IMPRIVATA MANAGED SERVICES AGREEMENT

IMPORTANT-READ CAREFULLY: Prior to acknowledging your acceptance, be sure to carefully read and understand all of the rights and restrictions described in this Imprivata Managed Services Agreement (this “Agreement”). This Agreement is a legal agreement between you (“Customer” or “you” or “your”) and Imprivata, Inc. (“Imprivata”) for the Services described herein. By purchasing the Services, you (either you as an individual or, if the Services will be used by an entity, on behalf of that entity) represent and agree that you have the capacity and authority to bind yourself or, if applicable, the applicable entity, to the terms of this Agreement and agree to be bound by the terms of this Agreement. If you do not agree to the terms of this Agreement, you may not utilize the Services. Any terms and conditions in a purchase order (or in any similar document) which are in addition to, or conflict or are inconsistent with these terms are hereby rejected and superseded by the terms contained herein.

RECITALS

WHEREAS, Imprivata and Customer are parties to that certain Imprivata End User License Agreement (the “EULA”);

WHEREAS, Imprivata will be providing certain managed services (the “Services”) for Imprivata Software licensed to Customer pursuant to the EULA by means of Imprivata professional services staff, engineers, project managers, program managers, implementation engineers, deployment specialists, clinical workflow specialists, business analysts, and other specialists (“Administrator(s)”) as applicable and further described herein;

WHEREAS, Administrators may be required to access certain portions of Customer’s computer network for the purpose of providing such Services; and

WHEREAS, this Agreement shall set forth the obligations of both parties with respect to the provision of the Services and access to Customer’s network.

NOW, THEREFORE, in consideration of the agreements, covenants, terms and conditions herein contained and other consideration, the sufficiency of which is hereby acknowledged, the parties hereby agree as follows:

Services.

Imprivata offers eleven (11) Services packages: (i) Advanced Advisory Services/Customer Success Management; (ii) Enterprise Advisory Services/Technical Architecture Management; (iii) Advanced Management Services/Remote Administration Management; (iv) Enterprise Management Services/Resident Engineering Management; (v) Mobile Management Services; (vi) Starter Management Services; (vii) Identity Governance Management Services; (viii) Identity Governance Configuration and Management Services; (ix) Flexible Configuration Updates (for Imprivata OneSign® and Confirm ID® solutions); (x) Flexible Configuration Updates (for Imprivata Identity Governance® solution); and (xi) Privileged Access Management Services. Imprivata will provide Customer the applicable Services purchased by you (as indicated on the Imprivata Quote or its equivalent if purchasing through an authorized reseller) as further described below:

Advanced Advisory Services Package MS-ADVIS-ADVCD-CSM-SUB
1. Personalized Adoption, Utilization, and ROI Reporting
  1. Regular engagement with assigned Customer Success Manager, tracking to Customer goals and opportunities to accelerate Imprivata product adoption.
  2. Coach Customer on adoption best practices and personalized guidance.
  3. Provide insight into license utilization reporting and personalized assessments to maximize utilization.
  4. Facilitate annual executive business reviews to uncover opportunities to maximize solution value and mitigate potential risks.
2. Facilitate Issue Resolution
  1. Drive collaboration with key Customer stakeholders and Imprivata staff.
  2. Track Customer initiatives, executive and business owner level roadmaps, update/expansion plans, and open product issues.
  3. Monitor satisfaction with owned products; escalate Customer needs/issues cross-departmentally.
  4. Communicate Voice of the Customer survey feedback to Imprivata upper management to help drive strategic initiatives and program improvement.
3. Education subscription
  1. For two (2) participants:
    1. Unlimited access to all virtual education class offerings.
    2. Individual seats accessing all content in the Imprivata Learning Center.
    3. Access to certifications across all product offerings.
    4. Unlimited access to all refresher virtual training.
Enterprise Advisory Services Package MS-ADVIS-ENTPRS-TAM-SUB
1. Imprivata Customer Support Escalation Management
  1. Create support cases on behalf of Customer and follow up with status reports on each case as needed, on a weekly basis.
  2. Automatically escalate issues based on agreed upon thresholds regarding case status, priority, age, etc.
  3. Summarize status, outcomes, and next steps following escalations.
  4. Act as the central point of contact and facilitator of escalations.
2. Guidance During Product Upgrades
  1. Create a project plan for pre-upgrade testing and production cutover.
  2. Respond to calls from Customer for assistance during business hours or as agreed upon during a three-hour on-call availability period during off-hours during critical production cutover events.
3. Change Management for System Architecture
  1. Continuously monitor change requests as shared by Customer.
  2. Participate in change management meetings, highlight potential risks to Imprivata functionality, and recommend changes.
  3. Ensure long-term adherence to reference architecture best practices.
  4. Join Customer teams tasked with resolving issues resulting from environmental changes.
  5. Collaborate with Customer in strategic or tactical planning efforts.
4. Onsite or remote technical design & planning/solution optimization sessions
  1. Facilitate annual technical checkup.
  2. Develop strategies to drive environmental or architectural optimization and document any relevant decisions, identified risks, key assumptions, and timeline estimates.
  3. Provide direct support for testing and troubleshooting.
  4. Document technical findings and recommendations.
5. Architectural relationship management
  1. Schedule and run checkpoint calls with Customer’s technical teams (includes preparation and completion of action items needed).
  2. Serve as Customer’s central point of contact for supportability review.
6. Communications
  1. Customer is responsible for attending the following meetings:
    1. No less frequently than semi-annually, hold strategic (steering) stakeholder meetings with Customer sponsor(s) at director-level or above with the authority to approve strategic priorities and resource commitments.
    2. No less frequently than bi-monthly (every two weeks), hold operational- or project-level stakeholder meetings with Customer application subject-matter experts and IT staff impacted by Imprivata solutions.
7. Education subscription
  1. For two (2) participants:
    1. Unlimited access to all virtual education class offerings.
    2. Individual seats accessing all content in the Imprivata Learning Center.
    3. Access to certifications across all product offerings.
    4. Unlimited access to all refresher virtual training.

Advanced Management Services Package MS-MGMT-ADVCD-OSCID-RAM-SUB

Direct administration of Imprivata system
1. Monitor performance, health, and stability metrics. Implement preventative and/or corrective configuration changes as needed.
2. Alert Customer to any changes needed and facilitate any actions or support needed from Customer.
3. Implement configuration changes and expansions to address Customer’s evolving needs.
Imprivata system upgrade, migration, and application profiling projects
1. Create a project plan for pre-upgrade testing and production cutover.
2. Respond to calls from Customer for assistance during business hours or as agreed upon during a three-hour on-call availability period during off-hours during critical production cutover events.
3. Identify and communicate the need for version upgrades. Plan, manage, and complete configuration, testing, and implementation tasks.
4. Identify and communicate the need for appliance migrations. Plan, manage, and complete migration tasks as required.
5. Identify and communicate the need for new application profiles or updates to existing profiles. Plan, manage, and complete profiling, testing, and other deployment tasks.
6. Install and configure proof of concept (POC) environments to allow testing of requested features and enhancements.
7. Respond to errors/issues that require fixes and own communication and issue management. Plan, manage, and complete configuration, testing, and implementation tasks.
8. Respond to environmental, application, and integration issues requiring a new Imprivata appliance. Own communication and issue management. Plan, manage, and complete migration tasks.
9. Respond to the need to update existing profiles and the need for enablement of new applications. Own communication and issue management, and plan, manage, and complete profiling, testing, and deployment tasks.
Customer help desk escalation handling
1. Train Customer help desk staff to optimize front-line user and Customer’s own support service level agreements (SLAs) on Imprivata-related cases.
2. Receive end user issues escalated through Customer’s help desk for troubleshooting, determining root cause, and reaching a resolution.
Change management: Imprivata system configuration
1. Collaborate with Customer in strategic or tactical planning efforts.
2. Join Customer teams tasked with resolving issues resulting from environmental changes.
3. Interpret architecture, system, and workflow changes for configuration, testing, and implementation tasks.
4. Own the hands-on configuration and testing tasks within the Imprivata system. Assist and support integration testing.
5. Ensure long-term adherence to reference architecture best practices.
6. Respond to an unanticipated need for changes and help actively remediate impacts to the Imprivata solution caused by changes to architectural components integrated with the Imprivata system.
Onsite or remote technical design & planning/solution optimization sessions
1. Facilitate twice-annual technical check-up, document findings and recommendations, own strategic planning to achieve Customer support, adoption, and expansion goals, and document sequence of technical steps and effort required.
2. Develop strategies to drive environmental or architectural optimization and document any relevant decisions, identified risks, key assumptions, and timeline estimates.
3. Provides direct ad hoc test support, troubleshooting, and emergency management.
4. Clinical workflow discovery, analysis & design – up to two (2) days per subscription year:
  1. Facilitate via interviews an inventory and analysis of existing workflow needs and issues, priorities, and impact of making changes.
  2. Document findings and recommendations.
5. Provide onsite clinical workflow observation and analysis in response to user experience or workflow issues/errors; end user satisfaction/remediation; combine clinical findings with technical findings and document recommendations.
Application & Architectural relationship management
1. Schedule and run checkpoint calls with application and architectural teams with interdependencies between the Imprivata enterprise and other systems or infrastructures including preparation and completion of action items and follow-ups needed.
2. Serve as the Customer stakeholders’ central point of contact for system/application needs and supportability review.
Imprivata Customer Support Escalation management
1. Create support cases on behalf of the Customer and follow up with status reports on each case as needed, on a weekly basis.
2. Automatically escalate issues based on agreed upon thresholds regarding case status, priority, age, etc. Summarize status, outcomes, and next steps following escalations
3. Act as the central point of contact and owner of escalations.
Communications
1. Customer is responsible for attending the following meetings:
  1. No less frequently than semi-annually, hold strategic (steering) stakeholder meetings with Customer sponsor(s) at director-level or above with the authority to approve strategic priorities and resource commitments.
  2. No less frequently than bi-monthly (every two weeks), hold operational- or project-level stakeholder meetings with Customer application subject-matter experts and IT staff impacted by Imprivata solutions.
Education subscription
1. For two (2) participants:
  1. Unlimited access to all virtual education class offerings.
  2. Individual seats accessing all content in the Imprivata Learning Center.
  3. Access to certifications across all product offerings.
  4. Unlimited access to all refresher virtual training.

