Landmark Technologies – Supplementary terms – Managed IT Services

1. SUPPLEMENTARY DEFINITIONS

• 1.1 ‘Cloud-Based Utilities’ means the collection of ancillary third-party provided services, including backup, anti-Malware and monitoring services which will be used by Landmark in support of the Managed IT Services.
• 1.2 ‘Change Request’ means a request made by the Client to change the configuration of the IT Equipment, Hosted Services or Software.
• 1.3 ‘Configuration’ means the configuration of the IT Equipment, including hardware, installed software and all associated settings and or parameters.
• 1.4 ‘Customer Portal’ means Landmark’s web-based service which enables the raising of Tickets, reviewing of Tickets and reviewing Landmark’s recommendations, by the Client.
• 1.5 ‘Data Centre’ means a remote data storage facility.
• 1.6 ‘Data Security Event’ means a breach of the security of the Client’s infrastructure resulting in loss or damage, including loss of usernames, passwords, Personal Data; crypto-locking or other Malware-related damage.
• 1.7 ‘Emergency Maintenance’ means any period of maintenance for which, due to reasons beyond its reasonable control, Landmark is unable to provide prior notice of.
• 1.8 ‘Endpoint’ means all computing devices except Servers, including desktop computers, laptop computers, Hosted Services and mobile computing devices, which collectively form a sub-set of the IT Equipment.
• 1.9 ‘End User’ means a user of the IT Equipment.
• 1.10 ‘Hosted Services’ means Software that is hosted in a Data Centre and accessed by the Client remotely.
• 1.11 ‘Hours of Cover’ means the hours of cover described in the Service Schedule.
• 1.12 ‘IT Equipment’ means Servers, Endpoints and any other electronic devices that are installed or used at the Client’s Site, which are listed on the Order and are to be supported under the terms of this Agreement.
• 1.13 ‘Local Area Network’ means the network infrastructure at the Client’s Site.
• 1.14 ‘Line of Business Application’ means the software which is installed on the IT Equipment and is provided by the Client.
• 1.15 ‘Managed IT Services’ means IT support services set out on the Order and described in the Service Description.
• 1.16 ‘Monitoring Agent’ means Software which is installed on the IT Equipment by Landmark which enables system monitoring and performance reporting.
• 1.17 ‘Planned Maintenance’ means any period of maintenance for which Landmark provides prior notice.
• 1.18 ‘Security Incident’ means a cyber-security related Issue.
• 1.19 ‘Security Operations Centre’ means Landmark’s remote team of security specialists.
• 1.20 ‘Server’ means physical or virtual server equipment that is a sub-set of the IT Equipment.
• 1.21 ‘Service Description’ means the second schedule to these Supplementary Terms which describes the Services to be provided by Landmark under the terms of this Agreement.
• 1.22 ‘Service Desk’ means Landmark’s dedicated team of qualified support specialists.
• 1.23 ‘Site’ means Client’s site at which IT Equipment is located, as set out in the Order.
• 1.24 ‘Software’ means the software which is installed on the IT Equipment, as listed on the Order.
• 1.25 ‘Ticket’ means the Client’s report of an Issue to Landmark.

2. TERM

• 2.1 This Agreement shall come into effect on the Commencement Date and shall run for the Minimum Term as set out in the Order.
• 2.2 Unless terminated by in accordance with clause 9, this Agreement shall continue to run after the expiry of the Minimum Term (or subsequent Additional Term) for an Additional Term.
• 2.3 Landmark shall either:
  • 2.3.1 Not less than thirty days where the Minimum Term is one year; or
  • 2.3.2 Not less than ninety days where the Minimum Term is three years;
  Prior to the end of the Minimum Term or any Additional Term thereafter, notify the Client of changes to Charges and any other changes to the terms of this Agreement. In the event that:
  • 2.3.3 The Client serves notice to terminate this Agreement in accordance with clause 9 hereof, this Agreement shall terminate at the end of the Minimum Term or Additional Term thereafter;
  • 2.3.4 The Client notifies Landmark of acceptance of changes, the Agreement shall continue in force for an Additional Term;
  • 2.3.5 The Client fails to notify Landmark of acceptance of changes and fails to serve notice to terminate, the changes will be deemed accepted and the Agreement shall continue in force for an Additional Term.
• 2.4 The duration of any Additional Term shall be the same as the Minimum Term, unless otherwise set out on the Order.

3. PROVISION OF SERVICES

• 3.1 Managed IT Services are provided to support the Client’s on-premise IT systems and Hosted Services. Managed IT Services will be provided by Landmark remotely and if required, visits shall be made to the Client’s Site. For the avoidance of doubt, Managed IT Services do not include the provision or support of network connectivity outside of the Client’s Site, nor do the Services include maintenance of hardware.
• 3.2 The Managed IT Services to be provided hereunder shall include the standard services described in the Service Description and any optional services described in the Service Description as set out on the Order.
• 3.3 During the term of this Agreement, Landmark shall be entitled to make alterations to the Configuration of the IT Equipment and / or Hosted Services. Such alterations may result in temporary disruption to the availability of the IT Equipment and / or Hosted Services and Landmark will use reasonable endeavours to minimise such disruption and will provide as much notice as possible prior to such disruption.
• 3.4 Landmark cannot guarantee and does not warrant that the Managed IT Services shall result in the IT Equipment or Hosted Services operating free from interruptions or temporary degradation performance quality.
• 3.5 Landmark provides Cloud-Based Utilities under the terms of this Agreement; and:
  • 3.5.1 Landmark shall use reasonable endeavours to provide the Cloud-Based Utilities 24 x 7 x 365;
  • 3.5.2 Landmark cannot guarantee and does not warrant that the Cloud-Based Utilities will be free from interruptions, including:
    • a) Interruption of the Cloud-Based Utilities for operational reasons and temporary degradation of the quality of the Server Monitoring services;
    • b) Interruption of the network connection between the Cloud-Based Utilities and the IT Equipment; and
    • c) Any such interruption of the Cloud-Based Utilities referred to in this sub-clause shall not constitute a breach of this Agreement.
  • 3.5.3 Although Landmark will use reasonable endeavours to ensure the accuracy and quality of the Cloud-Based Utilities, such are provided on an “as is” basis and Landmark does not make any representations as to the accuracy, comprehensiveness, completeness, quality, currency, error-free nature, compatibility, security or fitness for purpose of the Cloud-Based Utilities.

4. ACCEPTABLE USE

• 4.1 The Client agrees to use the IT Equipment and / or Hosted Services in accordance with the provisions of this Agreement, any relevant service literature and all other reasonable instructions issued by Landmark from time to time.
• 4.2 The Client agrees to ensure that the IT Equipment and / or Hosted Services are not used by its End Users to:
  • 4.2.1 Post, download, upload or otherwise transmit materials or data which is abusive, defamatory, obscene, indecent, menacing or disruptive;
  • 4.2.2 Post, download, upload or otherwise transmit materials or data uploads or make other communications in breach of the rights of third parties, including but not limited to those of quiet enjoyment, privacy and copyright;
  • 4.2.3 Carry out any fraudulent, criminal or otherwise illegal activity;
  • 4.2.4 In any manner which in Landmark’s reasonable opinion brings Landmark’s name into disrepute;
  • 4.2.5 Knowingly make available or upload files which contain Malware or otherwise corrupt data;
  • 4.2.6 Falsify true ownership of software or data contained in a file that the Client or End User makes available via IT Equipment or Hosted Services;
  • 4.2.7 Falsify user information or forge addresses;
  • 4.2.8 Act in any way which threatens the security or integrity of the IT Equipment or Hosted Services, including the download, intentionally or negligently, of Malware;
  • 4.2.9 Violate general standards of internet use, including denial of service attacks, web page defacement and port or number scanning;
  • 4.2.10 Connect to the IT Equipment or Hosted Services insecure equipment or services able to be exploited by others to carry out actions which constitute a breach of this Agreement including the transmission of unsolicited bulk mail or email containing infected attachments or attempts to disrupt websites and/or connectivity or any other attempts to compromise the security of other users of Landmark’s network or any other third-party system;
• 4.3 The Client acknowledges that it is responsible for all data and/or traffic originating from the IT Equipment and /or Hosted Services.
• 4.4 The Client agrees to immediately disconnect (and subsequently secure prior to reconnection) equipment generating data and/or traffic which contravenes this Agreement upon becoming aware of the same and/or once notified of such activity by Landmark.
• 4.5 Subject to the provisions of sub-clause 10.13 of the General Terms and Conditions, the Client shall indemnify Landmark against any third-party claims arising from the Client’s breach of the terms of this clause 4.

