Skip Ribbon Commands
Skip to main content
Terms of Service


System Security Assessments
Terms of Service

"Service Level Agreement"

Roles and Responsibilities

​Management and Planning ​BCCS ​Customer
Determine if Customer is eligible for system security assessment​ ​X
​Meet and define the scope of the project ​X ​X
​Gather information to establish and verify the project scope ​X
​Recommend possible additional tests to enhance a comprehensive review ​X
​Signature needed on final agreement prior to beginning of system security assessment ​X


Conduct System Security Assessment​ ​BCCS ​Customer
​Prepare list of hardware and software to be tested as well as explanation of testing with scope and limitations ​X
​Provide documentation describing agreed-upon scope of work ​X
​Review of preliminary report following system security assessment ​X
​Issue final report with findings, assessment of the existing level of risk and recommendations for improvement ​X
Vulnerability Resolution​ ​X ​X
​Resolve Issues Found (Hosted Systems) ​X ​X
​Resolve Issues Found (ala carte on non-hosted systems) ​X
​Assign Shared Service Customers a list of Vulnerabilities the BCCS customer must correct ​X
​Reporting Resolution of Assigned Vulnerabilities ​X

Billing and Payment for Services

BCCS plans and maintains a common IT infrastructure, on behalf of the State, to realize the most efficient, reliable, and least cost approach to delivery of IT services to State agencies. Customers of BCCS are provided projected annual costs allowing continued planning and budgeting, avoiding unanticipated costs. The centralized IT provisioning of services requires BCCS customers to make prompt payments allowing services to continue without interruption. By using this service, BCCS customers, under these Terms of Service, agree to submit payment vouchers to the Illinois State Comptroller within 60 days of invoicing.

Acceptance of Terms

By request and use of this service hosted by Central Management Services, Bureau of Communication and Computer Services, hereinafter BCCS, you are indicating agreement to follow and be bound by the terms and conditions of this Terms of Service as currently published and hereafter amended.

This service is available to all Executive State agencies and may be provided, under separate agreement, to other governmental entities. Separate agreements, where applicable, may supersede sections of this Terms of Service where referenced, otherwise the terms as outlined herein are controlling.

Term of Agreement

This agreement shall be effective upon a customer’s first request for services and shall terminate upon discontinuation of the services rendered. BCCS will give customers notices of service discontinuation far enough in advance to allow the affected customers to make the appropriate adjustments, with respect to their information technology and business needs, in light of the pending discontinuation of service(s).

Changes to the Terms of Service are subject to notice and review under Change Management with input from all parties.

General Terms

No term, condition or other provision of this document may, in any manner, be interpreted as consent to conduct acts that are illegal or that any of the parties herein, either individually or collectively, are prohibited from performing.

In the event that this Agreement is determined to be invalid, it shall be terminated immediately. Should any portion or portions of the Agreement be found to be invalid, the said portion or portions shall not be construed to render the entire Agreement void, but shall be severed from the Agreement upon such finding.

Nothing contained herein serves to limit, alter or amend any Party’s duties, rights or responsibilities as set out in the applicable state and federal statutes, laws, or regulations.

To the extent Publication 1075, as now issued or hereafter amended by the Internal Revenue Service, is applicable, the customer understands that the customer is required to conduct an internal inspection of BCCS' Data Center no less frequently than every eighteen (18) months.

The consolidated enterprise IT environment assumes a shared risk of inseparable and joint responsibility under the controlling legal requirements of governmental operations in the entirety, and each party agrees to cooperate, communicate and work to protect the interests of the State and its constituents. The customers of BCCS agree to follow all policies and procedures internal to their operations and those as might be published by BCCS from time to time, protecting the electronic information and services entrusted to each.