Case Priority Classification

Administrators will be responsible for determining the case priority of the issue according to the case priority definitions set forth in the table below. The Administrator shall notify the Customer of the assigned case priority classification. Based on the priority level, the Customer’s responsibilities are also set forth below:

Priority	Definition & Customer Responsibilities
Priority 1 – Critical production system down	An Imprivata production system is down. Major functionality is not available for a broad number of users. No alternative solution or workaround is currently available. For example, an appliance does not function in a production environment and business is severely impacted. Customer Instructions: Contact Imprivata Customer Support directly for fastest response (Customer Support will work directly with the assigned Administrator). Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.
Priority 2 – Major impact	A major function or feature is failing. The issue severely restricts usability within a production environment. Project deployment is delayed. No alternative solution or workaround is currently available. Customer Instructions: Create a case for the Administrator (the Administrator may escalate if additional assistance is needed). Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.
Priority 3 – General issue	A minor flaw has been detected and usability is generally unaffected, moderately affected, or impacts a small number of users. A workaround may be available. Customer Instructions: Create a case for the Administrator. Customer Responsibilities: Administrator will advise if coordination from Customer IT staff is required.
Priority 4 – Question or minor impact	Instructions or information are requested regarding existing product functionality. Customer Instructions: Create a case for the Administrator. Customer Responsibilities: Administrator will advise if coordination from Customer IT staff is required.

Service Level Response Times

Initial response times are determined by the priority of the issue as set forth in the table below. Initial Response times are calculated from when Imprivata receives the initial case submission.

Priority	Initial Response Time
Priority 1	Customer should contact Imprivata Customer Support directly
Priority 2	Initial Administrator response within 2 business hours
Priority 3	Initial Administrator response within 1 business day
Priority 4	Initial Administrator response within 2 business days

Customer Obligations
1. Access to Network. Customer shall provide technical access as further set forth below to Customer’s computer network. Such access shall be provided through a generic user account to be shared by the Administrator staff and individual reports accessed by customer at will via the Imprivata Customer Connect gatekeeper installation.
2. Customer shall provide the following technical access to Administrators utilizing its IT staff and resources:
  1. Imprivata Customer Connect Access
  2. Gatekeeper or Nexus Installation on dedicated endpoint or virtual desktop access from which all required systems can be accessed.
  3. At minimum, one directory account with Administrator permissions, for system access and configuration, testing, and administration
  4. Endpoint access to an approved web browser user account and endpoint access to Imprivata Admin UI.

