This Statement of Work (hereafter referred to as SOW), and your SBS Group Professional Services Agreement or any equivalent agreement in effect between us and any other applicable Attachments, Amendments and Transaction Documents make up the entire agreement between both of us regarding Services we provide to you in support of your project. These replace all previous agreements and communications between both of us regarding these services.
1. Project Description and Definitions
The Client has a need for ongoing cloud and managed infrastructure services. This Statement of Work includes the following definitions:
"Authorized Users" shall mean those persons designated by you in writing to the Company who shall have access to Client's Software on the Servers.
"Client's Software" shall mean software other than System Software which you have purchased prior to or as part of this SOW and which you have licensed directly from the publisher of such software.
"Data Center" shall mean a facility provided by us or our cloud partner to house the Servers.
"Designated Location" shall mean any office location where you operates your business.
"Liaison Officer" shall mean the person you designate to (a) act as the exclusive liaison between both of us; (b) have overall responsibility for directing and coordinating all of your activities hereunder, and shall be vested with all necessary authority to fulfill that responsibility; and (c) provide guidance to us on issues that relate to your organizational structure.
"Marketplace" shall mean the SBS Group Stratos Marketplace found at https://shop.sbsgroupusa.com.
"Servers" are collectively the shared computer equipment, operating system, and System Software required to support your Authorized Users according to the terms and conditions of this SOW.
"Services" are collectively the services to be provided by SBS Group to you hereunder, which are specified in the appendices to this SOW, as such appendices may be modified from time to time by agreement of the parties.
"Stratos Order" shall mean an electronic order placed through the Marketplace's electronic ordering capabilities.
"System Software" shall mean software provided to you under a subscription license agreement by SBS Group or our cloud partner to operate the Servers.
"Support Services" shall mean collectively the services set forth in Section 2.
"Term" shall mean the period set forth in Section 6.
"Unauthorized User" shall mean any person who is not an Authorized User.
2. Our Responsibilities
We shall provide the Services to the Client. We shall use our own personnel and/or contractors retained by us, and at our expense, to support and maintain the operating environment for Client's Software, at our Data Center for Client's day-to-day business use. We reserve the right at our discretion to rely on a cloud partner to provide the Data Center and other IT infrastructure services and obligations described in this SOW.
We will make the Services available to you twenty-four hours per day, seven days per week, each day of the year, except for periods of scheduled maintenance or updates of the Software, network and/or the Data Center. Regular maintenance will be scheduled to avoid interrupting your normal business hours. We reserve the right to interrupt access to the Services upon our good faith determination that it is necessary to perform emergency maintenance. We agree to use commercially reasonable efforts to notify you prior to any such emergency maintenance or Service interruption. In the event of an unscheduled outage resulting from a power outage, server hardware failure, software failure, disruption of network service, virus attack, and/or failure of the Data Center, We agree to provide commercially reasonable efforts to work with third parties as required, to minimize your downtime. We are not responsible for the availability of your local internet connection or wide area network connection. Should we fail to provide Service availability as required by this Section 2.1, you shall have the remedies set forth in Section 6.1.
2.2. Implementation and Support Services.
We shall provide environment support for the Operating System (to include OS patching), Network Connectivity, VPN Connectivity, Load Balancing, and Firewall. Support shall be 24x7x365. In addition, upon mutual agreement of the parties, the Company may provide additional services to Client in accordance with one or more Statements of Work.
2.3. Backup/Disaster Recovery.
We shall maintain back-up copies of Client's data, and shall update such back-up copies daily. Appendix B outlines the Backup and Disaster Recovery Procedures in more detail. Such back-up copies will be used as necessary to restore your data, up to the point that the last back-up copy was made. We will also maintain back-up copies in a secure, accessible, off-site data storage environment and will deploy protocols (both hardware and software) at its Data Center to provide disaster recovery of data and protection from power outages. We shall provide a (i) Recovery Point Objective (RPO) of 4 hours, (ii) Recovery Time Objective (RTO) of 8 hours, for the Cloud Platform and (iii) Annually one (1) mock Disaster Recovery exercise upon your request. This exercise will be from the Primary Data Center housing the Cloud Environment to a Secondary Data center. Company requires 2 weeks advance written notice for any such Disaster Recovery exercise and Company's consent. You also acknowledge that in the event of a force majeure event described in this Agreement, the Services will be unavailable until repairs and/or replacements can be made. You further acknowledges that the Services may be unavailable for an extended period of time. We shall provide the disaster recovery services to the Eligible Recipients. In no event shall we or our cloud partners be liable for any claims for service disruptions resulting from a system failure and/or recovery of the Data Center, including but not limited to loss of your business income caused by a force majeure event.
