3.1.3 Conduct interviews, group workshops and surveys to X
determine user requirements.
3.1.4 Meet with the Customer's requirements groups and X
representatives.
3.1.5 Serve on appropriate requirements groups and panels. X
3.1.6 Determine software Update conversion requirements for X
COTS hardware and software.
3.1.7 Document all requirements in required formats (e.g., X
system specifications, data models, and network design
schematics).
3.1.8 Approve all requirements documents. X
3.1.9 Recommend System and user acceptance test criteria. X
3.1.10 Approve System and user acceptance test criteria. X
3.2 Design Specification
Page 32

3.2.1 Design and configure technical environment through an X
annual technology plan based on the Customer's
standards, architecture and project initiatives.
3.2.2 Authorise and approve technology plan through X
coordination with the Customer's appropriate technology
standards group.
3.2.3 Conduct Site surveys for design efforts as required. X
3.2.4 Provide design documentation in formats required by the X
Customer for all products and Services.
3.2.5 Approve design documentation for products and Services. X
4. Acquisition
4.1 Establish acquisition policies and procedures. X
4.2 Approve acquisition policies and procedures. X
4.3 Develop and issue requests for proposals, as required. X
4.4 Rate the supplier proposals, as required. X
4.5 Negotiate supplier contracts, as required. X
4.6 Procure assets, as required. X
4.7 Manage/track service orders, as required. X
4.8 Coordinate delivery and installation of new products and X
Services.
4.9 Ensure compliance with the Customer's established IT X
standards and architectures, as required.
4.10 Adhere to the Customer's acceptance process. X
5. Support Services
5.1 Planning and Analysis
5.1.1 Define services and standards for planning and analysis X
activities.
5.1.2 Approve services and standards for planning and analysis X
activities.
5.1.3 Recommend policies and procedures to implement X
planning and analysis activities.
5.1.4 Conduct an information system threat risk assessment to X
identify formal security requirements.
5.1.5 Authorise and approve policies and procedures. X
5.1.6 Perform business liaison function to operational units. X
5.1.7 Perform business planning for capacity and performance. X
5.1.8 Continuously monitor technical trends through X
independent research; document and report on products
Page 33

and services with potential use for the Customer.
5.1.9 Perform feasibility studies for the implementation of new X
technologies that best meet the Customer's business needs
and expense/service level expectations.
5.1.10 Perform project management and estimation functions X
(including the creation of project plans and appropriate
management documentation).
5.1.11 Conduct annual technical and business planning sessions X
to establish standards, architecture and project initiatives.
5.1.12 Participate in annual technical and business planning X
sessions to establish standards, architecture and project
initiatives.
5.1.13 Conduct semi-annual technical reviews. X
5.1.14 Conduct semi-annual workshops on industry trends and X
best practices.
1.5.15 Planning for BC. X X
1.5.16 Perform security planning. X
1.5.17 Provide standards, procedures and policies regarding X
security.
5.2 Development Project Management
5.2.1 Provide Development Project management methodology. X
5.2.2 Approve Development Project management X
methodology.
5.2.3 Provide Development Project management Services and X
reporting.
5.2.4 Approve and sign-off project management Services and X
reporting.
5.3 Construction/Development
5.3.1 Establish construction/development policies and X
procedures.
5.3.2 Approve construction/development policies and X
procedures.
5.3.3 Perform engineering functions required to implement X
design plans for additional or new products and services.
5.3.4 Manage construction/development efforts using industry X
standard project management tools and methodologies.
5.3.5 Conduct development reviews and provide results to the X
Customer.
5.3.6 Create standard infrastructure profiles specific to the X
Customer's IT service area (e.g., desktop profiles for
Page 34

