Service Level Agreement
1. Definitions
All terms defined in this SLA shall have the meaning set out in the EULA, unless defined otherwise below.
| ‘Bug’ | means an unwanted or unintended property of the Services that can be reproduced and causes the Services to malfunction but does not affect the availability of the Services; |
| ‘Business Day’ | means Monday to Friday excluding any national holiday in Dubai, United Arab Emirates |
| ‘Business Hours’ | means 8am to 8pm EEST; |
| ‘Disaster’ | means the hosting centre where the Services are hosted becomes unusable, with little chance of a short term recovery; |
| ‘Emergency Maintenance’ | means maintenance, upgrades, Updates, repairs to hardware and software related to resolving immediate problems causing instability in the Services; |
| ‘Incident’ | means a malfunction of the Services which can be reproduced, is not a Bug and whose root cause is found in the hosting service, network, hardware or third party software components; |
| ‘Planned Maintenance’ | means maintenance, upgrades, Updates, installation of new versions and repairs which are non-critical and not urgent, to hardware and software; |
| ‘Release’ | means a modification in the functionality of the Services which results in a change in the version number set out in the SLA; |
| ‘Updates’ | means any new or updated applications services or tools (including any software programmes) made available by the Company as part of the Services during the Term. |
2. Hosting Services
All terms defined in this SLA shall have the meaning set out in the EULA, unless defined otherwise below.
2.1 Availability
The Company will take all appropriate measures in terms of redundancy, monitoring and platform management to make the Services available via the Internet 99.8% during Business Hours measured monthly from the go live date. The events set out in clause 8 of this SLA and Planned Maintenance shall be excluded from the calculation of availability of the Services.
3. Security
The following infrastructure and security is provided at the Company’s data centres in the United States of America with Microsoft Azure Cloud Computing Services. The Company reserves the right to change the data centre during the Term, provided that any new data centre provides at least the same level of services and security as the current data centre.
3.1 Data Centre Network
The Company provides web servers, application servers, database servers and physical data storage in which data is stored in a redundant multi-drive configuration that provides mirrored storage and the necessary software to host the Services. Web-based application use Secure HTTP (HTTPS) to protect selective data transmissions over the Internet. Virtual Private Network (VPN) technology is used to protect other transmissions, such as access to the reporting database.
3.2 Security and Environment
The hosting services are provided in a secure, limited access environment. There is an uninterrupted power source, climate control and the data centre is hardened against natural disaster. The Company continuously provides and maintains up to date virus protection. In case there are reasonable doubts about the security of the data centre, the Customer may instruct an independent third party to check the security systems at the data centre at its own cost and provided that the Customer reimburses the Company for all costs it incurs in assisting with such inspection, in particular any fees that the Company must pay to the data centre. Access to the data centre infrastructure will be at the sole discretion of the data centre.
Access to the data centre is limited to specific staff members and a select number of production support specialists and information technology specialists, who may only access the data centre to perform routine maintenance and Upgrades.
3.3 Monitoring
The Company provides the following 24 x 7 monitoring:
All Company servers are protected by Firewall appliances. All servers accessible from the Internet are located in a DMZ, servers storing Customer data are located within the protected network. All servers are installed with the latest security patches and are hardened as per manufacturer’s recommendations.
3.4 System Backup
The Company ensures that data is protected using backup to disk and tape. A full database differential backup is performed to tape and disk daily.
3.5 Disaster Recovery
In the event of a Disaster, the Company’s data centre will initiate its disaster recovery procedure.
4. Support Services
Support services shall include maintenance of the Services and Customer platform including corrective maintenance and enhancements and a customer support service for the Services and Customer platform as set out below
4.1 Scope of Support Services
Maintenance and support services shall not be provided for issues arising from (i) modifications, alteration or configuration of any of the Services by the Customer or a third party that have not been authorised in writing by the Company and/or (ii) technology or IPR that has not been provided by the Company pursuant to the Agreement.
4.2 Problem Notification
The Company provides support services which is available to named support users. Support services are provided in English.
Problems may be reported to the support team by email or telephone.
4.3 Support Hours
The Company offers support for the Services during Business Hours on Business Days in English.
5. Problem Resolution
Problems with the Services will be dealt with in accordance with their level of severity. The time frame in which problems will be resolved will depend upon whether they are classified as a Bug or Incident as set out below.
5.1 Problem Severity Classification
| Severity | Description |
| High | A problem is classified as high if the Services are not available at all, or the Customer or Authorised Users cannot log in or if there appear to be serious performance or access problems. |
| Medium | A problem is classified as medium if a key feature or service is unavailable and the availability of the Services is not affected. |
| Low | A problem is classified as low if there is any other problem that does not fall into another severity category. |
5.2 Response and Target Resolution Times
| Severity | Response Time | Target Resolution Time for Incidents | Target Resolution Time for Bugs | ||
| Temporary work around | Permanent | Temporary work around | Permanent | ||
| High | Within 1 Business Hour | 4 Business Hours | 12 Business Hours | 1 Business Days | 10 Business Days |
| Medium | Within 2 Business Hours | 2 Business Days | 10 Business Days | Next Release | |
| Low | Within 1 Business Day | 5 Business Days | 15 Business Days | Next Release | |
Releases will contain new or amended features. There may be some need for configuration and additional user training in order to obtain the maximum benefit of the new features. Releases do not significantly impact the existing technical setup of the Customer or training materials. Releases are numbered as follows: 3.1, 3.2, 3.3, etc.
6.2 Patches
The Services will be patched regularly for performance and security, after such patches are regression tested with the Services to ensure continued compatibility.
6.3 Planned Maintenance
The Company usually carries out Planned Maintenance at weekends or in the evenings. If Planned Maintenance is to be performed outside of these times the Company shall give the Customer at least 48 hours prior notice.
6.4 Emergency Maintenance
The Company shall where possible, provide the Customer with prior notice of Emergency Maintenance. However, work may commence at any time and shall continue until completed. The Company shall attempt, but cannot guarantee scheduling Emergency Maintenance during non Business Hours.
7. Customer’s Obligations
The Customer has the following obligations under this SLA:
8. Limitation of Liability
The Company shall not be liable for, and shall have no obligation to fix, any errors, Incidents, problems or Bugs or any lack of availability of the Services caused by the following:
