Service Level Agreement
- Purpose. These purpose of this Service Level Agreement (“SLA”) is to outline the policies and procedures established by Secure Exchange Solutions (“SES”) to deliver Support Services, Upgrades and other services pursuant to the HISP Subscription Agreement to which this SLA is attached (the “Agreement”). Subscriber must comply with this SLA in requesting support from SES and in requesting SES to provide Support Services provided pursuant to the License.
- CERTAIN DEFINITIONS. All capitalized terms in this SLA not otherwise defined herein shall have the meaning prescribed to them in the Agreement. In addition to the terms defined in the Agreement, the following named terms shall have the following meaning in this SLA:
a. “Error(s)” shall mean a failure of the Programs to operate in the manner described by SES.
b. “Maintenance” means activities of SES to provide normal software operation through updates, bug patches, fixes and work-arounds. “Maintenance” does not include enhancements or additions to the Programs that provide new functionality.
c. “Problems” means Errors, defects, malfunction or any nonconformity to any applicable Specification Sheet in the Programs.
d. “Service Outage” means any interruption in the availability of the Programs to Subscriber (excluding Scheduled Maintenance or Emergency Maintenance) and only if such interruption is due to an Error, and specifically excludes any Non-Standard Services.
e. “Support Hours” means the daytime hours during which SES provides Support Services for the Programs. SES’ Support Center Hours of Operation shall be Monday through Friday, excluding federal holidays, from 8:00 AM to 8:00 PM, Eastern Standard Time. SES’ Help Desk Hours of Operation shall be Monday through Friday, excluding federal holidays, from 8:00 AM to 8:00 PM, Eastern Standard Time.
f. “Support Services” shall have the meaning set forth in the Agreement and in this SLA.
- SUPPORT SERVICES PROVIDED.
a. During the term of this SLA, SES agrees to provide Support Services under the terms set forth in this SLA, which may include Maintenance, and Non-Standard Services, as defined herein.
b. All Support Services performed by SES under this SLA shall be performed in a professional and workman like manner in accordance with general industry standards.
c. SES does not warrant that the Support Services or Programs will be uninterrupted or error free.
d. All Support Services shall be provided only to Authorized Subscriber Contact(s) and not to Subscriber Customers.
4. SUPPORT SERVICE REQUESTS.
a. Problem Reporting and Logging. SES will provide Subscriber with an e-mail address for Authorized Subscriber Contact(s) (as defined herein) to use when requesting Support Services, including Maintenance. If a problem is reported outside of the Support Hours, the time window for expected problem resolution of a Problem will begin when the SES support center re-opens for business during the Support Hours.
b. Severity Level and Response to Support Service Requests. SES shall specify the severity level (each, a “Severity Level”) of each Support Service request, including Maintenance, per the following procedures:
i. Severity 1 (Highest):
A. CHARACTERISTIC: Produces an emergency in which the Programs are rendered unusable or fail catastrophically, and there is no known workaround (implies the need to resolve the emergency immediately for Subscriber to resume standard business operations).
B. RESPONSE: SES will provide acknowledgement, if requested, by email to the Authorized Subscriber Contact(s) by a qualified member of the SES staff within two (2) working hours of logging the Problem. SES will use reasonable commercial efforts to provide a patch, bypass or workaround within two (2) business days from the time the Problem was logged by SES. The delivery of the work-around or emergency software fix will drop the severity classification to a Severity Level of 3.
ii. Severity 2 (Normal):
A. CHARACTERISTIC: Produces a failure of at most a single function or causes intermittent errors, or impairs the usability of a system component. Alternative temporary measures, possibly non-software based are available to act as temporary placeholders for the desired processing functions until the Problem can be resolved. A Severity Level of 2 implies the need to resolve the Problem in the normal course of development activities.
B. RESPONSE: SES will provide acknowledgement, if requested, by e-mail to the Authorized Subscriber Contact(s) by a qualified member of the SES staff within eight (8) working hours of logging the Problem. SES will use reasonable commercial efforts to provide a patch, bypass or workaround within five (5) business days from the time the Problem was logged by SES. The delivery of this work-around or emergency software fix will drop the severity classification to a Severity Level of 3.
iii. Severity 3 (Low):
A. CHARACTERISTIC: Produces a situation in which the Programs are usable, but there is an effect on the functionality of the Programs.
B. RESPONSE: SES will provide acknowledgement, if requested, by e-mail to the Authorized Subscriber Contact(s) by a qualified member of its staff within eight (8) working hours of logging the Problem. SES will exercise reasonable commercial efforts to address Problems with a classification of a Severity Level of 3 in a future release of the applicable Program.
5. Upgrades. SES shall provide Upgrades to the Programs on an “as available” basis as set forth in the Agreement. Upgrades may include defect fixes and standard enhancements to existing features of the Programs produced at SES’ discretion through SES’ standard development and/or via Work Order.
6. SUPPORT SERVICES. SES will provide Support Services as requested by Subscriber and as described in this SLA, the Agreement, or any applicable Work Order, including, among others, Maintenance, Help Desk during Support Hours, Upgrades, Problem resolution and Non-Standard Services.