distributed computing).
5.3.7 Develop scripts and macro programs to automate X
standard Customer processes as appropriate (e.g.,
upgrading desktop profiles).
5.3.8 Approve construction/development plans and procedures X
where there is an impact on the Customer's other
entities/facilities.
5.4 Integration and Testing
5.4.1 Develop integration and testing policies and procedures. X
5.4.2 Approve integration and testing policies and procedures. X
5.4.3 Conduct integration and testing for all new and upgraded X
equipment, Updated Software or services to include unit,
System, integration and regression testing.
5.4.4 Evaluate all new and upgraded equipment, Updated X
Software or services for compliance with the Customer's
security policies, regulations and procedures.
5.4.5 Approve all integration, user acceptance and security X
testing for new and upgraded equipment, Updated
Software or services.
5.4.6 Stage new and upgraded equipment, Updated Software or X
services to smoothly transition into existing environment.
5.4.7 Perform modifications and performance-enhancement X
adjustments to the Customer's system Software and
utilities as a result of changes to architectural standards.
5.4.8 Test New Releases of supported hardware and Software X
to ensure conformance with the Customer's SLRs.
5.4.9 Oversee the Customer's integration test laboratory X
facilities.
5.4.10 Manage the Customer's integration test laboratory X
facilities.
5.4.11 Perform configuration management and change control X
activities.
5.4.12 Approve configuration management and change control X
results.
5.5 Implementation and Migration
5.5.1 Define equipment migration and redeployment policies. X
5.5.2 Approve equipment migration and redeployment policies. X
5.5.3 Conduct pre-installation Site surveys. X
5.5.4 Install enhancements to technical architecture or Services X
provided.
Page 35

5.5.5 Install new or enhanced functions or features—hardware, X
Software, peripherals and configurations.
5.5.6 Coordinate support activities with and between the X
Contractor's Service Desk and other Service Desks.
5.5.7 Provide technical assistance during conversion as X
requested.
5.5.8 Perform data migration by either electronic or manual X
methods as a result of implementation or migration.
5.5.9 Perform appropriate tests on all installs, moves, additions X
and changes.
5.5.10 Conduct user acceptance tests. X
5.5.11 Approve user acceptance results. X
5.5.12 Provide end-user training for new products and services X
5.5.13 Conducting tests of documented BC procedures including X X
all backup and restoration activities.
5.5.14 Approve implementation and migration "Go/No Go" X
decisions.
5.6 Emergency
5.6.1 Define requirements for emergency capability (including X
BC requirements.
5.6.2 Approve requirements for emergency capability. X
5.6.3 Provide a structured process for monitoring, managing X
and reporting on actions related to emergency activities.
5.6.4 Identify the members of an emergency response team. X X
5.6.5 Develop emergency management plan to meet emergency X
requirements.
5.6.6 Approve emergency management plan. X
5.6.7 Perform emergency processes as required by the X
Customer.
5.7 Application Warranty
5.7.1 Conduct maintenance and parts management and X
monitoring during warranty and off-warranty periods.
5.8 Continuous Process Improvement
5.8.1 Develop processes for monitoring and analysing service X
delivery methods and procedures.
5.8.2 Approve processes for monitoring and analysing service X
delivery methods and procedures.
5.8.3 Present opportunities for improvement in service delivery X
methods and procedures.
Page 36

5.8.4 Analyse and if proven approve opportunities for X
improvement in service delivery methods and procedures.
5.8.5 Implement opportunities for improvement in service X
delivery methods and procedures as per
change/configuration control procedures.
5.9 Level 2 Problem Management And Resolution (Specialised Problem, Skilled Technical
Solution)
5.9.1 Identify Problem characteristics and, if possible, root X
cause.
5.9.2 Respond to and resolve inquiries/Problems within X
prescribed time limits, if possible; otherwise, escalate to
appropriate Level 3 Service Desk within SLR escalation
time periods.
5.9.3 Coordinate call progress Rectification and Resolution X
with Level 1 Service Desk for tracking and reporting
purposes.
5.9.4 Notify and/or escalate issues to the Customer and third X
party management as required.
5.10 Level 3 (Severe Problem, Extended Technical Solution) Problem Management and
Resolution
5.10.1 Identify Problem characteristics, including root-cause X
analysis and identification.
5.10.2 Respond to and resolve inquiries/Problem within SLR X
time periods; coordinate Rectification and Resolution
with the Customer, as well as appropriate suppliers and
third parties as needed.
5.10.3 Co-ordinate call progress Rectification and Resolution X
with Level 1 Service Desk for tracking and reporting
purposes.
5.11 Root Cause Analysis
5.11.1 Flag all Severity Level 1 Problems as requiring Root X
Cause Analysis along with all recurring problems.
5.11.2 Determine protocols and requirements for Root Cause X
Analysis.
5.11.3 Implement protocols and requirements for Root Cause X
Analysis.
5.11.4 Initiate Root Cause Analysis reports and assign and X
manage the collation of data between all parties including
but not limited to third party vendors, other third parties
that provide I'T services to the Customer and the
Customer.
5.11.5 Identify the root cause of Severity Level 1 Problems or X
failures and recommend appropriate Resolution action,
where/whenever possible.
Page 37

