Download the complete service offering doc format of    eo504_compliance_serivce_definition.doc

 


1. Description of Service

ITD's EO504 Compliance Service provides agencies with access to the on-line Compliance Application for submitting and reporting agency Information Security Program (ISP), Electronic Security Plan (ESP) and their annual Self-Audit Questionnaire (SAQ). The EO504 Compliance Application is only accessible from inside MAGNet. Once authorized, users can access this application through this EO504 Application link.
 

This service allows authorized users to submit and update EO504 submissions online. Please see Executive Order 504 Service Support for user support and guidance. Authorized access to the Compliance Application is granted to agency users when the agency head or agency Information Security Officer (ISO) requests a user application account through ITD's Security Office. For more information please see Executive order 504 and Executive Order 512.

Support services include:



2. Service Targets/Hours of Availability

Service RequirementDescription
Service AvailabilityService is available 24x7.
Request Fulfillment*Staff will respond to service requests during the hours of 9:00 am - 5:00 pm Monday through Friday excluding holidays. Customers can make requests through COMiT.
Incident Management*ITD Service Management Office has standard processes to manage incidents, requests and changes.

Outages or urgent issues should be reported by phone to receive the quickest response 1-866-888-2808.

*Incidents, requests, or changes that are outside the scope of the defined service description or normal service hours will be direct charged to the customer.

 

 


3. Service Reporting

ReportDescriptionReporting Interval
Application DocumentationInformation submitted within the Application.Within Application
DashboardA Dashboard is available for each agency to review submitted informationWithin Application

 

 


4. Service Requests

COMiT Service RequestsDescriptionLead Time-Business Days
   
Request System Access*Requesting access to the application (by user role).3-5 Days
Request System Training*Training on how to use this service.Up to 21 Days

*Please work with your Service Account Manager to process requests for these services.
 



5. Customer Responsibilities

Per Executive Order 504, the Agency Information Security Officer and the Department Head must sign and attest to the Agency Self-Audit Questionnaire (SAQ).

For your convenience, you may also view a detailed list of customer responsibilities. doc format of    eo504_compliance_serivce_definition.doc   

 

 


6. Chargeback Rate Information

For more information on Chargeback, including an overview of the program as well as current and previous fiscal year rates, please visit our Chargeback Services webpage.

Cost framework: Security Compliance

1. Direct Charges to Customers

1A. Customer Specific - Costs Directly Charged to Customers
DESCRIPTIONCOST
 $0
Total 1A. Customer Specific - Costs Directly Charged to Customers$0
Total 1. Direct Charges to Customers$0

2. Direct Dedicated Resources

2A. Direct Costs - Salaries (AA) and Fringe (DD), Contract (U05, HH)
DESCRIPTIONFTECOST
Direct Costs - Salaries (AA) and Fringe (DD), Contract (U05, HH)0.85$62,676
Total 2A. Direct Costs - Salaries (AA) and Fringe (DD), Contract (U05, HH)0.85$62,676
2B. Hardware / Software / Contracts (UU, LL , etc)
DESCRIPTIONCOST
-Other costs, Reclassifications, Adjustments-$4
-Qualys Vulnerability Management-$4,000
Total 2B. Hardware / Software / Contracts (UU, LL , etc)$4,004
Total 2. Direct Dedicated Resources$66,680

3. Indirect Costs

3A. Allocated Shared Resources
DESCRIPTIONCOST
 $0
Total 3A. Allocated Shared Resources$0
Total 3. Indirect Costs$0

4. Indirect Costs

4A. Shared ITD Data Center Services
DESCRIPTIONRATECODERATEUNITSCOST
Data - Data Backup and Recovery -SG100$0.2437780$190
Hosting - Windows OS Support-SV210$14060$8,400
Hosting - Shared VMWare Platform Support-SV350$14660$8,760
Data - Silver (Clarion Auto-Tier FC, SATA)-SF0C0$0.022115705$2,546
Total 4A. Shared ITD Data Center Services   $19,896
Total 4. Indirect Costs$19,896

5. Allocated Costs

5A. Allocated Costs Not Specific to Service
DESCRIPTIONCOST
Allocated Costs Not Specific to Service$25,885
Total 5A. Allocated Costs Not Specific to Service$25,885
Total 5. Allocated Costs$25,885

6. Management Adjustments

6A. Management Adjustments
DESCRIPTIONCOST
 $0
Total 6A. Management Adjustments$0
Total 6. Management Adjustments$0

Grand Total: Security Products and Services - Security Compliance

$112,461

7. Rates Pertaining to this Service

7A. Rates Pertaining to this Service
SERVICE OFFERING / TITLE / BILLABLE UNITRATECODERATEPLANNED UNITSCOST
Security - Security 504 Compliance - Each YearSU070$149975$112,461
Total 7A. Rates Pertaining to this Service   $112,461

 

Download a complete listing of all chargeback rates 


Updated October 25, 2013
Reviewed April 11, 2014
Published August 31, 2011
Created August 31, 2011: Information provided by the Security Office