5. THE CLIENT’S OBLIGATIONS

• 5.1 During the term of this Agreement, the Client shall:
• 5.2 Pay all additional Charges levied by Landmark, including those arising from usage-based components of the Services.
• 5.3 Use reasonable endeavours to ensure that usernames, passwords and personal identification numbers are kept secure.
• 5.4 Agree that in all instances where it attaches equipment that has not been provided by Landmark to the IT Equipment or Hosted Services that such equipment shall be technically compatible and conforms to any instruction issued by Landmark in relation thereto.
• 5.5 Accept that if it attaches equipment that does not comply with the provisions of sub-clause 5.4 (‘Unauthorised Equipment’) and such Unauthorised Equipment in the reasonable opinion of Landmark is causing disruption to the functionality of the IT Equipment, Landmark shall be entitled to:
  • 5.5.1 If technically possible, reconfigure the Unauthorised Equipment and charge the Client for the work at its prevailing rate;
  • 5.5.2 Charge the Client at its prevailing rate for any additional work arising from, or in connection with the Unauthorised Equipment;
  • 5.5.3 Request that the Client disconnect the Unauthorised Equipment from the IT Equipment or Hosted Services; and if such request is not agreed by the Client within thirty days, terminate this Agreement forthwith.
• 5.6 Accept that it is the Client’s sole responsibility to take all reasonable steps, including the implementation of anti-virus systems, firewalls and staff training to prevent the introduction of Malware into the IT Equipment or Hosted Services.
• 5.7 Be solely responsible for ensuring compliance with the terms of licence of any Software that is a component of the IT Equipment that has been provided by the Client.
• 5.8 Be responsible for providing external network connectivity, including access to the Public Internet, as required for the correct functioning of the IT Equipment and / or Hosted Services.
• 5.9 During term of this Agreement maintain a level of cyber-breach insurance cover that is appropriate to the risks associated with accidental destruction, damage, loss or disclosure of Client Data; general insurance to cover loss of or damage to the IT Equipment; and
  • 5.9.1 In response to reasonable requests made by Landmark, provide evidence to show compliance with this sub-clause;
  • 5.9.2 Not do or omit to do anything which would destroy or impair the legal validity of the insurance;
  • 5.9.3 If the Client suffers a Data Security Event and subsequently requests assistance from Landmark, ensure that such request for assistance will not breach the terms of the insurance policy prior to requesting assistance from Landmark;
  • 5.9.4 Acknowledge that insurance will not relieve the Client of any liabilities under this Agreement.

6. LANDMARK’S OBLIGATIONS

• During the term of this Agreement, and subject to the performance by the Client of its obligations hereunder, Landmark shall:
• 6.1 Provide the Services set out in the Order and described in the attached Service Description.
• 6.2 During the hours of cover set out in the Order, make available a Service Desk that shall provide support and guidance in the use of the IT Equipment and / or Hosted Services and manage the resolution of all Issues raised by the Client.
• 6.3 During the Hours of Cover set out in the Service Schedule or as amended in the Order, monitor the performance of the Servers.
• 6.4 Respond to Issues raised by the Client and make reasonable endeavours to repair any Issue that is within the IT Equipment, Hosted Services or directly caused by Landmark, its employees, agents, subcontractors or suppliers.
• 6.5 Proactively respond to Issues reported by the Monitoring Agents and make reasonable endeavours to repair any Issue that is within the IT Equipment or Hosted Services.
• 6.6 Following commencement of this Agreement Landmark shall carry out pre-service on-boarding services as described in the Service Description.

7. Clause Intentionally Unused

8. GENERAL

• 8.1 If Landmark carries out work in response to an Issue reported by the Client and Landmark subsequently determines that such Issue either was not present or was caused by an act or omission of the Client, Landmark shall be entitled to charge the Client at its prevailing rate.
• 8.2 In the event of persistent breach of clause 4.2.8, Landmark shall be entitled to:
  • 8.2.1 Charge the Client at its prevailing rate for the removal of Malware;
  • 8.2.2 Terminate this Agreement.
• 8.3 The Client acknowledges that following the Commencement Date, Landmark will provide on-boarding services and that prior to their completion the Managed IT Services may be restricted.
• 8.4 Landmark may perform any Planned Maintenance that may limit the availability of the Cloud-Based Utilities. Planned Maintenance will be scheduled to minimise disruption to the Client. The Client will be notified at least forty eight hours prior to such Planned Maintenance taking place.
• 8.5 Landmark may be unable to provide prior notice of Emergency Maintenance to the Cloud-Based Utilities, but will endeavour to minimise the impact of any such maintenance on the Client.
• 8.6 If the Client suffers a Data Security Event and subsequently requests (chargeable) assistance from Landmark, it is the Client’s sole responsibility to ensure that such request for assistance will not breach the terms of any cyber-insurance policy that the Client has in place, prior to requesting assistance from Landmark.
• 8.7 If the Client is contacted by Landmark and requested to make a change to the Configuration of the IT Equipment or Hosted Services, it is the Client’s sole responsibility to verify the identity of the requestor prior to carrying out the requested change.
• 8.8 If Landmark resets any passwords during the execution of the Services, it shall be the Client’s sole responsibility to change such changed passwords and ensure that such changes are compliant with any security policy that may be in effect.
• 8.9 The Client acknowledges that if it elects not to take advice given by Landmark in relation to the security and performance of the IT Equipment or Hosted Services, there may be a resulting risk to the integrity of the IT Equipment or Hosted Services and that Landmark shall not be liable for any degradation in integrity resulting from such decision and that any additional costs incurred by Landmark resulting there from will be charged to the Client.
• 8.10 The Client hereby consents to Landmark and its sub-contractors accessing the IT Equipment and Hosted Services, for the sole purpose of providing the Services.

9. TERMINATION

• 9.1 In addition to the provisions of clause 11 of the General Terms and Conditions, this Agreement may also be terminated:
  • 9.1.1 By either party by giving the other:
    • a) Not less than thirty days where the Minimum Term is one year; or
    • b) Not less than ninety days where the Minimum Term is three years;
    To terminate at the end of the Minimum Term or any Additional Term thereafter;
  • 9.1.2 By Landmark at any time if it can no longer provide the Services;
  • 9.1.3 By the Client by reason of Landmark’s un-remedied or repeated material breach of the terms of this Agreement;
  • 9.1.4 By the Client if Landmark or its supplier makes changes to the Managed IT Services which materially adversely affect the Client (which for the avoidance of doubt, does not include changes to Charges).

10. CHARGES AND PAYMENT

• 10.1 Invoices for Recurring Charges shall be raised in advance of the relevant period and the invoicing period is set out on the Order. Recurring Charges will be based on:
  • 10.1.1 The current number of End Users as determined by Landmark, based initially on the Order and subsequently data obtained from on the Client’s identity provider platform;
  • 10.1.2 The current number of Endpoints as determined by Landmark, based initially on the Order and subsequently on the Monitoring Services;
  • 10.1.3 The current Core Infrastructure based initially on the Order and subsequently as determined by Landmark;
• 10.2 Landmark shall make its determination contemplated in sub-clause 10.1 on the date of Landmark’s invoicing cycle; and:
  • 10.2.1 Items of IT Equipment that Landmark has been notified are to be excluded shall be excluded from invoicing by Landmark;
  • 10.2.2 It is the Client’s sole responsibility to notify Landmark of all items that are to be excluded from invoicing;
  • 10.2.3 Each End User or Endpoint that is determined in accordance with sub-clause 10.1 shall be charged for a minimum period of one month.
• 10.3 Invoices for on-boarding Charges, as set out on the Order, shall be raised on commencement of this Agreement.
• 10.4 Invoices for usage-based Charges, including Charges made for use of Services in excess of any pre-paid amounts and ad hoc IT Services, will be invoiced in arrears.
• 10.5 Landmark shall commence charging for the Managed IT Services from the Commencement Date, regardless of the date on which the Client commences use of the Managed IT Services. If the Commencement Date does not correspond with Landmark’s invoicing period as set out in the Order, Landmark shall charge the Client at a pro-rata rate for the first invoicing period.
• 10.6 The Client acknowledges that the Charges for the Minimum Term are calculated by Landmark in consideration inter alia of the setup costs to be incurred by Landmark and the length of the Minimum Term offered.
• 10.7 The Managed IT Services will be provided by Landmark for use by the Client on a Fair Use basis. If, in the reasonable opinion of Landmark, the Client’s use of the Services is deemed to be in excess of Fair Use, Landmark shall be entitled to charge the Client at its prevailing rate for the supply of such Services.
• 10.8 The Client agrees that it shall be liable for Early Termination Charges if this Agreement is terminated by:
  • 10.8.1 The Client terminating this Agreement for convenience prior to the end of the Minimum Term or Additional Term, whereupon the Client shall be liable for the Recurring Charges payable for the remainder of the current term, plus any other outstanding or incurred Charges;
  • 10.8.2 Landmark terminating this Agreement prior to the end of the Minimum Term or Additional Term by reason of the Client’s un-remedied material breach of the terms of this Agreement, whereupon the Client shall be liable the Recurring Charges payable for the remainder of the current term plus any other outstanding or incurred Charges.
• 10.9 The Client shall not be liable for Early Termination Charges if this Agreement is terminated by:
  • 10.9.1 The Client at the end of the Minimum Term or Additional Term thereafter PROVIDED THAT the Client properly serves written notice to terminate, in accordance with clause 9;
  • 10.9.2 If a right of termination arises under the provisions of sub-clauses 9.1.2 to 9.1.4.