We shall operate the Data Center in a secure manner; restricting access to your data to Authorized Users, and shall implement commercially available software/hardware mechanisms for protecting data and access at user, network and Data Center levels.
We may implement certain physical, administrative and technical security policies and procedures which we deem necessary to be reasonably compliant with the then current laws and regulations and which you agree to. Some of these policies may affect access to the Services. To the extent that these policies and procedures affect your access to the Services, we will provide you 30 days' notice before requiring you to comply.
We may make recommendations regarding security, as it relates to the usage of the cloud environment, which is designed to be compliant with applicable laws and regulations. The cost of implementation of recommended practice security shall be your expense. If you choose not to implement these recommendations, we reserve the right to modify your access to the system, which may result in loss of functionality or access.
2.5. Anti-Virus and Anti-Spyware Protection.
We shall provide the Services in a manner consistent with then current industry standards to provide continuous protection against computer based viruses, spyware and other malicious software. We do not represent that it can protect the Data Center and the Servers from attacks. In the event of an attack, we may at our discretion isolate the Data Center from any and all users in its efforts to eliminate the threat.
You agree to maintain and keep current commercially available Anti-Virus and Anti-Spyware software for all of your computer workstations and/or servers that are not managed by SBS Group and have network access to the servers defined in Appendix A. Failure to maintain and keep current such Anti-Virus and Anti-Spyware software may result in the termination of access to the Services until acceptable protection is made current. We may provide you, at an additional cost, centrally administered Anti-Virus and Anti-Spyware software for the protection of all of your Microsoft Windows based computers.
2.6. Intrusion Detection.
We shall monitor the Data Center and Servers for unauthorized access. To properly monitor and manage unauthorized access, we may provide recommendations on user naming and password construction as well as certain usage policies and procedures designed to protect the Servers and Software. Your usage and compliance to these recommendations which may be updated from time to time will be required to provide you a commercially reasonable Intrusion Detection strategy. You acknowledge that the intrusion detection monitoring may temporarily prevent Authorized Users' access to the Services upon failed logon attempts. In such cases, we will make every effort to notify you and restore access to Authorized Users as soon as possible.
2.7. Network Support and Monitoring.
We will monitor your network connection to the Data Center, troubleshoot performance problems and/or network outages and work with your telecommunication provider to resolve any connectivity issues in a timely manner. We will use our best efforts to provide you updates on the nature of the outage and expected duration as it is advised. You acknowledge that the Company does not have any control over your network provider and is not responsible for the duration of any outages which are under your control.
If and to the extent that the Appendix A to this Agreement explicitly provides that the Services shall be HIPAA compliant, we shall execute a Business Associate Agreement in a form acceptable to you. We and our personnel shall comply with the terms of the Business Associate Agreement in performing the applicable Services. We shall be responsible under this Agreement for any failure of us or our personnel to comply with the terms of the Business Associate Agreement or the Laws referenced in the Business Associate Agreement applicable to us in the same manner and to the same extent it would be responsible for any failure to comply with its other obligations under this Agreement.
3. Your Responsibilities
3.1. Organization Responsibilities
You agree to be responsible for designating a single Liaison Officer. You shall promptly notify us in writing of any successor or replacement Liaison Officer.
3.2. Computing Environment – Client's Designated Location(s)
You agree to be responsible for (i) the proper licensing, use, and operation of your hardware, third party software and your Software; (ii) implementing and maintaining security policies and procedures consistent with applicable laws and regulations including but not limited to, the implementation of industry standard firewall protection for Internet connections and active and current protection against viruses, spyware, and appropriate user security authentication; (iii) providing SBS Group personnel with the necessary physical access to the Designated Location, during normal working hours to allow us to perform our obligations under this SOW; (iv) providing remote access to appropriate hardware and third party components at your Designated Location(s) for purposes of us performing any services or audits under this Agreement; and (v) informing us of any legal or regulatory requirements of your business that may affect our performance of our obligations hereunder. You will be responsible for all long distance, toll and line charges associated with such remote access; and procuring and maintaining all device drivers, third party operating systems and other products and services that may be required to operate Client's Software or your hardware.
3.3. Data and Reports
You agree to be responsible for (i) all data entry; (ii) the quality, reliability, accuracy, timeliness, and completeness of all data that you or any Authorized User causes to be entered into Client's Software; (iii) validating the information presented on any reports produced by the System Software and/or Client's Software; (iv) any decisions made by you or any Authorized User based on any of the data or reports produced using your data, and the results of such decisions; (v) providing related data and explaining internal procedures and legal requirements in writing to us; (vi) providing such record layouts, data, or other information as requested by us to fulfill our responsibilities under this SOW; (vii) results obtained from use and operation of Client's Software, provided however nothing contained in this subsection shall affect the limited warranty contained in the Agreement; and (viii) determining the recommended conversion approach for your Designated Location and procuring the necessary resources to unload the data from the relevant existing system; (ix) any disclosures by your officers, employees, agents and Authorized Users of data maintained on your Server; and (x) any further requirements under applicable federal, state or local laws or regulations.
3.4. Equipment and Software
You shall be responsible for procuring at your expense all equipment, software, network and internet access, and taking all actions at your Designated Location necessary for it to: (i) access Client's Software; (ii) access the Data Center; (iii) provide to us all information required by this SOW to permit us to perform our obligations under this SOW; and (iv) ensure such level of security and privacy as may be required by us from time to time in connection with the provision of services hereunder. As part of your obligation to provide such equipment, software, and network and Internet access, you are responsible for ensuring that all of your personal computers, workstations and servers to be used to interface with or use information from Client's Software are properly configured, including but not limited to the base PC operating system, web browser and network and internet connectivity.
You are responsible for the equipment, installation and monthly costs of your network and internet connection to our Data Center. We may recommend the ordering and implementation of any communication lines required to connect the Designated Location to the Data Center, and may recommend hardware (i.e. routers, hubs, switches) which you may need to purchase to effect such connectivity. The costs associated with such connectivity (installation and monthly charges) and hardware will be solely your responsibility.
3.6. Identification of Authorized Users
You shall provide to us a list using Exhibit E identifying all of the Authorized Users and level of security, to enable us to establish a unique identifier and grant related security permission for each Authorized User. You agree that anyone you identify as an Authorized User shall comply with all applicable disclosure rules. You shall promptly update such list whenever an Authorized User is added or removed. If you, at any time, desire to terminate any Authorized User's access to the Servers and Client's Software (in connection with termination of employment of the Authorized User or otherwise) then you shall promptly notify us in writing of such termination of access, and we shall terminate such Authorized User's access to the Servers and Client's Software within 24 hours of the date we receive such written notice. You shall utilize the number of users stated in Exhibit A for the entire period of this SOW as a minimum user level. The user minimum may not be reduced without prior approval by SBS Group.
3.7. Responsibilities for Authorized Users and Unauthorized Users
You shall be responsible for all acts and omissions of: (i) Authorized Users, and (ii) all Unauthorized Users who access the Data Center by use of any password, identifier or log-on received or obtained, lawfully or unlawfully, from you or any Authorized User, with respect to the Servers and Client's Software. All such acts and omissions shall be deemed to be your acts and omissions.
3.8. Data from External Sources and Data Conversions
You agree to be responsible for reviewing, confirming and validating all data, reports, and/or generated forms (collectively, "Outputs") that may be generated by Client's Software or data loaded into your database which does not originate from the application, including data conversions provided by us or data received from external sources (collectively "Inputs"), and will notify us immediately if errors are found. We shall not be obligated to review any of the Outputs generated by Client's Software, and in no event shall we be responsible or liable for inaccurate or incomplete Inputs or Outputs. You shall comply with all local, state, and federal laws pertaining to the use and disclosure of any data.
