Cyberark Identity and access management

Prepared for: Indian Hotels Company Limited

Dated: December 12th 2023
Prepared By: Tecnics Integration Technologies Pvt Ltd

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 1 of 12
 Contents
1. Summary 3
2. Why Tecnics 3
2.1. Tecnics Culture 3
3. Proposed Solution 4
3.1. Scope of Services 5
4. Out of Scope 8
5. Project Deliverables 8
6. Project schedule and expiration 9
7. Assumptions 9
8. CyberArk Bill of Material 10

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 2 of 12
1. Summary
This Statement of Work (“SOW”) is made by and between Indian Hotels Company Limited (“Customer”) and
Tecnics Integration Technologies Pvt Ltd (“Tecnics”) and identifies the services (“Services”) Tecnics will perform
for customer. This SOW is valid for thirty (30) days from date of issue, after which period all services, terms and
prices quoted are subject to change.

2. Why Tecnics
Tecnics is a leading IT services company founded in 1997, headquartered in Houston, Texas, with development
locations in Hyderabad, India.

Tecnics is specialized in providing security solutions and services to various clients worldwide. Tecnics offers a
wide range of security services including Security Consulting & Advisory, implementation and managed services
for Cyberark, Okta, Splunk and PaloAlto, to ensure the safety of their clients' sensitive data and information.

Tecnics' Cyberark solutions provide identity and access management services, including multi-factor
authentication, single sign-on, and lifecycle management for our clients' cloud and on-premises environments. Our
experience with PaloAlto solutions provide, intrusion detection and prevention, and other security services to
ensure the cyber safety of our clients' networks.

We are a company known for delivering high-quality security solutions and services to our clients globally. Our
team of experts and certifications from leading security solution providers like CyberArk made us a reliable and
trustworthy partner in ensuring the safety of our clients' sensitive data and information.

We use a Global Delivery model where applicable, especially in Application Management Support services to
significantly reduce the client’s cost of implementation.

2.1. Tecnics Culture

Tecnics brings to bear a shared culture of driving client success. The foundation of this culture is our vision,
mission, and shared values. These define not only “what” we do, but more importantly “how” we do it:

Our Vision – “To be a leading, reliable and trusted provider of software integration, consulting and application
management services, and to be the preferred choice of clients and talent by creating the ’gold standard ‘of value
within the enterprise solutions ecosystem.”

Our Mission – “With the highest integrity, deliver the highest quality and return on investment (ROI) to our clients
who require Enterprise implementation and support services; and to have a satisfying and supportive work
environment to ensure that we deliver optimal results to our clients.”

Our Values – In “building our business focused on one-on-one client relationships,” we will:
● Embody the highest ethics

● Perform with an aggressive “can-do” attitude

● Deploy a high quality and low risk-oriented engagement model

● Be responsive to our client’s needs

● Deliver high value and ROI for our clients’ investments

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 3 of 12
 ● Make customer satisfaction our #1 tenet

● Embrace a long-term engagement, “client for life” philosophy.

Some practical examples of how our solution achieves these goals:

● Application Management Support Services with a dedicated Team –We bring to the table deep
experience and a team of professionals that know what it takes to implement and, more importantly, achieve
the highest return on investment from your existing implementation.
● Tested Methodology – Our methodology embodies knowledge and experience culled from many years of
successful implementation projects, which allows for significant cost reduction while ensuring a quality
solution. This allows the client to focus on its core competencies and reduces the need to increase its IT
investment.
● Competitive Pricing – We make continuous improvements and significant investments in refining our
methodology to deliver high quality services at an affordable price point. We leverage our on-site/off-shore
model to provide the highest value for the client’s investment.
● High Customer Satisfaction Model - Based on efficiency, responsiveness, sense of urgency and business
strategy

3. Proposed Solution

Tecnics Professional Services will assist the Customer with the implementation of Cyberark. Tecnics Professional
Services will provide Customer with the following:

