Download the complete service offering
1. Description of Service
ITD's EO504 Compliance Service provides agencies with access to the on-line Compliance Application for submitting and reporting agency Information Security Program (ISP), Electronic Security Plan (ESP) and their annual Self-Audit Questionnaire (SAQ). The EO504 Compliance Application is only accessible from inside MAGNet. Once authorized, users can access this application through this EO504 Application link.
This service allows authorized users to submit and update EO504 submissions online. Please see Executive Order 504 Service Support for user support and guidance. Authorized access to the Compliance Application is granted to agency users when the agency head or agency Information Security Officer (ISO) requests a user application account through ITD's Security Office. For more information please see Executive order 504 and Executive Order 512.
Support services include:
- A Service Account Manager to answer any questions or concerns regarding ITD Services.
- Services offered through our Operations Office; including Change Management and customer access to incident management via email, phone (CommonHelp)
- The online COMiT service management portal
2. Service Targets/Hours of Availability
|Service Availability||Service is available 24x7.|
|Request Fulfillment*||Staff will respond to service requests during the hours of 9:00 am - 5:00 pm Monday through Friday excluding holidays. Customers can make requests through COMiT.|
|Incident Management*||ITD Service Management Office has standard processes to manage incidents, requests and changes.|
Outages or urgent issues should be reported by phone to receive the quickest response 1-866-888-2808.
*Incidents, requests, or changes that are outside the scope of the defined service description or normal service hours will be direct charged to the customer.
3. Service Reporting
|Application Documentation||Information submitted within the Application.||Within Application|
|Dashboard||A Dashboard is available for each agency to review submitted information||Within Application|
4. Service Requests
|COMiT Service Requests||Description||Lead Time-Business Days|
|Request System Access*||Requesting access to the application (by user role).||3-5 Days|
|Request System Training*||Training on how to use this service.||Up to 21 Days|
*Please work with your Service Account Manager to process requests for these services.
5. Customer Responsibilities
Per Executive Order 504, the Agency Information Security Officer and the Department Head must sign and attest to the Agency Self-Audit Questionnaire (SAQ).
For your convenience, you may also view a detailed list of customer responsibilities.
6. Chargeback Rate Information
For more information on Chargeback, including an overview of the program as well as current and previous fiscal year rates, please visit our Chargeback Services webpage.
Cost framework: Security Compliance
1. Direct Charges to Customers
|Total 1A. Customer Specific - Costs Directly Charged to Customers||$0|
|Total 1. Direct Charges to Customers||$0|
2. Direct Dedicated Resources
|Direct Costs - Salaries (AA) and Fringe (DD), Contract (U05, HH)||0.85||$62,676|
|Total 2A. Direct Costs - Salaries (AA) and Fringe (DD), Contract (U05, HH)||0.85||$62,676|
|-Other costs, Reclassifications, Adjustments-||$4|
|-Qualys Vulnerability Management-||$4,000|
|Total 2B. Hardware / Software / Contracts (UU, LL , etc)||$4,004|
|Total 2. Direct Dedicated Resources||$66,680|
3. Indirect Costs
|Total 3A. Allocated Shared Resources||$0|
|Total 3. Indirect Costs||$0|
4. Indirect Costs
|Data - Data Backup and Recovery -||SG100||$0.2437||780||$190|
|Hosting - Windows OS Support-||SV210||$140||60||$8,400|
|Hosting - Shared VMWare Platform Support-||SV350||$146||60||$8,760|
|Data - Silver (Clarion Auto-Tier FC, SATA)-||SF0C0||$0.022||115705||$2,546|
|Total 4A. Shared ITD Data Center Services||$19,896|
|Total 4. Indirect Costs||$19,896|
5. Allocated Costs
|Allocated Costs Not Specific to Service||$25,885|
|Total 5A. Allocated Costs Not Specific to Service||$25,885|
|Total 5. Allocated Costs||$25,885|
6. Management Adjustments
|Total 6A. Management Adjustments||$0|
|Total 6. Management Adjustments||$0|
Grand Total: Security Products and Services - Security Compliance
7. Rates Pertaining to this Service
|SERVICE OFFERING / TITLE / BILLABLE UNIT||RATECODE||RATE||PLANNED UNITS||COST|
|Security - Security 504 Compliance-Each Mail Box / Month||SU070||$1499||75||$112,461|
|Total 7A. Rates Pertaining to this Service||$112,461|
Download a complete listing of all chargeback rates
Updated October 25, 2013
Reviewed October 25, 2013
Published August 31, 2011
Created August 31, 2011: Information provided by the Security Office