11. LIMITATIONS AND EXCLUSIONS

• 11.1 In addition to the terms set out in clause 12 of the General Terms and Conditions, Landmark shall also be entitled to suspend the provision of Services, in whole or part, without notice due to Landmark being required by governmental, emergency service, regulatory body or other competent authority to suspend Services.
• 11.2 This Agreement and the Services provided by Landmark do not include:
  • 11.2.1 The maintenance or support of any equipment that is not listed on the Order, which for the avoidance of doubt also excludes employee-owned equipment;
  • 11.2.2 Repair or replacement of any damaged IT Equipment;
  • 11.2.3 The supply of any consumables;
  • 11.2.4 Recovery of Client data whose loss can be reasonably attributed to accidental deletion, mis-use or negligence by the Client, where such recovery necessitates work other than recovery from the latest backup or the number of requests for such is in Landmark’s reasonable opinion, in excess of Fair Use;
  • 11.2.5 Removal of Malware or the recovery of Client’s data that results from Malware infection where either the Client has previously failed to act on recommendations made in relation thereto by Landmark or the number of requests for such is in Landmark’s reasonable opinion, in excess of Fair Use;
  • 11.2.6 Remediation following a cyber-breach or hack;
  • 11.2.7 Remediation of issues caused by Windows 10 or 11 feature upgrades where the Client has failed to follow recommendations made in relation thereto by Landmark;
  • 11.2.8 Operating system installation or re-installation where the Client has failed to follow recommendations made in relation thereto by Landmark;
  • 11.2.9 Software installation;
  • 11.2.10 Bare-metal restores;
  • 11.2.11 Support for any Software that is not supported by its manufacturer or Line of Business Applications;
  • 11.2.12 Support for any IT Equipment that is not covered by its manufacturer’s warranty, care pack or maintenance agreement;
  • 11.2.13 The provision of development projects;
  • 11.2.14 The provision of End User or “how to” training, unless otherwise agreed and subject to Fair Use;
  • 11.2.15 Support for internet service provider outages;
  Landmark may at its sole discretion provide any of the excluded services listed in this sub-clause 11.2 and charge for the supply thereof at its prevailing rate.
• 11.3 If a home-based or located End User has Client-supplied IT Equipment with an installed Monitoring Agent, the Service Desk will assist with IT Equipment-related and connectivity Issues (such as a VPN connection) but will not support other home IT issues.
• 11.4 Whilst Landmark’s Monitoring Agents are intended to proactively identify most system-related Issues, Landmark does not warrant and cannot guarantee that the Monitoring Agents will identify all system-related Issues and shall not be liable for any losses, damages or costs unless such result directly from the negligence of Landmark.
• 11.5 Cloud-Based Utilities are provided on an ‘as is’ basis, without warranty, guarantee of fitness for purpose or suitability for the Client’s purpose; and
  • 11.5.1 Landmark shall not be liable for any damage or costs resulting from a failure of an update to the antivirus or anti-Malware software or definitions, failure to detect Malware or false positive identification of Malware unless such failure is caused by the negligence of Landmark.
• 11.6 Landmark shall not be liable for any damages, costs or Charges arising from damage to, or theft of backup data that is transmitted from the Client’s Site to the Data Centre via the Public Internet, nor for any other losses that occur due to reasons beyond its reasonable control.
• 11.7 Patches are supplied by Landmark-authorised software vendors and not Landmark. Landmark will use reasonable endeavours to prevent a patch causing an adverse reaction with any particular machine configuration, but Landmark shall not be liable for any disruption resulting from the installation of patches. In such circumstances, Landmark’s sole responsibility will be to de-install the patch or roll back to an appropriate restore point to resolve the issue.
• 11.8 During its on-boarding process, Landmark will attempt to install the tools required to deliver the Services, including Monitoring Agents and anti-Malware software (the ‘Tools’) onto the Client’s Endpoints and Servers. If by the conclusion of the on-boarding process Landmark has been unable to install its Tools on any Endpoint or Server that it is reasonably aware of, Landmark shall notify the Client and thereafter it shall be the responsibility of the Client to arrange a mutually convenient time for the installation of such Tools on the remaining Endpoints and Servers. Landmark will not accept any responsibility for any losses, damages or costs that arise due to the lack of installation of Tools on the notified Endpoints and Servers prior to the installation of its Tools.

1. Service Desk

• 1.1 The Service Desk provides a means of contact with Landmark for the reporting Issues within the IT Equipment and / or Hosted Services.
• 1.2 The Client shall report Issues by one of the following methods:
  • Via Email: support @ landmark.ie
  • Via Landmark’s Customer Portal
  • By Telephone to Landmark’s Service Desk: +353 (0)1 620 5500
• 1.3 The Service Desk Hours of Cover are from 8am to 6pm Monday to Friday, excluding bank and public holidays.
• 1.4 Subject to Fair Use, Landmark will provide unlimited telephone / remote support.
• 1.5 Landmark will always attempt to resolve Issues remotely in the first instance, but if unable to do so will provide on-site support subject to Fair Use and agreement that such is the most effective means of resolving a particular Issue.
• 1.6 Landmark’s Service Desk does not provide:
  • Remediation of any security-related Issues that are identified by the Services which are not covered by relevant Service Components that form he Service
  • Any excluded services listed in sub-clause 11.1

2. Service Level Agreement

2.1 Landmark’s Service Desk response targets are:

Priority	Severity	Business Impact	Initial Response	Onsite Response
1	Company-wide issue	No End Users can work	30 minutes	4 Working Hours
2	Issue affecting multiple End Users	Some End Users are unable to work	2 Working Hours	8 Working Hours
3	Issue affecting a single End User	One End User cannot work	3 Working Hours	8 Working Hours
4	Change / information request	Minimal impact or planned work	4 Working Hours	Agree with the Client
5	None	Do next time	Agree with the Client	Agree with the Client

2.2 Landmark shall make reasonable endeavours to meet the targets set out in this paragraph 2. Failure by Landmark to meet such targets shall not be deemed a breach of this Agreement.

3. Change Request Processing

The Client may request changes to the configuration of the IT Equipment or Software at any time.

• 3.1 Landmark shall process a Change Request made by the Client as follows:
  • The Client should submit new Change Requests via the Service Desk
  • It is important to ensure that change requests are submitted with enough detail and justification to enable informed decision making
  • Landmark will acknowledge receipt of the Change Request within the timeframe set out in paragraph 3
  • Provided that Landmark agrees with the Change Request, Landmark will create a change management plan, which will include defining the steps required to implement the change, testing, documentation, communication, costs and a rollback plan. This includes defining the steps required to revert a change in case of unexpected problems or issues
  • When the change management plan is agreed, Landmark will provide a date for the commencement of the change and, unless subsequently advises to the contrary, will commence work on that date
  • If Landmark does not agree with the Change Request, Landmark will explain the reasons, including any associated risks, to the Client (‘Queried Change Request’)
• 3.2 The Client may formally request that Landmark implement a Queried Change Request. In response to such a request, Landmark may at its sole discretion, do either:
  • Implement the Queried Change Request on the written instruction of the Client, such instruction stating that the Client understands and accepts the risks involved and that Landmark shall have no liability to the Client if the change causes degradation to the Service, including malfunctioning or security risk
  • Offer to provide consultancy services to the Client, with the objective of finding an alternative solution. Consultancy is chargeable at Landmark’s prevailing rates
• 3.3 Landmark will normally implement agreed Change Requests during the Working Day. If requested, Landmark may implement Change Requests outside of the Working Day and will be entitled to additionally charge the Client at its prevailing rate for doing so.

4. Complaint Handling

• 4.1 If dissatisfied with any Services-related matter, the Client should make a complaint using the following escalation path. If the complaint remains unresolved, the Client should escalate to the next level in the escalation path:

Escalation Level	Role	Contact Details
1	Partner Manager	partner @ landmark.ie +353 (0) 1 620 5500
2	Operations Director	jmoore @ landmark.ie +353 (0) 1 620 5500
3	Managing Director	ken @ landmark.ie +353 (0) 1 620 5500

• 4.2 Landmark will respond to complaints within two Working Days.

Service Description

Under the terms of this Agreement, Landmark will provide all of the services described in the following paragraphs 1 – 9, subject to any limitations set out in the individual descriptions and any of the services described in paragraph 10 that are explicitly set out on the Order.

1. Infrastructure Services

1.1 Internet Service Provider Management

Landmark will manage the Client’s Public Internet connection, including:

• Monitoring the Public Internet connection continuously to ensure that it is operating and respond to Issues such as connectivity and performance that are raised through Landmark’s monitoring service or by the Client. In the event of an Issue, Landmark will ensure that failover and failback are functional, where applicable, escalate the Issue to the Internet Service Provider (‘ISP’) and mange the Issue throughout its duration
• Working with the ISP, ensure that equipment, including modems and routers are operating and installed correctly and are up to date with the appropriate firmware
• Performing regular tests, outside of the Working Day or off peak, to confirm that the ISP connection is working correctly and failover and fail back are operational as expected, where applicable
• Verifying that the connection speed meets the expectations of the Client and to the level the Client is subscribed for. Landmark will provide advice on the most appropriate ISP services to meet the Client’s business needs through Landmark’s SHARE™ process
• As required by the Client, provide reports on ISP performance from an internal network perspective

1.2 Firewall as a Service

If the Client does not have a suitable firewall or is required to have an additional firewall, Landmark will supply a suitable business grade Firewall, as Rental Equipment, under the terms of this Agreement.