1. Tecnics Professional Services will assist the customer with the implementation of Cyberark in new tenant
2. Two Cyberark tenants (Preview and Production) will be configured and integrated with applications under
scope (wherever possible).
3. Configure AD agents based on best practices.
4. MFA configuration.
5. Tecnics will configure AD as a source of truth with Cyberark for the internal users.
6. Tecnics will assist customer with one Prod AD domain to be integrated with Cyberark.
7. MFA and other Cyberark based configurations to be performed.
8. Tecnics will assist customer with Provisioning and deprovisioning of Internal and Contractor users.
9. Sign On and other configurations to be performed by Tecnics on Cyberark tenants.
10. Assist the customer with Cut over planning, rolling out Cyberark and provide post go-live support.
11. Tecnics will assist in the SSO/MFA implementation of Twelve (12) apps.
12. SSO for 12 (Twelve) applications.

Application in Scope – 12 Applications

1. <<To be shared by customer>>

It is common for additional requirements and changes to surface during the execution of Professional Services as
more information is shared between the parties. Should additional requirements or changes be discovered, both
parties would execute the Change Control process to assess the impact to the budget, schedule, and resourcing

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 4 of 12
before approvals are granted. Tecnics will not complete any changes until both parties, in writing, have approved the
Change Control.

Tecnics Consulting Inc Customer

Name: Nishikanth Nandiraju Name:
Title: Head - Cyber Security Services Title:
E-mail: Nishikanth_n@tecnics.com E-mail:

Project Logistics

Engagement Details Description

Remote Remote
Work Hours (Start/End time) 10 AM to 7 PM IST
Kickoff Details 2 weeks post release of purchase order

3.1. Scope of Services

The following activities shall be within the scope of this SOW:

READINESS
The Readiness phase involves Customer orientation activity. Tecnics will provide a streamlined assessment of
Customer’s ability to start the implementation and deployment, as well as recommended next steps to fortify project
success. At the conclusion of the readiness phase, Tecnics will provide a readiness assessment.

Customer will be responsible for:

 Ensure all required licenses are purchased and have admin access to Cyberark org’s
 Identifying points of contact for project sponsors, project management, project team, Subject Matter Experts
(“SME”), IT, SecOps & Operations team.
 Identifying applications and systems related to implementation.
 Identify Applications owners & share their contact information.
 Actively participating in readiness meetings with the Tecnics team.
 Timely completion of readiness tasks assigned.

PLAN
The Plan phase begins the detailed planning for the project kick-off meeting, establishing design phase agenda(s),
identifying key project stakeholders and scheduling with the Tecnics and Customer project teams. Tecnics will be on
boarded to the required applications and systems. The Plan phase concludes with a project kickoff meeting and
completion of a high-level project schedule.

Customer will be responsible for:

 Ensuring all project stakeholders attend and actively participate in planning and project kick off meetings.
 Collaborate with Tecnics resource with development of a high-level project schedule.
 Plan for access to applications and systems related to implementation, including third party services or providers.

DESIGN
The Design phase involves design workshop(s) where knowledgeable business and technical SMEs are led through
design discussions by the Tecnics team. The Design phase ends with a review of the future state architecture and

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 5 of 12
alignment on any scope modifications needed. At the conclusion of the Design phase, Tecnics will conduct a build
checkpoint and review the future state design and project schedule.

Customer will be responsible for:

 Ensuring all project stakeholders and SMEs attend and actively participate in Design phase meetings.
 Timely coordination of third-party application owners and to work collaboratively with Tecnics.
 Provide access to applicable applications, systems, and production mirrored data.
 All data quality.
 Timely review and approval of design recommendations.

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 6 of 12
BUILD
The Build phase may involve multiple iterations where Tecnics and Customer will work together to configure and
implement items defined, as in scope, below. As part of the Build phase, configuration, development, and data
migration activities are demonstrated to Customer and activities focused on User Acceptance Testing (“UAT”)
planning and knowledge transfer begins. Scope dependent technical documentation is updated. The iterations of the
Build phase will conclude with the review of the test plan and the start of UAT.

The following table outlines the scope of services to be performed within the context of this project on up to one (1)
Cyberark Tenants.

[The “In Scope” column is populated with a “Y” or “N” to clearly indicate if the task will be performed as part of this
project.]

