You're currently in Business Support. For help with a consumer service, visit our
Personal Support page.

Managed Next Generation Firewall Service Terms

Effective as of April 12, 2024

The terms in this section, called the “service terms”, apply to a group of services or a specific service within a group.

1.0 Managed Next Generation Firewall Service

The service terms and conditions in this section apply to the TELUS Managed Next Generation Firewall Service (“
Managed NGFW Service
”) specified above. This service is provided by TELUS Communications Inc. (“
TELUS
”), directly or through one or more of its Affiliates, and it includes implementation, configuration and ongoing management of the in-scope network appliances or Devices (collectively, the “
Services
”). In these service terms, you are also referred to as the “
Customer
.”

1.1 General description

The Managed NGFW Service provides customers with configuration and ongoing management of their network appliance products, including Next Generation Firewalls (“
NGFWs
”) and Unified Threat Management (“
UTM
”) features. The core features of the Managed NGFW Service include the maintenance and technical support for the NGFW, as well as the creation and management of firewall traffic and routing policies. The Managed NGFW Service can also support the management and deliverables of other network devices and security products offered by the vendor of the underlying network appliance(s) (the “
Technology Vendor
”) and listed in a Statement of Work (“
SOW
”) that is related to this agreement. Optionally, SD-WAN configuration and management is also available under this service, as supported by the network appliance(s). Each supported Device is defined herein along with the scope of services provided.

Definitions

Authorized Customer Representative
refers to a Customer representative appointed by Customer during onboarding, who may only be changed by Customer’s management. This individual will have established authority, as indicated by Customer’s management, to assign roles and permissions to Customer employees in the context of the Services, such as access to sensitive information, Customer-owned Devices and Customer-facing applications used by TELUS for service delivery, e.g., TELUS’s service portal. The Authorized Customer Representative is also known as the “
Prime
” contact.

Authorized Customer Users
refers to Customer’s eligible end users who receive or use the Services provided by TELUS, or Customer employees who are granted privileges or permissions to access systems where authorization is required by an Authorized Customer Representative. Depending on their role, Authorized Customer Users are also known as “
Change
” or “
Release
” contacts.

Change request
means a written request submitted by TELUS to the Customer requesting approval for changes to hardware and/or software installation, replacement, configuration or other technological or physical changes. Change requests will, at a minimum, include details of the proposed change, the change process, expected or potential impacts to systems, networks, services or business processes, an assessment of the likelihood of any identified risks of the change, and a back-out plan.

Customer property
means the equipment, computer systems, software, data, and material that the Customer is required or responsible to provide access to TELUS in order for TELUS to perform the Services, including any Devices.

Deliverables
means the material and work products, such as documentation or software, described in this Agreement or a SOW and produced for and submitted to the Customer by TELUS pursuant to this Agreement or the SOW.

Device
refers to any hardware, owned by the Customer or TELUS, that is leveraged to support the Services.

Incident
,
Incident ticket
or
Incident severity
refers to potential technical problems with the Services, such as feature malfunctions, outages, and other in-scope events or use-cases described or defined herein. An incident ticket is created via the service portal for incident management and is assigned a severity that is appropriate to the perceived impact of the event according to the guidelines set out in this agreement.

Operational events
means alerting or other indicators available for remote monitoring by TELUS that indicate problems with the connectivity or functionality of the Device itself and its status in terms of features and performance levels, as further defined herein.

Project request
refers to work requests by the Customer where the work is determined to be outside the scope of the stated Service and, therefore, will incur additional charges and be managed as a separate project. A project request must be submitted to TELUS and accepted by TELUS to approve the scope of the work. A SOW, including a quote for the project request, will then be provided by TELUS to the Customer for approval and signature.

RMA
means a process where a manufacturer may opt to authorize an end user to return a product to distribution or the original equipment manufacturer. “
RMA
” stands for Return Merchandise Authorization. This is often used in hardware replacement logistics in the case of a hardware failure.

Service request
means a ticket requesting support, modification or information relating to the Services that is in-scope of the stated Service features and Deliverables. An example of this could be a request for a Firewall rule change.

High Availability
or
HA
means the Managed NGFW Service is configured with two (2) or more Devices, which allows for redundancy. The availability of the Service in High Availability configuration means the primary Device will fail over to the secondary Device, and the Service will remain operational.

1.2 Service deliverables - Standard

Management of network appliances

All Service requests pertaining to the summary of in-scope Deliverables below must be accompanied by a Service Request made via the service portal and otherwise abide by the terms and conditions of this agreement.