5.11.6 Track and report on progress of all Severity Level 1 X
Problems that are escalated to the Level 2 Service Desk to
ensure that Root Cause Analysis is performed and
reported on (incident reports /Tickets to remain open until
Root Cause Analysis report is completed and submitted).
5.11.7 Provide the Customer with a written report detailing the X
cause of and procedure for correcting such failure;
provide updates on a monthly basis until closure.
5.11.8 Substantiate to the Customer that all reasonable actions X
have been taken to prevent recurrence of such failure.
5.11.9 Review and approve actions for Resolution of Problems X
as reported in Root Cause Analysis recommendations.
5.12 Training Activities
5.12.1 Establish training plans and procedures. X
5.12.2 Approve training plans and procedures. X
5.12.3 Provide training for the Customer's end-users to improve X
“how-to-use” skills related to IT service area systems and
applications.
5.13 Monitoring and Reporting
5.13.1 Approve and document SLRs, Severity Levels and X
reporting cycles.
5.13.2 Document Service Level objectives and requirements. X
5.13.3 Determine escalation points and triggers. X
5.13.4 Define high-level on line reporting requirements. X
5.13.5 Provide access to problem management systems in X
accordance with on line reporting requirements.
5.13.6 Measure and analyse performance relative to X
requirements.
5.13.7 Develop improvement plans. X
5.13.8 Authorise and approve improvement plans. X
5.13.9 Implement improvement plans. X
5.13.10 Report on Service Level results. X
5.13.11 Coordinate monitoring and reporting of Service Desk. X
5.13.12 Provide appropriate metrics and measures of performance X
to the Customer's appropriate representatives including
the information system security action centre.
5.14 Local Implementation/Deployment
5.14.1 Define and approve local implementation/deployment X
Services standards and policies.
Page 38

5.14.2 Develop local implementation/deployment Services X
procedures.
5.14.3 Implement and deploy applications as per local X
implementation/deployment Services procedures.
5.14.4 Test and approve implemented and deployed applications. X
5.15 Managed Asset Management
5.15.1 Establish and authorise Managed Asset register X
management policies and processes.
5.15.2 Implement and fully comply with Managed Asset register X
management policies and procedures.
5.15.3 Provide updates of Managed Assets to the Managed Asset X
register database in accordance with defined procedures.
5.15.4 Establish, update, and maintain an Managed Asset X
register database.
5.15.5 Provide management tools, infrastructure and end-to-end X
support for interfaces with the Managed Asset register
management database.
5.15.6 Review and approve Managed Asset register tracking X
methodology.
5.15.7 Ensure inputs to the Managed Asset register are accurate X
and fully up to date.
5.15.8 Track all Managed Assets (by user, location, Managed X
Asset ID, finances) and ensure service contracts are in
force as needed to meet SLRs.
5.15.9 Provide inventory tracking and management including X
support for centralised warranty and license management.
5.15.10 Assist in auditing Managed Assets. X
5.15.11 Conduct Managed Asset audits. X
5.15.12 Establish and define Managed Asset register database X
reporting requirements and policies.
5.15.13 Develop Managed Asset register management procedures X
and comply with all reporting requirements.
5.15.14 Determine acceptance process for new or replacement X
Managed Assets.
5.15.15 Adhere to the Customer's acceptance processes. X
5.15.16 Report on Managed Asset register on an ad hoc and X
defined/structured basis.
5.15.17 Periodic review/audit Managed Asset register X
management procedures.
5.16 Configuration Management/Change Control
Page 39

