General Overview of OIS Application and Web Development Services and Support

Service Level Agreement for Online Web Hosting via the Plone Content Management System provided by the Office of Information Systems

SLA Web Services

Last updated March 2014

OIS Application and Web Development Services offers both free Core and fee based non-Core services and support for the School of Medicine’s web and online application needs.

Service Descriptions

Core and Non-Core services

OIS’s Application and Web Development services are divided into two classes, ‘Core’ and ‘Non-Core’ services.

Core Services and Support Overview

Core services are provided at no cost to the School of Medicine’s Departments, Centers, Programs, Labs and Student Groups.

The benefit of providing select technical solutions to the School of Medicine’s application and web needs means OIS can deliver enterprise solutions and support to the entire school at a lower cost. Our Content Management System (CMS), is a customized build of the open source product Plone. For a list of our current features, please see the SOM Plone CMS Feature sheet. It is powerful, flexible and adaptable to your business needs. Any organization associated with the School of Medicine may request that OIS provide content management system hosting and support for a new web site at no cost.

Core Services

The following are services OIS provides to departments, centers, programs, labs and student groups under our core services:

Website creation in the SOM’s Content Management System (Plone)

At no cost, we host an online website that is easy to update, that is flexible to use and has most of the features you need available “out of the box”. More information located at our webguide.

Security and feature updates

Maintenance updates, security patches and feature enhancements are included in our core services.

Training and support

OIS provides regularly scheduled CMS training classes and basic support (basic user questions by telephone or email) at no cost.  Custom training is available as a non-core service for a fee.  More information about trainings.  CMS support for features outlined in the Web Guide (http://med.unc.edu/webguide) is available through the Help Desk (http://help.med.unc.edu) and webhelp@med.unc.edu. There is a 30 minute free support session per issue.  Issues that require additional effort may be subject to the current charge back rate.

Enterprise search across system

You and your users can search for content across the entire UNC Health Care / School of Medicine organization.

Localized search

You and your users can search for just your site’s content. This can be helpful when your site has a complex navigation structure or wide ranging content.

Custom forms

Use the included form creation tool to create forms for collecting data. For sensitive data, see our service of secure data collection below.

Analytics

Access to Google Analytics is included in core services.  Advanced training can be scheduled as a non-core service.  More information about Analytics.

Backup of web content

OIS maintains 8 weeks of local backups of your site’s content. If you have lost your content, under most circumstances, we can restore the missing content within 2 business days. We also store 90 days of off site backups. If you do need off site data restored, there will be an additional off site request and restore fee. Recovery time for off-site content is 7 days.

10 gigs of online space

Your core allocation of available space is 10gigs.  If you exceed this, annual non-core rates apply.  Details below.

High-level url med.unc.edu/yoursite

Alternate "vanity" urls are also available, upon request.

Standard Core Service Level Agreement

  • Hosting on a highly available system architecture (99.9% uptime)
  • Appropriate server configuration based upon your site traffic needs
  • No local bandwidth caps
  • 10 gigs storage per site
  • Periodic feature updates and enhancements
  • 24x7 system performance and uptime monitoring and issue response
  • Security monitoring and updates
  • Nightly local backups
  • Weekly offsite backups
  • Local backups for 8 weeks
  • $80 for a site restore within 2 business days
  • Off-site backups for 90 days; additional $200 recovery fee (expect 7 day turnaround)
  • Web statistics reporting through Google Universal Analytics (e.g. 404 status reports)
  • Training and Technical support.
  • Access to online FAQs and Tutorials.

Non-Core Services and Support Overview

The following are cost recovery services OIS provides to School of Medicine departments, centers, programs, labs and student groups. These additional services are outside the core services OIS provides. Non-Core service requests for the School of Medicine will be scheduled on an individual basis with tailored statements of work outlining work to be performed, resources required and associated costs. Current hourly cost recovery rates are $80/hr.

Non-Core Services

The following are services OIS provides to departments, centers, programs, labs and student groups under our non-core services:

Customized CMS training

Custom trainings for large groups or on advanced features outside regularly scheduled trainings.

