Satmetrix Pro Service Level Commitment
All of the service and performance standards set forth in this Service Level Commitment (this “SLC”) are subject to Client’s compliance with Satmetrix’s technical requirements for Services delivered via the Internet, as well as Client’s compliance with the terms and conditions of the Satmetrix Technology that Client has licensed from Satmetrix (the “Agreement”).
1. SERVICE AVAILABILITY, UPDATES AND MAINTENANCE, AND UPGRADES
Subject to the Agreement, Satmetrix agrees to comply with the performance standards set forth in this SLC. Satmetrix will meet the below service performance standards for the hosted Service platform (production site) in accordance with the terms of the Agreement, effective as of the first day after the initiation of production feedback collection and reporting:
System Availability Measure (excluding scheduled maintenance)
System availability percentage means percentage of minutes measured over the course of a calendar quarter that the designated pages loads upon user request, excluding periods of scheduled maintenance, general or emergency service updates, or general failures of the Internet beyond Satmetrix’s control. Satmetrix will use a third party monitoring services provider to measure and validate system availability. Upon Client’s written request, Satmetrix will provide the Client with quarterly reports that will show system availability.
NOTE: Satmetrix’s services may be subject to limitations, performance issues, delays, and other problems inherent in the use of personal computers and the Internet and electronic communications. Satmetrix is not responsible for any non performance, delays, delivery failures, or other damages resulting from such problems.
Updates, Maintenance, and Excusable Downtime
The following categories comprise Excusable Downtime and, except as noted, are excluded from the Service Availability Standard referenced above.
1. Standard Updates: To maximize optimal performance of the servers that host the Service for Client, Satmetrix will perform routine maintenance and apply standard updates on the servers and to the Services on a regular basis. When routine maintenance is required or Service updates are made, they are performed or applied only between the hours of 11 p.m. and 8 a.m., Eastern Time to ensure maximum availability to clients. On average, the total amount of time in which this maintenance window is used will not exceed 4 hours per week.
2. Scheduled Maintenance: If Satmetrix needs to perform extended system maintenance outside of the established maintenance window, Client will be notified at least 48 hours in advance, and reasonable efforts will be made to ensure that downtime does not occur during peak usage of the system.
3. Emergency Updates: Satmetrix may need to make emergency updates to address security, privacy, legal, regulatory, or third–party hardware and software issues not reasonably foreseeable by Satmetrix or within Satmetrix’s control. In such cases, Satmetrix will apply the update as soon as possible. Client agrees to cooperate with Satmetrix in the deployment of all such emergency updates.
4. Mandatory Updates: Satmetrix may determine certain updates are mandatory based on the severity of the Service issue. In such cases, Satmetrix will apply the update as soon as possible. Client agrees to cooperate with Satmetrix in the deployment of all such mandatory updates. (Mandatory updates, if they are not performed during the Scheduled Maintenance window described above, comprise unexcused downtime during the amount of time in excess of 15 minutes per day outside the maintenance window such updates consume.)
5. Network Unavailability Beyond Satmetrix’s Control is defined as Satmetrix’s inability to pass incoming and outgoing TCP/IP traffic due to network issues not caused by Satmetrix. This may include systemic disruption of Internet carrier telecommunications or equipment, other interruptions of service on the backbone or on the Client’s portion of the network, or interruptions or significant degradations of service caused by denial of service or similar attacks. Network Unavailability Beyond Satmetrix’s Control is considered Excusable Downtime for its entire duration and takes precedence over any other downtime cause with respect to calculating Service Availability.
In cases where Satmetrix, in its sole and absolute discretion, must apply Emergency or Mandatory Updates as described above, Satmetrix may not be able to notify Client until after the update is made.
Client upgrades from one major release to another are considered migration projects and the availability of the Services during the migration will be addressed in the statement of work or amendment related to the migration. Application of all point releases would be subject to the Standard Update guidelines, above.
2. CLIENT SUPPORT
“Business Day” means Monday through Friday, excluding holidays.
“Custom Functionality” is any component of functionality implemented by the Satmetrix professional services team which is specific to the client’s requirements; all Custom Functionality must be described in a system specification set forth in an applicable statement of work. Examples of Custom Functionality include special handling of incoming Client data feeds, logic supporting the assignment of survey versions based on business logic, alert conditions, and custom reports.
“Emergency” is defined as a situation in which a particular location’s Services are completely inoperable, and Client’s network, Internet connection status, or other technical factors outside of Satmetrix’s control have been eliminated by the Client as the cause of the failure.
“Error” is a failure of the product to perform as described in the end-user documentation or system specifications set forth in an applicable statement of work.
“Issue” is an error that is classified as either “Severity 1”, “Severity 2” or “Severity 3”
“Severity 1 Issue” is an error that prevents the execution of one of the primary functions of Satmetrix PRO (i.e., sending out invitation emails, allowing respondents to take and submit surveys, basic reporting) in production live environments and for which no reasonable workaround exists.
“Severity 2 Issue” is an error that prevents the execution of one of the primary functions of Satmetrix PRO but for which there is a reasonable workaround, or any other type of error that prevents the execution of non-essential functions of the Satmetrix system.