1.3 Firewall Management

1.3.1

Where Landmark has supplied a firewall or where the Client already has a suitable firewall but is not in receipt of a Firewall Management service, Landmark will provide the following Firewall Management services as applicable to the firewall:

• Firewall policy management: This involves defining the security policies that govern the behaviour of the firewall, including which traffic is allowed to pass through the firewall and which traffic is blocked
• Firewall configuration: Configuring the firewall to implement the security policies defined in the firewall policy management process, including setting up access control lists, configuring port forwarding and defining rules. Implementation of changes required for third parties such as Broadband vendors and CCTV vendors
• Where applicable to the Firewall the following features will be managed:
• Application-level filtering: identifying and blocking traffic based on the application-level protocols being used
• Intrusion detection and prevention: Detection and prevention of attempts to exploit vulnerabilities in the network
• Network address translation: Network Address translation functionality to allow internal network addresses to be translated to external addresses for internet access
• User authentication: User authentication to ensure that only authorized users can access the network
• Firewall monitoring: The monitoring the traffic passing through the firewall to ensure that it conforms to the security policies defined in the firewall policy management process
• Firewall Issue response: Response to any Security Incidents detected by the firewall, such as an attempted breach or unauthorised access. This includes investigating the Security Incident, taking remedial action and updating the firewall policies and configurations as required.
• Firewall maintenance: Maintaining the firewall hardware and software to ensure that it remains up to date. This includes applying patches and updates, backing up configurations and testing failover mechanisms where applicable. Where Zero Day updates are required, these will be implemented once released from the vendor
• Firewall replacement: Landmark will provide a hot spare firewall ready to go in the event that the Client’s firewall experiences a hardware failure or any other issue that would render it non-functional for the duration of the outage
• Change control: All changes are governed by Landmark’s Change Control Processes as described in paragraph 3 of the Service Schedule

1.3.2 Firewall Management – Advanced Additional Services

Landmark will, if set out on the Order; provide Firewall Management – Advanced Additional Services:

• Firewall monitoring: Landmark will analyse logs and alerts generated by the firewall and respond to any Security Incidents. Clients availing of a SIEM service can also leverage firewall SIEM integration
• Firewall Penetration Testing: Landmark will regularly review the firewall policies and configurations to ensure that they are still effective in protecting the Client’s network. This includes performing penetration testing and vulnerability scanning to identify potential weaknesses in the firewall’s defences
• Centralised Management: Landmark will provide 24/7 Security Monitoring and a Security Operations Centre (‘SOC’) platform that provides real-time visibility and control over the Firewall. The SOC offers advanced features such as automated threat response, real-time threat detection and prevention.

1.4 Virtual Private Network Management

Landmark will provide the following VPN Management services:

• Troubleshooting and support: Provide technical support to address any VPN-related issues the Client may encounter. This includes troubleshooting connectivity and performance or security Issues.
• Monitoring and reporting: Continuously monitor the health and performance of the Client’s VPN connections. This enables Landmark to proactively identify potential Issues and address them before they impact the Client
• Training and documentation: Provide End Users with training and documentation on how to use and maintain their VPN connections. This includes user guides, best practices and troubleshooting advice

1.5 Networking Infrastructure (Data Switching)

1.5.1 Landmark will provide the following Networking Infrastructure services:

• Networking Infrastructure (Data Switching): Landmark will review and define the security policies that govern the behaviour of data switches including defining which traffic is to be blocked
• Data Switch monitoring: Landmark will monitor the traffic passing through the data switch to ensure that it conforms to any defined security policies
• Data Switch maintenance: Maintaining the data switch hardware and software to ensure that it remains up to date. This includes applying patches and updates, backing up configurations and testing failover mechanisms where applicable
• Equipment replacement: Landmark provides hot spare data switches ready to go in the event that the Client’s data switch experiences a hardware failure or any other Issue that would render it non-functional for the duration of the outage
• Change control: Landmark will implement Change Requests that are requested by the Client. All changes are governed by the Change Request process described in the Service Schedule

1.5.2 Networking Infrastructure excludes all elements of data cabling.

1.6 Wireless Networking Infrastructure

1.6.1 Where appropriate Wireless Networking (‘WiFi’) networking infrastructure equipment has been installed by Landmark, Landmark will:

• Networking Infrastructure (WiFi): On a regular basis, review and define the security policies that govern the behaviour of the WiFi network
• Security: Ensure that the WiFi network is secured with the latest encryption standards. Implement strong passwords and password integration where available to RADIUS or equivalent services
• Access control: Use access control measures such as MAC address filtering and access points with built-in user authentication mechanisms, or the prevailing best practice where allowed by the infrastructure, to limit access to the network and prevent unauthorised access
• Firmware updates: Keep access points’ firmware updated with the latest software updates and security patches.
• Performance monitoring: Monitor network performance to identify and resolve potential issues before they impact users. This includes monitoring signal strength, connection speeds and network usage
• On Demand WiFi SSID: Set up separate networks for temporary access for events, conferences, etc. to ensure access to internal systems and sensitive data is prohibited
• Management platform: Using its cloud management platform Landmark will simplify management of access points and help identify and resolve issues more efficiently
• Analytics: Use analytics tools to gather data on network performance and usage, which can help to identify areas for improvement and optimise the network

1.6.2 Additional services, as set out on the Order:

• WiFi system Design, Capacity Plan & Implementation: Landmark will review, plan and design the WiFi network infrastructure to ensure the system will meet the needs of the expected number of users and coverage requirements for the future. Capacity planning for future growth to ensure adequate coverage and capacity

1.6.3 Where an existing WiFi system has been installed by a third party, upon a review and scoping of requirements (chargeable at Landmark’s prevailing rate), Landmark may be able to provide the above services.

2. Email Advanced Threat Protection

2.1 Email Advanced Threat Protection (‘ATP’) is a security solution that aims to protect email users from advanced and sophisticated cyber threats, such as phishing attacks, Malware and ransomware. Email ATP typically includes multiple layers of security features, including:

• Content filters: These filters analyse the content of emails to detect and block malicious URLs, attachments and other suspicious content
• Anti-spam filters: These filters identify and block spam emails and messages, which can be used to deliver phishing attacks and Malware
• Sender authentication: This technology verifies the identity of the sender of an email message to help to prevent email spoofing
• Threat intelligence: Email ATP solutions use real-time threat intelligence and machine learning to detect and block new and emerging threats
• Email encryption: This feature encrypts sensitive data in emails to protect it from unauthorised access
• Quarantine: A quarantine email report or service is provided, where it is the responsibility of the Client to check for false positives, release genuine emails and raise any concerns with Landmark’s Service Desk

Overall, Email ATP provides an additional layer of protection against cyber threats and helps the Client to reduce the risk of data breaches, financial losses and reputational damage caused by cyber-attacks. However, it is the Client’s responsibility to ensure its End Users are vigilant about spam emails.

2.2 ATP as a Service

Landmark’s ATP as a Service (‘ATPaaS’) is designed to protect the Client’s email system from spam, Malware, phishing attacks and other email-borne threats. ATPaaS scans all incoming and outgoing email traffic for spam, Malware and other email-borne threats. It uses advanced technologies such as pattern matching, heuristics and reputation analysis to block spam and other unwanted emails. In addition to email filtering, ATPaaS provides a range of security features, including:

• Email encryption: This feature encrypts sensitive data in emails to protect it from unauthorised access
• Denial of Service (‘DoS’) protection: This feature reduces the risk of a DoS attack overwhelming the Client’s email system
• Inbound and outbound email filtering: ATPaaS can filter both inbound and outbound email traffic to protect the Client from internal threats and data leaks
• Quarantine management: ATPaaS provides a quarantine area where suspicious email messages can be held for further inspection
• Landmark’s ATPaaS has built in redundancy which prevent the client from experiencing any impact to the ATP service in the event of a failure in the primary service

2.3 If the Client has subscribed to a Microsoft or ATP as a Service, Landmark will provide the following ATP management services:

• ATP User Maintenance: This involves ensuring all email users are setup to receive quarantine reports and to provide support to the users where emails have been blocked, to release and whitelist them, along with blocking emails and senders that are suspect or malicious
• ATP policy management: This involves defining the security policies that govern the behaviour of the ATP, including which traffic is allowed to pass through the ATP and which traffic is blocked
• ATP configuration: Configuring the ATP to implement the security policies defined in the ATP policy management process, including setting up access control lists, configuring port forwarding and defining rules. Implementation of changes required for third parties such as broadband vendors and CCTV vendors
• ATP monitoring: This involves monitoring the traffic passing through the ATP to ensure that it conforms to the security policies defined in the ATP policy management process. Where an ATP service has the feature, Landmark will monitor the ATP service through its Security Operations Centre
• ATP Security Incident response: This involves responding to any Security Incidents detected by the ATP service, such as an attempted breach or unauthorised access. This includes investigating the Security Incident, taking remedial action and updating the ATP policies and configurations as required
• ATP maintenance: Maintaining the ATP hardware and software to ensure that it remains up to date. This includes applying patches and updates, backing up configurations and testing failover mechanisms where applicable. Where Zero Day updates are required, these will be implemented by Landmark when released by the Vendor

2.4 ATPaaS Management – Advanced Additional Services

If set out on the Order, Landmark will provide the following services in addition to those listed in the above paragraph:

• ATPaaS monitoring: This includes analysing logs and alerts generated by the ATP and responding to Security Incidents as appropriate. Clients availing of a SIEM system can leverage an ATP-SIEM integration

2.5 Endpoint Protection

In the event a client does not have a suitable Endpoint Protection (‘EPP’) application in place, Landmark will provide a managed EPP. EPP (originally known as anti-virus software) is vital for the protection of the Client’s Endpoint machines and Servers. EPP performs real-time scanning and protection against Malware and other threats which can cause significant damage to the Client’s network and data.

