1 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page i Designtech Cloud-SaaS Hosting and Delivery Policy
2 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page ii TABLE OF CONTENTS 1 INTRODUCTION DESIGNTECH CLOUD SECURITY USER ENCRYPTION FOR EXTERNAL CONNECTIONS NETWORK ACCESS CONTROL NETWORK BANDWIDTH AND LATENCY FIREWALLS SYSTEM HARDENING PHYSICAL SECURITY SAFEGUARDS SYSTEM ACCESS CONTROL & PASSWORD MANAGEMENT REVIEW OF ACCESS RIGHTS DATA MANAGEMENT / PROTECTION DATA DISPOSAL SECURITY INCIDENT RESPONSE STAFF CONTROL DESIGNTECH CLOUD SYSTEM RESILIENCY DESIGNTECH CLOUD SERVICES HIGH AVAILABILITY STRATEGY REDUNDANT MEP INFRASTRUCTURE REDUNDANT NETWORK INFRASTRUCTURE REDUNDANT APPLICATION SERVERS REDUNDANT STORAGE DESIGNTECH CLOUD SERVICES BACKUP STRATEGY DESIGNTECH CLOUD DISASTER RECOVERY SERVICE SCOPE SYSTEM RESILIENCE DISASTER RECOVERY RECOVERY TIME OBJECTIVE RECOVERY POINT OBJECTIVE SERVICE RESTORATION DISASTER RECOVERY PLANS DESIGNTECH CLOUD SERVICE LEVEL OBJECTIVE SERVICE AVAILABILITY PROVISIONS TARGET SYSTEM AVAILABILITY LEVEL OF DESIGNTECH CLOUD SERVICE DEFINITION OF AVAILABILITY AND UNPLANNED DOWNTIME MEASUREMENT OF AVAILABILITY MONITORING CUSTOMER MONITORING & TESTING TOOLS AUTOMATED WORKLOADS DESIGNTECH CLOUD CHANGE MANAGEMENT... 7
3 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page iii 6.1 DESIGNTECH CLOUD CHANGE MANAGEMENT AND MAINTENANCE APPLICATION UPGRADES AND UPDATES CORE SYSTEM MAINTENANCE ROUTINE INFRASTRUCTURE MAINTENANCE EMERGENCY MAINTENANCE MAJOR MAINTENANCE CHANGES DEPRECATED FEATURES DESIGNTECH CLOUD SUPPORT DESIGNTECH CLOUD SUPPORT TERMS SUPPORT FEES SUPPORT PERIOD DESIGNTECH CLOUD SUPPORT DESIGNTECH CLOUD CUSTOMER SUPPORT SYSTEMS ONLINE SUPPORT SUPPORT LIVE TELEPHONE SUPPORT SECURITY PRACTICES FOR DESIGNTECH CLOUD SUPPORT SEVERITY DEFINITIONS CHANGE TO SERVICE REQUEST SEVERITY LEVEL INITIAL SEVERITY LEVEL DOWNGRADE OF SERVICE REQUEST LEVELS UPGRADE OF SERVICE REQUEST LEVELS ADHERENCE TO SEVERITY LEVELS DEFINITIONS SERVICE REQUEST ESCALATION POLICY EXCEPTIONS DESIGNTECH CLOUD SUSPENSION AND TERMINATION TERMINATION OF CLOUD SERVICES TERMINATION OF CLOUD SERVICES TERMINATION OF TRIAL ENVIRONMENTS TERMINATION OF FREE ENVIRONMENTS CUSTOMER ASSISTANCE AT TERMINATION SUSPENSION DUE TO VIOLATION... 11
4 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page 1 1 INTRODUCTION Unless otherwise stated, these Designtech Cloud Hosting and Delivery Policies (the Delivery Policies ) describe the Designtech Cloud Services ordered by you. These Delivery Policies may reference other Designtech Cloud Policy documents; any reference to "Customer" in these Delivery Policies or in such other policy documents shall be deemed to refer to you as defined in the ordering document. Capitalized terms that are not otherwise defined in this document shall have the meaning ascribed to them in the relevant Designtech Agreement, ordering document or policy. The Cloud Services described herein are provided under the terms of the agreement, ordering document and these Delivery Policies. Designtech s delivery of the services is conditioned on you and your users compliance with your obligations and responsibilities defined in such documents and incorporated policies. These Delivery Policies, and the documents referenced herein, are subject to change at Designtech's discretion; however Designtech policy changes will not result in a material reduction in the level of performance or availability of services provided during the Services Period. Access Designtech provides Cloud Services from Designtech owned or leased data center space. Designtech defines the services network and systems architecture, hardware and software requirements. Designtech may access your services environment to perform the Cloud Services including the provision of service support. Hours of Operation The Cloud Services are designed to be available 24 hours a day, 7 days a week, 365 days a year, except during system maintenance periods and technology upgrades and as otherwise set forth in the agreement, the ordering document and these Delivery Policies 2 DESIGNTECH CLOUD SECURITY 2.1 USER ENCRYPTION FOR EXTERNAL CONNECTIONS Customer access to the system is through the Internet. Where SSL encryption technologies are used, SSL connections are negotiated for at least 128 bit encryption or stronger. The private key used to generate the cipher key is at least 2048 bits. 2.2 NETWORK ACCESS CONTROL Authentication, authorization, and accounting are implemented through standard security mechanisms designed to ensure that only approved operations and support engineers have access to the systems. 2.3 NETWORK BANDWIDTH AND LATENCY Designtech is not responsible for Customer s network connections or for conditions or problems arising from or related to Customer s network connections (e.g., bandwidth issues, excessive latency, network outages), or caused by the Internet. Designtech monitors its own networks and will notify customers of any internal issues that may impact availability. 2.4 FIREWALLS Utilized to control access between the Internet and Designtech Cloud Services by allowing only authorized traffic. Designtech managed firewalls are deployed in a layered approach to perform packet inspection with security policies configured to filter packets based on protocol, port, source, and destination IP address in order to identify authorized sources, destinations, and traffic types. 2.5 SYSTEM HARDENING Designtech employs standardized system hardening practices across all Designtech Cloud devices. This includes restricting protocol access, removing or disabling unnecessary software and services, removing unnecessary user accounts, appropriate patch management, and appropriate logging.
