Maintenance Service Level Agreement (SLA) Terms

Services To Be Provided

Website Hosting

Campus Web Services will provide website hosting services to The Client for the Websites through our partnership with Pantheon Systems, Inc. The provided Pantheon Hosting Package encompasses the infrastructure and capacity aspects of providing a web site such as storage for files, network connectivity, maintenance of servers, backups and other server related items.

Hosting administration, oversight and coordination will be provided by Campus Web Services. This hosting environment will provide:

  1. Managed TLS certificates to provide https via Let’s Encrypt.
  2. Automated nightly backups for sites with paid plans.
    1. Nightly backups kept for a week.
    2. Weekly backups kept for a month.
    3. Manual backups available upon request may be kept for up to one year.
  3. Edge caching provided by Pantheon’s Global CDN for faster page loads.
  4. Dev, Test and Live environments to ensure smooth patching.
  5. Multi-dev environment available for ongoing development.
  6. 24/7 monitoring provided by Pantheon

The Pantheon Hosting Packages are intended for sites with a certain amount of page views per month, and if that limit is exceeded for two consecutive months the hosting package may be upgraded at Pantheon’s discretion. Any additional fees incurred will be the responsibility of the client.

See Appendix A for additional technical specifications and hosting level differences.

Campus Web Services will maintain the Quickstart Upstream that the Websites have been built with. Campus Web Services will make regular security and maintenance updates to this Quickstart Upstream to include all Drupal Core and Contributed Module security updates as well as ongoing bug fixes, feature improvements and changes to UA Brand Guidelines.

UA Webauth is included and configured within the Quickstart Upstream.

Website Maintenance

Website maintenance will be ongoing and will not require any initiation from The Client. Campus Web Services will provide the following website maintenance services to The Client for the Websites:

  1. All updates will initially be applied in the Development environment and tested with current content in the Test environment before being pushed to the Production environment.
  2. Ongoing monitoring of available security updates to Drupal Core and Contributed Modules.
  3. Ongoing monitoring of available security updates to Drupal Core and Contributed Modules that have been included in the Quickstart Upstream or any additional modules that have been approved by Campus Web Services during the launch review.
  4. Application of available Drupal Security Patches in accordance with Drupal’s Security Advisory Policy. https://www.drupal.org/node/475848
  5. Site monitoring and performance optimization using New Relic and any additional monitoring put in to place by UITS Operations.
  6. Campus Web Services’ Security Risk Manager will notify the client of any significant concerns identified by the Information Security Office.
  7. Basic Security Remediation: In the event of a malicious attack or critical security vulnerability on a site, Campus Web Services will notify The Client and block internet traffic to the site. Campus Web Services will work to resolve the issue in as timely a manner as possible and will keep The Client notified of progress.

Website Support Services

Campus Web Services will provide both Ticketed Support and Chat Support for issues that The Client would like assistance with during business hours.

  1. To open a support ticket, submit a Web Services Request at https://it.arizona.edu/web-services-request
  2. Chat support will be available through a Slack channel that The Client will be granted access to upon acceptance of this agreement.

Website support can be used for any of the following:

  1. Limited troubleshooting and Q&A
  2. Small fixes and miscellaneous issues requiring fewer than 5 hours.
  3. Minor site building and Drupal development, to include creating or updating:
    1. Content Types
    2. Views
    3. Taxonomy Vocabulary
    4. Blocks
  4. Priority support for high severity issues. See Appendix B for definitions.

Services Not Covered:

Project work and site enhancement work, including website usability, design or development requests requiring more than five hours of resource time will be addressed with a separate Service Agreement.

Modifying or building any custom modules or themes is out of scope of any service levels.

