Site Service Level Agreements
SproutLoud commits to providing the following Site Service Levels (SSLs) provided that http://www.sproutloud.com/legal/SiteServiceLevelAgreements is incorporated and referenced in the Master Services Agreement (“Agreement”) as previously agreed upon by SproutLoud Media Networks, LLC (“SproutLoud”) and Client (“Client”). SproutLoud’s SSLs shall be governed by the Agreement. This Site Service Level Agreement (SSLA) represent’s SproutLoud’s sole obligation and Client’s sole remedy for failure to meet SSLs. This SSLA does not apply to the availability of Third Party Services (TPS) including TPS Application Programming Interface (API) connections which are subject to their own service levels, but does address TPS errors and how SproutLoud shall handle such errors on behalf of Client.
- Definitions. The following are definitions of capitalized words used in this Agreement:
i. “Business Hours” each business day, other than Holidays, between the hours of 9:00 a.m. and 6:00 p.m., prevailing Eastern Time, for the purposes of receiving and logging requests for support
made by Client and responding to questions, inquiries and complaints regarding the Services. “Holidays” means the following dates: Martin Luther King Day, President’s Day, Memorial Day,Independence Day, Labor Day, Thanksgiving Day, Black Friday (i.e., the Friday immediately following Thanksgiving Day), Christmas Eve, Christmas Day, New Year’s Eve and New Year’s Day, as well as any other day labeled by SproutLoud to Employees as a “Floating Holiday” in accordance with its standard
operating practices. SproutLoud shall notify Client of scheduled Holidays at least sixty (60) days prior to the scheduled date.
ii. “Scheduled Maintenance Period” includes standard maintenance periods which SproutLoud may invoke from 12:01 am to 7:00 a.m. ET on a Saturday and/or Sunday. The Engine may not be available during this period. SproutLoud shall notify Client of any changes to the Scheduled Maintenance Period at least seven (7) days prior to the implementation of the change. In order to meet stated SSLs, SproutLoud will use commercially reasonable efforts to keep any maintenance of the Engine to a Scheduled Maintenance Period.
- Service Availability.
i. Engine Availability. Subject to the terms herein, The Engine will have a 99.5% Availability each calendar month (the “Uptime Commitment”).
ii. Engine Availability Calculations.. The Availability of the Engine instance for a given month will be calculated according to the following formula (referred to herein as the “Availability”): Where: Total minutes in the month= TMM; Total minutes in month Unavailable = TMU; and: Availability = ((TMM-TMU) x 100)/TMM. For purposes of this calculation, The Engine will be deemed to be Unavailable to the extent The Engine will not accept connections or communications. The Engine will not be deemed Unavailable for any downtime or outages excluded from such calculation by reason of the exceptions set forth below. SproutLoud’s records and data will be the sole basis for all Service Level calculations and determinations for Availability.
iii. Exceptions. Scheduled Maintenance Periods shall not be included in the calculations for Availability.
iv. Limitations. SproutLoud cannot assume responsibility and shall not be liable for any impacts on Availability due to:a. any requests for non-standard environment or Client machine access
b. any downtime caused by Client produced code
c. TPS systems
i. In the event that SproutLoud fails to meet the Engine Availability commitment described in Section 2A, Client will have the rights set forth below. The terms listed provide Client’s sole and exclusive remedy for SproutLoud’s failure to meet the Uptime Commitment.
ii. If the Availability of The Engine for a given month is less than the applicable Uptime Commitment, the Client shall receive a credit equal to the table below:
Equal to or less than 99.49%, but greater than or equal to 98% 5% of Monthly Software Fee Equal to or less than 98%, but greater than 95% 10% of Monthly Software Fee Equal to or less than 95%, but greater than 90% 15% of Monthly Software Fee Equal to or less than 90% 20% of Monthly Software Fee
iii. All SSLA claims should be communicated via the email to Client support within thirty days (30) days of the incident. The notice must include all relevant information, including client name, IP address, full description of the incident, date and time of event, specific module impacted and any logs (if applicable). All SSLA credits will be issued as credits against future invoices for services.
iv. No Service Credits will be given for service interruptions: caused by the action or failure to act by Client, which are the result of scheduled maintenance, due to a force majeure event, for which Client is entitled to a SSLA Credit for the same or contemporaneous Service Commitment failure or resulting from Client’s breach of the Terms of Service, Acceptable Use Policy or any other policies and procedures of this Agreement.
v. Total cumulative SSLA Credits during any given month shall not exceed the Client monthly fee for those Services affected.