“Severity 3 Issue” is an error that has negligible immediate impact yet is desirable to resolve because of restrictions to operations or usability issues.
“Standard Functionality” is all functionality which is provided by the Satmetrix PRO platform and which has not been customized to fit specific client requirements. Examples of Standard Functionality include the ability of a client to navigate through and submit a survey, the sending out of invitation emails, and the ability of client personnel to log in to the Satmetrix reporting site.
“Telephone Support” means Client Services telephone assistance provided by Satmetrix to Client’s support contact(s) concerning connectivity Issues, hardware diagnostics, usability and/or basic training, and system processing Issues of the Satmetrix Services.
“Workaround” is defined as a Satmetrix solution or resolution that provides materially equivalent functionality while an issue with the Services’ standard functionality is being addressed. The workaround may involve a reasonable number of additional steps by the Services user to achieve the same result.
Hours of Client Support Services
Satmetrix Provides Client Support Services Monday through Friday, 24 hours a day, excluding Satmetrix-recognized holidays. Satmetrix recognized holidays are:
Satmetrix Recognized Holidays for which Client Support Services are Not Available (If holiday falls upon a non-business day, Satmetrix observes holiday on next available business day)
|New Year’s Day|
|USA President’s Day|
|USA Memorial Day|
|USA Independence Day|
|USA Labor Day|
|USA Day after Thanksgiving Day|
|New Year’s Eve Day|
Urgent support is available 7x24x365 via email/website for Severity 1 Issues (described below). An issue can be marked as Severity 1 by placing the word “urgent” in the subject line of an electronic mail support request, but is subject to Satmetrix’s verification of severity.
Client Support Services Access Methods
Support contacts may request Client Support Services via telephone or electronic mail.
Wait time for phone support during support hours averages less than five minutes on Business Days. Voicemails that are left after Satmetrix support hours are returned as early as possible the next business day (applicable to the caller’s time zone). Response time for email support is generally within one business day.
Client Support Services Requests
Support is as described below for all errors in standard functionality for the duration of the Agreement. Support is provided for custom functionality as described below for all errors for a period of 30 days from the date the system production setup is complete or the date of the initial data collection outcast, whichever comes first. After this time, Client will need to engage the Professional Services team to resolve any errors in custom functionality.
If Client encounters an Issue with Satmetrix Services, Client may contact Satmetrix’s Client Support Services. Satmetrix will respond to reported Errors within the following times from when the Error is reported to Satmetrix.
Issue Severity Classification and Resolution Guidelines
Services may be accessible from a connectivity standpoint (i.e., Satmetrix can send and receive IP traffic to and from its servers), but the services themselves are completely or virtually unusable in production live environments. The Issue or Error obstructs any business use of core functionality of the Services, specifically:
i) System Hangs – The process hangs indefinitely or there is severe performance degradation, causing unreasonable waits for resources or response, as if the system is hanging.
ii) System Crashes Repeatedly – Database process or background processes fail and continue to fail after restart attempts.
iii) Data Corruption – Physical or Logical data is unavailable or incorrect. Examples: export format corruption, invalid entries, and incorrect results.
iv) Critical Functionality Unavailable – The application cannot continue because a vital feature is inoperable, data cannot be extracted, Alert or Notification issues, etc.
Design Issues are not Severity 1 issues in any event.
Assign Satmetrix specialist to correct the error, promptly begin work to provide a correction, provide ongoing communication on the status of the correction(s), and will make continuous effort on a 24×7 basis until the problem is resolved or a workaround provided.
Immediate hot-fix release or workaround
Four (4) hours
[Urgent Support Hours]
Issues in which the system is still functioning but which result in an impact on the business user of core functionality of the Services. Design Issues are not Severity 2 issues in any event.
Assign a Satmetrix specialist to commence correction or provide workaround and/or escalation procedures as reasonably determined by Satmetrix support staff. Continuous effort will be applied during standard support hours until the problem is resolved or a workaround provided.
Hot-fix release, future release, or workaround
Twenty Four (24) hours
[Standard Support Hours]
Any other request that is not an error or a “bug” but rather a cosmetic or design issue or feature request and does not impede delivered functionality in any way would be handled through the appropriate change order or request channels and falls outside of the scope of severity definitions.
Consideration for enhancement to future release. These issues will be logged for consideration for the next product release and a tracking number will be provided to Client.
Forty Eight (48) hours
[Standard Support Hours]
Satmetrix will use commercially reasonable efforts to resolve all issues. Satmetrix may use any resolution method available (i.e. fixes, workarounds, etc.) in an effort to resolve an issue. Each request for Client Support Services is assigned a case number and the issue is prioritized according to the Issue Severity Classification Guidelines set forth above.