Website Launch Services

Campus Web Services will provide the following launch services for the Websites:

  1. Provide the initial Sandbox environment configured to use the Quickstart Upstream.
  2. Create a multi-dev environment for The Client or a pre-designated developer to use for ongoing development.
  3. Review the site prior to go live to determine:
    1. If any Quickstart Features have been overridden so that we know to avoid updating them when applying Quickstart Upstream updates. This will incur an additional fee and should already be disclosed in Appendix C.
    2. If any additional modules or themes that have been added to the site beyond what’s available in the Quickstart Upstream that will need to be monitored for security updates. This will incur an additional fee and should already be disclosed in Appendix C.
    3. That all added contributed modules are covered by Drupal’s security policy and have active maintainers.
    4. If any custom modules or themes have been added, keeping these secure would be the responsibility of The Client.
  4. Update the Website’s Pantheon plan from Sandbox to the appropriate level covered in this SLA.
  5. Configure domains and https enforcement to send visitors to primary domain.
  6. Work with UITS Operations to implement all necessary DNS changes to launch the site or coordinate DNS changes with The Client if DNS records are not controlled by UITS Operations.

Detailed Responsibilities

  1. Campus Web Services will provide website hosting, host maintenance and support services described in this agreement in good faith and following best practices.
  2. Campus Web Services will notify The Client if any performance issues are identified and provide recommendations to improve performance.
  3. Campus Web Services will respond to work requests in a timely manner and address production issues and new work requests in accordance with the terms identified in this agreement and Appendix B.

  1. The Client is responsible for making all content updates to their site and making sure that the content remains up to date and relevant.
  2. The Client will respond in a timely manner to any and all communications from Campus Web Services.
  3. The Client will proactively communicate any changes in personnel that affect who the appropriate contacts for the Websites should be.
  4. The Client will notify Campus Web Services immediately if any evidence of a security breach is discovered, such as: hacking, defacement or denial of service attacks.
  5. The Client will request work in accordance with the terms identified in this agreement.
  6. The Client must ensure that no secure information is added to their site in accordance with the General Terms and Conditions in Appendix C.

  1. The Client will complete any necessary User Acceptance Testing requested by Campus Web Services in the case of updates that might affect their workflow or changes to modules, themes or features that are not included in Quickstart.
  2. The Client will keep the Development environment clear of any code changes that are not ready to go in to production. All ongoing development work will be done in a multi-dev environment that will be created by Campus Web Services during Websites launch. In the event that code in the main Pantheon Development environment differs from the live environment Campus Web Services reserves the right, depending on the criticality of security updates, to either:
    1. Suspend all security patching services until after the existing code changes have been deployed into the live environment.
    2. Push the untested code in to the Production environment. This will only be done in the case of Highly Critical Security updates, and The Client will be responsible for repairing any issues that occur.
  3. The Client will ensure that no modifications made will prevent the application of Quickstart Upstream updates.

  1. Members of the Campus Web Services team will be added as Drupal Admin users in order to fulfill our obligations and provide the services outlined in this SLA.
  2. Members of the Campus Web Services team will have access to all Pantheon environments associated with the Websites.
  3. The Client and their designated representatives’ access to the Pantheon platform will be limited to the dev environment and the multi-dev environment created for them by Campus Web Services. All ongoing development should be done in the multi-dev environment, and only code that is ready to go into production should be moved in to the dev environment.

Contact Information

Contact personnel are listed below. Each party is responsible for notifying the other of any changes to the contact information. Any issues regarding this Agreement, including renewals or notices, should be addressed to the contact personnel listed below.

Should either party fail to provide timely communication of contact personnel changes, the other party shall bear no responsibility for any failures in communication that result.

Non-Business Hours Emergency Contact
24/7 IT Support Center
626-8324 (626-Tech)
support@arizona.edu

Primary Contact
Cameron Green
Program Manager, Campus Web Services
camerong@arizona.edu

Escalation Contact
Donna Bieg
Director, Campus Web Services
621-4860
donnabieg@arizona.edu

Billing Contact
Sarah Swanson
Program Coordinator
520 626-5918
sarahs@arizona.edu

Appendix A – Pantheon Technical Specifications and Pricing

Rates are based on current annual agreement with Pantheon and may change from fiscal year to fiscal year.

