Professional Documents
Culture Documents
Tecnics IHCL Cyberark IAM Implementation Proposal 1.0
Tecnics IHCL Cyberark IAM Implementation Proposal 1.0
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 1 of 12
Contents
1. Summary 3
2. Why Tecnics 3
2.1. Tecnics Culture 3
3. Proposed Solution 4
3.1. Scope of Services 5
4. Out of Scope 8
5. Project Deliverables 8
6. Project schedule and expiration 9
7. Assumptions 9
8. CyberArk Bill of Material 10
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 2 of 12
1. Summary
This Statement of Work (“SOW”) is made by and between Indian Hotels Company Limited (“Customer”) and
Tecnics Integration Technologies Pvt Ltd (“Tecnics”) and identifies the services (“Services”) Tecnics will perform
for customer. This SOW is valid for thirty (30) days from date of issue, after which period all services, terms and
prices quoted are subject to change.
2. Why Tecnics
Tecnics is a leading IT services company founded in 1997, headquartered in Houston, Texas, with development
locations in Hyderabad, India.
Tecnics is specialized in providing security solutions and services to various clients worldwide. Tecnics offers a
wide range of security services including Security Consulting & Advisory, implementation and managed services
for Cyberark, Okta, Splunk and PaloAlto, to ensure the safety of their clients' sensitive data and information.
Tecnics' Cyberark solutions provide identity and access management services, including multi-factor
authentication, single sign-on, and lifecycle management for our clients' cloud and on-premises environments. Our
experience with PaloAlto solutions provide, intrusion detection and prevention, and other security services to
ensure the cyber safety of our clients' networks.
We are a company known for delivering high-quality security solutions and services to our clients globally. Our
team of experts and certifications from leading security solution providers like CyberArk made us a reliable and
trustworthy partner in ensuring the safety of our clients' sensitive data and information.
We use a Global Delivery model where applicable, especially in Application Management Support services to
significantly reduce the client’s cost of implementation.
Our Vision – “To be a leading, reliable and trusted provider of software integration, consulting and application
management services, and to be the preferred choice of clients and talent by creating the ’gold standard ‘of value
within the enterprise solutions ecosystem.”
Our Mission – “With the highest integrity, deliver the highest quality and return on investment (ROI) to our clients
who require Enterprise implementation and support services; and to have a satisfying and supportive work
environment to ensure that we deliver optimal results to our clients.”
Our Values – In “building our business focused on one-on-one client relationships,” we will:
● Embody the highest ethics
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 3 of 12
● Make customer satisfaction our #1 tenet
3. Proposed Solution
Tecnics Professional Services will assist the Customer with the implementation of Cyberark. Tecnics Professional
Services will provide Customer with the following:
1. Tecnics Professional Services will assist the customer with the implementation of Cyberark in new tenant
2. Two Cyberark tenants (Preview and Production) will be configured and integrated with applications under
scope (wherever possible).
3. Configure AD agents based on best practices.
4. MFA configuration.
5. Tecnics will configure AD as a source of truth with Cyberark for the internal users.
6. Tecnics will assist customer with one Prod AD domain to be integrated with Cyberark.
7. MFA and other Cyberark based configurations to be performed.
8. Tecnics will assist customer with Provisioning and deprovisioning of Internal and Contractor users.
9. Sign On and other configurations to be performed by Tecnics on Cyberark tenants.
10. Assist the customer with Cut over planning, rolling out Cyberark and provide post go-live support.
11. Tecnics will assist in the SSO/MFA implementation of Twelve (12) apps.
12. SSO for 12 (Twelve) applications.
It is common for additional requirements and changes to surface during the execution of Professional Services as
more information is shared between the parties. Should additional requirements or changes be discovered, both
parties would execute the Change Control process to assess the impact to the budget, schedule, and resourcing
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 4 of 12
before approvals are granted. Tecnics will not complete any changes until both parties, in writing, have approved the
Change Control.