Enterprise Management Services Package MS-MGMT-ENTPRS-OSCID-REM-SUB

Direct administration of Imprivata system
1. Monitor performance, health, and stability metrics. Implement preventative and/or corrective configuration changes as needed.
2. Alert Customer to any changes needed and facilitate any actions or support needed from Customer
3. Implement configuration changes and expansions to address Customer’s evolving needs.
Imprivata system upgrade, migration, and application profiling projects
1. Create a project plan for pre-upgrade testing and production cutover
2. Respond to calls from Customer staff for assistance during business hours or as agreed upon during a three-hour on-call availability period during off-hours during critical production cutover events.
3. Identify and communicate the need for version upgrades. Plan, manage, and complete configuration, testing, and implementation tasks.
4. Identify and communicate the need for appliance migrations. Plan, manage, and complete migration tasks as required.
5. Identify and communicate the need for new application profiles or updates to existing profiles. Plan, manage, and complete profiling, testing, and other deployment tasks.
6. Install and configure proof of concept (POC) environments to allow testing of requested features and enhancements.
7. Respond to errors/issues that require fixes and owns communication and issue management. Plan, manage, and complete configuration, testing, and implementation tasks.
8. Respond to environmental, application, and integration issues requiring a new Imprivata appliance. Own communication and issue management. Plan, manage, and complete migration tasks.
9. Respond to the need to update existing profiles and the need for enablement of new applications. Own communication and issue management, and plan, manage, and complete profiling, testing, and deployment tasks.
Customer help desk escalation handling
1. Train Customer help desk staff to optimize front-line user and Customer’s own support service level agreements (SLAs) on Imprivata-related cases.
2. Receive end user issues escalated through your help desk for troubleshooting, determining root cause, and reaching a resolution.
Change management: Imprivata system configuration
1. Collaborate with your staff in strategic or tactical planning efforts.
2. Join Customer teams tasked with resolving issues resulting from environmental changes.
3. Interpret architecture, system, and workflow changes for configuration, testing, and implementation tasks.
4. Own the hands-on configuration and testing tasks within the Imprivata system. Assist and support integration testing.
5. Ensure long-term adherence to reference architecture best practices.
6. Respond to unanticipated need for changes and help actively remediate impacts to the Imprivata solution caused by changes to architectural components integrated with the Imprivata system.
7. Clinical workflow specialist Administrators evaluate planned changes for clinical end user impact and remain engaged throughout implementation of changes to ensure workflow efficiency and value is not compromised by technical changes made over time.
8. Anticipate training needs for new clinical users of existing workflows or retraining clinical users that may not be fully leveraging existing workflows.
9. Prescriptive guidance over time to align the Customer's workflows with best practices as derived from across the Imprivata Customer base.
Onsite or remote technical design & planning/solution optimization sessions
1. Facilitate twice-annual technical check-up, documents findings and recommendations, own strategic planning to achieve Customer support, adoption, and expansion goals, and document sequence of technical steps and effort required.
2. Develop strategies to drive environmental or architectural optimization and document any relevant decisions, identified risks, key assumptions, and timeline estimates.
3. Provide direct ad hoc test support, troubleshooting, and emergency management.
4. Clinical workflow discovery, analysis & design – up to two (2) days per subscription year:
  1. Facilitate via interviews an inventory and analysis of existing workflow needs and issues, priorities, and impact of making changes.
  2. Document findings and recommendations.
5. Provide onsite clinical workflow observation and analysis in response to user experience or workflow issues/errors; end user satisfaction/remediation; combine clinical findings with technical findings and document recommendations.
Application & Architectural relationship management
1. Schedule and run checkpoint calls with application & architectural teams with interdependencies between the Imprivata enterprise and other systems or infrastructure; includes preparation and completion of action items/ follow-ups needed.
2. Serve as the Customer stakeholders’ central point of contact for system/application needs and supportability review.
3. Clinical workflow specialist Administrators monitor the ongoing success of the recommended clinical workflow configurations that were recommended.
4. Clinical workflow specialist Administrators maintain proactive regular participation in cadence calls for workflow-related issues, questions, and changes.
Education subscription
1. For two (2) participants:
  1. Unlimited access to all virtual education class offerings.
  2. Individual seats accessing all content in the Imprivata Learning Center.
  3. Access to certifications across all product offerings.
  4. Unlimited access to all refresher virtual training.
Imprivata Customer Support Escalation management
1. Create support cases on behalf of the Customer and follow up with status reports on each case as needed, on a weekly basis.
2. Automatically escalate issues based on agreed upon thresholds regarding case status, priority, age, etc. Summarize status, outcomes, and next steps following escalations.
3. Act as the central point of contact and owner of escalations.
4. Clinical workflow specialist Administrators are directly engaged in Imprivata Customer Support escalations and work to minimize clinical end user impact during troubleshooting efforts.
5. Proposed resolution path and remediation options will be evaluated and planned for short- and long-term clinical end user value.
Onsite or remote Implementation, Deployment, & Expansion Services
1. Scheduled access to the full range of Imprivata implementation and education services (subject to the Project Conditions below and quantity of days included in Customer’s Services subscription,) including:
  1. Project management services
  2. Configuration and validation services
  3. Appliance setup, configuration, and migration
  4. Application enablement and integration
  5. Workstation workflow configuration
  6. Self-service password reset configuration
  7. Authentication devices, token, and modalities enablement
  8. Connector configuration
  9. VDA configuration
  10. Remote access and mobile device access (MDA) configuration
  11. End user testing
  12. Domain migration services
  13. Enterprise merge services
  14. Authentication hardware and manual agent installation and testing
  15. End user identity proofing, enrollment, and training
  16. Go-live assistance
  17. Imprivata education/training courses
  18. Project completion and optimization services
2. Provide services in proportion to the following deployment sizes:
  1. Small (7,499 users or fewer) – Per subscription year:
    1. Fifteen (15) days onsite or 120 hours remote
  2. Medium (7,500 – 19,999 users) – Per subscription year:
    1. Twenty (20) days onsite or 160 hours remote
  3. Large (20,000 users or more) – Per subscription year:
    1. Thirty (30) days onsite or 250 hours remote
3. Project Conditions
  1. The Customer shall contact their Administrator for information on the quantity of days included in the Customer’s Managed Services subscription, which may be used annually in proportion to the subscription term. Unless otherwise agreed in writing, services days will expire on each anniversary of the start date of the Managed Services subscription in proportion to the subscription term. For example, for a two-year term, fifty percent (50%) of the services days will expire on the first anniversary of the Managed Services subscription start date and the remaining services days will expire on the second anniversary of the Managed Services subscription start date. For example, for a three-year term, thirty-three percent (33%) of the services days will expire on the first anniversary of the Managed Services subscription start date, thirty-three percent (33%) of the services days will expire on the second anniversary of the Managed Services subscription start date and the remaining services days will expire on the third anniversary of the Managed Services subscription start date. In the event all services days have expired, Imprivata will be under no obligation to perform any additional services. No credit/refund of unused service days will be provided. Should any items require additional time to complete, the Customer may utilize the Statement of Work process (“SOW”) to purchase additional time.
  2. The scope of Services assumes that the Customer’s environment complies with current Imprivata supported components at project commencement.
  3. Prior to the testing phase, the Customer is responsible for identifying and providing to the Imprivata Administrator testing scenarios which reflect end-user workflows in the Customer’s production environment.
  4. Imprivata may elect to deliver some or all of the services through one of its certified partners. The certified partner will perform the services as a subcontractor to Imprivata.
  5. Customer understands that Custom Development, such as but not limited to Extension Objects (EXO), may be implemented at the request of the Customer during a project. However, Custom Development work is not covered by the Imprivata Maintenance agreement to include updates, additions, or issues remediation.
  6. All services outlined herein are inclusive of travel and expense.
  7. Onsite services days cancelled or rescheduled with less than two (2) weeks advanced notice will be billed as delivered and debited from the Customer’s available balance. Failure to provide the appropriate notice may result in cancellation fees which are: daily rate for consultant time or the usage of a purchased services day. The Customer agrees to reimburse Imprivata for these fees if the cancellation is less than the required minimum advance notice. If the Customer needs to reschedule, they must contact their Imprivata project manager as soon as possible to reduce the scope and possibility of the above fees.
  8. Deployment specialist Administrators need to be scheduled at least 60 days in advance of planned deployment. In order to be scheduled, the physical locations, shift times and user enrollment counts must be provided to Imprivata. Once scheduled, Imprivata requires 30 days advance notice to cancel or reschedule the deployment specialist Administrators. Deployment specialist Administrator will be scheduled in a minimum of two-week increments.
Communications
1. Customer is responsible for attending the following meetings:
  1. No less frequently than semi-annually, hold strategic (steering) stakeholder meetings with Customer sponsor(s) at director-level or above with the authority to approve strategic priorities and resource commitments.
  2. No less frequently than bi-monthly (every two weeks), hold operational- or project-level stakeholder meetings with Customer application subject-matter experts, system administrators, and IT staff impacted by Imprivata solutions.

Case Priority Classification

Priority	Definition & Customer Responsibilities
Priority 1 – Critical production system down	An Imprivata production system is down. Major functionality is not available for a broad number of users. No alternative solution or workaround is currently available. For example, an appliance does not function in a production environment and business is severely impacted. Customer Instructions: Contact Imprivata Customer Support directly for fastest response (Customer Support will work directly with the assigned Administrator). Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.
Priority 2 – Major impact	A major function or feature is failing. The issue severely restricts usability within a production environment. Project deployment is delayed. No alternative solution or workaround is currently available. Customer Instructions: Create a case for the Administrator (the Administrator may escalate if additional assistance is needed). Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.
Priority 3 – General issue	A minor flaw has been detected and usability is generally unaffected, moderately affected, or impacts a small number of users. A workaround may be available. Customer Instructions: Create a case for the Administrator. Customer Responsibilities: Administrator will advise if coordination from Customer IT staff is required.
Priority 4 – Question or minor impact	Instructions or information are requested regarding existing product functionality. Customer Instructions: Create a case for the Administrator. Customer Responsibilities: Administrator will advise if coordination from Customer IT staff is required.

Service Level Response Times

Initial response times are determined by the priority of the issue as set forth in the table below. Initial Response times are calculated from when Imprivata receives the initial case submission.

Priority	Initial Response Time
Priority 1	Customer should contact Imprivata Customer Support directly
Priority 2	Initial Administrator response within 2 business hours
Priority 3	Initial Administrator response within 1 business day
Priority 4	Initial Administrator response within 2 business days

Customer Obligations
1. Access to Network. Customer shall provide technical access as further set forth below to Customer’s computer network. Such access shall be provided through a generic user account to be shared by the Administrator staff and individual reports accessed by customer at will via the Imprivata Customer Connect gatekeeper installation.
2. Customer shall provide the following technical access to Administrators utilizing its IT staff and resources:
  1. Imprivata Customer Connect Access
  2. Gatekeeper or Nexus Installation on dedicated endpoint or virtual desktop access from which all required systems can be accessed.
  3. At minimum, one directory account with Administrator permissions, for system access and configuration, testing, and administration
  4. Endpoint access to an approved web browser user account and endpoint access to Imprivata Admin UI.