Task Description In Scope

Project Readiness & Kickoff Meeting

Tecnics and Customer project managers will conduct the Kickoff Meeting to communicate the
following to project stakeholders:
 Statement of Work
1.  Project Schedule
Y
 Project Team with Roles and Responsibilities
 Timeline, Milestones, High Level project plan
 Risks and Concerns
 Communication Plan
 Project Methodology

Design & Architecture

Assessment of current state architecture to understand the Network & Application Topology. Other
2. tasks include:
 Technical Readiness Assessment (IT, SecOps, Operations) Y
 Review Applications in scope
 Get alignment on architecture

Perform base Cyberark configuration

 Review best practices for administration & configuration

 Best practices for Cyberark groups, Group rules & Application assignments
 Identify the super users from the IT/Operations/SecOps team
 Configure permission on Cyberark’s Active Directory service account to ensure the
3. account can manage passwords for the Customer’s end users.
Y
 Review Cyberark mastered profile and password management requirements
 Configure password & sign-on policies within Cyberark
 Configure Network IP Zones for “In Zone” & “Not in Zone” scenarios
 Configure basic branding by leveraging the Out-of-the-Box customization feature provided
by Cyberark.
 Integration and Configuration of one AD domain in Prod.

4. MFA/AMFA Configuration Y
 Overview of Multi-Factor Authentication, factor types, enrollment and enforcement policies

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 7 of 12
Task Description In Scope
 Configure per org MFA/AMFA policies, per App MFA/AMFA policies
 MFA/AMFA Enrollment & MFA/AMFA Enforcement

SSO Integration
SSO to be integrated for the applications in scope.

App Integration:
Tecnics to perform full engagement for 12 apps.

Directory Integration:
One Prod Active Directory
5.
Y
Customer Obligations:
 Perform configuration on the Application side
 Provide test user for testing SSO scenarios
 Participate in testing & troubleshooting
 Modernize the login functionality for business applications if direct integration with
Cyberark is not possible.

Assumptions:
Customer’s Cyberark tenant is licensed with required SKUs for any required implementation(s).
Meet with App Owner & SMEs

 Identify the application owner.

 Initial reach out to application owner & set expectations
7.
 Brief application owner on tasks needed to be assigned to them, our expectations of them Y
 Discuss application future changes roadmap that may impact this implementation.
 Discuss username format, unique username generation, existing process & exceptions.
 Discovery of existing and future processes for Joiner, Mover and Leaver use cases.
 Meeting with technical team to understand app landscape (DEV, Test, UAT, PROD env)
9. UAT Phase Y

During UAT Cyberark deployment will be validated and Tecnics team will assist Customer end-to-
end testing as determined by project scope.

Customer team will lead and participate in UAT with the Tecnics team providing best practice
recommendation, issue management and providing root cause analysis & remediation. At the end
of the UAT Customer & Tecnics team will work collaboratively to come up with a deployment plan.
The UAT will cover the following:
 AD Integration
 SSO – 12 Apps

Customer obligations for UAT are:

 Identify Operations team responsible for support & maintenance and transition with project
team
 Providing non-production environments/systems/accounts for testing.
 Identifying and managing users for UAT.
 Identifying test cases and success criteria for UAT.
 Facilitating UAT and capturing success criteria with users.

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 8 of 12
Task Description In Scope
 Work closely with Tecnics for Cut Over planning & Go Live

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 9 of 12
 Go Live

Tecnics will assist the Customer to deploy the changes in Production. Final knowledge transfer,
support handover and project close activities will also take place.
10.
Customer will be responsible for: Y
 Adherence to deployment plan, including post-production test plans and application
regression testing.
 Identifying post-production support resources and ensuring availability for knowledge
transfer from the Tecnics project team.
 Participation in the project close process
Post Go Live Support
11.
 Shadow operations team during this period Y
 Assist operations team in troubleshooting issues after Go Live
 Project closure & Sign-off

4. Out of Scope
1. Base configuration for existing apps and AD.
2. Data cleanup & data migration
3. API Consulting
4. Troubleshoot or fix issues in downstream application not related to integration with Cyberark
5. Customer communication & Change Management
6. Functionality that is in Beta
7. Travel & Other Expenses
8. Any Item that is not listed in the scoping section

5. Project Deliverables
1. Base configuration for existing apps and AD.
2. Data cleanup & data migration

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 10 of 12
6. Project schedule and expiration
Following the execution date of this SOW, this project is expected to require ~ 5 weeks for implementation of the
agreed scope. After this defined duration, the original SOW will expire. The SOW term may be extended if agreed
upon by Customer and Tecnics through a Change Request.