Consulting

  • Project management
  • CMS custom development
  • Custom Workflow
  • Information Architecture Analysis
  • Usability/User Experience (UX)
  • Visual design for the core service or print
  • Interactive Content
  • Content migration into the CMS
  • Social media
  • Advanced HTML/XHTML, CSS web development within core systems
  • Wireframes and mock-ups
  • Search engine optimization (SEO) consulting
  • Google custom search solutions
  • Competitive analysis/research
  • Email marketing and campaigns
  • Advanced Analytics
  • Qualtrics Questionnaires

Mass uploading

Non-core assistance in uploading numerous files to a site.

Advanced content troubleshooting/Issue resolution

Non-core service to assist content authors with site issues pertaining to content.  There is a 30 minute free support session per issue.  Issues that require additional effort may be subject to the current charge back rate.

Advanced forms

Extended help in advanced form creation. An example of an advanced form might be auto populating a form based on directory information.

Secure forms

Non-core service can be established collect patient information with complete end-to-end HIPAA compliance.

Monitoring Systems

Non-core service can set up to monitor systems and to alert on metric changes.

Archiving

Non-core assistance in archiving, migration or storage of content.

Non-Core - Annual recurring fees

The following are cost recovery services OIS provides to departments, centers, programs, labs and student groups with annual recurring fees.

Enhanced SLA

If our standard, no-cost, Service Level Agreement isn’t enough for your business needs, we can extend it with an enhanced SLA. Additional services might include High Availability, where your site will have priority recovery status regardless of day or time. Standard recovery is best effort and may be delayed until next business day.

Additional storage

If you exceed the 10 gigs of standard core storage, we can provide your site with additional space. This price includes the backup archives of the additional space.

 

Terms of Service

Technical details of services to be provided

  • Web/application service hosted in Plone CMS
  • Fedora Linux on redundant Virtual Machine infrastructure hosted by UNC ITS
  • Content acceleration by Varnish
  • Apache httpd front end
  • Nagios service monitoring
  • Application development in Plone
  • Development is under Git application revision control
  • Standard project management practices including structured change management for software changes and continuity support for personnel scheduling (i.e. vacation, sick days)
  • Security analysis of websites and applications
  • 10gigs file space for application code files and associated data (e.g. images)
  • Backups are performed on all production data
  • Weekly full backups with daily incremental backups of system and database directories
  • Weekly Qualys Vulnerability Scan of Application/Database resources
  • 8am to 5pm Service for OIS-Supported resources, Monday through Friday
  • 8am to 5pm application and reporting support, Monday through Friday  

Service Assumptions

  • Service interruptions beyond the control of OIS will be prioritized with the appropriate University entity or external vendor.
  • Uptime will be maximized but will allow for scheduled maintenance and downtime.
  • Web page delivery performance will be maintained at the highest possible standard for the average of all the system’s sites.

Roles and Responsibilities

Key Contacts

OIS Responsibilities

  • Provide a hosted solution for general website needs for Departments, Centers, Programs and special interest groups for the School of Medicine.
  • To respond to issues with the system in a timely manner, scheduling code fixes as needed.
  • To continuously improve the services and security of our offering.

Customer Responsibilities

  • Do not knowingly store sensitive data (HIPAA, FERPA, etc.) on the website.
  • Report functional issues promptly for resolution.
  • Do not operate “spiders”, any automated link or content scanning tool, against any part of the production site.

Service Support

Requesting service support

The following methods can be used to request a service support from OIS:

  • Submit an Online Service Request - by utilizing the web, your request will be automatically associated with your department and visible to technicians.
  • Call the Help Desk at 962-HELP - to create a ticket for the OIS Web Team
  • The Walk-In Help Desk is open Monday to Friday 9am – 4pm with the exception of federal holidays, University holidays, and announced University closures. 
  • Email
  • For critical issues (defined below) contact a OIS Service Owner directly (located in Key Contacts above).

Project change management / issue tracking occurs internally via Jira.  

Prioritization

The Severity level chosen for a request defines how urgently OIS will respond and resolve your request. OIS reserves the right to reprioritize issues at it’s sole discretion. The three Severity Levels are: Critical, Important, and General.