Mobile Management Services Package MS-MGMT-MOBILE-MAM-SUB

Implementation Services
1. Establish and test API connections to Customer’s mobile device management (“MDM”) solution via the Imprivata GroundControl console.
2. Configure and test device settings and GroundControl workflows.
3. Provide additional implementation project support in proportion to the following deployment sizes:
  1. Small (2,499 devices or fewer) – Per subscription year:
    1. Forty (40) hours of remote project management
    2. Two (2) days of onsite workflow specialist support
    3. Four (4) days of onsite go-live, hardware deployment and end user support
  2. Medium (2,500 – 19,999 devices) – Per subscription year:
    1. Sixty (60) hours of remote project management
    2. Three (3) days of onsite workflow specialist support
    3. Six (6) days of onsite go-live, hardware deployment and end user support
  3. Large (20,000 devices or more) – Per subscription year:
    1. Ninety (90) hours of remote project management
    2. Four (4) days of onsite workflow specialist support
    3. Eight (8) days of onsite go-live, hardware deployment and end user support
  4. Project Conditions
    1. The Customer shall contact their Administrator for information on the quantity of days included in the Customer’s Managed Services subscription, which may be used annually in proportion to the subscription term. Unless otherwise agreed in writing, services days will expire on each anniversary of the start date of the Managed Services subscription in proportion to the subscription term. For example, for a two-year term, fifty percent (50%) of the services days will expire on the first anniversary of the Managed Services subscription start date and the remaining services days will expire on the second anniversary of the Managed Services subscription start date. For example, for a three-year term, thirty-three percent (33%) of the services days will expire on the first anniversary of the Managed Services subscription start date, thirty-three percent (33%) of the services days will expire on the second anniversary of the Managed Services subscription start date and the remaining services days will expire on the third anniversary of the Managed Services subscription start date. In the event all services days have expired, Imprivata will be under no obligation to perform any additional services. No credit/refund of unused service days will be provided. Should any items require additional time to complete, the Customer may utilize the Statement of Work process (“SOW”) to purchase additional time.
    2. The scope of Services assumes that the Customer’s environment complies with current Imprivata supported components at project commencement.
    3. Prior to the testing phase, the Customer is responsible for identifying and providing to the Imprivata Administrator testing scenarios which reflect end-user workflows in the Customer’s production environment.
    4. Imprivata may elect to deliver some or all of the services through one of its certified partners. The certified partner will perform the services as a subcontractor to Imprivata.
    5. Customer understands that Custom Development, such as but not limited to Extension Objects (EXO), may be implemented at the request of the Customer during a project. However, Custom Development work is not covered by the Imprivata Maintenance agreement to include updates, additions, or issues remediation.
    6. All services outlined herein are inclusive of travel and expense.
    7. Onsite services days cancelled or rescheduled with less than two (2) weeks advanced notice will be billed as delivered and debited from the Customer’s available balance. Failure to provide the appropriate notice may result in cancellation fees which are: daily rate for consultant time or the usage of a purchased services day. The Customer agrees to reimburse Imprivata for these fees if the cancellation is less than the required minimum advance notice. If the Customer needs to reschedule, they must contact their Imprivata project manager as soon as possible to reduce the scope and possibility of the above fees.
    8. Deployment specialist Administrators need to be scheduled at least 60 days in advance of planned deployment. In order to be scheduled, the physical locations, shift times and user enrollment counts must be provided to Imprivata. Once scheduled, Imprivata requires 30 days advance notice to cancel or reschedule the deployment specialist Administrators. Deployment specialist Administrator will be scheduled in a minimum of two-week increments.
Education subscription
1. For two (2) participants:
  1. Unlimited access to all virtual education class offerings.
  2. Individual seats accessing all content in the Imprivata Learning Center.
  3. Access to certifications across all product offerings.
  4. Unlimited access to all refresher virtual training.
Direct administration of Imprivata system
1. Proactively monitor critical events and activity logs to alert Customer’s team to any changes needed as well as facilitate remediation and any required support.
2. Monitor utilization and adoption metrics to ensure the broadest and most consistent end-user adoption and intervene to gather user feedback as needed.
3. Implement configuration changes to address Customer’s evolving needs, including during MDM migrations and installation of proof-of-concept environments to allow testing of requested features and enhancements.
4. Deliver new workflow automation rules and updates to existing workflow rules, including any testing and training required.
Change management: Imprivata system configuration
1. Interpret architecture, system, and workflow changes for configuration, testing, and implementation work required.
2. Review change requests weekly for potential impact to GroundControl and other Imprivata mobile solutions. GroundControl and such Imprivata mobile solutions are collectively referred to herein as “Imprivata Mobile Solutions”.
3. Respond to unanticipated needs for changes and help to actively remediate any impact to Imprivata Mobile Solutions caused by changes to architectural components integrated with the Imprivata system.
Imprivata Customer Support Escalation management
1. Create support cases on behalf of the Customer and follow up with status reports on each case as needed, on a weekly basis.
2. Automatically escalate issues based on agreed upon thresholds regarding case status, priority, age, etc. Summarize status, outcomes, and next steps following escalations.
Customer help desk escalation handling
1. Train Customer help desk staff to optimize front-line user and Customer’s own support service level agreements (SLAs) on Imprivata-related cases.
2. Receive end user issues escalated through Customer’s help desk for troubleshooting, determining root cause, and reaching a resolution.
Application & Architectural relationship management
1. Schedule and run checkpoint calls with application and architectural teams with interdependencies between the Imprivata Mobile solution and other systems or infrastructures including preparation and completion of action items and follow-ups needed.
2. Serve as the Customer stakeholders’ central point of contact for system/application needs and supportability review.
Product Advocacy
1. Monitor advance-notice internal release documentation and alerts Customer to product enhancements that benefit their unique needs or objectives.
2. Develop plans for implementing new features.
3. Facilitate engagement with Imprivata development team for controlled availability and beta programs, and to provide advanced insight into product roadmap.
Communications
1. Customer is responsible for attending the following meetings:
  1. No less frequently than semi-annually, hold strategic (steering) stakeholder meetings with Customer sponsor(s) at director-level or above with the authority to approve strategic priorities and resource commitments.
  2. No less frequently than bi-monthly (every two weeks), hold operational- or project-level stakeholder meetings with Customer application subject-matter experts, system administrators, and IT staff impacted by Imprivata solutions.

Case Priority Classification

Priority	Definition & Customer Responsibilities
Priority 1 – Critical production system down	An Imprivata production system is down. Major functionality is not available for a broad number of users. No alternative solution or workaround is currently available. For example, an appliance does not function in a production environment and business is severely impacted. Customer Instructions: Contact Imprivata Customer Support directly for fastest response (Customer Support will work directly with the assigned Administrator). Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.
Priority 2 – Major impact	A major function or feature is failing. The issue severely restricts usability within a production environment. Project deployment is delayed. No alternative solution or workaround is currently available. Customer Instructions: Create a case for the Administrator (the Administrator may escalate if additional assistance is needed). Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.
Priority 3 – General issue	A minor flaw has been detected and usability is generally unaffected, moderately affected, or impacts a small number of users. A workaround may be available. Customer Instructions: Create a case for the Administrator. Customer Responsibilities: Administrator will advise if coordination from Customer IT staff is required.
Priority 4 – Question or minor impact	Instructions or information are requested regarding existing product functionality. Customer Instructions: Create a case for the Administrator. Customer Responsibilities: Administrator will advise if coordination from Customer IT staff is required.

Service Level Response Times

Initial response times are determined by the priority of the issue as set forth in the table below. Initial Response times are calculated from when Imprivata receives the initial case submission.

Priority	Initial Response Time
Priority 1	Customer should contact Imprivata Customer Support directly
Priority 2	Initial Administrator response within 2 business hours
Priority 3	Initial Administrator response within 1 business day
Priority 4	Initial Administrator response within 2 business days

Customer Obligations
1. Access to Network. Customer shall provide technical access as further set forth below to Customer’s computer network. Such access shall be provided through a generic user account to be shared by the Administrator staff and individual reports accessed by customer at will via the Imprivata Customer Connect gatekeeper installation.
2. Customer shall provide the following technical access to Administrators utilizing its IT staff and resources:
  1. Imprivata Customer Connect Access
  2. Gatekeeper or Nexus Installation on dedicated endpoint or virtual desktop access from which all required systems can be accessed.
  3. At minimum, one directory account with Administrator permissions, for system access and configuration, testing, and administration
  4. Endpoint access to an approved web browser user account and endpoint access to Imprivata Admin UI.