- SSL Support
i. SproutLoud has internal notification tools for service issues. Additionally, Client shall first report any service problems to their dedicated Client Relationship Manager (CRM). If the Client’s CRM is unavailable, or such service issue occurs outside of Business Hours, Client may report problems to [email protected]. A description of the issue, including the Error Class, should be reported in the e-mail.
ii. All incident reports are handled by SproutLoud’s client support system. We prioritize tickets by severity and handle issues according to the SSL Severity Level table below. Note that the Ticket Response Goals specify the time to begin an investigation of the problem, not the length of time within which such problem will be resolved:
Severity Levels Explanation Ticket Response Goals Level 1 – Emergency The Engine is down, business operations severely impacted with no workaround, or a critical security issue. Within 30 minutes during our Business Hours or 2 non-business hours. SproutLoud shall take steps to supply a correction as soon as possible. This will include assigning qualified, dedicated staff to work on the Error twenty-four (24) hours per day, seven (7) days per week as necessary. Level 2 – High Production Engine is operational but significant disruption of business operations; no stable workaround. Within 2-hours during our Business Hours or 8 non-business hours. SproutLoud shall take steps to supply a correction as soon as possible within normal business hours.. Level 3 – Normal Issues causing moderate to low business disruption with a Production Engine or any issue for which there is a stable workaround available Within 8-hours during our Business Hours. SproutLoud shall work with Client to document the error through mutually established standards. SproutLoud shall resolve such errors using normal software support procedures and where commercially reasonable, each error shall be resolved by a release date as mutually agreed upon by both parties. Level 4 – Low The Engine is operations; a minor defect causing visual issues with little to no functionality impact. Acknowledgement of defect within 5-business days. SproutLoud shall be dedicated to solving through normal software support procedures and according to a release date as determined by SproutLoud.
i. Upon request, SproutLoud will no later than the 5th of the calendar month requested, provide copies of its internal reports or such other documentation as is reasonably acceptable to Client to evidence compliance with the service level requirements set forth in this SOW in the previous calendar month. SproutLoud’s system logs shall provide the basis for determining compliance in the previous calendar month. In the event such reports indicate Client is due any credits as set forth above, SproutLoud will promptly credit Client’s account accordingly.
ii. At least on an annual basis, SproutLoud will provide upon request, and at its cost, an SSAE16 audit report including an SSAE16 audit report with respect to any facility hosting the Engine.
iii. Data Center. The Engine is collocated in dedicated spaces at top-tier data centers. These data centers provide carrier-level support, including:
- Access control and physical security
a. 24-hour manned security, including foot patrols and perimeter inspections
b. Biometric scanning for access
c. Dedicated concrete-walled Data Center rooms
d. Computing equipment in access-controlled steel cages
e. Video surveillance throughout facility and perimeter
f. Building engineered for local seismic, storm, and flood risks
g. Tracking of asset removal
- Environmental controls
a. Humidity and temperature control
b. Redundant (N+1) cooling system
a. Underground utility power feed
b. Redundant (N+1) CPS/UPS systems
c. Redundant power distribution units (PDUs)
d. Redundant (N+1) diesel generators with on-site diesel fuel storage
a. Concrete vaults for fiber entry
b. Redundant internal networks
c. Network neutral; connects to all major carriers and located near major Internet hubs
d. High bandwidth capacity
- Fire detection and suppression
a. VESDA (very early smoke detection apparatus)
b. Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression
- Secure transmission and sessions
a. Connection is via SSL 3.0/TLS 1.1, using EV SSL certificates from Go Daddy Secure Certification Authority, ensuring that SproutLoud users have a secure connection from their browsers to SproutLoud’s service.
b. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.
- Network protection
a. Perimeter firewalls and edge routers block unused protocols
b. Internal firewalls segregate traffic between the application and database tiers
c. Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports
d. A third-party service provider continuously scans the network externally and alerts changes in baseline configuration
- Disaster Recovery
a. Performs near real-time replication to redundant servers in the data center for all website data
b. Multiple redundant database servers are setup for failover
c. Data are transmitted across encrypted links
d. Disaster recovery tests verify SproutLoud’s projected recovery times and the integrity of the Client data
a. All data is backed up to disk in the data center, on a rotating schedule of incremental and full backups
b. The backups are executed over secure links
- Internal and Third-party testing and assessments
a. Tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities
b. Third-party assessments are also conducted regularly
c. Application vulnerability threat assessments
d. Network vulnerability threat assessments
e. Selected penetration testing and code review
f. Security control framework review and testing
- Security Monitoring
a. Monitors notification from various sources and alerts from internal systems to identify and manage threats
- Access control and physical security