Upload
billy82
View
3.196
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
NOAA OCIO IT
Services Catalog
Table of Contents
Introduction___________________________________________________________2
Desktop Management Services___________________________________________4
Desktop Management Service Levels___________________________________________5
Desktop Management Services Pricing_________________________________________6
Data and Voice Networks Services________________________________________8
Data and Voice Networks Service Levels________________________________________9
Data and Voice Networks Services Pricing_____________________________________11
Data Center Services__________________________________________________13
Data Center Service Levels__________________________________________________14
Data Center Services Pricing_________________________________________________17
End User Service Center (EUSC) Services_________________________________19
End User Service Center Service Levels_______________________________________20
Service Desk Services Pricing________________________________________________25
Collaboration Services_________________________________________________27
Collaboration Service Levels_________________________________________________28
Collaboration Services Pricing_______________________________________________28
Special Projects______________________________________________________30
Special Project Service Levels_______________________________________________31
Special Projects Services Pricing_____________________________________________33
Application Services___________________________________________________36
Application Service Levels__________________________________________________37
Application Services Pricing_________________________________________________38
Security Services_____________________________________________________40
Security Service Levels_____________________________________________________41
Security Services Pricing____________________________________________________44
Architecture Services__________________________________________________45
Enterprise Architecture Maturity Assessment (AMA)_____________________________46
Enterprise Architecture – Quality Measurement_________________________________47
Project Management Services___________________________________________52
Project Management Service Levels___________________________________________54
Project Management Services Pricing___________________________________________55
Page i of 61 4/10/2023
Page ii of 61 4/10/2023
document.doc
IntroductionThe National Oceanic and Atmospheric Administration (NOAA) OCIO and its Line Office OCIOs work closely with business partners throughout NOAA and the Department of Commerce to ensure the reliable delivery, support and use of leading edge technology that will better enable the NOAA mission. As part of these efforts, the OCIO is pleased to present its service offerings for the calendar year 2008. This service catalog covers all services offered by OCIO’s IT service organization to the NOAA.
The services defined within this catalog are structured into “benchmarkable” families so that comparisons can be made against peer companies and external service providers on a regular basis. Our services fall into nine major categories, described in this order:
Desktop Management Services
Data and Voice Network Services
Data Center Services
End User Service Center Services
Collaboration Services
Special Projects
Application Services
Security Services
Architecture Services
Project Management Services
Further description of the services is identified in the graphic below:
Figure 1. Service Description
Security
Architecture Services
Project Management
ServicesProcurement
Application Services
Special Projects
Collaboration Services
End User Service Center
Data Center Services
Data and Voice
Network
Desktop Management
SecurityArchitecture
Services
Project Management
ServicesProcurement
Application Services
Special Projects
Collaboration Services
End User Service Center
Data Center Services
Data and Voice
Network
Desktop Management
Enterprise Data
Network
Voice/PBX/VoIP
IMAC
Desktop End-User
Computing Services
Desktop Application Services
Asset Management
Hosting Operations and Admin
Storage
COOP/DR
IMAC
Consolidation of NOAA
Help Desks
Tier 0/1 Service Desk Operations
Voice and Video
Conferencing
Web Conferencing and Webcast
Email Consolidation
Document / Records
Management
Training, Technical Services & Consulting
Application and Web
Development
Application and Web
Maintenance
Web Design and Content Management
Hardware
Software
Services
Order Management
SOC
Security Services e-Gov
Support
Emerging TechnologyResearch
On-site Project and
Program Support
PMO Technology Architecture
Support
SecurityArchitecture
Services
Project Management
ServicesProcurement
Application Services
Special Projects
Collaboration Services
End User Service Center
Data Center Services
Data and Voice
Network
Desktop Management
SecurityArchitecture
Services
Project Management
ServicesProcurement
Application Services
Special Projects
Collaboration Services
End User Service Center
Data Center Services
Data and Voice
Network
Desktop Management
Enterprise Data
Network
Voice/PBX/VoIP
IMAC
Desktop End-User
Computing Services
Desktop Application Services
Asset Management
Hosting Operations and Admin
Storage
COOP/DR
IMAC
Consolidation of NOAA
Help Desks
Tier 0/1 Service Desk Operations
Voice and Video
Conferencing
Web Conferencing and Webcast
Email Consolidation
Document / Records
Management
Training, Technical Services & Consulting
Application and Web
Development
Application and Web
Maintenance
Web Design and Content Management
Hardware
Software
Services
Order Management
SOC
Security Services e-Gov
Support
Emerging TechnologyResearch
On-site Project and
Program Support
PMO Technology Architecture
Support
Each service description includes the applicable services, request procedures, service-level information and unit of charge or “driver” information. This structure was developed within the
Page 3 of 61 4/10/2023
document.doc
context of being able to provide services as a basis for assessing costs, service levels and opportunities for improvement.
While IT support services are familiar to our business partners, the NOAA OCIO has created these services and standardized the service descriptions in an effort to enhance and simplify the service environment. In limited instances, this may result in a financial impact to a particular customer. The prices in this document will be evaluated during the coming year to assess the potential impact to all customers, while not changing (or diverging) from the current cost allocation methodology for IT resources.
Page 4 of 61 4/10/2023
document.doc
Desktop Management ServicesDesktop management facilitates the delivery of desktop and laptop computing to the end user. The National Oceanic and Atmospheric Administration’s (NOAA) Desktop Management Services provisions a suite of services to support hardware purchase / lease and licensing for all desktop, end user devices, enterprise licensed software, productivity software and infrastructure.
Specifically included within Desktop Management Services are:
Desktop End User Computing services
Operations and Administration Services provides services associated with the day-to-day management of the installed desktop and end user hardware and software; hardware in scope includes desktops, laptops, personal digital assistants (PDA), printers (local and networked), scanners, monitors and data storage devices (e.g., hard drives, CD/DVD).
Data Backup, Storage and Recovery Services
Levels 2 and 3 hardware and software support
─ On-site Break/Fix Services
─ Installations, Moves, Adds and Changes (IMAC), which provides onsite and remote support for IMACs in all NOAA regions
Desktop Application Services
─ NOAA-certified standard business productivity software
─ Image Configuration and Management, which provides image management services and works with NOAA to standardize NOAA images
Asset Management for desktops and end user devices
It is important to note that Desktop Management Services excludes the following, which are all delivered through other services (Collaboration, Output, Help Desk and Infrastructure):
E-mail and Instant Messaging
File and Print Services
Storage
Help Desk
LAN/WAN Connectivity
Page 5 of 61 4/10/2023
document.doc
Desktop Management Service LevelsThe following chart depicts the level of service provided for Desktop Management Services. These service-level targets are the basis for negotiated service-level agreements (SLAs) with the business units. Selection of level of service – customary or premium – is based on business unit needs.
Customary Desktop Management Service Levels
Service Level Description Objective Target Metric
Desktop / Laptop Installation
Acceptable time required to install a new desktop system upon appropriate service request
Normally, a service request for more than five installations is considered a project and is based on an agreed project timeframe
Number of business days from time system arrives at installation site, or 10 days end to end
95% of the time
Desktop / Laptop Move, Add, or Change (MAC)
Acceptable time required to move, add, or change software or hardware for a single desktop system upon appropriate service request
Normally a service request for more than five MACs is considered project and is based on an agreed project timeframe
Within the number of SLA business days from time of notification by Service Recipient for standard and non-standard product(s); 10 days
90% of the time
Image ManagementTime within which service provider will create, test, and document a new desktop / laptop image
< 10 days from receipt of request from Service Recipient
99.0%
Service Level Description Objective Target Metric
Desktop / Laptop Installation
Acceptable time required to install a new desktop system upon appropriate service request
Normally, a service request for more than five installations is considered a project and is based on agreed project timeframe
Number of business days from time system arrives at installation site (4 hours or 10 days end to end)
95% of the time
Desktop / Laptop Move, Acceptable time required to move, add, or Within the number of SLA business days 95% of the time
Page 6 of 61 4/10/2023
document.doc
Add, or Change (MAC) change software or hardware for a desktop system upon appropriate service request
Normally a service request for more than five MACs is considered project and is based on an agreed project timeframe
from time of notification by Service Recipient for standard and non-standard product(s); 1 day,
Image Management Time within which service provider will create, test, and document a new desktop / laptop image
< 10 days from receipt of request from Service Recipient
99.5%
Desktop Management Services PricingThe following table describes the Desktop Management Services and the pricing for customary and premium services. Pricing for premium services will be on a case-by-case basis, based on business unit needs.