Starter Management Services MS-MGMT-STARTER-OSCID-CPM-SUB
1. Full Remote Configuration, Testing, and Go-live in Customer’s production environment
  1. Remotely install and configure Customer Imprivata OneSign/Confirm ID solution.
  2. Configure and test policies and application/system integration points.
  3. Support back-end technical configuration needs for initial production go-live event, including preventative and/or corrective configuration changes, as needed.
2. Upgrades, Migration, and Expansions
  1. Identify and communicate the need for Imprivata product version upgrades; plan, manage, and complete configuration, testing, and implementation tasks for up to one (1) Imprivata system upgrade per year, as well as any required appliance migration work.
  2. Identify, communicate, plan, manage, and complete up to ten (10) new application profiles or updates to existing profiles per year; testing and other deployment tasks included.
  3. Install and configure proof of concept (POC) environments to allow testing of requested features and enhancements.
3. Customer Help Desk Training
  1. Train Customer help desk staff to optimize front-line user and Customer’s own support service level agreements (SLAs) on Imprivata-related cases.
4. Education subscription
  1. For two (2) participants:
    1. Unlimited access to all virtual education class offerings.
    2. Individual seats accessing all content in the Imprivata Learning Center.
    3. Access to certifications across all product offerings.
    4. Unlimited access to all refresher virtual training.
5. Customer Obligations
  1. Primary Customer Administrator. Customer shall assign at least one (1) individual to be trained and certified by Imprivata to assume and maintain primary responsibility for administration of the Imprivata OneSign/Confirm ID solution.
  2. Access to Network. Customer shall provide technical access as further set forth below to Customer’s computer network. Such access shall be provided through a generic user account to be shared by the Administrator staff and individual reports accessed by customer at will via the Imprivata Customer Connect gatekeeper installation.
  3. Customer shall provide the following technical access to Administrators utilizing its IT staff and resources:
    1. Imprivata Customer Connect Access
    2. Gatekeeper or Nexus Installation on dedicated endpoint or virtual desktop access from which all required systems can be accessed.
    3. At minimum, one directory account with Administrator permissions, for system access and configuration, testing, and administration
    4. Endpoint access to an approved web browser user account and endpoint access to Imprivata Admin UI.
6. Communications.
  1. Customer is responsible for scheduling and holding the following meetings:
    1. No less frequently than annually, hold strategic (steering) stakeholder meetings with Customer sponsor(s) at director-level or above with the authority to approve strategic priorities and resource commitments.
    2. No less frequently than monthly, hold operational- or project-level stakeholder meetings with Customer application subject-matter experts, system administrators, and IT staff impacted by Imprivata solutions.

Identity Governance Management Services MS-MGMT-IDG-RAM-SUB

Description of Services
1. Basic troubleshooting. The Imprivata Administrator will be responsible for the following troubleshooting tasks related to the Imprivata Identity Governance software (“IdG”):
  1. Review error notifications, logs, and tie request table.
  2. Review end to end workflow.
  3. Trigger drops to request handling to notification.
  4. Review of bridge logs and failures (no code changes).
2. First level support for questions related to basic error messages. The Imprivata Administrator will be the initial point of contact for issues related to the IdG solution. This includes:
  1. Understanding of customer IdG solution and architecture.
  2. Review error notifications, tie request table to success or failure.
  3. Review of trigger files and trigger translation logic.
  4. Escalation to Imprivata Support if required.
3. Ongoing role maintenance. The Imprivata Administrator will maintain the current role database which includes:
  1. Add, modify, delete roles.
  2. Add, modify, delete entitlements for specific roles.
  3. Partial bulk role imports.
4. IdG Application maintenance
  1. Basic IdG upgrade support
    1. Installation and configuration for up to four (4) point (minor version) releases or one (1) major version release, per subscription year.
    2. IdG server, bridge server, trigger server.
    3. Monitor log directories – log maintenance and cleanup.
5. Application configuration support. The Imprivata Administrator will provide support for applications that are integrated with the IdG solution, including:
  1. Minor configuration changes for existing manual apps (attribute properties only).
  2. Addition of generic apps that use shared scripting and logic that was delivered as part of the Imprivata implementation project.
  3. Addition of Microsoft Active Directory-aware applications (up to 10 per subscription year)
  4. Deployment of Customer-created Bridges
  5. Deployment of and configuration of new IdG bridges (does not include bridge development).
  6. OneSign integration (up to ten (10) per subscription year)
  7. Work with application owner/subject matter expert on validation of functionality of customer-created bridges
  8. Installation and configuration of additional bridge servers as needed.
6. Governance, Risk Management & Compliance (“GRC”) dashboard maintenance
  1. Configure homepages and profiles.
  2. Set up compliance tasks.
  3. Minor changes for existing reports.
7. New source trigger workflows (up to two (2) per subscription year)
  1. Define additional source feeds and SQL database trigger definitions.
  2. Trigger parsing and file transmission.
8. Bridge development (up to one (1) per subscription year)
  1. Delivery of a bridged automation.
  2. Gather requirements, development, testing, and delivery of the bridge.
  3. Installation and configuration of additional bridge servers as needed.
  4. Deployment of bridges.
  5. Backloading of application accounts data.
9. Training
  1. End-user workflow training.
  2. Helpdesk IdG training.
10. Education subscription
  1. For two (2) participants:
    1. Unlimited access to all virtual education class offerings.
    2. Individual seats accessing all content in the Imprivata Learning Center.
    3. Access to certifications across all product offerings.
    4. Unlimited access to all refresher virtual training.
  2. Access to monthly remote product deep dive training sessions as offered.
11. User maintenance
  1. Set user permissions within IdG.
12. Unsupported Tasks
  1. The Imprivata Administrator will not be responsible for tasks outside those in the Description of Services set forth above, including but not limited to:
    1. Any changes to the IdG workflows that require changes to implementation scripting or code, including any IdG bridges.
    2. Performing major version IdG upgrade including any upgrade from 5.3.X or lower to the latest version of IdG.
    3. Maintenance of non-IdG components (SQL, Hypervisor, OS, Citrix, etc.).
    4. Custom GRC report creation.
    5. Changes to role criteria that will require changes to the trigger parsing/translation scripting.
    6. Any major design related changes to the IdG solution.
    7. Normal IT Administrator tasks.
  2. Any major design related changes to the solution.
  3. Maintenance of non-Imprivata IdG components (Active Directory, AD groups creation, SQL, Hypervisor, Windows, Citrix, etc.).

Case Priority Classification

Priority	Definition & Customer Responsibilities
Priority 1 – Critical production system down	An Imprivata production system is down. Major functionality is not available for a broad number of users. No alternative solution or workaround is currently available. For example, an appliance does not function in a production environment and business is severely impacted. Customer Instructions: Contact Imprivata Customer Support directly for fastest response (Customer Support will work directly with the assigned Administrator). Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.
Priority 2 – Major impact	A major function or feature is failing. The issue severely restricts usability within a production environment. Project deployment is delayed. No alternative solution or workaround is currently available. Customer Instructions: Create a case for the Administrator (the Administrator may escalate if additional assistance is needed). Customer Responsibilities: Customer shall assign a named IT resource on a full-time on-call basis to assist and coordinate as needed until the issue is resolved.
Priority 3 – General issue	A minor flaw has been detected and usability is generally unaffected, moderately affected, or impacts a small number of users. A workaround may be available. Customer Instructions: Create a case for the Administrator. Customer Responsibilities: The Administrator will advise if coordination from Customer IT staff is required.
Priority 4 – Question or minor impact	Instructions or information are requested regarding existing product functionality. Customer Instructions: Create a case for the Administrator. Customer Responsibilities: The Administrator will advise if coordination from Customer IT staff is required.

Service Level Response Times

Initial response times are determined by the priority of the issue as set forth in the table below. Initial Response times are calculated from when Imprivata receives the initial case submission.

Priority	Initial Response Time
Priority 1	Customer should contact Imprivata Customer Support directly
Priority 2	Initial Administrator response within 2 business hours
Priority 3	Initial Administrator response within 1 business day
Priority 4	Initial Administrator response within 2 business days

Customer Obligations
1. Access to Network. Customer shall provide technical access as further set forth below to Customer’s computer network. Such access shall be provided through a generic user account to be shared by the Administrator staff and individual reports accessed by customer at will via the Imprivata Customer Connect gatekeeper installation.
2. Customer shall provide the following technical access to Administrators utilizing its IT staff and resources:
  1. Imprivata Customer Connect Access
  2. Gatekeeper or Nexus Installation on dedicated endpoint or virtual desktop access from which all required systems can be accessed.
  3. At minimum, one directory account with Administrator permissions, for system access and configuration, testing, and administration
  4. Endpoint access to an approved web browser user account and endpoint access to Imprivata Admin UI.
Communications.
1. Customer is responsible for scheduling and holding the following meetings:
  1. No less frequently than monthly, hold strategic (steering) stakeholder meetings with Customer sponsor(s) at director-level or above with the authority to approve strategic priorities and resource commitments.
  2. No less frequently than bi-monthly (every two weeks), hold operational- or project-level stakeholder meetings with Customer application subject-matter experts, system administrators, and IT staff impacted by Imprivata solutions.