Landmark’s advanced Anti-Virus service is focussed on security and speed. It employs a unique approach to Malware protection and is largely cloud-based. This approach means that its monitoring and detection are carried out with very little performance impact compared with other anti-virus solutions and obviates the need for constant updating of Servers and Endpoints with virus definitions. The service includes:

• Real-time threat protection
• Ransomware protection
• Anti-phishing filter

3. Server Infrastructure

3.1 Landmark will provide the following Server Infrastructure support services:

• Server maintenance and monitoring: Monitoring of Server performance, hardware and operating system updates and security patches. Landmark monitors critical Server events, predictable failures and failures in disk systems, RAID Controllers, Processors, RAM, Power Supplies and environmental issues such as temperature. Server maintenance and monitoring is provided during Service Desk Hours of Cover; however, this will be extended to 24 / 7 if set out on the Order.
• Server Patching: Landmark operates a comprehensive patching solution which is fully described in paragraph 8
• Review and Optimisation: Periodic reviews are conducted to evaluate the effectiveness of the Server to identify opportunities for performance optimisation and improvement
• Security Management: Landmark manages and monitors the security of the Server and responds to manufacturer and operating security issues
• Server Application management: Landmark manages and maintains Server-based applications such as DNS, DHCP that are components of the server operating system
• Server Replacement: Landmark provides hot spare Server equipment in the event the Client’s Server experiences a hardware failure or any other Server hardware related issue that would render it non-functional for the duration of the outage (subject to a maximum duration of thirty days) while suitable replacements are implemented
• Third-party vendors: As required Landmark with work with third-party vendors to provide secure access to the Client’s Servers to enable software, application, device, network device installation, upgrade, maintenance and patching by the third-party vendor
• NAS / SAN: Where the Client has NAS /SAN infrastructure these devices are included in the Server Infrastructure service
• Server procurement: Landmark recommends that all Desktop hardware is procured through Landmark as described in paragraph 9
• Change control: All changes are governed by Landmark’s Change Control Processes as described in the Service Schedule

3.2 Active Directory / Azure Active Directory Management

Landmark manages and maintains the servers Active Directory, including creating, editing and removal of End Users, User Groups, Security Groups, Security Policy review and implementation:

• User management: This involves managing End User accounts, permissions and access to resources on the servers and network, password changes
• Password policy and enforcement: Password policies are applied to the Client’s Windows domain; this will not affect third-party software, cloud services, etc. Landmark may change password policies at any time depending on various factors, including industry best practice, the current cyber security landscape and Landmark’s professional experience
• Baseline security management: Landmark will maintain standard group policy security templates that are based upon industry practices that in Landmark’s professional opinion are appropriate. Updates to the security template will be at the discretion and timescales of Landmark

3.3 Server Infrastructure – Advanced Additional Services

Landmark will provide Server Infrastructure – Advanced Additional Services, if explicitly set out on the Order:

• Business Continuity/ Disaster Recovery (‘BCDR’): Landmark will create and implement a BCDR plan to ensure that data and applications can be restored in the event of a disaster or outage. BCDR plans are normally tested annually and may be tested more frequently if agreed
• Server Security Testing: Landmark will regularly review the server security policies and configurations to ensure that they are effective in protecting the Client’s network. This includes performing penetration testing and vulnerability scanning to identify potential weaknesses in the Server’s defences

4. Paragraph Intentionally Unused

5. Server Uninterruptible Power Supply System

5.1 Landmark will monitor and check the installed Server UPS system to ensure the smooth and uninterrupted operation of the Client’s servers and other critical IT equipment supported on the UPS system, including:

• Battery Check: On a scheduled basis, Landmark will perform a UPS battery check to ensure that the batteries are fully charged, the charging system is working correctly and the batteries have capacity for the load
• Load Capacity: Check the load capacity of the UPS system monthly to ensure that it is not overloaded, which can result in system failure, shorted battery life and degraded run times in the event of a power outage
• Communications Check: Check the communications between the Server and the UPS are operational and resolve issues as they arise
• Firmware Updates: Keep the firmware of the UPS system updated to the latest version to ensure optimal performance
• UPS management software Updates: Keep the UPS management software updated to the latest version to ensure optimal performance

5.2 Generators and large building wide UPS systems are excluded from this service.

6. Cloud Platform Management

6.1 Microsoft 365 Secure Score Review

6.1.1 Landmark’s service includes a review of the Client’s Microsoft Secure Score. Microsoft Office Secure Score Review is a tool that helps the Client to assess the security posture of its Microsoft Office 365 environment. It provides a list of recommendations for improving the security of Client’s Office 365 environment and places them in order of priority.

6.1.2 Microsoft Secure Score measures up to four key areas of security, as appropriate to the Client’s Hosted Services configuration:

• Identity (Azure Active Directory accounts & roles)
• Device (Microsoft Defender for Endpoint, known as Microsoft Secure Score for Devices)
• Apps (email and cloud apps, including Office 365 and Microsoft Defender for cloud apps)
• Data (through Microsoft Information Protection)

6.1.3 Landmark will complete its reviews quarterly, as per Microsoft’s best practices; however Landmark may increase the frequency dependent on the complexity of the Client’s Hosted Services configuration and any specific security-related goals.

6.1.4 The Client acknowledges that while implementing Landmark’s and Microsoft’s recommendations can improve security; neither Landmark nor Microsoft guarantee complete security.

6.2 Microsoft 365 Licensing Management

6.2.1 Where the Client has procured its Microsoft 365 licensing through Landmark and subject to the Client purchasing any additional licences that are required to support the activities listed below, Landmark will complete several key activities that are essential for ensuring that the Client’s Microsoft 365 subscriptions are correctly licensed and compliant:

• Subscription Management: Landmark will ensure that the Client has the appropriate number of licences for its End Users and that licences are allocated correctly. This includes tracking licence usage, identifying licence waste and managing licence renewals and upgrades
• Licence Compliance: Landmark will ensure that the Client is in compliance with Microsoft’s licensing terms and conditions. This includes monitoring licence usage, identifying potential compliance issues and managing licence audits
• Security and Compliance Management: Landmark will ensure that Microsoft 365’s security and compliance features, including data loss prevention, eDiscovery and retention policies are properly configured and managed to protect the Client’s data and ensure compliance with regulatory requirements.
• End User Management: Landmark will manage End User accounts, roles and permissions. This includes creating and managing user accounts, assigning licences and configuring roles and permissions for different End Users and groups. It is the responsibility of the Client to inform Landmark of any changes to End Users (for example, staff leaving), to enable Landmark to provide this service
• Configuration Management: Landmark will ensure that configuration options that impact the security, performance and user experience of the platform are properly managed and optimised to meet the needs of the Client
• Reporting and Analytics: Landmark will provide monitoring and reporting on key metrics related to licensing usage, compliance, security and performance. This includes generating reports, analysing data and using insights to optimise licensing and improve the Client’s use of Microsoft 365

6.2.2 Clients who do not procure Microsoft 365 licences through Landmark may avail of these services for an additional Charge, as set out on the Order.

7. Desktop Infrastructure

Desktop Infrastructure includes physical desktop PCs, professional workstations, laptops and professional laptops. Landmark will provide the following Desktop Infrastructure services:

• Desktop maintenance monitoring: Landmark will monitor Desktop Infrastructure performance, hardware and operating system updates and security patches. Landmark will also monitor for critical Desktop Infrastructure events, predicted failures and failures in disk systems, RAID controllers, processors, RAM, power supplies and for environmental issues such as temperature
• Desktop patching: Landmark will provide a comprehensive patching service which is fully described in paragraph 8
• Optimisation: Landmark, using its automation software toolset, will provide daily performance monitoring and tune up of Desktop infrastructure to ensure optimal performance
• Review: Landmark will provide periodic reviews to evaluate the effectiveness of the Desktop infrastructure to identify opportunities for performance improvement, capacity plan, life cycle management and replacement planning and budgeting
• Desktop Infrastructure application management: Landmark will manage and maintain the Desktop Infrastructure-based applications including Microsoft Office, Outlook and Software provided by other third-party application Vendors, where current support agreements are in place with those Vendors
• Third-party vendors: Landmark will work with third-party vendors to provide secure access to the Desktops to enable software, application, device, network device installation, upgrade, maintenance and patching by the third-party vendor as required
• Desktop Infrastructure hardware and software standards: Landmark will apply its Desktop infrastructure standards across the Client’s IT infrastructure to ensure that management of the Desktop infrastructure is consistent and efficient
• Landmark has developed highly automated processes for deploying standardised, tested and proven Desktop “builds”: If the Client has implemented Microsoft Intune and Autopilot, Landmark will utilise these technologies. If Intune and Autopilot are not implemented, Landmark will provide the automation required or recommend to the Client that Intune and Autopilot are implemented

To enable Desktop infrastructure alerting, monitoring and patching the Desktop equipment must be turned on and connected to the internet to allow 24/7/365 monitoring, alerting and patching to occur.

