SLAs & Information Security
Exhibit A: SLAs & Information Security
Any capitalized term used but not otherwise defined in this Service Level Agreement shall have the meaning assigned thereto in main body of the Agreement or Order Form as applicable.
Support and Problem Resolution
Blueshift will provide Customer with instructions, analysis, and other reasonable assistance in connection with Customer’s implementation and use of that Platform during 8 a.m to 8 p.m local business hours Monday-Friday. Support email: email@example.com
First Response Times for Premium Support during support hours:
|Priority||Definition||First Response Time|
|Urgent||Production environment down, public website down or a critical feature/function unavailable||1 hour|
|High||Major function or feature is not working correctly, making it difficult for end users to perform their normal work. Workaround solutions can be implemented but with significant degradation of productivity.||4 hours|
|Medium||Minor issues affecting usability of the product, but a workaround is provided with no impact to major feature/functionality or website changes or issues not deemed urgent or high||12 hours|
|Low||How-to questions and/or product enhancement requests||24 hours|
Post Mortem Reports:
Blueshift will provide post mortem reports after any Severity 1 incident. An initial report will be due within two (2) days of each such incident. A final report will be due within seven (7) days of the incident and must identify the problem, explain the root cause of the problem, and provide the short-term solution implemented to mitigate the issue and a long-term solution for preventing the problem.
Blueshift will use commercially reasonable efforts to make the Service available with a Monthly Uptime Percentage (as defined below) of no less than 99.90% during any calendar month period. In the event Blueshift does not meet this commitment, Customer will be entitled to a Service Credit (as defined below).
- “Monthly Uptime Percentage” is calculated by subtracting from 100% the percentage of minutes during the calendar month during which the Service was not able to perform its essential functions. Monthly Uptime Percentage measurements exclude downtime resulting directly or indirectly from any Uptime Exclusion (as defined below).
- “Service Credit” means a dollar credit, based on the pro rata fee paid for the Service during the calendar month, during which the Monthly Uptime Percentage falls into one of the categories below:
|Monthly Uptime Percentage||Service Credit|
|99.00% – 99.90%||10%|
Blueshift will apply any Service Credits only against future payments otherwise due from Customer.Unless otherwise provided in the Agreement, Customer’s sole and exclusive remedy for any unavailability, non-performance, or other failure by Blueshift to provide the Services is the receipt of a Service Credit (if eligible) in accordance with the terms of this Agreement.
- “Uptime Exclusions” mean any downtime caused by the following, and will not be included in calculating the Monthly Uptime Percentage:
- factors outside Blueshift’s control (e.g., natural disaster, war, acts of terrorism, riots, or government action);
- failures of Customer’s or third party services, hardware, or software, including, but not limited to, issues resulting from inadequate bandwidth;
- Customer’s use of the Service in a manner inconsistent with the Agreement;
- Scheduled Maintenance Outages communicated to the Customer
Requesting Uptime Guarantee Credits:
In each case that Customer believes it is entitled to a Service Credit, Customer must notify Blueshift of such entitlement within thirty (30) days after the end of the calendar month during which such credit was earned. Blueshift will promptly reply indicating the acceptance or rejection of such request. All such credits will be applied to the next invoice to be provided to Customer by Blueshift after the calendar month during which the Unscheduled Outage took place. If the final invoice had already been paid by Customer according to the terms in the Order, Blueshift will provide a refund for the amount of the applicable service.
- Blueshift shall process Customer Data securely at all times and shall implement all appropriate technical and organisational controls and measures against unauthorised or unlawful processing or accidental loss or destruction of, or damage to, Customer Data. The controls and measures implemented by Blueshift will include encryption, firewalls, and regular penetration/vulnerability testing.
- Blueshift shall employ strict security measures, and use all due care, in handling and storing the Customer Data so as to prevent any unauthorised use, duplication or reproduction of the Customer Data stored on its premises or on secure FTP sites. Blueshift shall comply with industry-standard guidelines on information processing and storage facilities when storing Customer Data.
- Blueshift shall comply with Good Industry Practice regarding information security management.
- Blueshift shall regularly back-up all Customer Data in its possession or control (or in the possession or control of any sub-contractor approved by the Customers) in accordance with Good Industry Practice.
- Blueshift shall develop and maintain an incident response plan to ensure that all threats to the security of Customer Data are quickly detected, assessed, responded to and remedied.
- Blueshift shall notify the Customer as soon as reasonably practicable if it becomes aware of, or suspects, any unauthorised or unlawful processing, loss of, damage to, or destruction of, Customer Data or that Customer Data has become corrupted or unusable.
- Where Blueshift becomes aware of any Information Security Breach affecting the Customer Data, or that there has been an Information Security Breach affecting any other customer of Blueshift to whom Blueshift provides the Software, and such breach has arisen due to any act or omission of Blueshift, any fault with the Software or any Update, Blueshift shall, subject to Blueshift’s reasonable confidentiality requirements and within seventy-two (72) hours, provide the Customers with all reasonable details of the applicable breach to enable the Customers to ensure that they do not suffer a similar Information Security Breach, all reasonable details of the security measures in place at the time of the incident and a final incident report which provides details of any additional measures implemented as a result of the Information Security Breach.