Customary Desktop Management Service Pricing
Service Description Monthly Price Comment
Desktop / Laptop Support Includes operating system and related software upgrades and fixes, electronic distribution of desktop/laptop software, backup and restoration of desktop/laptop data, access and security management, and image management
Per desktop / laptop
Standard Desktop / Laptop Provisioning
Includes asset purchasing, preparation, installation, warranty coordination, cleaning for disposal, and disposal
Per desktop / laptop Pricing based on customary service levels for standard equipment fulfillment, configuration, integration, shipping, installation, user account setup, user account deletion, MACs, and virus file release
Page 7 of 61 4/10/2023
document.doc
Premium Desktop Management Service Pricing
Service Description Monthly Price Comment
Desktop / Laptop Support with Premium Service Levels
Includes operating system and related software upgrades and fixes, electronic distribution of desktop/laptop software, backup and restoration of desktop/laptop data, access and security management, and image management
Per desktop / laptop
Non-standard Desktop / Laptop Provisioning
Includes asset purchasing, preparation, installation, warranty coordination, cleaning for disposal, and disposal
Per desktop / laptop Pricing based on premium service levels for non-standard equipment fulfillment, configuration, integration, shipping, installation, user account setup, user account deletion, MACs, and virus file release
Standard Desktop / Laptop Provisioning
Includes asset purchasing, preparation, installation, warranty coordination, cleaning for disposal, and disposal
Per desktop / laptop Pricing based on premium service levels for standard equipment fulfillment, configuration, integration, shipping, installation, user account setup, user account deletion, MACs, and virus file release
Unit Exchange Program (Loaners) Provide a backup device for use when primary device is being repaired
Per desktop / laptop
Page 8 of 61 4/10/2023
document.doc
Data and Voice Networks ServicesData and Voice Network requirements include providing advanced services for Enterprise Data Network (LAN/WAN), Network Operations Center, Remote Access, Voice/PBX/VoIP and Installs, Move, Add, or Changes (IMACs). Network Services consist of the following:
Enterprise Data Network
Enterprise Data Network services include the provisioning and management of a reliable, scalable, responsive and secure high-speed network infrastructure to all NOAA locations while providing Quality of Service (QoS) capabilities to guarantee bandwidth throughput.
NOAA will standardize networking processes as well as consolidate networks when possible to enable a consistent user experience across NOAA.
─ WAN Services
─ LAN Services
─ Network Operations Center
─ Remote Access (VPN) Services
Voice/PBX/VoIP Support
Voice/PBX/VoIP support or services to meet NOAA business needs for highly available, scalable, reliable and secure (unclassified) Voice Communications Services.
─ Voice/PBX/VoIP Devices
─ Voice Network Services
─ Voice Messaging
─ Directory Service
IMAC
On-site and remote support for Enterprise Data/Voice Network related IMACs in all NOAA Regions.
Scheduling, trouble ticket status updating and asset management system updating.
NOAA telecommunications hardware inventory support and services to achieve optimal service levels. Hardware inventory services include packaging, unpackaging, imaging, updating, re-imaging, hardware diagnostics, documentation, updating of the knowledge base, queue management and Level 2 and Level 3 support.
Page 9 of 61 4/10/2023
document.doc
Data and Voice Networks Service LevelsThe following chart depicts the level of service provided for Data and Voice Network Services. These service-level targets are the basis for negotiated SLAs with the business units. Selection of level of service – customary or premium – is based on business unit needs.
Customary Data and Voice Network Service Levels
Service Level Description Objective Target Metric
Data Network AvailabilityThe percent of time that the data network is available for normal business operations
99.90% 99.90%
Internet AvailabilityThe percent of time that the Internet is available for normal business operations
99.90% 99.90%
Local Network AvailabilityThe percent of time that the local network is available for normal business operations
99.50% Availability 99.50%
Move, Add, Change, Delete Telecom: 1 to 25 Hardware and Wire
Average time to complete a move, add, change or delete for network system that requires a change for hardware and or wiring
5 days 95% of the time
Move, Add, Change, Delete Telecom: 1 to 25 Software
Average time to complete a move, add, change or delete for network system that only requires a change that can be completed by software
1 day 95% of the time
Wide Area Network Availability
The percent of time that the wide area network is available for normal business operationsIncludes voice and data as well as the equipment infrastructure
99.00% 99.00%
Response Time - NetworkTime required for a packet to go between an end user demarcation point and the host site FEP or similar device
0.5 seconds 0.5 seconds
Voice Mailbox AvailabilityThe percent of time that the voicemail system is available for normal business operations
99.7% Availability 99.7%
Page 10 of 61 4/10/2023
document.doc
Voice Network AvailabilityThe percent of time that the voice network is available for normal business operations
99.90% 99.90%
WAN AvailabilityThe percent of time that the WAN is available for normal business operations
99.5% Availability 99.5%
Premium Infrastructure Service Levels
Service Level Description Objective Target Metric
Move, Add, Change, Delete Telecom: 1 to 25 Software
Average time to complete a move, add, change or delete for network system that only requires a change that can be completed by software
2 hours 80% of the time
Move, Add, Change, Delete Telecom: 1 to 25 Hardware and Wire
Average time to complete a move, add, change or delete for network system that requires a change for hardware and or wiring
1 day 80% of the time
Response Time - NetworkTime required for a packet to go between an end user demarcation point and the host site FEP or similar device
0.5 seconds 0.001 seconds
Page 11 of 61 4/10/2023
document.doc
Data and Voice Networks Services PricingThe following table describes the Data and Voice Network Services and the pricing for customary and premium services. Pricing for premium services will be on a case-by-case basis, based on business unit needs.
Customary Data and Voice Networks Service Pricing
Service Description Monthly Price Comment
Network Connectivity Support Includes all services relating to internetworking (WAN connectivity, hubs, routers, labor and monitoring, etc.) to support a LAN connected PCAlso includes conferencing services support and basic terminal server access for remote users
Required for every LAN connected seat and does not include special dedicated connections
Basic Line - Voice Standard Voice provides users with a handset and a dial tone through the Centrex or PBX-based services
Global Voice Mail Global Voice Messaging - Telephone Answering System with moves/adds /changes, global messaging capabilities, access to system distribution lists
Voice Network Local service and long distance service, to phone users with local, intrastate, interstate, and international calling from enterprise facilities
Page 12 of 61 4/10/2023
document.doc
Premium Data and Voice Networks Service Pricing
Service Description Monthly Price Comment
Custom Terminal Server Access Access to specific terminal servers that are not included in the base per seat charge; includes all costs associated with specific terminal servers including dedicated 800 lines, server hardware and software, floor space and all associated labor
Costs will be allocated based on actual usage and billed directly to user departments
The goal of this Service is to limit the excessive number of user defined terminal servers
Dedicated Lines Any specific dedicated connectivity required by a business unit (above and beyond standard backbone support)This may include large dedicated bandwidth or individual dedicated lines for specific users (e.g., dedicated home access)
Usage charges billed directly to business units
Dedicated Lines
Page 13 of 61 4/10/2023
document.doc
Data Center ServicesThe National Oceanic and Atmospheric Administration (NOAA) Data Center environment includes the administration and management of servers and storage such as: Mainframe, Unix-based, Windows-based systems and associated data storage and backup services and supporting systems software (e.g., operating systems, utilities, schedulers) from a centralized location. These environments support NOAA’s business applications/databases, file/print services, e-mail (including Blackberry) services, and other NOAA-specific infrastructure-related functions.
Data Center Services include the following:
Business Continuity and Disaster Recovery: Process of planning and managing organizational preparation for future incidents that could jeopardize the organization’s core mission and long-term health.
Configuration Management: Process of managing change controls placed on hardware, software, documentation, testing and test documentation during the development and operational life of a system.
Database Management: Process of managing database systems to ensure optimal delivery for all aspects of the organizational data infrastructure.
Facilities Management: Process of managing data center facilities to ensure efficient operations, flexibility and scalability. Key management parameters include site location, building selection, floor layout, electrical system design, mechanical design and modularity.
Monitoring: Process of proactively managing and monitoring operational systems to identify underperforming systems and other incidents which affect IT service delivery.