5.16.1 Establish change requirements (Workstation, operating X
system, network operating system, application Software,
user access).
5.16.2 Define configuration management and change control X
policies and procedures.
5.16.3 Review and approve configuration management and X
change control policies and procedures.
5.16.4 Determine change logistics. X
5.16.5 Determine change cost and impact. X
5.16.6 Schedule and conduct change management meeting. X
5.16.7 Authorise and approve change. X
5.16.8 Notify affected clients of change timing and impact. X
5.16.9 Implement change. X
5.16.10 Verify that change met objectives and did not have other X
negative impacts.
5.16.11 Report results of change. X
5.16.12 Ensure that each change is accompanied by a business X
continuity and back out plan.
5.16.13 Perform quality control audits and approve change X
control results.
5.16.14 Approve post implementation review reports. X
5.17 Documentation
5.17.1 Define Documentation requirements and formats. X
5.17.2 Approve Documentation requirements and formats. X
5.17.3 Provide output in the format specified by the Customer X
for support of activities throughout the life cycle of the
Services.
5.17.4 Approve Documentation delivered. X
5.18 Security Management and Administration
5.18.1 Establish and maintain the necessary security X
management and administration requirements.
5.19 BC - Ongoing Management
5.19.1 Establish and maintain BC requirements. X X
5.19.2 Policy (incl. key responsibilities). X
5.19.3 Maintain IT BC team structure. X
5.19.4 Maintain BC management team structure. X
5.19.5 Ensure awareness of BC responsibilities (business). X
Page 40

5.19.6 Ensure awareness of BC responsibilities (IT). X
5.19.7 Update IT BC procedures as required X
5.19.8 Approve updates of BC. X
5.19.9 Update BC procedures (business) as required. X
5.19.10 Plan storage and access (Central database, immediate off- X
site access).
5.19.11 Embed BC responsibilities in work practices and X
reporting requirements under SLRs.
5.19.12 Embed BC responsibilities in work practices and X
reporting under internal KPIs.
5.20 Pass-through Services and Management
5.20.1 Define policies, procedures and standards for pass– X
through services and management.
5.20.2 Implement policies, procedures and standards for pass– X
through services and management.
5.20.3 Manage and track any issues relating to Third Party X
Contracts.
5.20.4 Provide itemised third party vendor charges on to X
Customer
Information Security Roles and Responsibilities

These roles and responsibilities are applicable to the delivery of the Services (where
applicable).
Page 41
Information Security Roles and Responsibilities Contractor Customer

Matrix
6 INFORMATION SECURITY
6.1 INFORMATION SECURITY MANAGEMENT
SYSTEM (ISMS)
6.1.1 Implement and maintain an "Information Security X
Management System" (ISMS) for the secure management
of the Customer’s System that is fully compliant with the
Customer's policies and standards
6.1.2 Provide the Customer’s authorised representatives with X
access (including copies, where requested) to all
documentation regarding the Contractor’s ISMS for the
secure management of the Customer’s System.
6.1.3 Enable the Customer’s authorised representatives to X
undertake whatever activities are necessary for the
effective monitoring and/or auditing of the Contractor’s
ISMS, and the Contractor’s performance against it.
6.1.4 Monitor the structure and content of the Contractor’s X
6.1.5 Implement regular (at least annual) self-audits of X
structure and content of the Contractor’s ISMS against
the recommendations and content of the Customer's
policies and standards and provide a report of the audit
activities and findings to the Customer’s Contract
Manager.
6.1.6 Implement regular (at least annual) self-audits of the X
Contractor’s performance against its ISMS, and provide a
report of the audit activities and findings to the
Customer’s Contract Manager.
6.1.7 Audit the structure and content of the Contractor’s ISMS, X
and the Contractor’s performance against it.
6.1.8 Implement corrective and preventive actions to remediate X
any shortcomings identified by the Contractor and/or the
Customer regarding the structure and content of the
Contractor’s ISMS, or the Contractor’s performance
against it.
6.1.9 Assist the Customer in defining a security X
calendar/schedule of known security events (including
reporting) through the provision of relevant authoritative
advice.
6.1.10 Define a security calendar/schedule of all known security X
events (including reporting).
6.1.11 Advise the Customer of any scheduled security events X
such as systems maintenance that are additional to those
defined in the calendar/schedule, at least 24 hours before
the event is scheduled to occur.
6.1.12 Evaluate and advise the Customer (through the Contract X
Manager) regarding the:
• Information security implications;
Page 42