(a)
Firewall configuration
: TELUS will perform all requested firewall configuration tasks, including firewall features/settings changes and firewall policy configurations. TELUS will not make changes to any Device without also receiving confirmation that the change is approved by the Authorized Customer Representative. During onboarding of the Service, an initial list of approvers for Devices will be established, and this list will be periodically updated by the Customer. All changes to firewall features and settings during the Term of this Agreement must be (a) made by TELUS upon receiving a Service Request; or (b) made by the Customer after receiving written approval from TELUS. If individuals with administrator privileges make changes that are not approved, the Customer incurs increased risk of unexpected behaviour from the Devices, including the potential for overriding Customer changes with TELUS change monitoring and enforcement practices. Hardware replacements due to upgrades are not considered a standard firewall change and, as such, are out of scope of this managed service. Hardware replacements for identical models in the case of an RMA or a hardware failure are considered standard firewall configuration changes and are in scope for this managed service. Any outage, unanticipated impacts or other consequences from changes that have not been expressly authorized by TELUS shall invalidate any Service Level Objectives (“
SLOs
”) or Service Level Agreements (“
SLAs
”) on the Service until both parties agree upon a remediated state, and efforts to achieve the remediated state shall be separately chargeable as a Project Request.

(b)
IPS/IDS configuration (optional feature)
: TELUS will create and modify the Intrusion Detection System (“
IDS
”) and Intrusion Prevention System (“
IPS
”) profiles of firewall Devices based on relevant information collected from the Customer. TELUS will make changes based on Customer feedback, including whitelisting or other filtering of IDS/IPS signatures, specific hosts, etc. Signature updates from the Technology Vendor are fully automated but will be monitored by TELUS for any failed updates or other error notifications to ensure up-to-date signatures.

(c)
Antivirus configuration (optional feature)
: TELUS will perform initial configuration of Antivirus (“
AV
”) profiles according to Customer requirements agreed upon during Service onboarding activities. Antivirus signature updates from the Technology Vendor are fully automated but will be monitored by TELUS for any failed updates or other error notifications to ensure up-to-date signatures.

(d)
Web Filtering configuration (optional feature)
: Based on the Customer’s stated requirements and use cases, TELUS will create or modify firewall web filtering profiles.

(e)
Application control configuration (optional feature)
: During onboarding of the Service, or at any time during the Term of this Agreement, TELUS will assist the Customer in establishing which types of applications will be allowed to communicate within the environment and based on what criteria applications should be blocked or allowed.

(f)
VPN configuration (optional feature)
: TELUS will support configuration of site-to-site VPNs, dial-up VPNs and Secure Socket Layer VPNs. At least one (1) side of each VPN configured must terminate on a Device that is in scope of the Service, i.e., it appears in the “Your Services & Summary Charges” section as part of this Agreement or is otherwise stated to be under management of TELUS in a lawful amendment to this Agreement.

(g)
SD-WAN enablement and management (optional feature)
: TELUS will perform the initial configuration and deployment of SD-WAN functionality both for internet accessible services, as well as private circuit-based Wide Area Network (“
WAN
”) link accessible services (e.g., Multiprotocol Label Switching (“
MPLS
”) / Virtual Private Local Area Network Service (“
VPLS
”)), or services available over private network over public transit (e.g., VPN). TELUS will work with the Customer to define application based routing policies to ensure applications are being directed over appropriate links in accordance with the Customer’s network service goals. These policies will then be applied to traffic routing with the approval of the Customer in accordance with the Customer’s defined change management process, detailed during the onboarding process. TELUS will monitor performance of IP transit links and will report areas of concern back to the Customer for escalation with Internet Service Providers (“
ISPs
”). Service routing may be adjusted upon receipt of a Service Request. TELUS will monitor links for service saturation and provide recommendations for remediation and optimizing traffic routing to be approved by the Customer.

(h)
Technical support
: TELUS’s Security Operations Centre (“
SOC
”) will be available 24x7x365 to accept Incidents and Service Requests pursuant to the terms and conditions of this agreement. TELUS will respond to requests for technical support in the form of information or remote assistance with Devices via VPN access for any in-scope Devices listed in the “Your Services & Summary Charges” section. Any Incident that cannot be resolved by TELUS will be escalated to OEM support on behalf of the Customer (e.g., for previously undiscovered software bugs, etc.).

(i)
Onsite support (optional feature)
: In situations where the Prime, Release or Change contacts, or their named delegates, are unable to perform the necessary tasks on the Customer Property for the delivery or support of the Services, TELUS will make commercially reasonable efforts to dispatch a technician from our closest dispatch centre to your service location within a timeframe agreed upon between you and TELUS at the time such support is required. Delays related to a failure to determine an agreed upon timeframe will not constitute a breach of this agreement. Each occurrence of Onsite support is available for an additional one-time charge, which shall be defined at the time of the original purchase.