Performance Management: Process of managing IT infrastructure and operations (network performance) as an integrated part of business-relevant performance metrics.
Task Management – Output Management: Process of managing middleware that drives the output process and supports the automated creation and delivery of business process and ad hoc documents.
Task Management – Job Scheduling: Process of managing enterprise software applications that execute unattended background activities through a single point of control overseeing integration of real-time activities with background processing requirements.
Page 14 of 61 4/10/2023
document.doc
Data Center Service LevelsThe following chart depicts the level of service provided for Data Center Services. These service-level targets are the basis for negotiated service-level agreements (SLAs) with the business units.
Table 1. System Availability
Service Level Description Objective Target Metric
Mainframe OS and Subsystems
Per System Availability Sun.–Sat., 0000–2400 99.99%
Unix Production Servers Per Server Availability Sun.–Sat., 0000–2400 99.99%
AS/400 Production Servers Per Server Availability Sun.–Sat., 0000–2400 99.99%
Windows Production Servers (Critical)
Per Server Availability Sun.–Sat., 0000–2400 99.99%
Windows Production Servers (Non-critical)
Per Server Availability Mon.–Fri., 0400–1900 99.5%
QA/Test Systems and Servers Per Server Availability Mon.–Sat., 0400–1900 99.5%
Development Servers Per Server Availability Mon.–Sat., 0400–1900 99.5%
Table 2. Batch Processing
Service Level Description Objective Target Metric
Scheduled Production Batch Per Scheduled Time Complete core jobs per approved schedule 99.50%
Demand Production Batch Response Time 20 minutes to initiation from receipt of request 95%
Set up or modify job scheduler definition and dependencies
Response Time Next Business Day (all daily requests) 98%
One-time schedule change for existing scheduled jobs
Response Time 2 hours (all daily requests) 98%
Page 15 of 61 4/10/2023
document.doc
Table 3. General Administrative Functions
Service Level Description Objective Target Metric
Set Up/Modify End-User ID or Authorization changes.
Response Time:
1–5 User IDs
6–10 User IDs
>10 User IDs
Objective:
2 Business Days 3 Business Days Per agreed-on time
95%
Table 4. System Administration
Service Level Description Objective Target Metric
Advise need to allocate additional processing resources based on pre-defined parameters and observed growth patterns
Proactive monitoring and reporting of need to increase capacity
Sustained average daily CPU utilization approaches 70% of installed processor capacity—Inform within 1 Business Day
99%
On-Demand CPU Processing capability change requests
Elapsed TimeIncreases/decreases of 20% of baseline CPU processing capability within 2 days
99%
Advise need to allocate additional storage resources based on pre-defined parameters and observed growth patterns
Proactive monitoring and reporting of need to increase capacity
Total monthly storage capacity utilization measured in GBs used approaches 80% of installed capacity—Inform within 1 Business Day
99%
On-Demand disk storage capacity change requests
Elapsed Time
Increases/decreases of 10% of installed storage capacity within 7 Business Days of request/approval
If owns the assets, then metric is within 7 Business Days of delivery of equipment to data center
99%
System security requests (RACF, ACF2)
Response Time Next Business Day 99%
Deploy service/security patches/antivirus updates necessary to fix/repair
Response Time Same Business Day as signoff, subject to agreed-upon Change Management procedures
99%
Page 16 of 61 4/10/2023
document.doc
Service Level Description Objective Target Metric
environment vulnerabilities
Restore of production datasets from on-site backups (non-DR)
Time to initiate restore Initiated within 20 minutes of request 95%
Table 5. Server Software and System Refresh
Service Level Description Objective Target Metric
Notification of vendor Software upgrades and new releases
Response Time Within 30 days after Software vendor announcement 95%
Completion of implementation of service packs and updates to “dot” releases
Response TimeWithin 60 days following approval, or as otherwise mutually agreed
95%
Completion of implementation of version or major release updates
Response TimeWithin 120 days after approval, or as otherwise mutually agreed
95%
Refresh for midrange servers (Windows)
Response TimePopulation age greater than 3 years old based on business unit approval
95%
Individual patches and requisite patches per database
Elapsed TimeSame Business Day as signoff, completed within Availability SLRs
95%
Table 6. Restore
Service Level Description Objective Target Metric
Restore Requests for production data
Response Time
Data 1 week old or less
Commence restore within 3 hours from request (assumes data are being restored from copies of on-site backups)
100%
Restore Requests for recovery of test data or data volume backups
Response TimeData 1 week old or less
Commence restore within 8 hours from request (assumes data are being restored from copies of on-site backups)
100%
Page 17 of 61 4/10/2023
document.doc
Service Level Description Objective Target Metric
Restore Requests for recovery of data or data volume backups
>1 week old Commence restore within 3 Business Days 100%
Page 18 of 61 4/10/2023
document.doc
Data Center Services PricingThe following table describes the Data Center Services and the pricing for customary and premium services. Pricing for premium services will be on a case-by-case basis, based on business unit needs.
Table 7. Mainframe
Customary Mainframe Service Pricing
Service Description Monthly Price Comment
Disaster Recovery Services Regaining access to data, hardware and software necessary to resume, at a minimum, critical business operations
Fixed Monthly Charge
Mainframe CPU – MVS (z/OS) Maintaining operations in accordance with defined service level
Per installed MIP
Mainframe CPU – TPF Maintaining operations in accordance with defined service level
Per installed MIP
SAN Storage Maintaining operations of remote storage devices in accordance with defined service level
Per allocated terabyte
Tape Backup Maintaining backup operations in accordance with defined service level
Physical mounts
Tape Backup Maintaining backup operations in accordance with defined service level
Per tape
Table 8. Midrange
Customary Midrange Service Pricing
Service Description Monthly Price Comment
Disaster Recovery Services Regaining access to data, hardware and software necessary to resume, at a minimum, critical business operations
Fixed Monthly Charge
Page 19 of 61 4/10/2023
document.doc
Customary Midrange Service Pricing
Service Description Monthly Price Comment
Solaris Servers Maintaining operations in accordance with defined service level
Price per Server
AIX Servers Maintaining operations in accordance with defined service level
Price per Server
WINTEL Servers Maintaining operations in accordance with defined service level
Price per Server
VMWare Maintaining operations in accordance with defined service level
Price per Virtual Host
AS400 Maintaining operations in accordance with defined service level
Price per Server
SAN Storage Maintaining operations of remote storage devices in accordance with defined service level
Per Allocated Terabyte
Tape Backup Maintaining backup operations in accordance with defined service level
Physical Mounts
Tape Backup Maintaining backup operations in accordance with defined service level
Per Tape
Page 20 of 61 4/10/2023
document.doc
End User Service Center (EUSC) ServicesEnd User Service Center service requirements include the Consolidation of NOAA Help Desks, Provision of Tier 0/1 Service Desk Operations, Single Point of Contact (SPOC), Incident Management, Remote Device and Software Management and Planning, Analysis and Reporting.
NOAA objectives for End User Service Center (EUSC) services are to:
Improve IT customer service and incident resolution speed through consolidation of NOAA help desks
Establish a single point of contact for IT support and services through the help desk to all users in accordance with agreed-upon performance standards
Provide timely and accurate initial assessment, root cause analysis and consistent incident and problem management
Improve NOAA efficiency and effectiveness by adopting Provider-leveraged knowledge databases and best practices in reporting critical information to customers (e.g., usage,
Page 21 of 61 4/10/2023
document.doc
End User Service Center Service LevelsThe following chart depicts the level of service provided for Service Desk Services. These service level targets are the basis for negotiated service-level agreements (SLAs) with the business units. Selection of level of service – customary or premium – is based on business unit needs.