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 43

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 44

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 45

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 46

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 47

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 48

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 49

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 50

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 51

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 52

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 53

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 54

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 55

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 56

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 57

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 58

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 59

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 60

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 61

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 62

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 63

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 64

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 65

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 66

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 67

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 68

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 69

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 70

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 71

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 72

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 73

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 74

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 75

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 76

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 77

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 78

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 79

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 80

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 81

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 82

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 83

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 84

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 85

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 86

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 87

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 88

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 89

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 90

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 91

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 92

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 93

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 94

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 95

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 96

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 97

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 98

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 99

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 100

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 101

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 102

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 103

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 104

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 105

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 106

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 107

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 108

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 109

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 110

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 111

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 112

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 113

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 114

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 115

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 116

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 117

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 118

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 119

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 120

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 121

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 122

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 123

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 124

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 125

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 126

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 127

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 128

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 129

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 130

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 131

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 132

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 133

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 134

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 135

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 136

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 137

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 138

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 139

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 140

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 141

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 142

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 143

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 144

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 145

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 146

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 147

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 148

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 149

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 150

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 151

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 152

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 153

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 154

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 155

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 156

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 157

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 158

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 159

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 160

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 161

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 162

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 163

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 164

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 165

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 166

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 167

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 168

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 169

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 170

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 171

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 172

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 173

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 174

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 175

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 176

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 177

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 178

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 179

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 180

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 181

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 182

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 183

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 184

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 185

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 186

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 187

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 188

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 189

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 190

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 191

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 192

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 193

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 194

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 195

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 196

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 197

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 198

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 199

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 200

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 201

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 202

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 203

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 204

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 205

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 206

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 207

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 208

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 209

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 210

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 211

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 212

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 213

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 214

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 215

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 216

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 217

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 218

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 219

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 220

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 221

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 222

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 223

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 224

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 225

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 226

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 227

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 228

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 229

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 230

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 231

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 232

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 233

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 234

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 235

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 236

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 237

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 238

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 239

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 240

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 241

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 242

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 243

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 244

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 245

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 246

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 247

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 248

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 249

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 250

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 251

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 252

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 253

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 254

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 255

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 256

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 257

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 258

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 259

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 260

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 261

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 262

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 263

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 264

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 265

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 266

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 267

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 268

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 269

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 270

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 271

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 272

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 273

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 274

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 275

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 276

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 277

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 278

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 279

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 280

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 281

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 282

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 283

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 284

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 285

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 286

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 287

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 288

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 289

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 290

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 291

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 292

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 293

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 294

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 295

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 296

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 297

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 298

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 299

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 300

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 301

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 302

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 303

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 304

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 305

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 306

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 307

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 308

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 309

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 310

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 311

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 312

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 313

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 314

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 315

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 316

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 317

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 318

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 319

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 320

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 321

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 322

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 323

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 324

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 325

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 326

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 327

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 328

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 329

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 330

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 331

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 332

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 333

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 334

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 335

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 336

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 337

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 338

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 339

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 340

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 341

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 342

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 343

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 344

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 345

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 346

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 347

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 348

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 349

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 350

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 351

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 352

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 353

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 354

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 355

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 356

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 357

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 358

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 359

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 360

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 361

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 362

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 363

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 364

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 365

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 366

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 367

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 368

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 369

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 370

Matrix
SYSTEM (ISMS)
Manager.
against it.
advice.
Page 371
Page 372
6 Service Level Requirements