Identity Governance Configuration and Management Services MS-MGMT-IDG-RAM-SUB-PLUS
1. Remote Configuration Services
  1. Project Management
    1. Review the scope of services.
    2. Conduct a project kick-off meeting to ensure project readiness, review project roles, set expectations, and confirm logistics.
    3. Provide a project plan to the Customer and update the plan during the subscription term.
    4. Coordinate a technical call with the Customer to review project tasks, schedules and resources and make changes and additions, as necessary.
    5. Prepare status reports during the active periods of the engagement, including progress-to-plan.
    6. Serve as Customer’s primary escalation point for all technical and business-related issues pertaining to Imprivata.
  2. Identity Governance Discovery and Design
    1. The Imprivata Administrator(s) will conduct Discovery and Design sessions with Customer with the objective being to understand the Customer’s current provisioning landscape and how the Identity Governance solution will integrate and improve the current workflow and security processes.
      1. The Imprivata Administrator(s) will provide recommendations based on industry best practices and prior implementation experience with Imprivata’s customer base.
      2. The Imprivata Administrator(s) will deliver and review detailed design specification which will define Identity Governance and overall automated provisioning workflows and data flow (the “Design Specification”).
      3. Customer shall review and approve the Design Specification before the project can progress to Application Integration or Automated Workflow Configuration phases.
    2. The Imprivata Administrator(s) will provide consultative guidance governing the building of the Customer’s role database and role-based access control (“RBAC”) principles and best practices, including assistance with initial design and creation of the role database, as well as ongoing maintenance of the role database.
    3. The Imprivata Administrator(s) will also provide guidance and expertise related to Customer’s multi-job environment (if applicable). This will consist of overview of IdG support and functionality and ongoing maintenance of a multi-job solution.
    4. Customer obligations:
      1. Customer shall assist Imprivata Administrator(s) with any design related decisions regardless the stage of the project.
      2. Customer shall ensure completion of initial installation and bootstrapping of the Identity Governance solution on all test servers prior to the first discovery session.
  3. Application Integration
    1. Services will include integration support for up to three (3) application integrations per subscription year (inclusive of Active Directory and Exchange), requiring:
      1. Review of requirements for application automation to support provisioning requests
      2. Creation and review bridge functional specification
      3. Development and unit testing of bridge for the agreed upon application(s)
      4. Application integration within Identity Governance to support automated create, modify, and terminate user workflows
      5. Resolution of defects found during Customer-conducted user acceptance testing of the bridged application
      6. Delivery of the bridge into the test and production environments
  4. Automated Workflow Configuration services will include:
    1. Configuration of the Identity Governance solution to support up to two (2) automated approvals per subscription year.
    2. Delivery of up to two (2) custom email notifications for specified provisioning events, including but not limited to Creation and Termination events per subscription year.
    3. Support for duplicate user handling within Active Directory.
    4. Support for rehire logic.
    5. Resolution of issues found during validation phase of the initial project implementation.
  5. Solution Planning and Account Ownership
    1. Imprivata will assign a primary Administrator that will assist the Customer throughout the Identity Governance active subscription term.
    2. Administrator will be responsible for scheduling and leading:
      1. Return On Investment (ROI) Analysis
        Administrator will lead an ROI analysis of the IdG solution post go-live, using Imprivata provided tools to estimate the value provided by the IdG solution post go-live. A detailed report will be compiled, delivered, and reviewed with Customer.
      2. Identity Governance Technical Check-up(s)
        Following the first year of the subscription term and at the beginning of each subsequent year of the subscription term, Administrator will conduct a technical check-up of the IdG solution.
        Administrator will facilitate a technical check-up of the IdG solution in production use at that time, consisting of a two (2) day remote session to document the following:
        Existing IdG functionality and maturity model assessment.
        Definition of gaps in solution that can be addressed by ongoing services.
        Recommendations for additional automation within provisioning workflow.
        Recommended scope, prioritization and sequencing of future improvements.
  6. Workflow Optimization Services
    1. Per subscription year, Administrator will deliver two (2) workflow enhancements to the Identity Governance solution, at a frequency of one (1) workflow enhancement per six (6) month period. These enhancements shall be defined and outlined within the technical check-up report.
    2. Workflow enhancements must be verified as sound and feasible modifications to existing business logic by an Imprivata Administrator, and mutually agreed to between the parties.
  7. Engineering Education services will include:
    1. Adding and integrating manual and generic applications into Identity Governance
    2. Effective usage of the IdG GRC auditing and reporting tool
    3. Up to one (1) bridge development training course per subscription year. This is an in-depth instructor led class focusing on development and integration of IdG bridges that support automated workflows.
2. Management Services
  1. Includes all aforementioned services set forth in the Identity Governance Management Services package.
Flexible Configuration Updates Package (for Imprivata OneSign® and Imprivata Confirm ID® solutions) PS-OSCID-FLEX-SUB
1. Eligible Update Events
  1. Appliance upgrade
    1. Plan, manage, and complete configuration, testing, and implementation tasks for up to one (1) Imprivata system upgrade per year.
    2. Limited to one (1) Imprivata enterprise and three (3) appliances per enterprise.
  2. Appliance upgrade and migration
    1. Plan, manage, and complete configuration, testing, and implementation tasks for up to one (1) Imprivata system upgrade per year, as well as any required appliance migration work.
    2. Limited to one (1) Imprivata enterprise and three (3) appliances per enterprise.
  3. Configuration of Confirm ID for Remote Access
    1. Configuration is limited to one (1) gateway. Configuration of more than one (1) gateway may be counted as the consumption of another eligible Update Event, or require the purchase of additional services.
  4. Configuration of Confirm ID for Medical Devices
    1. Configuration is limited to two (2) medical device types. Configuration of more than two (2) medical device types may be counted as the consumption of another eligible Update Event, or require the purchase of additional services.
  5. Configuration of Confirm ID for Clinical Workflows
    1. This Update Event is available for clinical workflow integration in Epic® only, and excludes configuration of Epic standalone specialty narrator.
    2. Configuration is limited to three (3) supported workflows. Configuration of more than three (3) supported workflows may be counted as the consumption of another eligible Update Event, or require the purchase of additional services.
  6. Application Profiling
    1. This Update Event is limited to configuration and testing for up to three (3) supported applications utilizing APG or WebSSO.
    2. This Update Event excludes integration with applications that do not utilize APG for SSO enablement.
    3. This Update Event includes configuration and testing only. Workflow analysis and design prior to configuration and testing, as well as user acceptance testing and deployment done following configuration and testing must be performed by Customer.
2. Description of Services
  1. Project Management for Update Events
    1. Prior to the start of the project, the Customer will designate a project manager (“Project Manager”) who will be the primary point of contact for communications relative to the Update Events and will have the authority to act on behalf of the Customer in all matters regarding the scope, including:
      1. Managing the Customer’s personnel and responsibilities for the Update Events
      2. Serving as the interface between departments participating in the Update Events
      3. Participating in meetings relative to Update Events
      4. Helping resolve engagement issues and escalating issues within the Customer’s organization as necessary
    2. Review package offerings and Update Event options with the Customer’s Project Manager.
    3. Conduct planning meeting between the Customer’s Project Manager and the Imprivata resources to plan tasks related to scheduled Update Events.
    4. Schedule Imprivata resources, depending on availability, as needed to perform Update Events.
    5. Prepare status updates during the active periods of the Update Events.
    6. Serve as the Customer’s primary escalation point for all technical and business-related issues pertaining to and during the scoped Update Events.
  2. Appliance Upgrade Update Event
    1. The Imprivata Implementation Engineer will perform an upgrade of the Customer’s test and production environments to the latest Imprivata platform version.
    2. The upgrade will include the following:
      1. Review of any current upgrade considerations or known issues with the Customer’s Imprivata Administrator
      2. Imprivata database backup
      3. Configuration of appliances for failover and offline authentication, if required
      4. Perform a rolling reboot of all appliances
      5. Confirm that Imprivata servers, system services, and sites all are operating normally
      6. Upgrade appliance IPMs to the latest production release