8. Patching and Patch Management

Landmark provides a Fully Managed Patching and Patch Management service (‘Patching’). Patching is a crucial service that helps the Client to ensure that its systems and software are up to date and secure, reducing the risk of security breaches and downtime. Landmark’s Patching and Patch Management service includes:

• Patching platform enrolment: To enable Patching, the Client’s Microsoft-based IT Equipment will be enrolled with Landmark’s fully managed Patching platform. During the on-boarding process, any gaps between actual and recommended Patching levels will be reviewed and a catch-up plan put in place
• Landmark completes Patching out of normal operational hours; typically the patch ‘window’ is 00:01 to 05:00 Monday to Friday and at weekends to ensure minimal disruption to the Client and its End Users and Landmark identify the most suitable time for this window as some patches do require server reboots to operate
• Patch testing: Before any patches are released, they are tested in a laboratory test environment before they are deployed to live ‘production’ systems. This helps to ensure that patches don’t cause unexpected issues or downtime. For good practice, unless a patch is urgent or required for security, Landmark generally follows several days behind the general release of the patch into the wider world. This is to ensure it is tested in real world environment before rolling out to the Client
• Patch deployment: Patches are deployed to systems in a controlled and phased manner. This allows for any issues to be identified and resolved before the patch is deployed to all systems
• Monitoring and reporting: Landmark monitors systems for patch compliance and generates daily and weekly reports to track progress and identify systems that require additional attention
• Patch automation: Landmark’s Patching and Patch Management service is highly automated with human oversight
• Patch rollback: Landmark maintains a rollback plan in case a patch causes issues
• Firmware & BIOS Patching: Due to the critical nature of Firmware & BIOS systems, Landmark will complete firmware updates and BIOS patching in the event that a Critical Alert from a Manufacturer is issued

The software covered by the Patching and Patch Management service includes:

• Supported versions of Windows Desktop and Server and macOS
• Supported Microsoft office productivity software
• A wide range of supported third-party applications

9. Managed Services

Landmark provides a wide range of Managed Services, including:

9.1 Sub-Clause Intentionally Unused

9.2 7am Operations Checks

Landmark will carry out operational checks at 7am Monday to Friday (excluding bank and public holidays) to ensure that key systems, Public Internet connectivity and Line of Business Applications are operational before the business day starts.

9.3 Alerting and Monitoring

9.3.1 Landmark’s Alerting and Monitoring service provides monitoring of system performance and log monitoring to ensure that the Client’s systems are functioning properly and that any issues are addressed promptly. Monitoring includes:

• ISP monitoring: In the event that the Client’s ISP has an outage Landmark will respond and troubleshoot the issue. Landmark will ensure failover has occurred to a backup line if one is in place. Landmark will liaise with the ISP to manage the resolution of the issue and when resolved ensure the failback has occurred
• Server monitoring: Landmark will responds to server alerts that may arise, such as high CPU usage, low disk space, or hardware failures
• Network monitoring: Network alerts for issues with the Client’s network infrastructure, such as failed switches, routers, or firewalls and help ensure the network performance and uptime
• Server backup monitoring: Landmark will check the Client’s server backups daily to ensure critical data is backed up and recoverable
• Microsoft 365 backup monitoring: Where a Microsoft 365 backup service is in place, Landmark will check the Client’s Microsoft 365 backups daily to ensure that Microsoft 365 data is backed up
• Key Line of Business Application monitoring: During on-boarding Landmark will identify the Client’s key Line of Business Applications. Landmark will provide application monitoring for those named applications
• Email ATP monitoring: Landmark will monitor the Email ATP system to ensure that email delivery is not affected by issues, such as spam filters, email bounces or email blacklisting and will also whitelist or blacklist senders and domains as appropriate and release quarantined email

9.3.2 Cyber-Security Monitoring and Alerting

If explicitly set out on the Order, Landmark will provide an additional fully managed Cyber-Security Monitoring and Alerting Service which includes the detection of and response to cyber-security threats, including intrusion attempts, Malware infections, ransomware and data breaches.

9.4 Business Reviews and Technology Roadmaps

Landmark provides both Business Reviews and Technology Roadmaps as part of its unique SHARE process.

SHARE is an important process that Landmark will conduct with the Client on a regular basis. It is an opportunity for Landmark to review the Client’s IT infrastructure, performance and goals and provide recommendations and updates on Landmark’s services. This will help identify any issues, vulnerabilities, or gap in the Client’s technology setup. Infrastructure warranty status reporting and life cycle management are also part of a SHARE review. The SHARE review will also address:

• IT performance: Landmark will assess the performance of the Client’s IT environment, including system uptime, response times and End User satisfaction. This will help identify any performance issues that need to be addressed and ensure that the Client’s IT environment is meeting its needs
• Review Service Level Agreements (SLAs): Landmark will review its performance and ensure that it is meeting the stated service levels
• Budgeting and recommendations: Landmark will provide budgeted recommendations for improvement, including any areas where the Client’s IT environment can be optimised or upgraded to better meet its needs
• Budgeting is normally done on a 12, 24 and 36 month roadmap to enable the Client to include such information in its operational or capex budgets
• Action Plan: Landmark will work with the Client to develop an action plan to address any identified issues, vulnerabilities, or gaps in the Client’s IT environment
• Technology Improvements: Landmark will provide updates relevant new technologies that will benefit the Client, including any new services or enhancements that Landmark may have implemented since the last SHARE. A technology roadmap is a strategic planning tool that outlines the Client’s future technology direction, goals and priorities
• Current state assessment: This provides an assessment of the Client’s current technology environment. It includes an inventory of hardware, software and network infrastructure, as well as an analysis of performance, security and other factors that impact technology operations
• Gap Analysis: This identifies the gaps between the Client’s current state and its desired future state

• Prioritised Roadmap: This outlines the technology initiatives that will be pursued to close the gaps identified in the gap analysis. The roadmap includes a prioritised list of projects, initiatives and timelines, as well as estimated costs and resources required
• Implementation Plan: This provides a detailed plan for implementing the technology initiatives outlined in the roadmap. It includes project timelines, resource allocation, risk management and other key implementation details
• The technology roadmap is a living document which will be reviewed and updated regularly to reflect changes in the Client’s technology environment and business priorities. It provides a strategic framework for making technology investments that align with business objectives and drive organisational growth and success

9.5 Sub-paragraph Intentionally Unused

9.6 Sub-paragraph Intentionally Unused

9.7 Sub-paragraph Intentionally Unused

9.8 Reporting, Metrics and Key Performance Indicators

Landmark provides a wide range of Reports, Metrics and Key Performance Indicators to maintain transparency and provide reassurance that Landmark is proactively managing the Client’s IT environment. Landmark’s reporting suite includes monthly health check reports which detail Landmark’s performance against its SLA, security items such as end point protection status, backup history, patch management compliance, along with client satisfaction surveys and feedback from the Client’s staff. Landmark measures a number of KPIs and service delivery metrics at its internal weekly operations meetings, these KPIs and metrics reports are made available to the Client via the Customer Portal. Landmark also reports on the following areas which are presented as part of Landmark’s SHARE review process:

• Incident management: Where a serious Issue has occurred, Landmark will provide a detailed account of the Issue, including its severity, root causes, response times and resolution status
• Change management: A summary of all changes made to the Client’s IT environment, including hardware, software and configuration updates
• Asset management: A comprehensive inventory of the Client’s IT assets, including hardware, software licences and warranties
• Security and compliance: Regular updates on the status of the Client’s security posture, including vulnerability assessments, patch management and compliance with relevant industry regulations
• Backup and disaster recovery: A report on the status of backups, including backup success rates, recovery point objectives and recovery time objectives
• Network performance: Regular monitoring of network performance metrics, such as bandwidth usage, latency and packet loss, as well as any identified bottlenecks or issues
• Capacity planning: A review of the Clients IT infrastructure capacity, including storage, compute and network resources and recommendations

9.9 Customer Portal

Landmark will provide access to its Customer Portal. The Customer Portal provides various functions, including:

• Raising Tickets, create requests, receive and give updates on Tickets
• Providing full scope of all Tickets raised
• Providing all the recommendations and SHARE™ reports that Landmark have provided
• Providing access to billing information, invoices and statements

9.10 Cyber-Security Training

On request by the Client, and subject to Fair Use, Landmark will provide tailored Cyber-Security Training, typically via webinars of approximately thirty minutes’ duration. The purpose of the training is to ensure that as far as reasonably possible, the Client’s End Users are up to date and aware of and reacting correctly to threats.

9.11 Sub-paragraph Intentionally Unused

9.12 Sub-paragraph Intentionally Unused

9.13 Sub-paragraph Intentionally Unused

9.14 Sub-paragraph Intentionally Unused

9.15 Sub-paragraph Intentionally Unused

9.16 Vendor Support

Subject to Fair Use, Landmark will work with third-party vendors who are engaged with the Client. Landmark always represent the Client’s best interests when working with other vendors and will provide impartial advice and guidance as needed. Such third-party vendors may require some level of IT support and integration for their systems and Landmark shall be entitled to charge for providing such support and integration work.

9.17 On-Boarding

During the on-boarding and commencement of the Services, Landmark will:

• Review and if necessary will advise the Client of changes to the IT Equipment’s configuration that are required to ensure that the Services detailed in this Service Description can be delivered effectively
• Install Monitoring Agents, anti-Malware software and inform the Client if Landmark is unable to configure any of the IT Equipment to provide the necessary alerting and will agree a suitable alternative with the Client
• Document the Client’s IT Infrastructure’s architecture and the purpose and function of each Server

9.18 Off-Boarding

9.18.1 On termination of this Agreement Landmark will provide two Off-Boarding options; a handover or a managed Off-Boarding project:

• The handover comprises an agreed date and time when Landmark will pass the necessary passwords onto the incoming provider. All services provided by Landmark will be ceased and any software agents that have been deployed will be also removed at this time. Items of equipment that are provided “as a service” will also be ceased and the data stored on the Client’s behalf will be removed from Landmark’s systems and Landmark’s equipment will be collected at that time or shortly thereafter. This enables the incoming provider to revoke Landmark’s access and to move ahead with taking ownership and responsibility for the Client’s IT systems from that date and time forward. There is no additional cost to the Client for this option
• The Managed Off-Boarding project involves Landmark continuing to work and hand over in a controlled and managed fashion working with the incoming provider to ensure the changeover goes as smoothly as possible. Landmark will if necessary extend services during the Managed Off-Boarding period ensuring a smooth and managed transfer to the incoming provider. Managed Off-Boarding is a chargeable option; on request Landmark will provide a proposal for the delivery of managed Off-Boarding.