(j)
Monitoring and escalation of operational events
: TELUS will monitor various rules and event types observed from the Devices listed in “Your Services & Summary Charges”, as agreed to with the Customer, and escalate event activity that is deemed to be an Incident by one or more TELUS employees. No security events, such as IPS/IDS, Antivirus alerts or other events not related to what has been defined herein as in-scope of “Operational Monitoring”, will be monitored or escalated to the Customer by TELUS. The TELUS SOC will (i) monitor and triage in-scope events according to TELUS’s adopted best practices and any customizations of processes and procedures agreed to between TELUS and the Customer during the course of day-to-day refinement of related ticketing processes; and (ii) escalate actionable events via the service portal within the terms and conditions set out for severity-based, Incident Ticket service levels defined in this agreement.

(k)
Reporting deliverables
: TELUS will provide a weekly report for the Customer within the scope of this Service:

  • Weekly executive report
    : The weekly executive report provides a high-level overview of the previous week’s activity related to Customer’s Services deployment and associated managed services. This report contains data and metrics pertaining to the week’s tickets and the health and status of Customer’s Services deployment.

1.3 Service deliverables - Enhanced

Management of products

All service requests pertaining to the summary of in-scope Deliverables below must be accompanied by a service request made via the service portal and otherwise abide by the terms and conditions of this agreement.

(a)
Firewall configuration
: TELUS will perform all requested firewall configuration tasks, including firewall features/settings changes and firewall policy configurations. TELUS will not make changes to any Device without also receiving confirmation that the change is approved by the Authorized Customer Representative. During onboarding of the Service, an initial list of approvers for Devices will be established, and this list will be periodically updated by the Customer. All changes to firewall features and settings during the Term of this Agreement must be (a) made by TELUS upon receiving a Service Request; or (b) made by the Customer after receiving written approval from TELUS. If individuals with administrator privileges make changes that are not approved, the Customer incurs increased risk of unexpected behaviour from the Devices, including the potential for overriding Customer changes with TELUS change monitoring and enforcement practices. Hardware replacements due to upgrades are not considered a standard firewall change and, as such, are out of scope of this managed service. Hardware replacements for identical models in the case of an RMA or a hardware failure are considered standard firewall configuration changes and are in scope for this managed service. Any outage, unanticipated impacts or other consequences from changes that have not been expressly authorized by TELUS shall invalidate any SLOs or SLAs on the Service until both parties agree upon a remediated state, and efforts to achieve the remediated state shall be separately chargeable as a Project Request.

(b)
IPS/IDS configuration (optional feature)
: TELUS will create and modify the Intrusion Detection System (“
IDS
”) and Intrusion Prevention System (“
IPS
”) profiles of firewall Devices based on relevant information collected from the Customer. TELUS will make changes based on Customer feedback, including whitelisting or other filtering of IDS/IPS signatures, specific hosts, etc. Signature updates from the Technology Vendor are fully automated but will be monitored by TELUS for any failed updates or other error notifications to ensure up-to-date signatures. If the Customer wishes to request custom built IDS/IPS signatures, TELUS will fulfill such requests up to a limit of six (6) hours’ time and effort per managed firewall cluster, per monthly billing period. Requests that are assessed to require more time to be completed will be considered Additional Services and subject to charges.

(c)
Antivirus configuration (optional feature)
: TELUS will perform initial configuration of firewall Antivirus (“
AV
”) profiles according to Customer requirements agreed upon during Service onboarding activities. Antivirus signature updates from the Technology Vendor are fully automated but will be monitored by TELUS for any failed updates or other error notifications to ensure up-to-date signatures.

(d)
Web filtering configuration (optional feature)
: Based on the Customer’s stated requirements and use cases, TELUS will create or modify firewall web filtering profiles.

(e)
Application control configuration (optional feature)
: During onboarding of the Service, or at any time during the Term of this Agreement, TELUS will assist the Customer in establishing which types of applications will be allowed to communicate within the environment and based on what criteria applications should be blocked or allowed.

(f)
VPN configuration (optional feature)
: TELUS will support configuration of site-to-site VPNs, dial-up VPNs and Secure Socket Layer VPNs. At least one (1) side of each VPN configured must terminate on a firewall Device that is in scope of the Service, i.e., it appears in the “Your Services & Summary Charges” section as part of this Agreement or is otherwise stated to be under management of TELUS in a lawful amendment to this Agreement.

(g)
SD-WAN enablement and management (optional feature)
: TELUS will perform the initial configuration and deployment of SD-WAN functionality both for internet accessible services, as well as private circuit-based Wide Area Network (“
WAN
”) link accessible services (e.g., Multiprotocol Label Switching (“
MPLS
”) / Virtual Private Local Area Network Service (“
VPLS
”), or services available over private network over public transit (e.g., VPN). TELUS will work with the Customer to define application based routing policies to ensure applications are being directed over appropriate links in accordance with the Customer’s network service goals. These policies will then be applied to traffic routing with the approval of the Customer in accordance with the Customer’s defined change management process, detailed during the onboarding process. TELUS will monitor performance of IP transit links and will report areas of concern back to the Customer for escalation with Internet Service Providers (“
ISPs
”). Service routing may be adjusted upon receipt of a Service Request. TELUS will monitor links for service saturation and provide recommendations for remediation and optimizing traffic routing to be approved by the Customer.