Critical

OIS defines Critical issues as a business disruption to multiple users or an issue that affects an individual's health, safety or the ability to complete critical work.

Important

OIS defines Important as problems that affect an individual but the problems do not prevent work in other areas.

General

OIS defines General as problems that are neither critical nor important.

Response Times

OIS will respond and provide resolution targets based on the priority of the request as defined in the section above:

  • Critical - 1 hour
  • Important - 1 business day
  • General - 5 business days

It is the goal of OIS to meet, and exceed when possible, the levels of services documented in this agreement.

Escalation

If there is a reason to believe that the incident or request is not being handled appropriately, contact the OIS Service Owner identified in the Key Contact section of this document.

Hours of Coverage

The hours of coverage for the service is 8am to 5pm, Monday through Friday.

Maintenance and Service Changes

All services and/or related components require regularly scheduled maintenance in order to meet established service levels. OIS does this by monitoring, managing, and evaluating changes to maximize the service benefits to the customer, while minimizing the risks involved in making those changes.

Outage

OIS defines outages as noticeable gaps in service availability.

All planned and unplanned outages will be posted to the system status page.

Planned Outages

A planned service outage is work that is planned and scheduled at least two business days prior to the scheduled date. OIS will send a communication to the appropriate audience two business days prior to the scheduled outage.

Unplanned Outages

An unplanned service outage is work that is unplanned due to an unforeseen event or urgent repair to prevent failure. Unplanned service outages are given priority (and communicated immediately) on a case-by-case basis depending on the type and urgency of the service failure. OIS will send a communication to the appropriate audience notifying them of when the service is available.

Change to Services

OIS will provide notification to our customers of upcoming change events that may have the potential to impact the services provided in this SLA.

Email to direct users

OIS will notify via email all stakeholders and end users regarding significant changes that are likely to impact the end user.

Addendum to SLA

An addendum to the SLA will be distributed to all stakeholders or made public to document any changes to the services outlined in this SLA.

Maintenance Window

Planned maintenance for any system software, OS, etc. will be done, where applicable, during a defined maintenance window.  The maintenance window for this agreement is anytime not during business hours 8-5pm after 2 days notifications has been delivered.  Any maintenance that is required to be done outside of the normal maintenance window (Unplanned or Planned) will be communicated to the Key Contacts and the Application Owners.

Cost of Services

Pricing or Cost of Services

The annual costs of the services are:

Core Services and Support:

$0 per year to include the following components:

  • 10GB of disk space for application code and database storage
  • Initial setup of application and database components, web urls, etc.
  • Backup services
  • Security Review and Plan
  • Monitoring
  • Support outside of this offering to be agreed upon and billed per standard hourly rate.
Development

Continuous improvement to features and security are at no cost.

Support

Basic content author support and training are provided at no cost (up to 30 minutes per session).

 

Non-Core Services and Support:

Cost recovery of $80/hr.

  • Each project will be scoped with a unique project plan, statement of work and service level agreement.
  • All phases of development are at cost recovery, from planning, meetings, development to deployment and ongoing support.

Cost for Data restores

  • Data restore in 2 business days - $80
  • Data restored from off site backup - $200

Annual cost of Additional Storage

  • $10/gig

Billing

Non-core services will be billed at the end of the month to the sponsoring department.

Limitation of Liability

OIS shall have no liability or responsibility in the event of any loss or interruption in the services described within this SLA due to causes beyond its reasonable control or ability to foresee.

Terms

This Agreement is valid from Jan. 2014 to Jan 2015. Contracts are on a one year term and automatically renew at the end of the contract period.  

Appendix : Associated Policies, Processes and Procedures

UNC School of Medicine, UNC Health Care, UNC ITS Information and Security Policies

http://www.med.unc.edu/www/administration/infotech/policies

UNC ITS Policies

http://its.unc.edu/ITS/about_its/its_policies/index.htm

UNC ITS Data Security Policies

https://its.unc.edu/infosecurity/campussecurity/ss_data_its_security_standards

UNC Policies, Procedures & Systems

The link below provide access to employee policies and procedures at UNC-Chapel Hill

http://hr.unc.edu/policies-procedures-guidelines/spa-employee-policies/index.htm