Customary End User Service Center Service Levels
Service Level Description Objective Target Metric
Break/Fix Critical Applications
Time to restore functionality of critical applications
4 hours 100%
Break/Fix Non-Critical Applications
Time to restore functionality of non-critical applications
24 hours 100%
Call Abandonment Rate
The call abandonment rate is the proportion of calls that come into the Service Desk that either hang up or are disconnected before the agent answers the phone
<5% of calls abandoned <5%
Call Closure within Eight Business Hours
Time between the opening of an incident and its final closure; final closure of the ticket often requires a waiting period or confirmation with the service recipient after the issue has been resolved; include the total time here from inception through post resolution closure
75% for the first two months with 5% monthly increases until first call resolution rate equals or exceeds 90%
90%
Call Closure within Next Business Day
Time between the opening of an incident and its final closure; final closure of the ticket often requires a waiting period or confirmation with the service recipient after the issue has been resolved; include the total time here from inception through post resolution closure
85% for the first two months with 5% monthly increases until first call resolution rate equals or exceeds 99.5%
99.5%
Configuration Problem
Resolution of configuration issues within Service Recipient environment is and efficient and effective management/resolution, including documentation of problems relating to processing environment configurations
Within one business day from time of notification by Service Recipient 90% of the time (NOTE: May vary depending upon "campus" or "remote" unit location)
90%
Page 22 of 61 4/10/2023
document.doc
Customary End User Service Center Service Levels
Service Level Description Objective Target Metric
File Restoration (Disaster Recovery)
Begin process of restoring files when notified by Service Recipient or become aware of failure through self analysis or contact center
Number of business hours until completion from time of notification by Service Recipient
2 days
First Call Resolution RateThe servicing and closing of a IT related incident ticket by Service Desk when a service recipient places a call
50% for the first two months with 5% monthly increases until first call resolution rate equals or exceeds 68% (NOTE: Service level varies by I5 Through I5)
68%
Follow-on Calls Due to Problem Repeated after Initial Fix Failed
This is a measure of quality; it tracks repeat calls, or the number of calls initiated by an end user to correct the same problem that had been closed as resolved
10% for the first two months with a 1% reduction per month until 5% is achieved
5%, 99% of the time
Service Desk Call AnswerAnswer time is the number of seconds it takes any representative of service recipient to connect with contact center representative
90% of calls will be answered < 30 seconds by live person that is front-end directed by ACD
30 seconds, 90% of the time
Mean Time to Repair (MTTR) Applications
Time to restore functionality of applications 5 days 96%
Mean Time to Restore - Data Severity 1
The average time it takes to restore data network for critical systems
<4 hours95% of the time
Mean Time to Restore - Data Severity 2
The average time it takes to restore data network for multiple non-critical systems
<24 hours95% of the time
Mean Time to Restore - Data Severity 3
The average time it takes to restore data network for single non-critical systems
<72 hours95% of the time
Mean Time to Restore - Voice Severity 1
The average time it takes to restore voice service for a major user impact
<4 hours95% of the time
Mean Time to Restore - Voice Severity 2
The average time it takes to restore voice service for a work group or multiple users
<24 hours95% of the time
Mean Time to Restore - Voice Severity 3
The average time it takes to restore voice service for a single user
<72 hours95% of the time
Password ResetReset end user authorizations based on end user request
Number of minutes until completion from time of notification by Service Recipient
1 hour, 95% of the time
Page 23 of 61 4/10/2023
document.doc
Customary End User Service Center Service Levels
Service Level Description Objective Target Metric
Priority 1 - Mission Critical Impact - Multiple Users Down
Acceptable time to resolve problems for hardware, software and system components within the desktop environment that are mission critical or effect significant number of end users
Number of hours until resolution2 hours, 95% of the time
Priority 2 - Major Impact Single User Down ,Other Users Affected
Acceptable time to resolve problems for hardware, software and system components within the desktop environment that are major impact or effect number of end users
Number of business hours until resolution8 hours, 85% of the time
Priority 3 - Moderate Impact Single User Down with a Few Others Capable of Performing Required Tasks
Acceptable time to resolve problems for hardware, software and system components within the desktop environment that are moderate impact or affect few end users
Number of business days until resolution2 days, 95% of the time
Priority 4 - Minor Impact User down with Many Others Capable of Performing Required Tasks
Acceptable time to resolve problems for hardware, software and system components within the desktop environment that are minor impact
Number of business days until resolution3 days, 90% of the time
Software ProblemMeasure performance in resolving software problems with servers, desktops, laptops, midrange computers, mainframe computers
Within one business day from time of notification by Service Recipient 90% of the time (NOTE: May vary depending upon "campus" or "remote" unit location)
90.00%
Individual User Accounts (including email)
Acceptable time for creation of access authorizations and codes for end user access to systems via desktop / laptop
Number of business hours until completion from time of notification by Service Recipient
5 minutes, 80% of the time
Deletion of Individual User Accounts (including email)
Acceptable time for deletion of access authorizations and codes
Number of business hours until completion from time of notification by Service Recipient
2 weeks
Page 24 of 61 4/10/2023
document.doc
Premium Service Desk Service Levels
Service Level Description Objective Target Metric
Call Abandonment Rate The call abandonment rate is the proportion of calls that come into the Service Desk that either hang up or are disconnected before the agent answers the phone
<5% of calls abandoned
<2%
Call Closure within Four Business Hours
Time between the opening of an incident and its final closure; final closure of the ticket often requires a waiting period or confirmation with the service recipient after the issue has been resolved; include the total time here from inception through post resolution closure
70% for the first two months with 5% monthly increases until first call resolution rate equals or exceeds 85%
85%
Configuration Problem Resolution of configuration issues within Service Recipient environment is and efficient and effective management/resolution, including documentation of problems relating to processing environment configurations
Within one business day from time of notification by Service Recipient 90% of the time (NOTE: May vary depending upon "campus" or "remote" unit location)
95%
File Restoration (Disaster Recovery)
Begin process of restoring files when notified by Service Recipient or become aware of failure through self analysis or contact center
Number of business hours until completion from time of notification by Service Recipient
2 hours, 80% of the time
First Call Resolution Rate The desired percentage of total contacts planned for resolution at this level; first contact completion applies when the first person the customer reaches either answers the question, resolves the problem, or dispatches service where appropriate; warm transfers and call backs should be considered second or greater contact
40% for the first two months with 5% monthly increases until first call resolution rate equals or exceeds 80%
80.81%
Follow-on Calls Due to Problem Repeated after Initial Fix Failed
This is a measure of quality; it tracks repeat calls, or the number of calls initiated by an end user to correct the same problem that had been closed as resolved
10% for the first two months with a 1% reduction per month until 5% is achieved
5%, 99% of the time
Service Desk Call Answer Answer time is the number of seconds it takes any representative of service recipient to connect with contact center representative
90% of calls will be answered < 30 seconds by live person that is front-end directed by ACD
5 seconds, 98% of the time
Page 25 of 61 4/10/2023
document.doc
Premium Service Desk Service Levels
Service Level Description Objective Target Metric
Mean Time to Repair (MTTR) Applications
Time to restore functionality of applications 30 minutes 96% of the time
Mean Time to Restore - Data Severity 2
The average time it takes to restore data network for multiple non-critical systems
<12 hours95% of the time
Mean Time to Restore - Data Severity 3
The average time it takes to restore data network for single non-critical systems
<24 hours95% of the time
Mean Time to Restore - Voice Severity 1
The average time it takes to restore voice service for a major user impact
<2 hours 95% of the time
Mean Time to Restore - Voice Severity 2
The average time it takes to restore voice service for a work group or multiple users
<12 hours 95% of the time
Mean Time to Restore - Voice Severity 3
The average time it takes to restore voice service for a single user
<24 hours95% of the time
Mean Time to Restore e - Data Severity 1
The average time it takes to restore data network for critical systems
<2 hours95% of the time
Password Reset Reset end user authorizations based on end user request
Number of minutes until completion from time of notification by Service Recipient
5 minutes, 80% of the time
Priority 1 - Mission Critical Impact - Multiple Users Down
Acceptable time to resolve problems for hardware, software and system components within the desktop environment that are mission critical or effect significant number of end users
Number of hours until resolution 1 hour
Priority 2 - Major Impact Single User Down ,Other Users Affected
Acceptable time to resolve problems for hardware, software and system components within the desktop environment that are major impact or effect number of end users
Number of business hours until resolution2 hours, 95% of the time
Priority 3 - Moderate Impact Single User Down with a Few Others Capable of Performing Required Tasks
Acceptable time to resolve problems for hardware, software and system components within the desktop environment that are moderate impact or affect few end users
Number of business days until resolution3 hours, 90% of the time
Priority 4 - Minor Impact Acceptable time to resolve problems for Number of business days until resolution 4 hours, 90% of the
Page 26 of 61 4/10/2023
document.doc
Premium Service Desk Service Levels
Service Level Description Objective Target Metric
User down with Many Others Capable of Performing Required Tasks
hardware, software and system components within the desktop environment that are minor impact
time
Software Problem Measure performance in resolving software problems with servers, desktops, laptops, midrange computers, mainframe computers
Within one business day from time of notification by Service Recipient 90% of the time (NOTE: May vary depending upon "campus" or "remote" unit location)
95.00%
Individual User Accounts (including email)
Acceptable time for creation of access authorizations and codes for end user access to systems via desktop / laptop
Number of business hours until completion from time of notification by Service Recipient
5 days, 95% of the time
Deletion of Individual User Accounts (including email)
Acceptable time for deletion of access authorizations and codes
Number of business hours until completion from time of notification by Service Recipient
30 minutes
Service Desk Services PricingThe following table describes the Service Desk Services and the pricing for customary and premium services. Pricing for premium services will be on a case-by-case basis, based on business unit needs.