4. Service Levels
4.1. Uptime and System Availability
For this Agreement the Service Level Commitment for Availability is 99.99%. The Cloud Platform shall be Available twenty-four hours per day, seven days per week, each day of the year, except for periods of Scheduled Outage. We shall meet the Service Level Commitment as set forth below during each calendar month of the Term. This Service Level Commitment will be calculated on a calendar-monthly basis. For illustration purposes, the table below shows the permitted Outage time per year, month, or week:
|Availability %||Outage Time per year||Outage Time per month*||Outage Time per week|
|99.99% ("four nines")||52.56 minutes||4.32 minutes||1.01 minutes|
|* Calculation Required - for monthly examples a 30-day month is used with no Scheduled Outage |
The Service Level Commitment shall take effect at the end of the Stabilization Period. We shall take immediate action to restore Availability as soon as possible following a Service Disruption. At no time shall any of the Exclusions listed in Section 4.3 constitute a Service Disruption.
4.2. Service Disruption
For the purposes of this Agreement, a "Service Disruption" shall be deemed to begin (a) for Services monitored by us through either an internal or external monitoring service, at the time that such monitoring service sent or should have sent the associated notifications, and (b) for Services not monitored by us, immediately upon receipt by us of notification of a Service Disruption. If a Service Disruption occurs, then we shall issue a service credit to Client for the dollar value equal to the sum of (a) 3 percent (3%) of the then-current Monthly Fee, plus (b) the prorated value of the number of minutes of the Service Disruption, to be applied to the next invoice. At no time shall the maximum value of all Service Disruption service credits for a one (1) month period exceed half the then-current Monthly Fee. If during a consecutive three month period there is an aggregate Service Disruption of 48 hours , we shall address such failure within thirty (30) days to ensure that there is no repetition of the same. Company shall be responsible for all costs and expenses incurred in this remediation. Should we fail to remediate, then you shall have the right to terminate this Agreement pursuant to Section 7.1. You must request all service credits in writing to us, as applicable, within thirty (30) days of the end of the month in which the service level was not met, identifying the specific instances relating to the lack of Availability. If you fail to request such service credits, you shall be deemed to have waived such service credits and any right to terminate this Agreement arising out of Service Disruptions in such month.
The following items are excluded from the calculation of Availability:
- Service Level Commitments do not apply if the Service Disruption is caused by your personnel, or is otherwise related to a Client side problem: power outage, connectivity failure, wiring damage inside your facility, equipment failure or your misconfiguration.
- Service Level Commitments do not apply if the Service Disruption is related to a force majeure event described in this Agreement.
- Service Level Commitments do not apply unless those commitments are "reasonably attainable" in similar configurations. All performance commitments are subject to what can be reasonably attained, as stated or demonstrated by the software vendor, on hardware and networking platforms deemed appropriate for the size of the your implementation. As clarification, software vendors typically have benchmarks on performance expectations for their software, which may include optimal and high-end response times based on volumes of transactional data. Since SBS Group does not create the software, the environment can only be optimized to run within these parameters.
- Service Level Commitments do not apply if the Service Disruption is related to an Update to the system which requires immediate application as dictated by any third party software vendor, or in the event of a zero hour system vulnerability threat.
We shall be excused from the Service Level Commitment under this Section 6.3 only if (A) we expeditiously give you notice of the circumstances involving the applicable exclusion (which notice shall describe in reasonable detail our inability to perform under such circumstances), (B) we provide you with every reasonable opportunity to correct the applicable circumstances causing the exclusion thereby avoiding such non-performance by us, (C) we identify and pursue all commercially reasonable means to avoid or mitigate the impact of such circumstances, (D) we use commercially reasonable efforts to perform notwithstanding the occurrence of such exclusion, and (E) we conduct a root cause analysis and thereby demonstrates that such exclusion is the cause of the Company's non-performance.