7. NON-STANDARD SERVICES. Subscriber may request SES to perform additional tasks such as specific software development, non-Program specific consulting and other services (collectively, the “Non-Standard Services”). If SES agrees to perform any Non-Standard Services, such Non-Standard Services will be documented in a Work Order.
8. Scheduled Maintenance. SES reserves one (1) regularly scheduled maintenance window per week, of up to four (4) hours duration outside of the Support Hours, and one weekend per month, in order to maintain the Programs and provide and install as available, any Upgrades (the “Scheduled Maintenance”). Subscriber and SES will agree to available adequate windows for Scheduled Maintenance for the integration of third party data or applications (other than Third Party Software) with the Programs, or other integration as may be appropriate and SES will provide periodic advance notification of windows for Scheduled Maintenance and consult periodically with Subscriber on preferred windows for such Scheduled Maintenance outside of Support Hours. Scheduled Maintenance may result in system and Program unavailability or performance degradation.
9. Emergency Maintenance Notifications. On rare occasions, SES may experience the need for emergency maintenance, during which time the Programs will be unavailable to Subscriber (“Emergency Maintenance”). Except in extraordinary circumstances, SES will notify Subscriber a minimum of thirty (30) minutes prior to any Emergency Maintenance. Where practicable, SES will commence Emergency Maintenance during off-peak hours.
10. Service level commitments. During the term of the Agreement, SES shall use commercially reasonable efforts to provide 24 hours, 7 days a week access to the Programs with a 99.5% availability, excluding Scheduled Maintenance and Emergency Maintenance. SES will provide the Authorized Subscriber Contact(s) with notice of any Service Outage of the Programs promptly after SES becomes aware of such Service Outage. SES will also provide frequent updates to Subscriber until the Service Outage is corrected. Such notification or updates shall include a description of the Service Outage, SES’ current understanding of the cause, and SES’ estimated resolution time. Upon learning of any Service Outage, SES will devote all reasonably available resources to correcting the Service Outage and restoring system availability.
11. REMEDIES. Subscriber’s sole remedy for interruption in service caused by a Service Outage is for SES to undertake its applicable Maintenance obligations herein. In the event of a Service Outage that exceeds allotted downtime provided under this SLA and associated DRP, Subscriber’s sole and exclusive remedy and Vendor’ sole and exclusive liability to Subscriber shall be to credit future prorated Subscription Fees for the Programs provided Subscriber has notified Vendor of said Service Outage in accordance with this SLA or the Agreement, as applicable (unless Vendor has already notified Subscriber of the Service Outage) and has requested credits in writing within ten (10) days from Vendor’ resolution of the Service Outage. Service Outage credit shall be calculated on a cumulative monthly (calendar month) basis from the time of Vendor’ notification of the Service Outage to Vendor or Subscriber’s notification of the Service Outage during the Support Hours (or if after hours from the time Vendor reopens for business) and reimbursement shall be calculated based on full fifteen (15) minute increments of Service Outage for any portion thereof and such calculation shall be based upon the fees paid by Subscriber to Vendor for the Programs in the Agreement.
12. DISASTER RECOVERY. Throughout the Term and any Extended Term, SES shall maintain a commercially reasonable data back-up and disaster recovery plan to restore operations in the event of an outage at SES’ primary hosting facility (the “DRP”). SES shall provide a copy of the DRP to Subscriber upon request and meet with Subscriber (and any applicable regulatory agency or accrediting body) to discuss and address and comments and concerns, provided such requests and meetings occur no more frequently than one per calendar quarter during the Term and any Extended Term. SES shall not degrade or reduce the level of service or protection set forth in the DRP at any time during the Term or any Extended Term. SES shall segregate all Data from data received by SES outside the scope of the Agreement to which this Service Level Agreement is attached.
13. SECURITY AUDIT. SES will complete an internal security audit assessment and penetration test on their technology infrastructure and provide both detailed and summary audit assessment reports upon request. The security audit assessment and penetration test must be repeated at least annually. Such an assessment should include an analysis of systems in regards to current patches, antivirus software and definitions, functioning firewalls, an internal vulnerability scan, and other similar commercially reasonable security best practices performed by a third party using commercially-reasonable industry recognized standards.
14. LIMITATION ON SUPPORT SERVICES. Notwithstanding any other provisions in this SLA, SES shall provide Support Services, including Maintenance, only with respect to the currently-released version of the Programs.
15. DESIGNATED SUBSCRIBER PERSONNEL. The Subscriber shall identify by name and location all Subscriber personnel who may contact SES representatives (each, an “Authorized Subscriber Contact”). The personnel identified as an Authorized Subscriber Contact shall have authority to authorize an investigation of Problems, have knowledge of the rules of engagement for Support Services, including Maintenance, and the authority to accept proposed resolutions to any Problems and instruct SES to take action on resolutions to such Problems. SES may, in its sole discretion, rely on the direction and instruction of any Authorized Subscriber Contact without penalty. Subscriber shall provide SES with an Authorized Subscriber Contact List once per calendar year. Upon written request by SES to Subscriber, Subscriber shall, within thirty (30) days of such request, deliver to SES a current Authorized Subscriber Contact List, provided, however, that SES shall not make such request any more frequently than once per calendar quarter and shall not make such request within ninety (90) days of receipt of the annual Authorized Subscriber Contact List.