9.18.2 Off-Boarding will not be provided until all unpaid invoices are paid.

10. Additional Services

Landmark will provide any of the services in paragraph 10 that are explicitly listed on the Order.

10.1 Cyber-Security Gap Analysis

Landmark will provide a Cyber-Security Gap Analysis report. A Cyber-Security Gap Analysis report is a document that identifies gaps in the Client’s cyber-security measures and provides recommendations for addressing those gaps. The report is produced by Landmark’s cyber-security team and it can be used by the Client to improve its cyber-security posture and reduce the risk of cyber-attacks. The Cyber-Security Gap Analysis report typically includes the following elements:

• Assessment of the current cyber-security posture: The report provides an assessment the Client’s current cyber-security posture, including its policies, procedures and technical controls. This includes reviewing the Client’s security practices, analysing the vulnerabilities and risks in the current security infrastructure and evaluating the effectiveness of current security controls
• Identification of gaps: The report identifies gaps in the Client’s security measures. These gaps may include areas where the Client is not meeting compliance or regulatory requirements, industry best practices, where current security controls are ineffective, or where new security measures are needed to address emerging threats
• Prioritisation of gaps: The report prioritises the gaps based on their severity and potential impact on the Client
• Recommendations for addressing gaps: The report provides recommendations for addressing the identified gaps. These recommendations may include upgrading security technology, implementing new policies and procedures and improving employee training and awareness

10.2 Managed Detection and Response

Landmark’s Managed Detection and Response (‘MDR’) service provides comprehensive threat detection, response and remediation services that can help the Client to quickly identify and respond to security threats. Landmark’s MDR utilises nation-state-grade technologies and has a 24/7 Security Operations Centre staffed by a team of cyber-security experts well-versed with hacker tradecraft and real-world cyber defensive and offensive tactics. Landmark’s MDR service includes:

• Advanced threat detection: Landmark’s MDR service leverages advanced threat detection tools and techniques, such as behaviour analytics, machine learning and threat intelligence, to quickly identify and respond to threats, including both known and unknown threats, as well as emerging threats and zero-day attacks
• 24/7 monitoring and response: Landmark’s MDR service provides round-the-clock monitoring and response services, including real-time alerts, Security Incident response and remediation services, which ensures that threats are identified and addressed as soon as possible, reducing the risk of data breaches and other Security Incidents
• Rapid Security Incident response: Landmark’s MDR service provides a well-defined Security Incident response process that enables rapid response to Security Incidents, including clear escalation paths, Security Incident triage and a well-defined playbook that outlines the steps required to contain and remediate security Issues
• Experienced security analysts: Landmark’s MDR service leverages a Security Operations Centre whose experienced security analysts are trained to identify and respond to a wide range of threats 24/7
• Compliance and audit support: Landmark’s MDR service provides compliance and audit support, including reporting and documentation to support compliance with regulatory requirements and industry standards

10.3 Multifactor Authentication

Multi-Factor Authentication (‘MFA’) is a security mechanism that requires users to provide two or more forms of authentication before granting access to a system, application or account. MFA is supplied as standard with Microsoft 365 and there are other third-party solutions. Landmark will roll-out and manage the Client’s chosen MFA service.

10.4 Virtual Chief Information Officer

The Virtual Chief Information Officer (‘vCIO’) is a technical advisor with business acumen who will understand the Client’s strategic goals and work with the Client to align and enable technology to be a driver in those strategic goals. The vCIO role is provided by a member of Landmark’s Senior Management Team. The vCIO’s responsibilities include:

• Plan the technology roadmap for the next period and also 12, 24 and 36 months out
• Create budgets year over year
• Meet monthly or quarterly to keep management aware and involved in IT evolution
• Remain aware of the Client’s goals as to propose relevant technology solutions to accomplish them
• Provide advice on best practices
• Keep the Client aware of technological trends relevant to its industry
• Become the Client’s executives point of contact for ideas, as IT will more than likely be involved
• Keep the Client aware of compliance requirements with suggestions and plans for adhering to them
• Speak to clients regarding large technical issues
• Build relationships with all key stakeholders and vendors that play a role in the Client’s technology in use

10.5 Cyber-Security Consulting and Virtual Chief Information Security Officer

Landmark’s team of cyber-security experts will work with the Client to establish an appropriate security strategy and ensure that data assets are protected. This can be provided as a single or ongoing engagement, as set out on the Order.

The role of the Virtual Chief Information Security Officer (‘vCISO’) is to create a strategy that deals with ever-increasing regulatory complexity, creating the policies, security architecture, processes and systems that help reduce Cyber threats and keep data secure. Compliance is a key element of the role, as is an understanding of risk management. The vCISO will understand how the cyber-security threat landscape is evolving and how that could affect the security risks facing the Client, including taking account of the risk of Malware and hacking through to insider threats or un-patched vulnerabilities in the Client’s systems. The vCISO will likely take a key role in any Security Incident response if there is a data breach.

10.6 Data Protection Officer as a Service

If requested, Landmark will work with the Client to identify the Client’s requirements and produce a proposal for the provision of Data Protection Officer as a Service. If Landmark’s proposal is accepted, Landmark will provide the service as per the proposal.

10.7 Security Incident Response Plan

Having a robust Security Incident Response Plan is just as important as having procedures, systems and software in place to keep attackers and threats out in the first place. A Security Incident Response Plan is vital and governs how the Client will not only respond to a Security Incident but recover and continue to survive afterwards. In the event of a Security Incident, best practice Security Incident response guidelines follow a well-established seven step process:

• Prepare
• Identify
• Contain
• Eradicate
• Restore
• Learn
• Test & Retest

Landmark will work with the Client to create, implement a Security Incident Response Plan and will also test the plan on an annual basis.

10.8 Email Security Suite

Landmark has designed an Email Security Suite which provides the Client with the required level of security to help protect its email system and End Users from the many and unrelenting cyber-security threats that are prevalent. The Email Security Suite provides SOC-based monitoring and is based on best practices and includes the systems, tools and end user education to reduce the risks to the Client. The Email Security Suite is constantly being reviewed and updated to ensure that Landmark includes the best security measures to protect the Client’s email systems and End Users.

10.9 Endpoint Security Suite

Landmark has designed an Endpoint Security Suite which provides the Client with the required level of security to help protect its Endpoint devices from the many and unrelenting cyber-security threats that are prevalent. The Endpoint Security Suite is based on best practices and includes managed systems such as Manged Detection & Response to reduce the risks to the Client’s Endpoints. The Endpoint Security Suite is constantly being reviewed and updated to ensure that Landmark include the best security measures to protect the Client’s systems.

10.10 Mobile Security Suite

10.10.1 Landmark’s Mobile Security Suite gives the Client direct insight into the threats that can affect its employees’ mobile devices. The service protects both Android and iOS devices and the cloud-based dashboard that provides immediate visibility and analysis of mobile-borne threats. The service is layered on a mobile device management (‘MDM’) service. The service provides a privacy-friendly, lightweight security app for iOS and Android that helps to block mobile threats before they can harm the Client’s business.

Features of the service include:

• Quick and easy set up with zero-touch deployment and one-touch enrolment for MDM-managed devices
• App and device threats that are monitored (Android) include:
• Malware
• Screen recording
• Leaky apps
• Camera/Microphone access
• App permission abuse
• OS exploits
• Vulnerable configuration
• Network threats that are monitored (Android & iOS) include∷
• Man-in-the-Middle at tacks
• Phishing
• Malicious proxies
• Malicious web scripts
• Unsecured Wi-fi
• Weak Wi-fi security

10.10.2 Landmark’s MDM service provides administration and maintenance of the Client’s mobile devices. Device management is a critical component of the Client’s security strategy: It helps ensure that devices are secure, up-to-date and compliant with the Client’s policies, with the goal of protecting the Client’s network and data from unauthorised access. MDM includes:

• Enrolment of devices and End Users
• Publishing security settings, certificates and profiles to devices
• Resource access control
• Monitoring and management, including measuring and reporting device compliance and app inventory
• Publishing mobile apps to devices
• Configuration of email applications
• Securing and removal of corporate data

10.10.3 MDM does not include hardware support for physical devices.

10.11 Encryption and Key Management Service

Encryption is an invaluable tool for the Client to protect its sensitive data, maintain compliance with regulations, build trust with customers and protect intellectual property.

10.11.1 Landmark’s Encryption and Key Management Service (‘KMS’) leverages the encryption mechanisms provided by Microsoft and other third parties, utilising the native device encryption to ensure compatibility and performance and using the existing endpoint security infrastructure to manage the endpoint encryption management process. The deployment of encryption on Endpoints can be centrally initiated and fully managed.