6.1 SLR and Abatement Commencement
The Contractor must comply with, track and report on the Service Level Requirements
from the Service Commencement Date and Attachment 5 shall apply from that date.
However, before 1 May 2006 the amounts specified for each Abatement Payment Level
and any monthly cap specified for abatements accruing for a specific SLR in Section
2.2 of Attachment 5 will be reduced by 50%. From 1 May 2006, Abatement Payment
Levels and any caps specified for abatements accruing for a specific SLR in
Attachment 5 will apply without reduction in accordance with Attachment 5.
Service Levels shall be calculated for each calendar month from the Service
Commencement Date. For the purposes of this Attachment, each of the periods
running from the Service Commencement Date to the end of the first calendar month
and the part of a month ending on the expiry of the Contract, shall be counted as one
calendar month.
6.2 Service Level Requirement Classifications

For each component of the Service, the Customer will specify the MASL that applies to
it by specifying one of the designations below.
Where there is no classification specified for a Service, the Contractor must assume a
‘Bronze’ Service Level.
(a) “Gold” means the relevant Service plays a key role in the customer experience
and has zero tolerance for downtime.
(b) “Silver” means the relevant Service is critical to the business. Outages of even a
short duration will typically cause adverse impact to the business, including loss
of services to large numbers of users, or potential breach of regulatory
obligations.
(c) “Bronze” means the relevant Service is important to the business. Outages
typically impact business process or small numbers of Users and may lead to
some adverse impact to the business.
6.3 SLR Details

The Contractor MUST continually meet or exceed the following SLRs.
Page 373

Applications Attachment 3

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Applications Attachment 3

Uploaded by

Copyright:

Available Formats

Attachment 3 - Services - Applications

This attachment consists of the following sections:

2 Definitions and acronyms

Common Term Definition

BATCH PROCESSING The processing of non-online applications according to agreed

Common Term Definition

Common Term Definition

OUTAGE An event where the Service or a defined component of the System

Common Term Definition

Common Term Definition

Common Term Definition

3.1 Included Services

Addition and subtraction of applications will be addressed in accordance with the

3.1.2 General responsibilities

3.1.3 Application Maintenance

3.1.3.1 Correcting non conforming performance

3.1.3.2 Preventive Maintenance

3.1.3.3 Adaptive Maintenance

3.1.3.4 Perfective Maintenance

d) Database performance tuning.

3.1.3.5 Release Packaging

3.1.4 Technical and End-User Support

3.1.5 Application Enhancement

3.1.5.1 Requirements Definition

3.1.5.2 Design Specifications

3.1.5.3 Test and Development and Training Environment

3.2 Anticipated Applications Maintenance, Support and Enhancement Growth

3.3 Excluded Services and Applications

4.1 Planning and Analysis

4.2 Project Management principles

4.2.1 Enhancement activities

a) Providing, maintaining and updating a comprehensive project plan, identifying all

4.2.2 Development Projects

4.4 Integration and Testing

f) Performing modifications and performance enhancement adjustments to the

4.5 Implementation and Migration

4.6 Emergency Services

4.7 Application Warranty

4.8 Continuous Process Improvement

4.9 Level 2 Service Desk Problem Management Rectification and Resolution

4.9.2 Level 2 Problem Management

4.9.3 Level 2 Problem Monitoring and Reporting

4.10 Level 3 Service Desk

4.11 Root Cause Analysis

4.13 Monitoring and Reporting

4.14 Local Implementation/Deployment

4.15 Managed Asset Management

4.16 Configuration Management/Change Control

4.17.2 The Procedures Manual

4.18 Security Management and Administration

(iii) Gateway Certification Guide (Ver. 3 2004 edition, Defence Signals

4.19 Business Continuity (BC)

Pass-through Services and Management

ix. Planning assumptions.

5 Roles and Responsibilities

Application Maintenance, Support and Enhancement Contractor Customer

1.2 Approve maintenance and support policies and X

Application Maintenance, Support and Enhancement Contractor Customer

Application Maintenance, Support and Enhancement Contractor Customer

Application Maintenance, Support and Enhancement Contractor Customer

Application Maintenance, Support and Enhancement Contractor Customer

Application Maintenance, Support and Enhancement Contractor Customer

Application Maintenance, Support and Enhancement Contractor Customer

Application Maintenance, Support and Enhancement Contractor Customer