(h)
Technical support and architectural support
: TELUS’s SOC will be available 24x7x365 to accept Incidents and Service Requests pursuant to the terms and conditions of this agreement. TELUS will respond to requests for technical support in the form of information or remote assistance with Devices via VPN access for any in-scope Devices listed in the “Your Services & Summary Charges” section. Any Incident that cannot be resolved by TELUS will be escalated to OEM support on behalf of the Customer (e.g., for previously undiscovered software bugs, etc.). As part of the Service, TELUS will also make recommendations regarding Device deployment, network architecture or other configurations according to its best judgment in order to (i) facilitate desired use cases for the Customer; (ii) improve performance of the Devices; or (iii) resolve Incidents. TELUS will, upon request, provide technical advice to the Customer. TELUS will provide technical support and troubleshooting without limit for the Devices listed in the “Your Services & Summary Charges” section. Architectural support will be limited to ten (10) hours per month for facilitating future use cases and assistance in better leveraging the managed Devices. If the time and effort required for Architectural support exceeds this time limit, this shall be considered a Project Request and may be subject to additional charges and a separate SOW, which will be added to the Agreement via a Service Request or an Amendment (as needed).

(i)
Onsite support (optional feature)
: In situations where the Prime, Release, or Change contacts, or their named delegates, are unable to perform the necessary tasks on the Customer Property for the delivery or support of the Services, TELUS will make reasonable efforts to dispatch a technician from our closest dispatch centre to your service location within a timeframe agreed upon between you and TELUS at the time such support is required. Delays related to a failure to determine an agreed upon timeframe will not constitute a breach of this agreement. Each occurrence of Onsite Support is available for an additional one-time charge, defined at time of original purchase.

(j)
Monitoring and escalation of security and operational events
: TELUS will monitor various rules and event types observed from the Devices listed in “Your Services & Summary Charges”, as agreed to with the Customer and escalate event activity that is deemed to be an Incident by one or more TELUS employees. There are many possible events that can be generated by in-scope Devices, including Unified Threat Management (“
UTM
”) events such as Antivirus detection events, IPS/IDS events, Device error states, etc. The TELUS SOC will monitor, triage events according to TELUS’s adopted best practices and any customizations of processes and procedures agreed to between TELUS and the Customer during the course of day-to-day refinement of related ticketing processes, and escalate actionable events via the service portal within the terms and conditions set out for severity-based, Incident Ticket service levels defined in this agreement.

(k)
Reporting deliverables
: TELUS will provide two types of reporting for the Customer within the scope of this Service:

  • Weekly executive report
    : The weekly executive report provides a high-level overview of the previous week’s activity related to Customer’s Services deployment and associated managed services. This report contains data and metrics pertaining to the week’s tickets and the health and status of Customer’s deployment. The weekly executive report is reviewed during weekly Managed Security Service Provider (MSSP) meetings to discuss ongoing issues, tuning requirements, and Key Performance Indicator (KPI) trending. TELUS will work with the Customer to customize this report to add and remove content as reasonably required by the Customer based on the data available from the Customer’s in-scope Devices listed in the “Your Services & Summary Charges” section, and the ticket and other service related information available from the service portal.

  • Custom report
    : TELUS will accept requests for the configuration of scheduled, repeating reports based on the data aggregated by the Services or other central logging technology for data from in-scope Devices found in “Your Services & Summary Charges”. These reports may include the following:

    • UTM security event reporting

    • Malware Detected

    • Malware Victims

    • Top Blocked Malware

    • Botnet Detected

    • Botnet Victims

    • Botnet Command-and-Control (C&C)

    • Intrusions Detected

    • Intrusion Victims

CSM support

The TELUS Technical Success Manager (“
TSM
”) is an additional feature of the Managed NGFW Enhanced service. The TSM supports the Customer in the following ways:

  • The TSM will host periodic status meetings with Customer resources (at the Customer’s discretion) on a weekly, biweekly or monthly basis, as per the Customer’s preference. These meetings will review ongoing Service initiatives, ticketed issues that are ongoing, on-hold or otherwise not resolved, the content of the Weekly Executive Report, or other inquiries the Customer may have.

  • The TSM will be a single point of contact for questions or requests regarding the terms and Deliverables of the Service.

  • The TSM will follow up with the Authorized Customer Representative(s), when applicable, regarding any software updates or other planned changes for which the Customer’s policies require approval.

  • In general, the TSM is the primary point of contact for questions of the performance of the Service.