10.11.2 Key capabilities:

• Uses proven native encryption where available
• Provides central key management and recovery to help protect against unauthorised data access via pre-boot authentication enforcement
• Management console
• Prevents data from being read from the hard disk using pre-boot authentication enforcement, guaranteeing a secure, tamper-proof environment external to the operating system as a trusted authentication layer
• Generates encryption-specific reports to help the Client meet compliance requirements

10.12 Intrusion Detection and Prevention System

Landmark will implement and manage a full Intrusion Detection and Prevention System (‘IDPS’) for public cloud service-based firewalls (for example, Azure, AWS). It is important for the Client have a managed IDPS for the following reasons:

• Detecting and preventing malicious activity: An IDPS can help detect and prevent unauthorised access, Malware infections and other types of malicious activity on the Client’s network. IDPS can also help detect and prevent attacks such as denial-of-service and distributed denial-of-service attacks
• Protection of sensitive data: An IDPS can help protect sensitive data such as financial records, customer information and intellectual property from being compromised by malicious actors

10.13 Security Information and Event Management

Security Information and Event Management (‘SIEM’) helps the Client to improve its security posture, reduce the risk of data breaches and meet regulatory requirements while increasing operational efficiency and reducing costs. Landmark’s SIEM service provides:

• 24 x 7 threat detection, compliance and Security Incident management through the collection and analysis of Microsoft 365 event logs and syslogs (new and historical). The Service correlates suspicious events and as appropriate generates alerts which are initially reviewed by a Security Operations Centre. Any alerts that are deemed to be potential security threats are escalated to Landmark for remedial action
• In response to an escalation, during Working Hours, Landmark will investigate the potential threat and if Landmark determines the potential threat is serious, provide a report to the Client which summarises its findings and provides clear, detailed instructions for any interventions so that the Client can handle the threat confidently
• The Security Operations Centre’s analysts constantly update their threat criteria, based on the evolving threat landscape
• Further Remediation: After passing the report to the Client, any subsequent forensic analysis, security breach reporting, or detailed investigations will be charged on an hourly basis. These activities will typically involve collaboration with the Client’s cyber security insurance provider to ensure a comprehensive and coordinated response

10.14 Zero Trust Security

10.14.1 Zero Trust is a very high level of security control that assumes that all End Users, devices and applications on a network should be treated as potentially hostile and un-trusted. Access to resources is granted based on strict identity verification and contextual factors, such as the End User’s role, device posture and location. All traffic is inspected and authenticated, regardless of whether it originates from inside or outside the network perimeter. By defining how applications can interact with each other and by controlling what resources applications can access, such as networks, files and registries, Zero Trust Security helps to prevent file-less Malware and software exploits, including:

• Protecting data from malicious behaviour
• Preventing file-less Malware and limit damage from application exploits
• Defining how applications integrate with other applications
• Preventing applications from interacting with other applications, network resources, registry keys and files
• Preventing applications from interacting with built-in tools such as PowerShell, Command Prompt and RunDLL
• Preventing built-in tools from accessing file shares

10.14.2 Landmark will implement and manage a leading industry standard Zero Trust Security service.

10.15 Data Loss Prevention

• 10.15.1 Data Loss Prevention (‘DLP’) is a set of tools, processes and policies that are designed to keep sensitive data as safe as possible. DLP reduces the risk of unauthorised access, use, disclosure, or destruction of sensitive data. It helps the Client to protect its intellectual property, personal identifiable information, financial data and other confidential information from being leaked or stolen. DLP can help identify both insider and external threats and in the event of a data breach, DLP solutions can help the Client to respond effectively by providing visibility into the affected data, identifying the source of the breach and facilitating remediation. DLP is an essential component of the Client’s overall security strategy. By implementing DLP, the Client can demonstrate its commitment to protecting sensitive data and maintaining a robust security posture.
• 10.15.2 Landmark will implement and manage a leading industry standard DLP service.

10.16 Penetration Testing

A penetration test is a cyber-security technique that is used to identify, test and highlight vulnerabilities in the Client’s security posture. Penetration tests are carried out by Landmark and mimic the strategies and actions of an attacker to evaluate the vulnerability of the Client’s IT environment, including network and web-applications.

Landmark provides fully managed Penetration Testing, with testing carried out at regular intervals.

10.17 Vulnerability Management

Landmark’s Vulnerability Management service monitors open firewall and router ports for potential security exposure. By reporting open ports connected to services including remote desktops, Windows file sharing, SQL Server databases, etc. it is possible to identify potential external vulnerabilities and address them. The report generated by the Vulnerability Management service shows each scanned IP address, protocol and port numbers, the last time it was queried by the Vulnerability Management service and (if available) the service running on a particular port. By scanning regularly, it is possible for Landmark to identify any configuration changes or unexpected activity that may otherwise go unnoticed. Whilst any open port can be an attack surface, such are often required to provide necessary services to the Client. The External Vulnerability Monitoring service provides visibility so that ports can be open in a secure and appropriate manner.

10.18 Dark Web Monitoring

End User’s credentials are regularly hacked and are made available on the dark web for sale. Landmark’s Dark Web Monitoring service continually scans the dark web for the Client’s End User’s credentials on an ongoing basis and will raise an Issue if any credentials that contain the Client’s domain name appear for sale, enabling the Client to take action to change any passwords that may have been the same or similar to the compromised passwords.

10.19 Web Content Filtering

Web Content Filtering is used to control and restrict access to specific websites or types of content on the internet. Utilising advanced DNS filtering technology, Landmark’s service ensures that the Client’s Devices are protected both on and off the corporate network against various online threats, including Malware, phishing attacks and botnets. DNS Network and Endpoint Security actively blocks access to malicious websites and domains, preventing End Users from inadvertently visiting harmful sites or falling victim to phishing attempts. This helps safeguard the Client’s network and sensitive data from cyber threats.

Landmark provides customisable Web Content Filtering policies, allowing the Client to control access to specific categories of websites based on its needs and compliance requirements. The service ensures optimal performance and reliability by utilising a global network of servers strategically located to minimise latency and maximise uptime which helps improve the overall browsing experience for End Users while ensuring that DNS requests are processed quickly and efficiently. Detailed reporting and

analytics features allow the Client to gain insights into its internet usage and security posture and to monitor DNS activity, track blocked requests and identify trends in web traffic to better understand and address potential security risks.

10.20 Password Management

Landmark’s Password Management tools help the Client to improve security, increase productivity, ensure compliance with regulations and reduce support costs. By implementing the Password Management service, the Client can help prevent unauthorized access to sensitive data and systems and improve overall security posture. Features of the Password Management service include:

• Cloud based for maximum flexibility
• Private, encrypted vault for each End User that can be accessed from anywhere on any device
• High strength password generation
• Multi-platform support
• Auto-fill
• Enables secure, granular and controlled sharing of credentials, confidential information and vaults among internal employees, teams and external contractors and partners
• Administration tools
• Sign-on supports Role-based and / or multi factor authentication
• Compliant with HIPAA, DPA, FINRA and GDPR

10.21 Automated Port Monitoring

Automated Port Monitoring is an important layer the Client’s cyber-security stack. Landmark will monitor the various ports within the Client’s firewall and perimeter systems and respond to alerts by taking action as appropriate.

10.22 Access Certification / Recertification

Access Certification or a recertification is part of the user-account management and access control process. Landmark will periodically review access rights for all of the Client’s End Users to ensure all End Users have access to the IT infrastructure that is appropriate to their individual roles.

10.23 Business Continuity / Disaster Recovery Planning and Testing

Landmark will work with the Client to develop and maintain a robust Business Continuity / Disaster Recovery Plan to ensure business continuity in the event of a major outage. Disasters arising from cyber-attacks will not be included in the plan as such require very specific handling. The extent of the planning brief and frequency and extent of subsequent testing will be set out on the Order.

10.24 Sub-paragraph Intentionally Unused

10.25 Sub-paragraph Intentionally Unused

10.26 Sub-paragraph Intentionally Unused

10.27 Sub-paragraph Intentionally Unused

10.28 Sub-paragraph Intentionally Unused

10.29 Sub-paragraph Intentionally Unused

10.30 Onsite Resource

Landmark will provide Onsite Resource on a one-off or regular basis to assist the Client by providing cover for example for exceptionally busy periods, provide support for the Client’s own projects or to

cover for staff leave or sickness. The frequency and duration of the provision of Onsite Resource will be set out on the Order.

10.31 Extended Asset Management and Reporting

Landmark’s Asset Management and Reporting for the IT Equipment and Software which is described in paragraph 9.4 of this Service Description is limited to IT Equipment managed by Landmark under the terms of this Agreement. Under Extended Asset Management and Reporting, compatible devices, equipment and software that are not directly managed by Landmark will be added to Landmark’s asset Management system. For non-compatible equipment Landmark will provide onsite services to document, asset tag and record such devices, equipment and software.

10.32 Sub-paragraph Intentionally Unused

10.33 Sub-paragraph Intentionally Unused

10.34 Service Level – Two Hour Response

Landmark’s standard Service Level Agreement provides a four Working Hour on-site response for priority one Issues, as set out in paragraph 2 of the Service Schedule. If set out on the Order, Landmark will reduce the on-site response time to two Working Hours.

10.35 After Hours Support (24/7)

Landmark’s Service Desk provides support during the Hours of Cover set out in the Service Schedule. If set out on the Order, the Hours of Cover will be extended to 24 x 7 x 365.

10.36 Sub-paragraph Intentionally Unused

10.37 Sub-paragraph Intentionally Unused

10.38 WEEE, Recycling and Secure Certified Disk Destruction

Landmark provides a fully Waste Electrical and Electronic Equipment (WEEE) compliant and certified Recycling and Secure Disk Destruction service. In addition to WEEE-compliant disposal, this service ensures that the Client’s data is not at risk of being compromised. This service covers all WEEE items and not just IT related equipment.

10.39 Off-Boarding Project

On termination of this Agreement Landmark will provide Off-Boarding which will enable the orderly transfer of services to the Client or successor service provider, as described in paragraph 9.18. If requested Landmark will provide this service as a fully managed project where Landmark will work with the successor supplier over a period of time to ensure a fully managed transition of all services and products as applicable.