Page 27 of 61 4/10/2023
document.doc
Customary Service Desk Service Pricing
Service Description Monthly Price Comment
Infrastructure Service Desk Service
Telephone based first level support associated with workstations; includes remote diagnosis and resolution where possible, and escalation of issues with desktop hardware, operating systems, base application configurations, network administration, LAN/WAN, Printing, Mainframe, Servers, Voice, Audio Teleconferencing, Video Teleconferencing, and PDA; also includes support for requests for IT services
Per User
Premium Service Desk Service Pricing
Service Description Monthly Price Comment
Applications Service Desk Service Includes support for custom business applications; this may include configuration, "how to" support, or escalation of issues to appropriate personnel
Per User
Facilities Service Desk Service Support for facilities requests such as heating, air conditioning, and janitorial services
Per Employee
Page 28 of 61 4/10/2023
document.doc
Collaboration ServicesCollaboration enables people to work with each other on a non-routine cognitive task. As such, NOAA’s Collaboration Services will provide the tools and technology resources for associates to work together within NOAA and with external parties. Collaboration Services aims at delivering tools to increase the efficiency and effectiveness of staff to carry out a wide-range of business functions across a geographically dispersed area. These resources include basic collaboration in the form of e-mail and desktop Internet/intranet:
Video and Voice conferencing: Enables the communication for individuals or groups using systems that support image, voice and data transfer over digital networks or telephone circuits.
Web Conferencing: Spans presentation delivery, desktop and application sharing, whiteboards, instant messaging and chat, and is typically used to provide an interactive, collaborative exchange between smaller audiences in real-time
Webcasting: Provides for the ability to send multimedia content over the Internet, and is typically used to reach a large, passive audience with a one-way presentation.
Page 29 of 61 4/10/2023
document.doc
Collaboration Service LevelsThe following chart depicts the level of service provided for Collaboration Services. These service level targets are the basis for negotiated service-level agreements (SLAs) with the business units. Selection of level of service – customary or premium – is based on business unit needs.
Customary Collaboration Service Levels
Service Level Description Objective
Messaging Availability The percent of time that the messaging server is available
for normal business operations Includes Microsoft Exchange and Lotus Notes
99.0% Availability
Premium Collaboration Service Levels
Service Level Description Objective
Messaging Availability The percent of time that the messaging server is available for normal business operations
Includes Microsoft Exchange and Lotus Notes
99.5% Availability
Collaboration Services PricingThe following table describes the Collaboration Services and the pricing for customary and premium services. Pricing for premium services will be on a case-by-case basis, based on business unit needs.
Customary Collaboration Service Pricing
Service Description Monthly Price
Desktop Internet and Intranet Access
Allows the desktop Web Browser access to the external Internet "Web" via Internet gateways
This service includes authenticated, audited and secure browser access to the World Wide Web
Per User
Page 30 of 61 4/10/2023
document.doc
Customary Collaboration Service Pricing
Service Description Monthly Price
Authentication Services Provides authentication to file and print infrastructures and directory services
Per User
E-Mail - Including Base Storage
Access to enterprise e-mail, the ability to send and receive Internet e-mail, and filtering of Internet e-mails using virus scanning, anti-spam scanning, and content filtering
Also includes any regulatory required retention of e-mails Includes up to 100MB of mailbox storage
Per Mailbox
Teleconferencing Teleconferencing incorporates the use of a specific ‘800’ number that participants call into with a conference ID code and access number
Unlike the standard conference call that connects two parties onto one line, this feature allows multiple parties, at different locations, to call into a dedicated line
Per Minute Charge
Premium Collaboration Service Pricing
Service Description Monthly Price
Additional E-Mail Storage Additional mailbox storage above 100MB Per GB
Page 31 of 61 4/10/2023
document.doc
Special ProjectsNOAA seeks to establish a special projects service to provide the planning, support, or execution of customized IT projects. These projects may be sponsored by the NOAA CIO and/or NOAA Line Office CIOs, and may have enterprise-wide or Line Office-specific scope.
An augmentation (special projects) rather than traditional automation (standard operations) approach becomes the priority where IT organizations share ownership of major business objectives with the business units.
The IT organization will support clear delineation between automation and augmentation when split into an operations unit, which continues the traditional role of supporting automation, and a ‘special projects’ unit. The special projects unit will selectively devote its resources to the business teams addressing key business initiatives defined by the enterprise’s leaders. In some cases, the special projects team can lead the effort, but should operate independently of the business units.
Three NOAA special projects include the following:
E-mail Consolidation
Standardization on a single e-mail vendor and centralization of governance and management of enterprise-wide e-mail systems.
Document / Records Management
An enterprise-wide program for records management enabled through policies administered consistently across all departments and units and encompassing paper records, electronic documents, e-mail and instant messages.
Training, Technical Services and Consulting
On-site training
Computer Based Training
Training the Trainer
Instructor-led Training
Course Development
Training Planning
Page 32 of 61 4/10/2023
document.doc
Special Project Service Levels
E-mail Consolidation Service Levels
The following chart depicts the level of service provided for E-mail Consolidation Services. These service level targets are the basis for negotiated service-level agreements (SLAs) with the business units. Selection of level of service – customary or premium – is based on business unit needs.
Customary Email Consolidation Service Levels
Service Level Description Objective Target Metric
Messaging Availability
The percent of time that the messaging/exchange server is available for normal business operations
Includes Microsoft Exchange and Lotus Notes
99.0% Availability 90%
Premium Email Consolidation Service Levels
Service Level Description Objective Target Metric
Messaging Availability The percent of time that the messaging/exchange server is available for normal business operations
Includes Microsoft Exchange and Lotus Notes
99.0% Availability 99.90%
Document and Records Management Service Levels
The following chart depicts the level of service provided for Document and Records Management Services. These service-level targets are the basis for negotiated service-level agreements (SLAs) with the business units. Selection of level of service – customary or premium – is based on business unit needs.
Page 33 of 61 4/10/2023
document.doc
Customary Document and Records Management Service Levels
Service Level Description Objective Target Metric
Application Quality
Utilized by the service recipient to measure service provider correctness of applications - when installed with a desired result of reducing time to market, reducing error and re-work and improving end-user customer satisfaction
Average across all applications TBD
Availability - ApplicationsThe percent of time that the application is available for normal business operations
99.00% 99.00%
Small Maintenance Projects – Level 1
Time taken to perform minor maintenance on mission critical applications
15 days 95%
Small Maintenance Projects – Level 2 (all other)
Time taken to perform minor maintenance on mission non-critical applications
30 days 95%
Variance to Budget Total cost to complete program requirements will come in at the budgeted cost
Total will be +/- 10% of budget for projects 81.00%
Variance to Schedule Completed program requirements will be delivered at scheduled time
Total will be within +/- 5% of schedule for completion
80.00%
Premium Document and Records Management Service Levels
Service Level Description Objective Target Metric
Variance to Budget Total cost to complete program requirements will come in at the budgeted cost
Total will be +/- 10% of budget for projects 95.00%
Variance to Schedule Completed program requirements will be delivered at scheduled time
Total will be within +/- 5% of schedule for completion
95.00%
Page 34 of 61 4/10/2023
document.doc
Training, Technical Services and Consulting Service Levels
The following chart depicts the level of service provided for Training, Technical Services and Consulting Services. These service-level targets are the basis for negotiated service-level agreements (SLAs) with external and internal services providers and the business units. Selection of level of service – customary or premium – is based on business unit needs.