1.4 Service elements

Escalation management

Customer-initiated escalation
Initial notification to TELUS’s Support Team will follow the notification listings based on the level of severity. At any point, the Customer may escalate the status of an Incident Ticket by notifying the TELUS SOC that the Incident has increased priority, provided that the reason for assessing increased priority is within the established criteria for the escalated Severity Level. TELUS will be bound to its internal escalation timelines if the Customer does not initiate a request for additional escalation.

TELUS internal escalation process
When the TELUS Support Team determines that an Incident needs internal escalation, the Incident receives a combination of increasing tiered level support in accordance with TELUS’s standard internal business practices. Internal escalation may also include leveraging any support relationships that TELUS might have with the associated product’s Original Equipment Manufacturer (“
OEM
”). When this occurs, TELUS will notify the Customer of the escalation steps taken with the Incident and will inform the Customer that the resolution of the Incident is now within the OEM mandated timelines. TELUS will monitor and manage any case that has been created with the OEM by TELUS and will leverage any escalation methods that might be available to TELUS.

Change management

TELUS will be responsible for all in-scope hardware and software changes referenced in the “Your Services & Summary Charges” section. TELUS will not make changes to or access any other systems residing within the Customer environment. TELUS shall deploy reasonable efforts to integrate with the Customer’s change management procedures upon request. No changes impacting the Service and its Deliverables will be made without a Change Request being submitted via the service portal or another agreed upon method. Approval for changes will be accepted by TELUS only as stated by the Authorized Customer Representative.

Release management

TELUS shall review the Technology Vendor’s firmware releases or its other software updates that are relevant to the Devices and managed by TELUS. TELUS will implement software updates and upgrades that TELUS deems reasonably necessary for the security and supportability of the Customer’s Devices in support of the requirements of the Service Deliverables and active use cases, as well as any relevant environmental factors, such as product integrations and other assets, that could reasonably be expected to be impacted by the Technology Vendor’s software changes. TELUS does not warrant to abide by any particular industry standard (such as n-1), but instead observes a practice of upgrading to the most recent stable version that supports the feature set required.

Backup of device configuration

TELUS shall perform electronic backup of the TELUS-managed Device configuration data, as required, as part of ongoing maintenance activities.

1.5 Installation and infrastructure

Where the Customer requires Device installation services, migration and/or onboarding, a separate Statement of Work will be signed between TELUS and the Customer.

1.6 Your responsibilities

The Customer shall: a) Provide the necessary space, cabinet, electrical power, light and security for the Devices; b) Store and operate the Devices as specified in any OEM-supplied documentation; c) Refrain from scanning the Devices with vulnerability scanners or taking other actions that could cause denial of service. This applies to scanning any TELUS public IP; d) Provide TELUS with access to and use of the Customer Property specified in the “Your Services & Summary Charges” section or a SOW; e) Comply with TELUS’s reasonable instructions and provide TELUS with the support and assistance that is reasonably necessary for TELUS to perform the Services; f) Comply with any other Customer responsibilities described in a Statement of Work, in accordance with any project schedule or timeframe specified in the SOW; and g) Where Devices are owned by the Customer, ensure that all applicable licensing and support of such Devices is current and accurate.

1.7 Additional conditions

NGFW software

TELUS makes no warranties, representations or conditions concerning any NGFW software or any other update or upgrade, except for any warranties that may be provided by the OEM or documentation provided by the OEM, which are the responsibility of the OEM and not of TELUS. All warranties, representations and conditions are excluded, to the extent permitted by law. Any NGFW software is to be used in compliance with the OEM’s End-User License Agreement (“
EULA
”) and instructions. TELUS is not responsible in the event of breach by Customer of such OEM’s EULA and instructions, or for lack of third-party supplier support.

Property rights

Deliverables
Upon payment of the charges for a Deliverable and all Services performed to produce the Deliverable, TELUS grants to the Customer, for the Customer’s internal use only, a perpetual, non-exclusive, non-transferable, royalty-free license to use the Deliverable.

Return of property
Upon the termination or expiration of this Agreement, the Customer shall return any TELUS-owned Devices to TELUS within thirty (30) days of the termination or expiration date. If such equipment is not returned within such 30-day period, the Customer will be charged for the replacement value of such equipment.

Personnel

TELUS has the right to determine the employees and representatives it assigns to perform the Services.

During the Service Period and for a period of 12 months after the Service Period ends or this Agreement is terminated, the Customer shall not, without TELUS’s prior written consent: a) hire as an employee, b) engage as a contractor, or c) solicit, for the purpose of hiring as an employee or engaging as a contractor, any TELUS employee or representative who is performing any Services.

This provision does not restrict the Customer from hiring or engaging as a contractor any TELUS representative who responds to the Customer’s general advertising or notices for employment published to the general public.

Customer premises

The Customer shall provide TELUS with access to the Customer’s premises and work sites as is reasonably necessary for TELUS to perform the Services. TELUS shall comply with the Customer’s reasonable security and safety requirements that may apply at those premises and work sites, provided that a copy of the requirements is included in or attached to the SOW or otherwise delivered to TELUS.