  Basic
$250/year		 Performance - S
$960/year		 Performance – M
$2,040/year		 Performance - L
$3,840/year
Monthly Visits Up to 25,000 Up to 25,000 Up to 50,000 Up to 150,000

SSD Storage

 Up to 20GB 30GB 50GB 100GB

Application Memory Limit

 256MB 256MB 512MB 512MB
99.9% Uptime SLA Not Available 99.9% 99.9% 99.9%
Domains 5 10 15 35
HTTPS Included Included Included Included
Automated Backup Retention 1 month 6 months 6 months 6 months
PHP Workers 4 8 16 24
Application Cache Not available Redis Redis Redis

 

Appendix B – Issue Priority Levels and responses

The Client will have access to Pantheon status alerts as well as the option of directly contacting Pantheon support via the chat option available in their dashboard.

In the case that Campus Web Services becomes aware of an issue before the Client does, we will open a support ticket and contact the Client via the dedicated Slack channel. If the Client becomes aware of an issue before Campus Web Services, they must follow the process below to receive the appropriate response times for the priority level of the issue.

Definition: User facing minor cosmetic issues, or functionality that only affects admin users and is not time critical.

Process: Submit a Service Request through it.arizona.edu/web-services-request.

Response times: Campus Web Services will contact the Client regarding the ticket within two business days and make a best effort to have the issue resolved within a week.

Definition: User facing major cosmetic issues, or functionality that only affects admin users and is time critical. Alternatively, one or more of a Client‘s websites are down that only affect a small number of campus stakeholders or is during a non-critical time.

Process: Submit a Service Request through it.arizona.edu/web-services-request and follow up via the dedicated Slack channel.

Response times: Campus Web Services will contact the Client regarding the ticket within 4 business hours and make a best effort to have the issue resolved within two business days.

Definition: One or more of the Client’s websites are down that affect a large number of campus stakeholders or is during a critical time such as during an event or event registration drive.

Process: Submit a Service Request through it.arizona.edu/web-services-request and follow up via the dedicated Slack channel.

Response times: During business hours Campus Web Services will contact the Client regarding the ticket within 30 minutes and make a best effort to have the issue resolved as quickly as reasonably possible.

If it is outside of business hours, or you have not received a response within half an hour, reach out to Pantheon directly through the chat support options available in your dashboard.

Appendix C - General Terms and Conditions

Campus Web Services and The Partner agree to comply with all applicable University of Arizona security standards, guidelines and policies as noted at https://security.arizona.edu/content/policy-and-guidance. As noted above, The Partner agrees to contact Campus Web Services immediately if a website security issue is noticed or suspected. Campus Web Services reserves the right to disconnect from the network any website that has been compromised. ISO must be notified by The Partner, of any event that has the potential to negatively impact the confidentiality, integrity, or availability of University Data.

Whenever possible, UA WebAuth should be used to authenticate all user logins to Drupal sites. Campus Web Services recommends using the Drupal CAS module (https://www.drupal.org/project/cas) for this purpose and disabling non-CAS logins. Sites that require logins for users without UA NetIDs should consider using third-party authentication service which employs OpenID Connect (e.g. Google). Sites that are not able to use UA Webauth or a secure third-party authentication service for all Drupal logins are required to enforce HTTP Secure (https) for all website traffic and are subject to more frequent security reviews.

Payment Card Transactions are not allowed within UA Sites. Sites that link out to a separate payment gateway may require additional levels of compliance and both Campus Web Services and the University Financial Services Office must be notified.

Personally Identifiable Information (PII) is not allowed on the provided hosting environment. This includes any data that is considered protected under HIPAA or FERPA. Campus Web Services and The Partner mutually agree to keep all non-public information and data concerning the other party’s business confidential, including, but not limited to, ideas, products, customers or services. This includes any information or data that is of a personal, proprietary or trade secret nature. Confidential information will remain the property of the disclosing party and the receiving party will not acquire any rights to that information. Both parties agree to adhere to the policies available at https://security.arizona.edu/content/policy-and-guidance

If The Partner requires Campus Web Services resources beyond the services outlined in this SLA, there may be an additional charge to be determined at the time of the service request. If the services are extensive or require significant Campus Web Services staff time, then Campus Web Services may require a new SLA or an addendum to this Agreement before rendering services.