Customary Professional Service Levels
Service Level Description Objective Target Metric
Project Completed on Time and Within Budget
Targets established for each project for completion and budget
Adherence to those targets is the focus of this service level
On time, within budget
+/- 10%
Premium Professional Service Levels
Service Level Description Objective Target Metric
Project Completed on Time and Within Budget
Targets established for each project for completion and budget
Adherence to those targets is the focus of this service level
On time, within budget
+/- 10%
Special Projects Services Pricing
E-mail Consolidation Services Pricing
The following table describes the Collaboration Services and the pricing for customary and premium Collaboration Services. Pricing for premium services will be on a case-by-case basis, based on business unit needs.
Page 35 of 61 4/10/2023
document.doc
Customary Email Consolidation Service Pricing
Service Description Monthly Price
E-Mail - Including Base Storage Access to enterprise e-mail, the ability to send and receive Internet e-mail, and filtering of Internet e-mails using virus scanning, anti-spam scanning, and content filtering
Also includes any regulatory required retention of e-mails
Includes up to 100MB of mailbox storage
Per Mailbox
Additional E-Mail Storage Additional mailbox storage above 100MB Per GB
Document and Records Management Services Pricing
The following table describes the Document and Records Management Services and the pricing for customary and premium services. Pricing for premium services will be on a case-by-case basis, based on business unit needs.
Customary Storage and Data Management Service Pricing
Service Description Monthly Price Comment
Monthly GB Online Storage Per GB of online storage
Typically represents 20% to 25% of mainframe charges; only includes “customer” usage (excludes system storage)
Training, Technical and Consulting Services Pricing
The following table describes the Professional Services commonly used to support Training, Technical and Consulting special projects and the pricing for customary and premium services. Pricing for services will be on a case-by-case basis, based on business unit needs. Hourly rates for project roles are presented below.
Professional Services Labor Rates
Description Hourly Rate
Technical Writer Hourly
Network Technician Hourly
Page 36 of 61 4/10/2023
document.doc
Professional Services Labor Rates
Description Hourly Rate
Project Manager Hourly
Senior Architect Hourly
Senior Programmer Hourly
Page 37 of 61 4/10/2023
document.doc
Application ServicesApplication development activities result in the delivery of web-based and desktop software and services. Within NOAA, Application Services will provide application development and like services; including design, custom development, deployment, testing, enhancement, maintenance, and/or customization of commercial off the shelf (COTS) or packaged applications. Application Services will also cover the management of the hardware and software toolsets that are used in creating software.
Application Services comprises of:
Application and Web Development: Includes activities associated with designing, developing, deploying, enhancing and managing (on a per project basis) software assets; including custom developed and COTS software.
Application and Web Maintenance: Includes activities associated with maintaining desktop and web-based applications; including monitoring, tuning, fixing and decommissioning of applications and application servers. Also covered are the management activities needed to ensure optimal delivery of desktop and web-based applications; including configuration management, capacity planning, database management, release management, performance management, and problem management.
Web Design and Content Management: Includes the activities associated with authoring, designing, HTML encoding and delivering content to the web server; including content repository management.
Application Services does not comprise of the following:
Application software licensing and maintenance of software installed during the project
Hardware purchases (lease or depreciation), and any recurring maintenance
Special supplies and travel costs (if required)
Page 38 of 61 4/10/2023
document.doc
Application Service LevelsThe following chart depicts the level of service provided for Application Services. These service level targets are the basis for negotiated service level agreements (SLAs) with the business units. Selection of level of service – customary or premium – is based on business unit needs.
Customary Application Service Levels
Service Level Description Objective Target Metric
Application Quality
Utilized by the service recipient to measure service provider correctness of applications - when installed with a desired result of reducing time to market, reducing error and re-work and improving end-user customer satisfaction
Average across all applications
Availability - ApplicationsThe percent of time that the application is available for normal business operations
99.00% 99.00%
Function Point Defect Density in Development
The number of defects per 1,000 function points that are acceptable while in development (first 90 days of production)
10.5 per 1,000 10.5 per 1,000
Function Point Defect Density in Support
The number of defects per 1,000 function points that are acceptable while in support mode, development is a subset of support
15.7 per 1,000 15.7 per 1,000
Productivity ImprovementExpected productivity improvement from one year to next based on function points (decrease in rate of defects)
20% 20%
Small Maintenance Projects – Level 1
Time taken to perform minor maintenance on mission critical applications
15 days 95%
Small Maintenance Projects – Level 2 (all other)
Time taken to perform minor maintenance on mission non-critical applications
30 days 95%
Variance to Budget Total cost to complete program requirements will come in at the budgeted cost
Total will be +/- 10% of budget for projects 81.00%
Page 39 of 61 4/10/2023
document.doc
Customary Application Service Levels
Service Level Description Objective Target Metric
Variance to Schedule Completed program requirements will be delivered at scheduled time
Total will be within +/- 5% of schedule for completion
80.00%
Premium Application Service Levels
Service Level Description Objective Target Metric
Variance to Budget Total cost to complete program requirements will come in at the budgeted cost
Total will be +/- 10% of budget for projects 95.00%
Variance to Schedule Completed program requirements will be delivered at scheduled time
Total will be within +/- 5% of schedule for completion
95.00%
Application Services PricingHourly rates for application development, enhancement, and maintenance roles are listed below. These rates are used to determine the Application Services fees.
Application Development/Enhancement Labor Rates
Description Hourly Rate
Programmer Hourly
Senior Programmer Hourly
Project Manager Hourly
Senior Business Analyst Hourly
Database Administrator Hourly
The following table describes the Application Services and the pricing for customary and premium Application Services. Pricing for premium services will be on a case-by-case basis, based on business unit needs.
Page 40 of 61 4/10/2023
document.doc
Customary Application Services Pricing
Service Description Monthly Price Comment
Application Development Development of new applications Fixed fee or FTE based charge
Cost depends on the resource assigned to the application, adjusted periodically
Application Enhancement Enhancement of existing applications Fixed fee or FTE based charge
Cost depends on the resource assigned to the application, adjusted periodically
Application Maintenance Maintenance and ongoing support of existing applications
Fixed fee or FTE based charge
Cost depends on the resource assigned to the application, adjusted periodically
Premium Application Services Pricing
Service Component Description Monthly Price Comment
------------- Case by case – based on business unit needs
-------------
Page 41 of 61 4/10/2023
document.doc
Security ServicesSecurity service requirements include providing support for Security Planning and Information Assurance. It includes support for development, administration and ongoing execution of a security program for all NOAA facilities and systems. Specific areas for support include physical security, security firewall, security intrusion detection and security penetration.
Effective IT security stands on security policies and architecture, security infrastructure, and security administration:
Security Administration: Effective execution and implementation of security planning and policy development enables satisfactory returns on enterprise investment in security activities. Sound security administration focuses on operational technologies and best practices that maintain secure access to applications and resources, and on ensuring the integrity of system definitions and configurations.
Security Risk, Organization, Policies and Architecture: Effective IT security risk management identifies exposures and potential costs so that security policies — and an overall security architecture — can be developed to minimize these exposures and costs. Security policies should also enable an enterprise to take the greatest amount of risk necessary to support business requirements. Effective security risk management is not fully enabled until security policies and architectures are implemented and supported by effective security governance model. Enterprises must determine the aspects of security to be centralized, the implementation of regional or departmental aspects of security, the methods to obtain funding, and the ways IS organizations and business units will be accountable for security.
Security Infrastructure: Security infrastructure is made up of the tools, technologies and tactics that are deployed to protect the network perimeter and internal resources. Traditional security infrastructure focuses on hardening the perimeter, but internal resources are now increasingly exposed to external access by outward-facing applications require a hardened interior and a layered approach to security.
Page 42 of 61 4/10/2023
document.doc
Security Service LevelsThe following chart depicts the level of service provided for Security Services. These service-level targets are the basis for negotiated service-level agreements (SLAs) with the business units.
Table 9. Customary Security Service Levels
Customary Security Service Levels
Service Level Description Objective Target Metric
Installation of virus signature / definition / policy files on servers
Time from software supplier’s release until final installation on servers
144 hours real time 99%
Critical security updates and patches of servers
Time from software supplier’s release until final installation on servers
240 hours real time 99%
Non-critical security updates and patches of servers
Time taken to inform Application Owner after release by software supplier
4 business days 99%
Non-critical updates and patches of servers
Time from Application Owner’s order until published
10 business days 99%
Critical changes of settings in the virus protection and firewall environment
Time from order until complete 16 hours real time 99%
Non-critical changes of settings in the virus protection and firewall environment
Time from order until completed 10 business days 99%
Preparing and presenting reports
Time from order until completed 4 business days 99%
Correct detected deviations from the security standards.