Project Logistics
READINESS
The Readiness phase involves Customer orientation activity. Tecnics will provide a streamlined assessment of
Customer’s ability to start the implementation and deployment, as well as recommended next steps to fortify project
success. At the conclusion of the readiness phase, Tecnics will provide a readiness assessment.
PLAN
The Plan phase begins the detailed planning for the project kick-off meeting, establishing design phase agenda(s),
identifying key project stakeholders and scheduling with the Tecnics and Customer project teams. Tecnics will be on
boarded to the required applications and systems. The Plan phase concludes with a project kickoff meeting and
completion of a high-level project schedule.
DESIGN
The Design phase involves design workshop(s) where knowledgeable business and technical SMEs are led through
design discussions by the Tecnics team. The Design phase ends with a review of the future state architecture and
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 5 of 12
alignment on any scope modifications needed. At the conclusion of the Design phase, Tecnics will conduct a build
checkpoint and review the future state design and project schedule.
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 6 of 12
BUILD
The Build phase may involve multiple iterations where Tecnics and Customer will work together to configure and
implement items defined, as in scope, below. As part of the Build phase, configuration, development, and data
migration activities are demonstrated to Customer and activities focused on User Acceptance Testing (“UAT”)
planning and knowledge transfer begins. Scope dependent technical documentation is updated. The iterations of the
Build phase will conclude with the review of the test plan and the start of UAT.
The following table outlines the scope of services to be performed within the context of this project on up to one (1)
Cyberark Tenants.
[The “In Scope” column is populated with a “Y” or “N” to clearly indicate if the task will be performed as part of this
project.]
Tecnics and Customer project managers will conduct the Kickoff Meeting to communicate the
following to project stakeholders:
Statement of Work
1. Project Schedule
Y
Project Team with Roles and Responsibilities
Timeline, Milestones, High Level project plan
Risks and Concerns
Communication Plan
Project Methodology
Assessment of current state architecture to understand the Network & Application Topology. Other
2. tasks include:
Technical Readiness Assessment (IT, SecOps, Operations) Y
Review Applications in scope
Get alignment on architecture
4. MFA/AMFA Configuration Y
Overview of Multi-Factor Authentication, factor types, enrollment and enforcement policies
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 7 of 12
Task Description In Scope
Configure per org MFA/AMFA policies, per App MFA/AMFA policies
MFA/AMFA Enrollment & MFA/AMFA Enforcement
SSO Integration
SSO to be integrated for the applications in scope.
App Integration:
Tecnics to perform full engagement for 12 apps.
Directory Integration:
One Prod Active Directory
5.
Y
Customer Obligations:
Perform configuration on the Application side
Provide test user for testing SSO scenarios
Participate in testing & troubleshooting
Modernize the login functionality for business applications if direct integration with
Cyberark is not possible.
Assumptions:
Customer’s Cyberark tenant is licensed with required SKUs for any required implementation(s).
Meet with App Owner & SMEs
During UAT Cyberark deployment will be validated and Tecnics team will assist Customer end-to-
end testing as determined by project scope.
Customer team will lead and participate in UAT with the Tecnics team providing best practice
recommendation, issue management and providing root cause analysis & remediation. At the end
of the UAT Customer & Tecnics team will work collaboratively to come up with a deployment plan.
The UAT will cover the following:
AD Integration
SSO – 12 Apps
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 8 of 12
Task Description In Scope
Work closely with Tecnics for Cut Over planning & Go Live
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 9 of 12
Go Live
Tecnics will assist the Customer to deploy the changes in Production. Final knowledge transfer,
support handover and project close activities will also take place.
10.
Customer will be responsible for: Y
Adherence to deployment plan, including post-production test plans and application
regression testing.
Identifying post-production support resources and ensuring availability for knowledge
transfer from the Tecnics project team.
Participation in the project close process
Post Go Live Support
11.