The Customer shall provide, at its cost, the workspace, storage space and electrical and telecommunications connections or facilities at the Customer’s premises and work sites as may be specified in a SOW, or that are requested by TELUS and are reasonably necessary in order for TELUS to perform the Services.

Warranties and exclusions

TELUS warrants that: a) it will perform the Services using qualified personnel and in a professional manner; and b) upon completion of the Services and delivery of the Deliverables, the Services and Deliverables will substantially comply with their specifications (if any).

Exclusions
TELUS shall not be obligated to provide the Services in the event that (a) the Devices listed in the “Your Services & Summary Charges” section are moved to a different service address; (b) the ownership of Devices is transferred to other parties without the prior written consent of TELUS; or (c) the Customer does not comply with the terms and conditions of the Agreement. The Services apply only to Devices listed in the “Your Services & Summary Charges” section.

If TELUS determines that any request is outside of the scope of the Services defined in this Agreement, such request shall be made via a separate, chargeable Project Request. TELUS will perform the work defined in such Project Request only after the Customer approves such work in writing by signing a SOW, including chargeable fees for such work.

Reporting, monitoring and analysis of events relevant to the Deliverables is limited to the retention settings and capabilities of the Devices listed in the “Your Services & Summary Charges” section.

TELUS shall not be liable for any damages or other amounts arising from or related to, any delay in the performance of the Services, or any failure to meet any date(s) in a SOW, including any project date, start date, completion date, milestone date, or delivery date, whether or not any such date is described as a “proposed” or “estimated" date in a SOW, if such delay or failure is caused by an event, action or person that is beyond TELUS's reasonable control. Furthermore, TELUS assumes no liability in respect of any guidance, recommendations or advice it provides pursuant to this Agreement if TELUS provided such guidance, recommendations or advice to the Customer in good faith.

Except for the warranties expressly stated, any and all warranties, representations and conditions do not apply to the Services and are excluded, to the extent permitted by law.

Be default, the Service assumes that Customers will not have the ability to make administrative changes, setting changes or other changes to the configuration of the Devices (“
Write-Access
”). Co-management of the Services is available to the Customer as an optional service with additional terms and conditions. The Customer will retain the ability to view Device data, events, reports and other features that are natively available to user account types that do not have Write Access. TELUS will fulfil all other changes to the Devices and requests for information pursuant to the Service Terms.

The Managed NGFW Standard service does not include monitoring of and responses to security events or alerts. These features are available in the Managed NGFW Enhanced service.

Customer warranty
If a SOW requires the Customer to provide TELUS with access to and use of any Customer Property, the Customer warrants that it has the right to provide TELUS with the use of the Customer Property for the purpose of performing the Services.

1.8 Service performance

Service availability SLA

The Managed NGFW Enhanced Service comes with a Service availability SLA. If we fail to achieve this SLA in any month, we will provide you with the applicable one-time credit indicated in the table below. The payment of the credit is your sole remedy for a failure by us to meet the SLA, and such a failure will not be considered a breach or default of this agreement by us.

Measure

Standard

SLA (Single Device)

Service availability

Percentage of monthly fixed charges applied as a credit

Service availability

100%

7 days x 24 hours

99.7%

 > 97.70% - < 99.70%

10%

 > 95.70% - 97.70%

20%

 > 93.70% - 95.70%

30%

 > 91.70% - 93.70%

40%

≤ 91.70%

50%

Measure

Standard

SLA High Availability (“HA") Device

Service availability

Percentage of monthly fixed charges applied as a credit

Service availability

100%

7 days x 24 hours

99.97%

 > 97.97% - < 99.97%

10%

 > 95.97% - 97.97%

20%

 > 93.97% - 95.97%

30%

 > 91.97% - 93.97%

40%

≤ 91.97%

50%

The Service Availability SLA is the percentage of time in a calendar month that the Managed NGFW Service should be available for your use on a per location basis. The Service Availability SLA is calculated as follows:

Service Availability

=

Total minutes in 30 days - (Minutes of unavailability - Excusable downtime)

Total minutes in 30 days

x 100

When we measure and calculate the result, we assume each month is 30 days. However, we include all periods of unavailability over the calendar month, except for any period of unavailability that is caused or contributed to by one of the following “excusable downtime” reasons:

  • networks or equipment of another carrier or service provider impede our ability to deliver the Service;

  • you, your network or your other services impede our ability to deliver the Service;

  • we cannot access your site where required to carry out our responsibilities, where applicable;

  • a designated contact of yours or your third party (excluding TELUS) either (1) is not available to receive or install equipment, (2) does not complete remedial work, or such work impacts Service Availability, or (3) fails to provide TELUS with accurate and timely information that may be required to enable us to carry out our responsibilities;

  • your equipment, software, technology and/or third-party equipment, software or technology is not part of the Managed NGFW Service;

  • failure of your Internet service provider, utility companies, or other vendor(s) you rely on to access the Internet;

  • mis-configuration of service features or settings wholly under your control;

  • your failure to purchase an adequate license or maintenance agreement for Devices associated with the Managed NGFW Service;

  • rightful suspension and/or cancellation by the Technology Vendor of the Managed NGFW Service pursuant to that vendor’s End User License Agreement;

  • an event of Force Majeure (as defined in the General Terms and Conditions); and

  • any period of unavailability that occurs when we are performing maintenance activities.