Time to deliver correction of known errors 10 business days 99%
Correct detected deviations from the
Time to deliver plan for corrective action for new errors
10 business days 99%
Page 43 of 61 4/10/2023
document.doc
Customary Security Service Levels
Service Level Description Objective Target Metric
security standards.
Report critical security defects and short comings
Elapsed time 8 hours real time from identification 99%
Table 10. Premium Security Service Levels
Premium Security Service Levels
Service Level Description Objective Target Metric
Installation of virus signature / definition / policy files on servers
Time from software supplier’s release until final installation on servers
72 hours real time 90%
Critical security updates and patches of servers
Time from software supplier’s release until final installation on servers
120 hours real time 90%
Non-critical security updates and patches of servers
Time taken to inform Application Owner after release by software supplier
2 business days 90%
Non-critical updates and patches of servers
Time from Application Owner’s order until published
5 business days 90%
Critical changes of settings in the virus protection and firewall environment
Time from order until complete8 hours real time 90%
Non-critical changes of settings in the virus protection and firewall environment
Time from order until completed5 business days 90%
Preparing and presenting reports
Time from order until completed2 business days 90%
Correct detected deviations from the security standards.
Time to deliver correction of known errors 5 business days 90%
Page 44 of 61 4/10/2023
document.doc
Premium Security Service Levels
Service Level Description Objective Target Metric
Correct detected deviations from the security standards.
Time to deliver plan for corrective action for new errors
5 business days 90%
Report critical security defects and short comings
Elapsed time 1 hours real time from identification 95%
Page 45 of 61 4/10/2023
document.doc
Security Services PricingThe following table describes Security Services commonly used to support Training, Pricing for services will be on a case-by-case basis, based on business unit needs. Hourly rates for Security Services are presented below.
Table 11. Security Pricing
Security Services Labor Rates
Description Hourly Rate
Provisioning qualified, appropriately skilled staff with applicable certifications, clearances, and background checks
Hourly
CISSP Hourly
CISM Hourly
Page 46 of 61 4/10/2023
document.doc
Architecture ServicesArchitecture Services includes the capability to offer technology architecture services and support for the National Oceanic and Atmospheric Administration (NOAA) e-Gov initiatives. NOAA is constantly seeking to introduce new technology solutions and processes to enable users to meet their objectives and improve their efficiency. The NOAA Office of the Chief Information Officer (OCIO) and the Line Office CIOs play a critical role in introducing technologies into the NOAA environment.
Enterprise architecture work and services originating from the architecture are guided by a framework of different viewpoints on the enterprise. Heavily influenced and guided by the input of the business context, holistic enterprise architecture can be described with a minimum of three viewpoints:
Business Architecture Viewpoint
Business functions
Processes
Organization
Information Architecture Viewpoint
Information structure
Assets
Flow
Technology Architecture Viewpoint
Standards for software, hardware, middleware and infrastructure
Application code
Within the above framework, services are found in any area. For business architecture, this would be shared business processes or services that serve other business areas from an enterprise (corporate) perspective. Information services define the information that is shared. Technical services define the technology that is shared.
Page 47 of 614/10/2023
document.doc
Enterprise Architecture Maturity Assessment (AMA)The following chart identifies Federal Government and Gartner Enterprise Architecture assessment frameworks. These EA assessment frameworks support attainment of Federal Government mandates and policies and describe various approaches to rating the maturity of an Enterprise Architecture.
Table 12. Various EA Architectures
GAO Enterprise Architecture Management Framework (EAMMF) v1.1
OMB EA Assessment v2.1 Gartner AMA
Definition Assess and improve the maturity of EA processes
Assess the capability of EA programs to guide and inform IT investments’ support of the agency strategic objectives
Provides an organizations’ position against an idea envisioned by Gartner Research and also compares the organization to existing EA programs (best practice benchmarking)
Fundamentals Hierarchical stages of management maturity – five (5) levels
4 categories of attributes critical to success: Demonstrate organizational
commitment Provision capability to meet
commitment Demonstrate attainment of commitment Verify satisfaction of commitment
31 core elements
Three (3) Capability AreasCompletionUseResults
17 Assessment Criteria
8 Dimensions:
Architecture Scope and Maturity
Stakeholder Involvement and Support
Architecture Development Business Context Architecture Content Future State Realization Architecture Team Resources Architecture Impact
Scoring Discrete, all elements in one level must be met to earn that level
Discrete for each assessment criterion, then average across
Scores for each dimension are an average across criteria, total score an average of dimension scores
Rating Category 5 Stages of Maturity 0 - 5 1 - 5
Where Used Federal Federal Worldwide (Commercial and Public Sector)
Page 48 of 61 4/10/2023
document.doc
Enterprise Architecture – Quality Measurement Measurement enables enterprise architecture teams to collect multiple measures that enable quality assessments of an EA program against multiple dimensions defined by the assessment area and measurement categories.
Table 13. EA Measurements
Basic Financial Measures
Productivity/Efficiency Quality/Effectiveness Delivery Process
Reuse of Hardware Components
Hardware costs per project — trend over time
Percentage of capacity used or volume of unused capacity
Percentage of projects compliant with enterprise technical and solution architecture (ETA/ESA) and number of platform types
Number of projects to raise EA exemption
Percentage reduction in number of support/infrastructure products
Improvement in downtime/availability measures
Reduction in total number of standard technologies/products
Reduction in rate of urgent infrastructure projects
Reuse of Software Components
Percentage reduction in number of applications
Number of new products licensed vs. existing licenses leveraged
Number of solutions reused without change
Percentage of application functionality assessed and documented
Consistency of interfaces — amount of downtime due to interface faults
Number of patterns reused and/or number of products reused
Reduction in design time achieved by leveraging existing solutions
Reduction in number of manual interfaces
Total investment in new applications (bought or built) over time
Reuse and repeat of common designs that speed decision making in projects, resulting in less time to complete design
Reduced Time to Delivery
Time taken to complete a project solution from inception to delivery — average time taken and total time spent
Number or percentage of projects reviewed and at what level
Percentage of projects compliant
Number of architects per project and vice versa
Page 49 of 61 4/10/2023
document.doc
Basic Financial Measures
Productivity/Efficiency Quality/Effectiveness Delivery Process
Time taken to complete specific phases of the software delivery life cycle
Project completion times and performance improvement (less last-minute work due to poor planning)
Reduction in rate of urgent infrastructure projects
More-Efficient Program
Management
Percentage of projects identified through EA process compared to ad hoc identification
Percentage of projects reviewed
Percentage of successful projects in which EA team participated
Reduction in the number ad hoc project requests
Amount of architect time per project
Number of rejections per project reviewed
Percentage of successful projects
Reduced Support Costs
Number of applications and platforms reduced over time
Amount of data reuse Number of configured items
Number of retirement and containment targets reduced over time
Number of calls to help desk
Amount of customization — fit to build, customize, configure, install and reuse
Savings by configuration area, year and application
Number of changes to applications over time
Total cost of AD staff and tools to modify those applications over time
Percentage of interfaces accessed by more than one application
Lower Acquisition Costs
Percentage reuse of existing assets
Percentage of common product sets defined and reduction in purchase contract costs
Reduction in number of special purchases required
Number of changes/revisions during implementation
Number of volume discounts negotiated and purchased
Total enterprise IT cost because of reduced redundancy, complexity and portfolio size
Technical Adaptability
Percentage reduction in the number of compliance waivers issued
Number of infrastructure change management requests
Number of single authoritative data sources for key information assets
Number of patterns, domains and services defined and amount of
Page 50 of 61 4/10/2023
document.doc
Basic Financial Measures
Productivity/Efficiency Quality/Effectiveness Delivery Process
reuse
Number of outages per domain
Tighter Alignment to Business
Strategy
Percentage of IT initiatives aligned, as identified through EA process
Number of projects funded and implemented, as identified by EA process
Number of business plans with IT initiatives included
Number of IT trends planned for in the future-state architecture
Number of cases where new technology was not adopted; some where it was
Number of new business plans with EA involvement
Percent of "business-aligned" projects
Number of environmental/ industry trends articulated in future-state architecture
Business Agility
Percentage increase in market share
Decrease in time to market for new products
Number of business projects defined by EA process
Number of new processes identified and improved
Number of business processes documented and optimized
Improvement in "anytime, anywhere, any way" access to information
Improvement in frontier analysis and response to environmental change
Knowledge Development
Improvement (over time) in the time for report products and accuracy of information