5 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page PHYSICAL SECURITY SAFEGUARDS Designtech provides secure computing facilities for production cloud infrastructure which include: Physical access requires authorization and is monitored. Everyone must visibly wear official identification while onsite Visitors must sign a visitor's register and be escorted and/or observed when on the premises Possession of keys/access cards and the ability to access the locations is monitored. Staff leaving employment must return keys/cards 2.7 SYSTEM ACCESS CONTROL & PASSWORD MANAGEMENT Access to Cloud systems is controlled by restricting access to only authorized personnel. Designtech enforces password policies on all infrastructure components and cloud management systems used to operate the Designtech Cloud environment. All Designtech staff uses personalized user accounts to ensure traceability. System access controls include system authentication, authorization, access approval, provisioning, and revocation for employees and any other Designtech-defined 'users'. Customer is responsible for all end user administration within the application. Designtech does not manage the Customer s End User accounts. Customer may configure the applications and additional built-in security features to meet its business or compliance needs. 2.8 REVIEW OF ACCESS RIGHTS Network and operating system accounts for Designtech employees are reviewed regularly to ensure appropriate employee access levels. In the event of employee terminations, Designtech takes prompt actions to terminate network, telephony, and physical access for such former employees. Customer is responsible for managing and reviewing access for its own employee accounts. 2.9 DATA MANAGEMENT / PROTECTION During the use of Designtech Cloud services, Designtech Cloud customers maintain control over and responsibility for their data residing in their environment. Designtech Cloud services provide a variety of configurable information protection services as part of the subscribed service. Customer data is data uploaded or generated for use within the Designtech Cloud Services DATA DISPOSAL Upon termination of services (as described in the Designtech General Agreement Software as a Service) or at Customer's request, Designtech will delete environments or application data residing therein in a manner designed to ensure that they cannot reasonably be accessed or read, unless there is a legal obligation imposed on Designtech preventing it from deleting all or part of the environments or data SECURITY INCIDENT RESPONSE Designtech evaluates and responds to incidents that create suspicions of unauthorized access to or handling of customer data whether the data is held on Designtech hardware assets or on the personal hardware assets of Designtech employees and contingent workers. Designtech's staff will, depending on the nature of the activity, define escalation paths and response teams to address those incidents. Designtech will work with Customer, the appropriate technical teams, and law enforcement where necessary to respond to the incident. The goal of the incident response will be to restore the confidentiality, integrity, and availability of Customer's environment, and to establish root causes and remediation steps. If Designtech determines that Customer's data has been misappropriated, Designtech will promptly report such misappropriation to Customer unless prohibited by law.
6 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page STAFF CONTROL At time of new employments, all Designtech staff that will have access to the Cloud systems will be checked against police criminal records to ensure suitability. At time of employment, all staff also signs employment contracts where it is specifically described which restrictions that apply to confidentiality. Whenever temporary staff or third party staff is engaged, a signed NDA must be in place before any access is given to Cloud systems. The NDA describes in detail how information must be handled and the restrictions that apply after such an assignment as to how information/knowledge about the customer and the Cloud system must be handled. 3 DESIGNTECH CLOUD SYSTEM RESILIENCY The resiliency and backups described in this Policy apply only for Designtech Cloud services. Customer is solely responsible for developing a business continuity plan to ensure continuity of its own operations in the event of a disaster and for backing up and recovering any non-designtech software. 3.1 DESIGNTECH CLOUD SERVICES HIGH AVAILABILITY STRATEGY Designtech s production data center have component and power redundancy with backup generators in place to help maintain availability of data center resources in the event of crisis as described below. 3.2 REDUNDANT MEP INFRASTRUCTURE The mechanical-electrical-plumbing infrastructure design includes redundant power feeds to the data center and redundant power distribution for the data center and to the data center racks. Data center cooling components (chillers, towers, pumps and computer room air conditioning units) include redundancy. The emergency standby power includes redundant battery backup with generator fuel stored onsite and contracts in place for refueling. 3.3 REDUNDANT NETWORK INFRASTRUCTURE Network designs include redundant circuits from different carriers, firewall pairs, switch pairs, and load balancer pairs. 3.4 REDUNDANT APPLICATION SERVERS Customer s environment consists of a set of one or more physical servers or virtual servers that provide application services to Customer. The overall application tier functionality may be distributed across multiple physical servers or virtual servers. 3.5 REDUNDANT STORAGE All Designtech Cloud services data resides in redundant storage configurations with protection from individual disk or array failure. 3.6 DESIGNTECH CLOUD SERVICES BACKUP STRATEGY Designtech Cloud services use disk or tape backups to help protect against the loss of Customer production data. Designtech periodically makes backups of Designtech Cloud data in all environments included in the Customer s ordering document using dedicated backup infrastructure. All backups are stored at a geographically separate location from the primary production environment. Designtech makes regular backup recovery tests in order to verify that online backups can be recovered and that consistency exists between file data and database information.