    3. Validation of the upgrade will include the following:
      1. Verification that all appliances in the enterprise have successfully rebooted and been updated to the latest production release
      2. Creation of post-upgrade database backup
      3. Imprivata Agent deployment testing
      4. Review of best practices with Customer’s Imprivata Administrator
  3. Appliance Upgrade and Migration Update Event
    1. The Imprivata Administrator(s) will complete a test migration and validation of the updated Imprivata Appliance platform, followed by a cutover of the production environment to a new platform.
    2. The Imprivata Administrator(s) will meet with the Customer’s technical contact to review the setup requirements for the engagement. The following is a list of items that will be reviewed:
      1. Output from the Imprivata Deployment Report Tool to gather current usage data of the Imprivata platform
      2. Review of technical requirements before the services can commence, including files that need to be downloaded as well as the appliance configuration requirements
      3. Review of the current Imprivata enterprise, including audit servers, the number of audit records and version of the Imprivata platform
      4. Recommended changes to the Imprivata enterprise prior to the migration to the new Imprivata Appliance platform
      5. Review of plan for rollback to the prior Imprivata Appliance platform should any issues arise
    3. The new Imprivata enterprise will be built as a mirror to the current production environment. The Imprivata Administrator(s) will perform a software upgrade of the current production Imprivata enterprise to the software version/hotfix best suited for the migration, as determined jointly by the Project Manager and Imprivata Administrator(s). An export of the current production system will be performed and then imported into the new Imprivata enterprise to create the mirror environment.
    4. Validation of the new Imprivata enterprise will be performed prior to completing the migration of the new Imprivata enterprise over to production. The validation will include the following:
      1. Testing of agent connectivity including authentication modalities
      2. Appliance and agent failover
      3. An application profile will be tested to ensure proper SSO functionality and profiling capabilities
      4. A system backup, restore, and download of the system will be completed
      5. Reports will be created and exported
    5. Once the platform has been validated, the current production appliances will be powered down and the new appliances will be migrated over to the current production appliance Ips. This will require a downtime of roughly 10-15 minutes, which will be coordinated with Customer’s Project Manager.
    6. Validation testing will be performed on the new appliances after they have been cut over to production.
  4. Configuration of Confirm ID for Remote Access Update Event
    1. The Imprivata Administrator(s) will configure the Imprivata enterprise for integration with Confirm ID Push Tokens as required by the project.
    2. The Imprivata Administrators(s) will configure the Imprivata enterprise to accept incoming RADIUS messages from the Customer’s enterprise gateway(s). The Customer’s technical team will be responsible for configuring the enterprise gateway(s) to direct said messages to the Imprivata enterprise. The Imprivata Administrator(s) will assist the Customer’s technical team in testing communications between the configured gateway(s) and the Imprivata enterprise.
  5. Configuration of Confirm ID for Medical Devices Update Event
    1. The Imprivata Administrator(s) will work with the Customer to configure and test the workflow settings for up to three (3) supported medical devices. This includes:
      1. Configuration of Medical Device login workflows
      2. Configuration of Medical Device use verification workflows
      3. Configuration of Medical Device different user authentication workflows
      4. Grace Period configuration
      5. Authentication process design for proximity card, Imprivata PIN or password
  6. Configuration of Confirm ID for Clinical Workflows Update Event
    1. The Imprivata Administrator(s) and Clinical Workflow Specialist Administrator(s) will work with the Customer’s Project Manager and identified clinical and electronic medical record administrators to confirm and/or identify the clinical workflows to configure and test up to three (3) supported clinical workflows. This may include clinical workflows such as, but not limited to:
      1. E-Prescribing (non-EPCS)
      2. Witness Signing
      3. Break-the-Glass
      4. Anesthesia Attestation
      5. Medication Administration
      6. Medication Review Verification
      7. Closing Patient Encounters
      8. Integrated Badge Scanning for Specialty Narrator
  7. Application Profiling Update Event
    1. The Imprivata Administrator(s) will work with the Customer’s Project Manager and identified application owners, both the workflow and technical subject matter experts, to enable applications for Single Sign-On (SSO). The number of applications in scope for this deliverable is limited to three (3) total non-EMR (electronic medical record) applications. This enablement will include the following elements:
      1. Review Customer-provided documentation of all end-user workflows including role-specific workflows within the applications
        It is the Customer’s responsibility to provide account credentials for all user roles within each SSO-enabled application in scope
      2. Review of Customer-defined test cases for each application in scope
        It is the Customer’s responsibility to define test cases for each SSO-enabled application in scope
      3. SSO enablement of each application in scope
      4. Validation testing of each application in scope
3. Project Conditions
  1. Four (4) Update Events are included per 12-month subscription term. The Customer shall contact their Administrator for information on the current quantity of Update Events included in its Flexible Configuration Updates Package subscription. Unless otherwise agreed in writing, any unused Update Events will expire on each anniversary of the start date of the Flexible Configuration Updates Package subscription in proportion to the subscription term. For example, a 24-month Flexible Configuration Updates Package subscription includes a total of eight (8) Update Events; a limit of four (4) of which may be used during each 12-month period, and any Update Events unused during that 12-month period will expire. At the conclusion of the 12-month period, the four (4) remaining Update Events will be eligible for use, and be subject to expiration if unused at the conclusion of the period. In the event all unused Update Events have expired, Imprivata will be under no obligation to perform any additional services. No credit/refund of unused Update Events will be provided. Should additional services or Update Events be required, the Customer may utilize the SOW process to purchase additional services beyond those remaining in the subscription.
  2. The scope of Services assumes that the Customer’s environment complies with current Imprivata supported components at project commencement.
  3. Imprivata may elect to deliver some or all of the services through one of its certified partners. The certified partner will perform the services as a subcontractor to Imprivata.
  4. Customer understands that Custom Development, such as but not limited to Extension Objects (EXO), may be implemented at the request of the Customer during a project. However, Custom Development work is not covered by the Imprivata Maintenance agreement to include updates, additions, or issues remediation.
  5. Update Events cancelled or rescheduled with less than two (2) weeks advanced notice will be billed as delivered and debited from the Customer’s available balance.
4. Communications
  1. Customer is responsible for attending the following meetings:
    1. No less frequently than semi-annually (twice per year), hold strategic (steering) stakeholder meetings with Customer sponsor(s) at director-level or above with the authority to approve strategic priorities and resource commitments.
    2. No less frequently than bi-monthly (every two weeks), hold operational- or project-level stakeholder meetings with Customer application subject-matter experts, system administrators, and IT staff impacted by Imprivata solutions.
5. Customer Obligations
  1. Access to Network. Customer shall provide technical access as further set forth below to Customer’s computer network. Such access shall be provided through a generic user account to be shared by the Administrator staff and individual reports accessed by customer at will via the Imprivata Customer Connect gatekeeper installation.
  2. Customer shall provide the following technical access to Administrators utilizing its IT staff and resources:
    1. Imprivata Customer Connect Access
    2. Gatekeeper or Nexus Installation on dedicated endpoint or virtual desktop access from which all required systems can be accessed.
    3. At minimum, one directory account with Administrator permissions, for system access and configuration, testing, and administration
    4. Endpoint access to an approved web browser user account and endpoint access to Imprivata Admin UI.
Flexible Configuration Updates Package (for Imprivata Identity Governance® solution) PS-IDG-FLEX-SUB
1. Eligible Update Events
  1. Application Configuration Support
    1. Up to sixty (60) hours remote per subscription year.
    2. Up to one (1) minor change for an existing manual application per subscription year.
    3. Up to one (1) minor change for an existing bridged application per subscription year.
  2. Governance, Risk Management & Compliance (“GRC”) dashboard maintenance
    1. Up to forty (40) hours remote per subscription year
    2. Includes minor changes for existing reports.
    3. Assistance configuring up to one (1) custom report per subscription year.
  3. New source trigger workflows
    1. Up to forty (40) hours remote per subscription year.
    2. Includes definition of additional source feeds and SQL database trigger definitions. Up to two (2) new source trigger workflows per subscription year.
  4. Workflow Optimization Services