The credit is calculated as a percentage of the applicable monthly fixed charge at each affected Managed NGFW Service at an affected location up to a maximum of 50% of the applicable monthly fixed charge of each affected Managed NGFW Service. The credit is applied only once for the month we fail to achieve the Service Availability SLA.

Incident management

If the Managed NGFW Service is unavailable, we will notify you upon qualification of a critical event where potential or active Service impact is confirmed. A “critical event” is generated when a Device threshold has been exceeded or if the Device remains unresponsive for a duration of five (5) minutes. An automated escalation of the same critical event will also be sent to TELUS support teams for further actions. The following table outlines the Service Level Objectives we will make commercially reasonable efforts to meet with regards to notification and response of critical events. However, unlike our SLA, we will not provide you with any credit should we fail to meet these SLOs.

Measure

Indicator

Service level objective

Notification of critical event*

Average elapsed time from critical event qualification to notifying you.

15 minutes

Critical event response

Average elapsed time to start action from the time a ticket on a critical event is acknowledged by us.

15 minutes

Critical event status update

Average elapsed time between each status update from us to you until the ticket severity is downgraded or the ticket is closed.

2 hrs**

* This is an event where a Device fails or the connection of the Device fails. Critical Events do not include situations where a single Device in an HA pair is impacted. ** We may, from time to time, extend this timeframe to a longer period during active critical event troubleshooting sessions, depending on the nature of the situation.

Change management

The following table outlines the Managed NGFW Service change management performance objective applicable to standard changes:

Measure

Indicator

Service level objective:

Response and completion for a
standard
change request

Elapsed time from receipt of your change request to initial acknowledgement of receipt by TELUS.

15 minutes*

Elapsed time between notification back by TELUS and completion (unless parties agree that the change will be made during scheduled maintenance).

16 business hours

Response and completion for an
expedited
change request

Elapsed time from receipt of your change request to initial acknowledgement of receipt by TELUS.

15 minutes*

Elapsed time between notification back by TELUS and completion (unless parties agree that the change shall be made during scheduled maintenance).

12 business hours

Response and completion for an
emergency
change** request

Elapsed time from receipt of your Priority 2 trouble ticket by TELUS.

15 minutes*

Elapsed time between notification back by TELUS and completion (unless parties agree that the change shall be made during scheduled maintenance).

2 hours

* Acknowledgement of change request notification within a calendar month does not exceed an average of 15 minutes. ** Emergency changes are implemented within 2 hours following the incident management process and the pre-qualified assessment. Emergency changes requested through incident management may have billable time associated with the change if the emergency is related to a root cause outside of our responsibility or ownership.

Maintenance schedule

We reserve the right to perform activities with respect to the Services and associated service components (including, without limitation, installation, support, maintenance or change): (a) when scheduled by us in accordance with our maintenance schedule, or (b) at other times (e.g., for emergency maintenance or additional scheduled maintenance activities) as notified by us (such notice may be given orally or in writing). Our maintenance is performed between 3:00 A.M. – 5:00 AM EST/EDT on Thursdays and 1:00 A.M. – 4:00 A.M. EST/EDT on Sundays, but we may change the maintenance schedule at any time. These scheduled outage periods are excluded from the Service Availability SLA calculations. TELUS reserves the right to execute emergency changes to ensure Service Availability without your prior approval.

1.9 Charges

Monthly fixed charges

The monthly fixed charges for the Services consist of a recurring charge for Managed Services, as specified in the “Your Services & Summary Charges” section of this Agreement.

Other charges

Other Charges for the Service consist of: a) the one-time charges set forth in the “Your Services & Summary Charges” section of this Agreement, and any future one-time charges that are agreed to by the parties; b) charges billed monthly for any approved Project Request work, which shall be performed on a fixed charge basis or on an hourly basis at TELUS’s prevailing regular labour rates; c) any reasonable and necessary travel costs and other expenses incurred by TELUS in performing the approved Project Request work; and d) charges for Projects as approved by the Customer in the applicable quote or SOW.

1.10 Service cancellation

TELUS cancellation right

We may cancel the Managed NGFW Service at any time for any reason on 30 days’ prior written notice to you. Should we do so, you will not be liable for the payment of any service cancellation charges in connection with such cancellation.