7 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page 4 4 DESIGNTECH CLOUD DISASTER RECOVERY SERVICE 4.1 SCOPE This Policy applies only to Customer s production environments within Designtech Cloud Services. The activities described in this Policy do not apply to Customer s own disaster recovery or backup plans or activities, and Customer is responsible for archiving and recovering any non-designtech software. Disaster Recovery services are intended to provide service restoration capability in the case of a major disaster, as declared by Designtech, that leads to loss of a data center and corresponding service unavailability. For the purposes of this policy, a disaster means an unplanned event or condition that causes a complete loss of access to the primary site used to provide the Designtech Cloud Services such that the Customer production environments at the primary site are not available. 4.2 SYSTEM RESILIENCE Designtech Cloud Services maintains a redundant and resilient infrastructure designed to maintain high levels of availability and to recover services in the event of a significant disaster or disruption. Designtech designs its cloud services using principles of redundancy and fault-tolerance with a goal of fault-tolerance of a single node hardware failure. Designtech Cloud Services provide an infrastructure that incorporates a comprehensive data backup strategy. The Designtech Cloud includes redundant capabilities such as power sources, cooling systems, telecommunications services, networking, application domains, data storage, physical and virtual servers. Designtech will commence the disaster recovery plan under this policy upon its declaration of a disaster, and will target to recover the production data and use reasonable efforts to re-establish the production environment. Customer data is backed up in a physically separate facility in order to restore full services in the event of a disaster in the production environment. Backups are for Designtech's sole use in the event of a disaster. 4.3 DISASTER RECOVERY Designtech provides for the recovery and reconstitution of its Cloud Services to the most recent available state following a disaster. Disaster recovery operations apply to the physical loss of infrastructure at Designtech facilities. Designtech reserves the right to determine when to activate the Disaster Recovery Plan. During the execution of the Disaster Recovery Plan, Designtech provides regular status updates to customers RECOVERY TIME OBJECTIVE Recovery time objective (RTO) is Designtech s objective for the maximum period of time between Designtech s decision to activate the recovery processes under this Policy to failover the service to the secondary site due to a declared disaster, and the point at which Customer can resume production operations in the production environment. If the decision to failover is made during the period in which an upgrade is in process, the RTO extends to include the time required to complete the upgrade. The RTO does not apply if any data loads are underway when the disaster occurs. The RTO objective is 48 hours from the declaration of a disaster RECOVERY POINT OBJECTIVE Recovery point objective (RPO) is Designtech s objective for the maximum period of data loss measured as the time from which the first transaction reported as lost until Designtech s declaration of the disaster. The RPO objective is 24 hour from the point of service loss.
8 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page 5 Note: the RTO and RPO do not apply to Customer customizations that depend on external components or third-party software. During an active failover event, non-critical fixes and enhancement requests are not supported. Customer will be solely responsible for issues arising from third party software and customizations to Designtech software. 4.4 SERVICE RESTORATION This Designtech Cloud Disaster Recovery Service identifies the purpose and scope of the Disaster Recovery Plans, the roles and responsibilities, management commitment, coordination among organizational entities, and compliance. The plans document the procedures for recovering a Cloud Service (including referencing separate procedures for recovery of specific components) in the event of a disaster. Designtech is committed to minimizing down time due to any disasters or equipment failures. 4.5 DISASTER RECOVERY PLANS The following are the objectives of Designtech s Disaster Recovery Plan for Designtech Cloud Services: In an emergency, Designtech s top priority and objective is human health and safety. Maximize the effectiveness of contingency operations through the established Disaster Recovery Plan that consists of the following phases: o Phase 1 - Disaster Recovery Launch Authorization phase - to detect service disruption or outage at the primary site, determine the extent of the damage and activate the plan. o Phase 2 - Reconstitution phase - to restore processing capabilities and resume normal operations at the production site. Identify the activities, resources, and procedures to carry out processing requirements during prolonged interruptions to normal operations. Assign responsibilities to designated personnel and provide guidance for recovering during prolonged periods of interruption to normal operations. Ensure coordination with other personnel responsible for disaster recovery planning strategies. Ensure coordination with external points of contact and vendors and execution of this plan. 5 DESIGNTECH CLOUD SERVICE LEVEL OBJECTIVE 5.1 SERVICE AVAILABILITY PROVISIONS Commencing at Designtech s activation of Customer s production environment, and provided that Customer remains in compliance with the terms of the ordering document (including the agreement), Designtech works to meet the Target Service Availability Level in accordance with the terms set forth in this Policy. 5.2 TARGET SYSTEM AVAILABILITY LEVEL OF DESIGNTECH CLOUD SERVICE Designtech works to meet a Target System Availability Level of 99.7% of the production service, for the measurement period of one calendar month in the period between 08:00 17:00 (CET) during weekdays, Monday through Friday, commencing at Designtech s activation of the production environment. 5.3 DEFINITION OF AVAILABILITY AND UNPLANNED DOWNTIME Availability or Available means Customer is able to log in and access the OLTP or transactional portion of the Designtech Cloud Services, subject to the following provisions. Unplanned Downtime means any time during which the services are not Available, but does not include any time during which the services or any services component are not Available due to: A failure or degradation of performance or malfunction resulting from scripts, data, applications, equipment, infrastructure, software, penetration testing, performance testing, or monitoring agents directed or provided or performed by Customer