    1. Up to eighty (80) hours remote per subscription year.
    2. Assistance with up to one (1) workflow enhancement to the Identity Governance solution per subscription year.
  5. Identity Governance consulting services
    1. Up to one hundred (100) hours remote per subscription year.
  6. Application upgrade services
    1. Up to twenty (20) hours remote per subscription year.
    2. Installation and configuration for up to two (2) minor version releases per subscription year.
2. Description of Services
  1. Application Configuration Support Update Event
    1. Assistance with moving configuration changes from Test to Production
    2. Go-live support during the initial activation of the production-ready code base
    3. Regular calls to address issues or questions following go-live
  2. GRC audit and reporting dashboard maintenance Update Event
    1. Assistance with moving configuration changes from Test to Production
    2. Go-live support during the initial activation of the production-ready code base
    3. Regular calls to address issues or questions following go-live
  3. New source trigger workflows Update Event
    1. Trigger parsing and file transmission.
    2. Assistance with moving configuration changes from Test to Production
    3. Go-live support during the initial activation of the production-ready code base
    4. Regular calls to address issues or questions following go-live
  4. Workflow Optimization Services Update Event
    1. Workflow enhancements must be verified as sound and feasible modifications to existing business logic by Imprivata and mutually agreed to between the parties.
    2. Assistance with moving configuration changes from Test to Production
    3. Go-live support during the initial activation of the production-ready code base
    4. Regular calls to address issues or questions following go-live
  5. Identity Governance consulting services Update Event
    1. Consultation services for role database structure, expansion, and/or consolidation
    2. Consultation services for GRC best practices and compliance related tasks
    3. Provisioning workflow analysis and optimization consultation
  6. Application upgrade services Update Event
    1. Installation and configuration for minor version releases. Minor version releases include any hotfixes and/or point releases within the Identity Governance solution.
3. Project Conditions
  1. Four (4) Update Events are included per 12-month subscription term. The Customer shall contact their Administrator for information on the current quantity of Update Events included in its Flexible Configuration Updates Package subscription. Unless otherwise agreed in writing, any unused Update Events will expire on each anniversary of the start date of the Flexible Configuration Updates Package subscription in proportion to the subscription term. For example, a 24-month Flexible Configuration Updates Package subscription includes a total of eight (8) Update Events; a limit of four (4) of which may be used during each 12-month period, and any Update Events unused during that 12-month period will expire. At the conclusion of the 12-month period, the four (4) remaining Update Events will be eligible for use and will be subject to expiration if unused at the conclusion of the period. In the event all unused Update Events have expired, Imprivata will be under no obligation to perform any additional services. No credit/refund of unused Update Events will be provided. Should additional services or Update Events be required, the Customer may utilize the SOW process to purchase additional services beyond those remaining in the subscription.
  2. The scope of Services assumes that the Customer’s environment complies with current Imprivata supported components at project commencement.
  3. Imprivata may elect to deliver some or all of the services through one of its certified partners. The certified partner will perform the services as a subcontractor to Imprivata.
  4. Update Events cancelled or rescheduled with less than two (2) weeks advanced notice will be billed as delivered and debited from the Customer’s available balance.
4. Communications
  1. Customer is responsible for attending the following meetings:
    1. No less frequently than semi-annually (twice per year), hold strategic (steering) stakeholder meetings with Customer sponsor(s) at director-level or above with the authority to approve strategic priorities and resource commitments.
5. Customer Obligations
  1. Access to Network. Customer shall provide technical access as further set forth below to Customer’s computer network. Such access shall be provided through a generic user account to be shared by the Administrator staff and individual reports accessed by customer at will via the Imprivata Customer Connect gatekeeper installation.
  2. Customer shall provide the following technical access to Administrators utilizing its IT staff and resources:
    1. Imprivata Customer Connect Access
    2. Gatekeeper or Nexus Installation on dedicated endpoint or virtual desktop access from which all required systems can be accessed.
    3. At minimum, one directory account with Administrator permissions, for system access and configuration, testing, and administration
    4. Endpoint access to an approved web browser user account and endpoint access to Imprivata Admin UI.
Privileged Access Management (PAM) Services Package MS-MGMT-iPAM-SUB / MS-MGMT-EA-PAM-SUB / MS-MGMT-CC-PAM-SUB
1. Configuration of Imprivata system
  1. On a quarterly basis:
    1. Depending upon the software and licensing owned, test operating procedures, including but not limited to break-the-glass, restore from backup, migration to another supported database.
  2. On a monthly basis:
    1. Perform periodic maintenance data clean-up procedures, including the import and/or removal of assets or records.
  3. On a weekly basis:
    1. Monitor the health of internal and/or third-party new user onboarding, provisioning and deprovisioning processes as built during implementation phase.
    2. Review audit logs, alerts, and reports for Customer’s ease of navigation and use of the data.
2. Imprivata Customer Support Escalation management
  1. Create support cases on behalf of the Customer and follow up with status reports on each case as needed, on a weekly basis.
  2. Automatically escalate issues based on agreed upon thresholds regarding case status, priority, age, etc. Summarize status, outcomes, and next steps following escalations.
3. Platform optimization
  1. On a bi-monthly basis, schedule and facilitate meetings with Customer’s operational staff to consult and advise Customer regarding best practices for use and maintenance of Imprivata system, and advise Customer of new features and enhancements released or pending release.
  2. On a quarterly basis, monitor and manage general configuration settings including retention, file share, mail, backup, and licensing.
  3. On annual basis, apply periodic version updates to the Imprivata system software per each node.
4. Education subscription
  1. For two (2) participants:
    1. Unlimited access to all virtual education class offerings.
    2. Individual seats accessing all content in the Imprivata Learning Center.
    3. Access to certifications across all product offerings.
    4. Unlimited access to all refresher virtual training.
5. The Customer will designate an appropriate named IT resource (“Managed Services Lead”) as the principal point of contact throughout the engagement. The Managed Services Lead’s responsibilities include: scheduling and planning of the Customer’s resources, coordination of project meetings and requirements gathering sessions, point of contact for escalations and problem and conflict resolution management.
6. Services are performed between the business hours of 8:00 AM and 5:00 PM local Customer time, Monday through Friday, excluding normally observed holidays. The observed holidays will be specified in the Imprivata Support and Learning Center, which shall include real-time notifications. Services provided outside these times will be agreed-upon in writing by both parties in advance and may be subject to additional fees.
Imprivata shall use all appropriate safeguards to prevent the use or disclosure of Customer data or other information from Customer’s network, other than as permitted under this Agreement and in furtherance of the Imprivata’s obligations under the Agreement;
Imprivata shall promptly report any lost or stolen identification and passwords and shall insure that all terminated Administrator(s) return to Imprivata all identification and passwords prior to such Administrator(s)’ departure;
Imprivata shall instruct the Administrator(s) that access to Customer’s computer network shall be limited to the minimum that it is necessary to perform the services under this Agreement;
Imprivata will maintain the confidentiality of any user ID, password or other access control device provided by Customer to Imprivata and will not disclose such access control device to any third party, except as expressly authorized by Customer;
Imprivata will not attempt to access any data or systems which are not necessary for Imprivata’s authorized purposes as set forth in the Agreement or in other written instructions to Imprivata by Customer and will terminate access to such data or systems whenever Imprivata ceases to have a need to know such data or systems;
Imprivata will not tamper with, compromise, or attempt to circumvent or bypass any security pertaining to Customer’s systems, electronic or otherwise;
Imprivata will take reasonable precautions not to allow entry of any virus or any other contaminant, including, but not limited to, codes, commands, or instructions that may be used to access, alter, delete, damage or disable the data, systems or other software or property;
Imprivata will not install or download any unauthorized software;
Imprivata will maintain the confidentiality of any data and/or systems to which it has access and will use such data and/or systems only as expressly authorized by the Agreement or in other written instructions to Imprivata; and
Imprivata will notify Customer in the event Imprivata suspects that its network connection or any data or systems to which it has access have been compromised or in the event Imprivata suspects or knows of a breach of any of the foregoing.