Reduction in the number of authoritative sources for critical information assets
Percentage of time EA group and business are engaged
Increase in EA's role in strategic and business planning process
More-Sophisticated Asset Management
Reduction in number of assets requiring maintenance
Number of assets retired and/or improved per year
Number of times assets are assessed for value per year
Number of asset status reviews annually
Reduced Risk
Number of unauthorized access and changes to information and applications
Usage of EA Web site by business
Amount of time EA group spends supporting critical business planning activity and decision making
Number of new solutions aligned with EA future state
Reduction in number of risk management issues recorded in projects
Number of devices and channels for user access
Number of projects that comply with risk management guidelines
Tighter Strategic Alignment With
Reduction in number of vendors
Engagement with outsourcer — time spent
Number of externally extended business
Anecdotal documentation that the EA process
Page 51 of 61 4/10/2023
document.doc
Basic Financial Measures
Productivity/Efficiency Quality/Effectiveness Delivery Process
Partners
by EA team processes that are documented and optimized
improved business-to-business innovation
Number of volume discounts negotiated and purchased
Business Context
Time from strategy announcement until a prioritized project pipeline is presented to review and funding bodies
Time from identification of trend to implementation
Number of identified emerging technologies implemented
Number of times environment, industry and IT trend information is delivered per year
Time from identification of enterprise business strategy (EBS) to implementation
Number of EBSs implemented
Future-State Architecture
Percentage of EA compliance waivers due to future-state architecture not meeting business needs
Number of projects that leverage EA repository for future-state designs
Number of projects that use and are compliant with EA principles
Satisfaction survey results — extent to which projects have been able to leverage EA information
Number of business lines that consult EA team
Number of new projects that trigger a change in the EA
Overall project success in achieving business requirements
Refresh of cycle times for each domain
Current-State Architecture
Number of diverse technologies and products supported
Number of deliverables produced
Age distribution of applications
IT customer satisfaction survey results
Reduction in number of IT assets within the portfolio over time
Amount of downtime (outage) during "go live" phases of projects
Number of IT assets and business areas that have their architecture well-documented
Extent to which EA information on IT assets and business process is easily available
Gap Analysis — Migration Plan
Percentage of change initiatives identified that are funded
Alignment of IT initiatives with business strategy
Number of EA artifacts used in budget and program planning activity
Number of initiatives identified that have been funded and initiated
Page 52 of 61 4/10/2023
document.doc
Basic Financial Measures
Productivity/Efficiency Quality/Effectiveness Delivery Process
cycles
Number of projects sponsored by business
Number of projects where EA assistance was requested/provided
Governance and Management
Number of projects that complete self-certification in all stages
Number of full-time equivalents (FTE) and project IT spending, as a measure of influence
Extent to which a governance process is clearly defined and the percentage of projects that follow it
Number of projects progressed with EA review required
Number of projects that pass EA compliance
Level of input to other organizational planning processes
General EA Success
Number of times EA teams are consulted for advice and guidance
Number of EA artifacts produced and circulated yearly
Number of EA Web site visitors
Number of attendees at EA-initiated meetings over time
Number of domains (business, information, technical and solution) that have future states defined
Number of artifacts replaced/refreshed yearly
Number of business and IT capabilities delivered against those defined through the EA process
Surveyed number of employees who know what the EA team does
Page 53 of 61 4/10/2023
document.doc
Project Management ServicesProject Management Services include providing expertise in project management to ensure that projects fulfill their given set of requirements and achieve their overall objectives. The service consists of the following:
On-Site Project Management:
Providing individuals with experience and expertise in various areas of project management to include on-site project and program management support for various projects within NOAA.
Support various NOAA project managers and assist these managers with the day-to-day execution of the project.
Advise managers and incorporate any of the standards and processes communicated from the NOAA PMO in addition to injecting continuous process improvements and financial planning to utilize industry best practices.
Development and Implementation of a Project Management Office
Provide support and expertise to develop, implement and staff an enterprise-level Program Management Office (PMO).
Utilize a Program Management Plan (PMP) to describe a turn-key PMO solution in addition to processes and quality assurance steps to ensure that the PMO seamlessly integrates with the NOAA PMO and other critical NOAA IT environmental touch points.
Develop solutions for integrating the PMO reporting and monitoring tools with the NOAA financial system. This support shall include the development of a concept of operations, roles and responsibility matrix, organizational structure and status reporting.
Establish and implement standard policies and procedures based on industry best practices for use by various IT projects and programs within NOAA. Examples include Project Management Institute’s Project Management Body of Knowledge (PMBOK), Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL), and Capability Maturity Model Integration (CMMI).
Support various enterprise-level program management tasks including the creation of executive dashboards and reporting on projects to governance bodies and senior staff.
Provide services to project managers in the area of mentoring/coaching and the issuance of standards and guidelines, to include support for the COTR that will include, but not be limited to trade-off analysis and other general administrative functions.
Promote the success of projects by enhancing the maturity of project management throughout the project life cycle.
The following functions will be performed by the PMO:
Page 54 of 614/10/2023
document.doc
Project Value Measurement: Provide expertise in the development of evaluation criteria to determine the value of a proposed project. This information will be used in the ongoing evaluation of a project to determine its success and contribution to the organization.
Project Portfolio Management: Provide capabilities and expertise to perform project portfolio management at an enterprise level. This will require being able to periodically capture information on projects and report on the status of projects based on varying criteria such as size, type, risk and performance.
Methodology Development: Provide the necessary capabilities and expertise to develop mature standardized project management practices across all IT services within NOAA. These practices should be repeatable and based on industry best practices (e.g., LEAN, Six Sigma, International Standards Organization (ISO), PMBOK, ITIL, COBIT, CMMI, etc.). These practices must also align with Federal, Department and Agency requirements.
Quality and Performance Assessments: Provide methodologies and capabilities to track and evaluate the performance of projects from initiation to completion. This may include the tracking and reporting of financial management metrics such as Earned Value Management (EVM) as well as solution quality indicators such as customer satisfaction and achievement of all defined requirements.
Risk Management: Provide support for all areas of risk management including identification, evaluation, tracking, management and resolution. Also, support the development of effective mitigation strategies to reduce areas of high risk. It is expected that this risk management will be needed at both a project level and a more aggregate enterprise level.
Resource Management: Support at an enterprise level the development of a resource management plan and its execution to ensure projects are appropriately staffed, and to ensure that expertise is sufficiently positioned to support current and future requirements.
Page 55 of 614/10/2023
document.doc
Project Management Service LevelsThe following chart depicts the level of service provided for Project Management Services. These service-level targets are the basis for negotiated SLAs with the business units.
Table 14. Customary Project Management Service Levels
Customary Project Management Service Levels
Service Level Description Objective Target Metric
Project Completed on Time and Within Budget
Targets established for each project for completion and budget; adherence to those targets is the focus of this service level
Maintain controls on: Earned Value Cost Variance Schedule Variance Cost Performance Index Schedule Performance Index Estimate at Completion Estimate to Complete Variance at Completion
+/- 2-10%
Table 15. Customary Large-Scale Program Management Office Service Levels
Customary Large-Scale Program Management Office Service Levels
Measure Threshold Action State
Net Present Value (NPV)
<2% variance No action required Green
2% - 5% variance Independent audit/assessment to identify root causes of variance; review results in 8 weeks
Yellow
5% - X% variance Re-evaluate business case to ensure still valid; take immediate action on root causes of variance; review results in 4 weeks
Red
>X% variance Discontinue project; no longer achieving the returns needed to justify the investment
Stop
4/10/2023
document.doc
Project Management Services PricingThe following table describes the Project Management Services and the pricing for customary and premium services. Pricing for premium services will be on a case-by-case basis, based on business unit needs.
Customary Project Management Service Pricing
Description Hourly Rate
Apprentice Project Manager $XXX.XX
Journeyman Project Manager $XXX.XX
Master Project Manager $XXX.XX
Development and Implementation of a Project Management Office Case by Case Basis
4/10/2023
document.doc
4/10/2023