9 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page 6 Planned outages, scheduled or announced maintenance or maintenance windows, or outages initiated by Designtech at the request or direction of Customer for maintenance, activation of configurations, backups or other purposes that require the service to be temporarily taken offline Outages occurring as a result of any actions or omissions taken by Designtech at the request or direction of Customer Outages resulting from Customer equipment or third party equipment not within the sole control of Designtech Events resulting from an interruption or shut down of the services due to circumstances reasonably believed by Designtech to be a significant threat to the normal operation of the services, the operating infrastructure, the facility from which the services are provided, access to, or the integrity of Customer data (e.g., a hacker or a virus attack) Outages due to system administration, commands, or file transfers performed by Customer users or representatives Outages due to denial of service attacks, natural disasters, changes resulting from government, political, or other regulatory actions or court orders, strikes or labor disputes, acts of civil disobedience, acts of war, acts against parties (including carriers and Designtech s other vendors), and other force majeure events Inability to access the services or outages caused by Customer s conduct, including negligence or breach of Customer material obligations under the agreement, or by other circumstances outside of Designtech s control Lack of availability or untimely response time of Customer to respond to incidents that require Customer participation for source identification and/or resolution, including meeting Customer responsibilities for any services Outages caused by failures or fluctuations in electrical, connectivity, network or telecommunications equipment or lines due to Customer conduct or circumstances outside of Designtech s control 5.4 MEASUREMENT OF AVAILABILITY Following the end of each calendar month of the Services Period under an ordering document, Designtech measures the System Availability Level over the immediately preceding month. Designtech measures the System Availability Level by dividing the difference between the total number of minutes in the monthly measurement period and any Unplanned Downtime by the total number of minutes in the measurement period, and multiplying the result by 100 to reach a percent figure. 5.5 MONITORING Designtech uses a variety of software tools to monitor (i) the availability and performance of Customer s production services environment and (ii) the operation of infrastructure and network components. 5.6 CUSTOMER MONITORING & TESTING TOOLS Due to potential adverse impact on service performance and availability, Customer may not use its own monitoring or testing tools (including automated user interfaces and web service calls to any Designtech Cloud Service) to directly or indirectly seek to measure the availability, performance, or security of any application or feature of or service component within the services or environment unless otherwise expressly permitted in the ordering document. Designtech reserves the right to remove or disable access to any tools that violate the foregoing restrictions without any liability to Customer. 5.7 AUTOMATED WORKLOADS Customer may not use nor authorize the use of data scraping tools or technologies to collect data available through the Designtech Cloud Service user interface or via web service calls without the express written permission of Designtech. Designtech reserves the right to require Customer s proposed data scraping tools to be validated and tested by Designtech prior to use in production and to be subsequently validated and tested annual. Designtech may require that a written statement of work be executed to perform such testing and validation work.
10 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page 7 6 DESIGNTECH CLOUD CHANGE MANAGEMENT 6.1 DESIGNTECH CLOUD CHANGE MANAGEMENT AND MAINTENANCE Designtech Cloud Operations performs changes to cloud hardware infrastructure, operating software, product software, and supporting application software to maintain operational stability, availability, security, performance, and currency of the Designtech Cloud Services. Designtech follows formal change management procedures to provide the necessary review, testing, and approval of changes prior to application in the Designtech Cloud production environment. Change Management procedures include management of regular and ongoing application upgrades and updates, coordinated customer specific changes where required, and system and service maintenance. Designtech works to architect cloud services to avoid service interruption where possible. Where an anticipated change will require the application service to be unavailable during the change maintenance period, Designtech will work to provide prior notice of the anticipated impact. The duration of the maintenance periods for planned maintenance are not included in the calculation of available minutes in the monthly measurement period for System Availability Level (see Designtech Cloud Service Level Objective ). Designtech intends to minimize the use of these reserved maintenance periods and minimize the duration of maintenances causing unavailability of service APPLICATION UPGRADES AND UPDATES Designtech requires that all application versions in Designtech Cloud Services be kept current with the application versions that Designtech designates as generally available (GA) to its commercial customers unless otherwise agreed with Designtech. Designtech is not responsible for performance or security issues encountered with the Cloud Services that may result from running earlier application versions. Application updates follow release of every application GA and are required to maintain application version currency. Application upgrades and updates will be applied to all target customers by Designtech in accordance with Designtech's target deployment schedule. Designtech will provide prior notice for application upgrades and updates that