If Satmetrix believes that a problem reported by Client may not be due to an Issue related to the Satmetrix service, Satmetrix will so notify Client. At that time, Client may (1) instruct Satmetrix to proceed with Issue determination at Client’s expense as set forth below or; (2) instruct Satmetrix that Client does not wish the Issue pursued at Client’s expense. If Client requests that Satmetrix proceed with Issue determination at Client’s expense and Satmetrix determines that the Issue was not due to an Issue with the Satmetrix Service, Client will pay Satmetrix, at Satmetrix’s then-current professional services rate, for all work performed in connection with such determination, plus reasonable related expenses incurred therewith. Client will not be liable for any costs, including associated expenses, for (i) Issue determination or repair to the extent problems are due to Issues in the Satmetrix Service or (ii) work performed under this paragraph that exceeds Client’s instructions or (iii) work performed after Client has notified Satmetrix that it no longer wishes work on the Issue determination to be continued (such notice will be deemed given when actually received by Satmetrix).
What Is Not Included Within Support
Online training. Client Support Services does not cover in-depth training over the phone or via e-mail. If the instruction or information is going to take more than 15 minutes of a Client Service Representative’s time, the Client will be referred to Satmetrix’s Training Department or Customer Account Management Department. Satmetrix Training Services can be provided but will be provided pursuant to Satmetrix training pricing and policies.
Assistance with the installation and configuration of hardware not provided by Satmetrix, such as computers, hard disks, networks, printers. Satmetrix does not provide these services.
3. DATA SECURITY, DATA BACK-UP AND RECOVERY, AND DISASTER RECOVERY
Satmetrix represents that the following policies, procedures, and capabilities are in place with respect to data security, data preservation and recovery, and disaster recovery.
Data Security – Existing Components, Practices, Policies and Procedures
Firewalls – Satmetrix maintains a multi-tier firewall structure.
Intrusion – Satmetrix maintains intrusion detection and intrusion prevention systems.
Encryption – Privacy/Confidentiality requires that data is decipherable only to users with authorized access. Satmetrix utilizes a variety of encryption methods to insure confidentiality.
Application Security – The Services are built to protect against many of the malicious threats that have become prevalent with Web applications.
Authentication – The Services use strong authentication to provide assurance that only authorized users can access the system.
Access Control – Access control is the ability to limit access to the application by user, host, and type of function. Satmetrix implements access control so that different users or hosts have access restricted to different capabilities, amounts of information or types of information after the system has authenticated the user or host.
Operating System – Satmetrix implements operating system hardening to limit the number of potential avenues for malicious attack vectors.
Anti-Virus – Satmetrix maintains anti-virus software.
Vulnerability Testing – Network scans are completed twice a year.
SAS-70 Type II – Satmetrix will provide Client with a copy of its data centers most recent SAS-70 Type II report upon request.
Data Back-Up and Recovery
Data recovery in the event of a failure or error is an integral part of the Services. Backups are comprised of operating system, file system, document storage and database specific information to ensure that all components can be recovered.
Satmetrix maintains full weekly backups and frequent, incremental backups of production data. Data center employees perform regular restores to ensure that these backups are functional. All backup data is encrypted using 256-bit high encryption to protect data at rest from unauthorized access.
Backups are run on the following standard schedule:
Weekly Full Backup – A complete backup of all data types
Daily Incremental Backup with hourly DB log shipping – Changes to the previous night’s backup
Other key components of the backup solution include:
All backup logs are checked on a daily basis for errors which may have occurred during the past night backup run.
Regularly scheduled test restores to target systems.
All production backups are encrypted and are stored offsite using an industry leading offsite data storage vendor
Rapid data restores can be completed based on the age of the restore point required ; Request for older dates require retrieval from the off-site facility
Satmetrix has a formal Disaster Recovery Plan in place for all technology related systems. Satmetrix’s distributed workforces across NA and Europe help to mitigate risks to business downtime, since all employees have the ability to work remotely as needed. Plans are reviewed and updated periodically and key steps are:
A communication plan that is maintained on how employees, clients, and vendors will be notified in the event of a disaster
All critical functions for disaster recovery are documented and maintained up to date
Documented steps are maintained and kept up to date for data center rebuild and system restoration in the event of a disaster
Satmetrix’s network, server, and power supplies are connected in a redundant configuration so that in the event of any form of hardware or network failure, a backup component immediately takes over as the primary component responsible for responding to a particular type of request. Satmetrix’s network and data center provider provides network redundancy to Satmetrix and its production servers.
Data is regularly backed up for disaster recovery. Backup data are encrypted for security using 256 bit encryption. Copies of backup data are kept offsite using reputed offsite data storage vendor who maintain it in a secure and safe location with significant levels of security and disaster protection. Backups are regularly tested for recovery.
In the event of a catastrophic failure that goes beyond what redundancy can mitigate, Satmetrix commits to have normal operations restored from a disaster within thirty (30) days of the conclusion of the incident (the “DR Plan”). An interruption of the Client’s Services for more than seventy-two (72) consecutive hours in any calendar month for reason(s) other than a disaster (i.e., within the direct control of Satmetrix) will constitute a default under the Agreement.
The parties acknowledge and agree that a disaster at Satmetrix hosting center(s) which would require invocation of the DR Plan will not be considered a default as described in the preceding paragraph, but will only be considered a default if the Services are not restored in the timeframe specified in the DR plan itself.