Cancellation charges

When your Managed NGFW Service is cancelled by TELUS for cause or by you for any reason, we calculate the service cancellation charge using the table below. The service cancellation charge is the aggregate of the percentage of the total monthly fixed charges remaining for the service period after cancellation.

Month of the service period when cancellation occurs

Percentage of monthly fixed charges for the remaining service period after cancellation

0 – 12 months

100%

13 – 24 months

75%

25 – 36 months

50%

On or after 37 months

25%

Equipment

Should your Managed NGFW Service be cancelled and the equipment we have provided to you is not returned within 30 days of cancellation, you will be charged for the replacement value equipment.

Waiver

We will waive the service charge if you replace the cancelled service with another TELUS service with total monthly fixed charges that are equal to or greater than the total monthly fixed charges remaining in the service period for the cancelled service.

1.11 Term

Renewal

Unless either party gives notice to the other party that it does not wish to renew your Managed NGFW Service, at least 30 days prior to the end of the service period, this agreement, as it applies to your Managed NGFW Service, will automatically extend after the service period for a new service period equal to twelve (12) months, on the same terms and conditions.

1.12 Optional services

This section specifies the optional services that the Customer may have contracted for, which are set forth in the “Your Services & Summary Charges” section.

Co-Management of services

“Co-Managed” or “Co-Management” means the joint operation of the Devices between TELUS and the Customer. Roles and responsibilities will be defined during the on-boarding process.

When this option is included in the “Your Services & Summary Charges” section , the Services to be provided under these Service Terms shall be provided as a Co-Managed Service.

Any changes that have been made by the Authorized Customer Representative, where the change is not expressly authorized by TELUS, shall invalidate the SLO on the Services until both parties agree upon a remediated state, and efforts to achieve the remediated state shall be separately chargeable via a Project Request. A RACI (Responsible, Accountable, Consult and Inform) table will be jointly developed during on-boarding.

The Customer has the right to opt for Co-Management of the Devices. By default, the Service is provided with no Co-Management of Devices, and the Authorized Customer Users will not have administrative access to Devices. If, at any time, the Customer opts to avail themselves of Co-Management rights, a formal request will be made by an Authorized Customer Representative to provision user accounts with administrative access for specified individuals. Any changes that have been made by any Customer employee, where the change is not expressly authorized by TELUS, shall invalidate the SLO on the Services until both parties agree upon a remediated state, and efforts to achieve the remediated state shall be separately chargeable and require a SOW provided by TELUS.

Access points (Wi-Fi)

Each Wi-Fi bundle purchased assumes the configuration by TELUS of one (1) corporate Service Set Identifier (“
SSID
”), one (1) Bring-Your-Own-Device SSID, and one (1) guest SSID via a Wi-Fi enabled Device on the network that is currently under TELUS’s management and listed within this proposal. For each Wi-Fi bundle, TELUS will also configure Access Point Devices to broadcast a Wi-Fi signal to an area defined by the Customer. Any further administrative tasks or configurations required for configuration and management of the Wi-Fi bundle may be performed by TELUS upon the Customer’s request, if reasonably feasible and at TELUS’s discretion. Additional access points or SSIDs for existing access points may be supported and configured as well, but they must be purchased as a separate Wi-Fi bundle, and this Agreement must be amended accordingly. TELUS’s scope of responsibility for Wi-Fi delivery and support is limited to the configuration and health monitoring of the Access Point Devices. Any issue related to signal availability or strength currently falls outside the Managed NGFW Service’s capabilities.

Network switch

TELUS will perform all requested network switch configuration tasks, including Device setting changes, Virtual Local Area Network assignment, port configurations, etc. TELUS will not make changes to any Devices without also receiving confirmation that the change is approved by the Customer’s change management representatives, e.g., Change Advisory Board or other individuals who have been established as having authority to request changes. The Customer may create or make changes to Devices at its discretion, but it is strongly advised to either (a) request that TELUS make all changes; or (b) inform TELUS via the service portal if changes are made by Customer employees. All changes to switching features and settings during the Term of this Agreement must be (a) made by TELUS upon receiving a Service Request; or (b) made by the Customer after receiving written approval by TELUS. This condition of Co-Management of the Devices is requested in order to aid in maintaining the desired functionality of the Devices for which they were scoped and architected. If individuals make changes that are not approved, the Customer incurs increased risk of unexpected behaviour from the Devices.

Did this article solve your problem?

Yes
No

Related articles

This Privacy Statement describes how TELUS collects, uses, and discloses your personal information when you use the TELUS Business Connect Mobile App.

Shared hosting terms and conditions

This Privacy Statement describes how TELUS collects, uses, and discloses your personal information when you use the TELUS Secure Business Mobile App.

The fine print for pre-authorized payments

Learn about updates to your Internet service and rates

Learn about accessibility at TELUS
function assign() { [native code] }