involve service interruption CORE SYSTEM MAINTENANCE Core system maintenance involves changes to hardware, network systems, security systems, operating systems, storage systems or general supporting software of the cloud infrastructure. Core system maintenance requiring a service interruption is performed every 1 st and 3 rd Sunday of the month and may result in service interruption. The scheduled service period for core system maintenance requiring service interruption is on the 1 st and 3 rd Sunday of the month and will be scheduled by Designtech between 21:00-03:00 CET. Designtech may elect to not schedule a core system maintenance event ROUTINE INFRASTRUCTURE MAINTENANCE Designtech manages routine infrastructure maintenance for the purpose of providing environment currency, capacity, and stability. Routine maintenance is not expected to result in a service interruption unless otherwise notified to the Customer EMERGENCY MAINTENANCE Designtech may periodically be required to execute emergency maintenance in order to protect the security, performance, availability, or stability of the production environment. Emergency maintenance may include application patching and/or core system maintenance as required. Designtech works to minimize the use of emergency maintenance and will provide as much notice as reasonable under the circumstances as to any emergency maintenance requiring a service interruption MAJOR MAINTENANCE CHANGES To ensure continuous stability, availability, security and performance of the Cloud Services, Designtech reserves the right to perform major changes to its hardware infrastructure, operating software, applications software and supporting application software under its control, no more than twice per
11 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page 8 calendar year. Each such change event is considered planned maintenance and may cause the Cloud Services to be unavailable for up to 24 hours. 6.2 DEPRECATED FEATURES A deprecated feature is a feature that appears in prior or existing versions of the service and is still supported as part of the service, but for which Designtech has given notification that the feature will be removed from future versions. Designtech makes commercially reasonable efforts to post notices of feature deprecations one quarter in advance of their removal and reserves the right to deprecate, modify, or remove features from any new version without prior notice. 7 DESIGNTECH CLOUD SUPPORT The support described in this Cloud Support Policy applies only for Designtech Cloud Services and is provided by Designtech as part of such services under the ordering document. Customer may purchase additional services for Designtech Cloud via other Designtech support service offerings that are designated by Designtech for Cloud Services. 7.1 DESIGNTECH CLOUD SUPPORT TERMS SUPPORT FEES The fees paid by Customer for the Designtech Cloud Services offering under the ordering document include the support described here. Additional fees are applicable for additional Designtech support services offerings purchased by Customer SUPPORT PERIOD Designtech Cloud support is effective upon the effective date specified in the ordering document and ends upon the expiration or termination of the service under such ordering document (the "support period"). Designtech is not obligated to provide the support described in this Cloud Support Policy beyond the end of the support period DESIGNTECH CLOUD SUPPORT Support Services for Designtech Cloud consists of: Diagnosis of problems or issues with the Designtech Cloud Services Reasonable commercial efforts to resolve reported and verifiable errors in the Designtech Cloud services so that they perform in all material respects as described in the associated Online help documentation Support during Change Management activities described in Designtech Cloud Change Management Assistance with Technical Service Requests Access to community forums/faq Non-technical customer service assistance during normal Designtech business hours (8:00 to 17:00) local time. Any deviances to the support availability will be announced on the support web page at and will be updated at the beginning of each new calendar year. 7.2 DESIGNTECH CLOUD CUSTOMER SUPPORT SYSTEMS ONLINE SUPPORT Access to online help documentation and FAQ s can be found on Designtech s support web site at SUPPORT Customer s users may use support via the address and forms found on Designtech s support web site at
12 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page LIVE TELEPHONE SUPPORT Customer s users may access live telephone support via the phone numbers and contact information found on Designtech s support web site at SECURITY PRACTICES FOR DESIGNTECH CLOUD SUPPORT Designtech is deeply committed to the security of Designtech Cloud Services support. In providing Designtech Cloud Services support, Designtech will adhere to the Designtech Cloud Security set forth in the Designtech Cloud Hosting and Delivery Policy. 7.4 SEVERITY DEFINITIONS Service requests for Designtech Cloud Services may be submitted by Customer s designated technical contacts via the Designtech Cloud Customer Support Systems noted in Section 7.2 of this Policy. The severity level of a service request submitted by Customer is selected by both Customer and Designtech, and must be based on the following severity definitions: Critical Customer s production use of the Designtech Cloud Service is stopped or so severely impacted that Customer cannot reasonably continue work. Customer experiences a complete loss of service. The impacted operation is mission critical to the business and the situation is an emergency. A Critical service request has one or more of the following characteristics: Data corrupted A critical documented function is not available Service hangs indefinitely, causing unacceptable or indefinite delays for resources or response Service crashes, and crashes repeatedly after restart attempts Designtech will use reasonable efforts to respond to Critical service requests within one (1) hour within SLA time described in 5.2. Customer must provide Designtech with a contact during this period to assist with data gathering, testing, and applying fixes. Customer is required to propose this severity classification with great care, so that valid Critical situations obtain the necessary resource allocation from Designtech. High Customer experiences a severe loss of service. Important features of the Designtech Cloud Services are unavailable with no acceptable workaround; however, operations can continue in a restricted fashion. Medium Customer experiences a minor loss of service. The impact is an inconvenience, which may require a workaround to restore functionality. Low Customer requests information, enhancement, or documentation clarification regarding the Designtech Cloud Service, but there is no impact on the operation of such service. Customer experiences no loss of service. 