Expected Task wise effort estimate – subject to be update once detailed application list and integration details are
shared by customer.

Group Task
Cyberark Checking the Cyberark Accounts and configurations in tenants
Integration
Establish connectivity between Cyberark and organizations.
Configure Cyberark IAM settings to enable secure and efficient communication. Customize Tenant.
Azure AD integration with Cyberark (already integrated)
Implement user provisioning and de-provisioning processes across Cyberark and organization.
Ensure smooth synchronization of user attributes and entitlements.
Application Identify and document the list of applications to be integrated.
Integration
Prioritize integration based on criticality and business requirements.
Implement Single Sign-On (SSO) for all applications to enhance user experience.
Configure Multi-Factor Authentication (MFA) for enhanced security. Conditional MFA.
Ensure that group memberships and permissions are accurately reflected across platforms.
Unit Testing Conduct comprehensive testing of the Cyberark Application integration.
Perform thorough testing of each application integration to ensure functionality.
Validate Single Sign-On and Multi-Factor Authentication for all integrated applications.
Execute end-to-end testing scenarios to verify the overall system integrity.
Documentation Create detailed documentation for the Cyberark integration setup.
Document integration steps and configurations for each of the applications.
Develop a troubleshooting guide for common integration issues.
Training Provide training sessions for the IT support team on managing Cyberark Tenant and application
integrations.
Develop user training materials for the newly integrated org applications.

7. Assumptions
This Scope of work document is prepared with following assumptions.
1. This project is a remote deployment with Tecnics PM and Engineer completing tasks remotely.
2. Azure AD integration for Aspire Lifestyle is considered as part of scope and effort estimate
3. Effort estimate takes into consideration that all 12 Applications for integration are once integrated with
existing ISOS Cyberark tenant and hence no issues with integration OR no development is required
4. Application list should be shared by customer, a large part of application integration section of effort
estimate is assumption
5. Tecnics PM and Engineer will visit customer facility only for the use cases where an application or URL is
not accessible.

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 11 of 12
 6. Customer shall furnish, in a timely manner, all resources including personnel, systems, information, and
software necessary to complete the project.
7. Customer shall be responsible for and designate a Project Manager or applicable Lead to oversee project
coordination on Customer side activities including Customer resources necessary to complete the
process, track status and communicate to Customer’s internal stakeholders.
8. Customer retains authority and responsibility for decisions made regarding the implementation
9. Built-in out-of-box functionality, including interfaces, workflows, plugins, components, and integrations will
be utilized. Out-of-box functionality means functionality that is documented as readily available and not
requiring extensions. Any extensions OR customizations will require additional effort will need a separate
discussion and agreement between Customer and Tecnics.
10. Customer is responsible for coordinating, following, and communicating, in a timely fashion, all
internal processes (Change Management, Systems Development Life Cycle, etc.).
11. Customer is responsible for the quality of data, and any remediation efforts that may be necessary to
complete this project.
12. Tecnics is not responsible for any documentation that is authored and/or produced by the Customer.
13. Customer will ensure network access and valid credentials where required
14. Customer is responsible for supporting connectivity or configuration issues with third-party products

8. CyberArk Bill of Material

Product Code Product Name Description Qty Tenure
WORKFORCE- Workforce Contextual MFA and Access Management and conditional, risk- 25,000 12
STANDARD- Identity based SSO with reporting and Workforce Password Months
USER-SAAS Standard Management w/ Cloud Vault. Price per user per month

Tecnics Integration Technologies Pvt Ltd – Proprietary & Confidential Information Page 12 of 12