Shadow operations team during this period Y
Assist operations team in troubleshooting issues after Go Live
Project closure & Sign-off
4. Out of Scope
1. Base configuration for existing apps and AD.
2. Data cleanup & data migration
3. API Consulting
4. Troubleshoot or fix issues in downstream application not related to integration with Cyberark
5. Customer communication & Change Management
6. Functionality that is in Beta
7. Travel & Other Expenses
8. Any Item that is not listed in the scoping section
5. Project Deliverables
1. Base configuration for existing apps and AD.
2. Data cleanup & data migration
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 10 of 12
6. Project schedule and expiration
Following the execution date of this SOW, this project is expected to require ~ 5 weeks for implementation of the
agreed scope. After this defined duration, the original SOW will expire. The SOW term may be extended if agreed
upon by Customer and Tecnics through a Change Request.
Expected Task wise effort estimate – subject to be update once detailed application list and integration details are
shared by customer.
Group Task
Cyberark Checking the Cyberark Accounts and configurations in tenants
Integration
Establish connectivity between Cyberark and organizations.
Configure Cyberark IAM settings to enable secure and efficient communication. Customize Tenant.
Azure AD integration with Cyberark (already integrated)
Implement user provisioning and de-provisioning processes across Cyberark and organization.
Ensure smooth synchronization of user attributes and entitlements.
Application Identify and document the list of applications to be integrated.
Integration
Prioritize integration based on criticality and business requirements.
Implement Single Sign-On (SSO) for all applications to enhance user experience.
Configure Multi-Factor Authentication (MFA) for enhanced security. Conditional MFA.
Ensure that group memberships and permissions are accurately reflected across platforms.
Unit Testing Conduct comprehensive testing of the Cyberark Application integration.
Perform thorough testing of each application integration to ensure functionality.
Validate Single Sign-On and Multi-Factor Authentication for all integrated applications.
Execute end-to-end testing scenarios to verify the overall system integrity.
Documentation Create detailed documentation for the Cyberark integration setup.
Document integration steps and configurations for each of the applications.
Develop a troubleshooting guide for common integration issues.
Training Provide training sessions for the IT support team on managing Cyberark Tenant and application
integrations.
Develop user training materials for the newly integrated org applications.
7. Assumptions
This Scope of work document is prepared with following assumptions.
1. This project is a remote deployment with Tecnics PM and Engineer completing tasks remotely.
2. Azure AD integration for Aspire Lifestyle is considered as part of scope and effort estimate
3. Effort estimate takes into consideration that all 12 Applications for integration are once integrated with
existing ISOS Cyberark tenant and hence no issues with integration OR no development is required
4. Application list should be shared by customer, a large part of application integration section of effort
estimate is assumption
5. Tecnics PM and Engineer will visit customer facility only for the use cases where an application or URL is
not accessible.
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 11 of 12
6. Customer shall furnish, in a timely manner, all resources including personnel, systems, information, and
software necessary to complete the project.
7. Customer shall be responsible for and designate a Project Manager or applicable Lead to oversee project
coordination on Customer side activities including Customer resources necessary to complete the
process, track status and communicate to Customer’s internal stakeholders.
8. Customer retains authority and responsibility for decisions made regarding the implementation
9. Built-in out-of-box functionality, including interfaces, workflows, plugins, components, and integrations will
be utilized. Out-of-box functionality means functionality that is documented as readily available and not
requiring extensions. Any extensions OR customizations will require additional effort will need a separate
discussion and agreement between Customer and Tecnics.
10. Customer is responsible for coordinating, following, and communicating, in a timely fashion, all
internal processes (Change Management, Systems Development Life Cycle, etc.).
11. Customer is responsible for the quality of data, and any remediation efforts that may be necessary to
complete this project.
12. Tecnics is not responsible for any documentation that is authored and/or produced by the Customer.
13. Customer will ensure network access and valid credentials where required
14. Customer is responsible for supporting connectivity or configuration issues with third-party products
Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 12 of 12