7.5 CHANGE TO SERVICE REQUEST SEVERITY LEVEL INITIAL SEVERITY LEVEL At the time Designtech accepts a service request, Designtech will record an initial severity level of the service request based on the above severity definitions. Designtech s initial focus, upon acceptance of a service request, will be to resolve the issues underlying the service request. The severity level of a service request may be adjusted as described below DOWNGRADE OF SERVICE REQUEST LEVELS If, during the service request process, the issue no longer warrants the severity level currently assigned based on its current impact on the production operation of the applicable Designtech Cloud
13 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page 10 Service, then the severity level will be downgraded to the severity level that most appropriately reflects its current impact UPGRADE OF SERVICE REQUEST LEVELS If, during the service request process, the issue warrants the assignment of a higher severity level than that currently assigned based on the current impact on the production operation of the applicable Designtech Cloud Service, then the severity level will be upgraded to the severity level that most appropriately reflects its current impact ADHERENCE TO SEVERITY LEVELS DEFINITIONS Customer shall ensure that the assignment and adjustment of any severity level designation is accurate based on the current impact on the production operation of the applicable Designtech Cloud Service. Customer acknowledges that Designtech is not responsible for any failure to meet performance standards caused by Customer s misuse or misassignment of severity level designations. 7.6 SERVICE REQUEST ESCALATION For service requests that are escalated, the Designtech support analyst will engage the Designtech customer responsible who will be responsible for managing the escalation. The Designtech customer responsible will work with Customer to develop an action plan and allocate the appropriate Designtech resources. If the issue underlying the service request continues to remain unresolved, Customer may contact the Designtech customer responsible to review the service request and request that it be escalated to the next level within Designtech as required. To facilitate the resolution of an escalated service request, Customer is required to provide contacts within Customer s organization that are at the same level as that within Designtech to which the service request has been escalated. 7.7 POLICY EXCEPTIONS Customer questions or requests for an exception to the Designtech Cloud Hosting and Delivery Policy must be made via a service request with My Designtech Support. 8 DESIGNTECH CLOUD SUSPENSION AND TERMINATION 8.1 TERMINATION OF CLOUD SERVICES TERMINATION OF CLOUD SERVICES For a period of up to 60 days after the termination or expiration of production services under the ordering document, Designtech will preserve an original or copy of Customer s applicable services or customer data as it existed in the Customer s environment on the date of termination. Designtech has no obligation to retain the data for customer purposes after this 60 day post termination period TERMINATION OF TRIAL ENVIRONMENTS Upon the expiration of a trial, the service is terminated with no archiving of data. To avoid loss of data, Customer must work with authorized Designtech representatives to enter into an extension of the trial period before its expiration TERMINATION OF FREE ENVIRONMENTS Designtech reserves the right to end free environments after a 12 month inactivity period from the customer. The termination will be made after written notification to the customer and will follow the same service termination policy as normal production environments CUSTOMER ASSISTANCE AT TERMINATION At service termination, if Customer needs assistance from Designtech, Customer must create a service request as described in the Designtech Cloud Support section.
14 Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page SUSPENSION DUE TO VIOLATION If Designtech detects violation, or is contacted about a violation of, Designtech Cloud Services terms and conditions or acceptable use policy, Designtech will assign an investigating agent. The investigating agent may take actions including but not limited to suspension of user account access, suspension of administrator account access, or suspension of the environment until the issues are resolved. Designtech will use reasonable efforts to restore Customer's services promptly after Designtech determines, in its reasonable discretion, that the issues have been resolved or the situation has been cured.
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
Oracle Cloud Hosting and Delivery Policies Effective Date: June 1, 2015 Version 1.5 Unless otherwise stated, these Oracle Cloud Hosting and Delivery Policies (the Delivery Policies ) describe the Oracle
Oracle Cloud Enterprise Hosting and Delivery Policies Effective Date: June 1, 2015 Version 1.5 Unless otherwise stated, these Oracle Cloud Hosting and Delivery Policies (the Delivery Policies ) describe
Oracle Cloud Hosting and Delivery Policies J U L Y 2 0 1 6 V E R S I O N 2. 1 Unless otherwise stated, these Oracle Cloud Hosting and Delivery Policies (the Delivery Policies ) describe the Oracle Cloud
SHARED WEB AND MAIL HOSTING SERVICE LEVEL AGREEMENT (SLA) 2010 This Service Level Agreement (SLA) ( Service Level Agreement or Agreement or SLA ) is by and between Bizcom Web Services, Inc. (the "Company")
RL Solutions Hosting Service Level Agreement April 2012 Table of Contents I. Context and Scope... 1 II. Defined Terms... 1 III. RL Solutions Responsibilities... 2 IV. Client Responsibilities... 4 V. The
INFRASTRUCTURE AS A SERVICE (IAAS) SERVICE SCHEDULE Australia 1 DEFINITIONS Capitalised terms in this Service Schedule not otherwise defined here have the meaning given in the Standard Terms and Conditions:
Applaud Solutions Technical Support Policies Effective Date: 06-May-2011 Overview Unless otherwise stated, these Technical Support Policies apply to technical support for all Applaud Solutions products.
SaaS Service Level Agreement (SLA) The purpose of this document is to define the Service Level Agreement (SLA) for the maintenance and support of the Hosting Service ( Service ). Service Level Agreements
THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY. Capitalized terms used herein but not otherwise defined shall have their respective meanings set forth in the End
This Shared Hosting Service Agreement ( Service Agreement ) sets forth the specific terms and conditions under which LightEdge Solutions, Inc. ( LightEdge ) shall supply certain Services to Customer. The
MPA Hosting Service Level Agreement 1. Coverage and Terminology This Service Level Agreement ("SLA") covers performance guarantees for our network and server hardware, and is made between MPA Computers,
CLOUD SERVICE SCHEDULE Newcastle 1 DEFINITIONS Defined terms in the Standard Terms and Conditions have the same meaning in this Service Schedule unless expressed to the contrary. In this Service Schedule,
SERVICE LEVEL AGREEMENT This service level agreement ( SLA ) is incorporated into the master services agreement ( MSA ) and applies to all services delivered to customers. This SLA does not apply to the
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
EXHIBIT FOR MANAGED SERVICES (2013V3) This Exhibit for Managed Services, in addition to the General Terms, the OnDemand Exhibit, and any applicable PDM, applies to any Managed Services offering licensed
Schedule 2Z Virtual Servers, Firewalls and Load Balancers Definitions Additional Charges means the charges payable in accordance with this schedule. Customer Contact Centre means Interoute s Incident management
excommerce Online Systems as a service Service plan This service plan is designed for users who wish to have support services for their dotnetnuke and/or catalook and/or XLink integration. excommerce is
SAAS MADE EASY: SERVICE LEVEL AGREEMENT THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( SaaS Made Easy ). Capitalized terms used herein but not otherwise defined
SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES This Product Schedule Terms & Conditions is incorporated into a Services Agreement also comprising the General Terms and Conditions which the Customer
THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY COMPANY. Capitalized terms used herein but not otherwise defined shall have their respective meanings set forth in the End User
THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ). I. Service Definition. Exchange My Mail will provide Hosted Exchange and other Application Services
Virtual Private Cloud. Service Level Agreement Terms and Abbreviations Customer's Control Panel the web page intended for managing the Services rendered by the Executor, retaining the Customer's actual
Service Level Agreement (SLA) Infrastructure Services Availability Commitment Scope: Service Availability Commitment: CDP, Inc.'s Infrastructure Services Availability Commitment is to have the CDP, Inc.
Service Level Agreement Botany Backup Service 1. Overview a) Definitions Term SLA UBC UBC IT Botany Botany IT VS VSS Customer DNS URL HTTP FTE PI Description Service Level Agreement University of British
Information Services Standing Service Level Agreement (SLA) Firewall and VPN Services Overview This service level agreement (SLA) is between Information Services (IS), and any unit at the University of
HA / DR Jargon Buster High Availability / Disaster Recovery Welcome to Maxava s Jargon Buster. Your quick reference guide to Maxava HA and industry technical terms related to High Availability and Disaster
Date 7 July 2015 SERVICE LEVEL TERMS INTER8 CLOUD SERVICES Article 1. Definitions In these Service Level Terms ( SLT ), the following terms, indicated with a capital, whether single or plural, will have
1 General Overview This is a Service Level Agreement ( SLA ) between and Data Center Colocation to document: The technology services Data Center Colocation provides to the customer The targets for response
Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...
This Load Balancing Service Agreement ( Service Agreement ) sets forth the specific terms and conditions under which LightEdge Solutions, Inc. ( LightEdge ) shall supply certain Services to Customer. The
Physical Co-location Service Level Agreement 1. Agreement This agreement is to define Physical Server Co-location services provided to a Customer. Typically, service definitions include hours, availability,
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
Information Crib Sheet Internet Access Service Agreement 1. Definitions and Interpretation This Service Agreement is to be read in conjunction with the Conditions for Communications Services (the Conditions
Limited www.webdrive.co.nz PO Box 302829 North Harbour North Shore City 0751 Telephone: 0800 SPECIFIC SERVICE TERMS These specific service terms must be read in conjunction with 's General Terms and Conditions
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
This Bare Metal Cloud Service Agreement ( Service Agreement ) sets forth the specific terms and conditions under which LightEdge Solutions, Inc. ( LightEdge ) shall supply certain Services to Customer.
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
Schedule Document Leased Lines & Ethernet Based Services Node4 Limited 9//007 SCHEDULE Additional terms, Service Description & Service Level Agreement for Leased Lines & Ethernet Based Services. SERVICE
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
Microsoft Hyper-V Powered by Rackspace & Microsoft Cloud Platform Powered by Rackspace Support Services Terms & Conditions Your use of the Microsoft Hyper-V Powered by Rackspace or Microsoft Cloud Platform
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
CLOUD SERVICE SCHEDULE 1 DEFINITIONS Defined terms in the Standard Terms and Conditions have the same meaning in this Service Schedule unless expressed to the contrary. In this Service Schedule, unless
Service Level Agreement Page 1 of 7 Domain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services 1. Agreement This agreement is to define Domain Name Service (DNS) provided
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
MANAGED PBX SERVICE SCHEDULE 1. APPLICABILITY This Service Schedule is applicable only to the COF for the purchase of Managed PBX Services which has been signed by the Customer and Neotel. 2. DEFINITIONS
SERVICE LEVEL AGREEMENT - Shared Exchange Hosting This Service Level Agreement (this SLA ) governs the use of the Services under the terms of the Master Service Agreement (the MSA ) between Constructure
This Service Level Agreement ( SLA ) applies to and governs such Gabian Technology and its partners SharePoint, Web Hosting, Virtual Private Server, Exchange Hosting, Advisor Earnings, Email Archive, CRM
Service Description (SD) & Service Level Agreement (SLA) greentalk Version/Date Version 1.3 / February 6, 2013 Classification Written by PUBLIC CC Released on Released by Valid from Valid until Scope Responsible
Software Maintenance & Support Agreement This agreement ( Support Agreement, Software Assurance, Agreement ) is for the purpose of defining the terms and conditions under which Technical Support, Maintenance
SERVICE LEVEL AGREEMENT Shared Exchange Hosting This Service Level Agreement (this SLA ) governs the use of the Services under the terms of the Master Service Agreement (the MSA ) between Intermedia Technologies
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
MAILGUARD, WEBGUARD AND EMAIL ARCHIVING SERVICE SCHEDULE 1. APPLICABILITY This Service Schedule is applicable only to the COF for the purchase of Mail Guard, Web Guard and Mail Archiving Services, to the
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
THIS SERVICE LEVEL AGREEMENT (SLA) DEFINES GUARANTEED SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY. I. Service Definition SMS (Company) will provide You with Hosted Exchange and other Application Services
HOSTEDMIDEX.CO.UK THIS SERVICE LEVEL AGREEMENT (SLA) DEFINES GUARANTEED SERVICE LEVELS PROVIDED TO CLIENT BY THE SUPPLIER. I. Service Definition Lanmark Technical Services Ltd trading as mailhosted.co.uk
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
Service Agreement Hosted Dynamics GP This is a Contract between you ( Company ) and WebSan Solutions Inc. ( WebSan ) of 245 Fairview Mall Drive, Suite 508, Toronto, ON M2J 4T1, Canada. This contract applies
SERVICE LEVEL AGREEMENT This Service Level Agreement (SLA) is provided by ECS and is intended to define services and responsibilities between ECS and customer. ECS along with contracted 3 rd party partners
iconnect Cloud Archive System Overview Security and Managed Services iconnect Cloud Archive (formerly known as Merge Honeycomb ) iconnect Cloud Archive offers cloud-based storage for medical images. Images
Hosting Services - Dedicated Service Agreement Page 1 of 6 This Hosting Services - Dedicated Service Agreement ( Service Agreement ) sets forth the specific terms and conditions under which LightEdge Solutions,
RSA SecurID Tokens Service Level Agreement (SLA) 1. Agreement This Agreement defines RSA SecurID services provided to a Customer. Service definitions include responsibilities, hours, availability, support
YubiCloud OTP Validation Service Version 1.2 5/12/2015 Introduction Disclaimer Yubico is the leading provider of simple, open online identity protection. The company s flagship product, the YubiKey, uniquely
AAPT Business Media Connect Service Schedule This Service Schedule forms part of the Agreement between Us and You and cannot be used as a standalone agreement. Any terms defined in the Service Agreement
Technical Support Policies Effective Date: 25-OCTOBER-2006 OVERVIEW Unless otherwise stated, these Technical Support Policies apply to technical support for all Oracle product lines. These Technical Support
HP Application Lifecycle Management on Software-as-a-Service Dedicated HP ALM/QC Offering Data sheet At a Glance The Dedicated HP ALM/QC offering is an on-demand Software-as-a-Service (SaaS) solution for
SERVICE LEVEL AGREEMENT This Service Level Agreement ( SLA ) applies to and governs such PLEX SharePoint, Web Hosting, Virtual Private Server, Exchange Hosting, CRM and other remotely provided services
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
SERVICE DESCRIPTION The Managed Hosting service from Interoute provides the Customer with a customised hosting solution for business applications, located within one of Interoute secure data centres. As
This Software Citrix CSP Service Agreement ( Service Agreement ) sets forth the specific terms and conditions under which LightEdge Solutions, Inc. ( LightEdge ) shall supply certain Services to Customer.
What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software
Appendix E to DIR Contract Number DIR-TSO-2736 CLOUD SERVICES CONTENT (ENTERPRISE CLOUD & PRIVATE CLOUD) Enterprise Cloud Resource Pool Services Features Sungard AS will provide the following in connection
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
Dynamic IP Standard Terms and Conditions In addition to the general terms and conditions contained in the service agreement between PAETEC, now a Windstream Company and Customer (the Agreement ), of which
OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,
NYSED DATA DASHBOARD SOLUTIONS RFP ATTACHMENT 6.4 MAINTENANCE AND SUPPORT SERVICES 1. Definitions. The definitions below shall apply to this Schedule. All capitalized terms not otherwise defined herein
Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls
Virtual Machine Service Level Agreement 1. Agreement This agreement is to define Virtual Server Collocation services provided to a Customer. Typically, services definitions include hours, availability,
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
SERVICE DESCRIPTION The Managed Hosting service from Interoute provides the Customer with a customised hosting solution for business applications, located within one of Interoute secure data centres. As
1. Development Consultant. Any Development Consultant(s) appointed by Customer under this PSLT work expressly and exclusively at Customer s direction and Customer is responsible for any acts or omissions
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
HOSTING SERVICES ADDENDUM TO MASTER SOFTWARE LICENCE AGREEMENT Last Updated: 10 June 2015 This Hosting Services Addendum to the Master Software Licence Agreement ( Addendum ) will only apply to the extent