5. Completion Criteria
SBS Group will have fulfilled its obligations under this SOW when any one of the following first occurs:
5.1. Either of us terminates the project in accordance with the provisions of the Agreement, or
5.2. The End Date is reached, or extended in any subsequent Change Authorization.
Charges for the Services provided will be invoiced as described below. The Services are described in greater detail in Section 2 Our Responsibilities:
6.1. Our fees are detailed in Exhibit B – Fee Schedule.
6.2. The Term of this work order is three years with the subscription service beginning on the date of acceptance and ending at the end of the term. This work order will automatically renew for successive terms of one year unless either party provides the other with ninety (90) days written notice prior to the automatic renewal date.
6.3. We will invoice our charges to you monthly, based on the actual charges incurred unless both of us agree to other arrangements in writing. Your payment is due by the 10th of each month unless otherwise stated. Each month during the Term, You will pay us (by ACH, wire transfer or other method providing immediately available funds and reasonably acceptable to the Company) for the Cloud Fees, Support Service Fees, and other monthly fees detailed in Exhibit B. In addition, we will invoice you for any other consulting services, if any.
6.4. We reserve the right to charge additional service fees if regulatory and/or other third party entities effect a change that impacts your use of the Services. During the Term, we may increase the fees specified in the Appendix upon ninety (90) days prior written notice.
6.5. Any amounts disputed in good faith may be deducted from the invoice and the remainder must be paid by the due date. The disputed amount should be notified in writing to SBS Group within 30 days of receipt of the invoice giving the reasons for withholding payment. Upon receipt of your dispute notice, SBS Group and you will work together in good faith to resolve such disputes in a prompt and mutually acceptable manner. You agree to pay any disputed amounts within 10 days once the issues have been resolved. If any invoice is past due by 10 days or more, SBS Group has the right to disable your user accounts.
6.6. In addition to our net charges, you agree to reimburse us for all out-of-pocket expenses such as travel, lodging and meals associated with travel, courier charges, long distance telephone charges and other similar expenses. We will obtain your approval before we incur any such expenses that will result in total reimbursements exceeding five percent of our net charges.
6.7. Expenses will be invoiced bi-monthly. Your payment is due on receipt of our invoice.
6.8. Either party may terminate this Work Order if there is a material breach by the other party and only if the other party is given written notice of the breach and fails to cure it within 30 days. Either party may also choose to terminate the Work Order prior to completion of the contract, for any reason, with or without cause, upon ninety (90) days written notice to the other party. Notwithstanding the foregoing, your failure to timely make required payments under this agreement on three occasions during a twelve month period shall constitute a material breach for which notice and cure shall not be required. Should you terminate this agreement, without cause, prior to the end of the Term, you shall pay an early termination fee as follows:
if termination is effective within one (1) to eighteen (18) months of the Term, early termination fee shall be equivalent to fifteen (15) months at the then current monthly fee; and
if termination is effective between eighteen (18) months and 1 day and thirty (30) months of the Term such early termination fee shall be ten (10) months at the then current monthly fee; and
if termination is effective between thirty (30) months and 1 day and thirty-six (36) months of the Term, early termination fee shall be the remainder of the duration of the number of months left in the contract at the then current monthly fee.
Upon payment of the applicable early termination fee, you are released by Company from any obligation to pay monthly fees for the period after the effective date of termination. This early termination fee is a liquidated damage and not penalty, and is a reasonable estimate of the damages suffered by us for early termination. For clarity, the termination fee schedule is tied exclusively to the date when this Agreement is signed and its subsequent anniversary dates. Payment of any applicable early termination fee and past due Cloud Fees, if any, are due within thirty (30) days of the effective date of the termination.
6.9. Effect of Termination. Upon the effective date of this Agreement's termination or expiration and after any transition services assistance period as set forth in Section 6.10: (i) you will cease use of the Services; (ii) your access to the Cloud Platform will be disabled; (iii) you shall pay any undisputed fees to us and (iv) we may delete all your Data on the proper transition of the same to Client in accordance with the terms hereof. No such termination shall relieve you or us of any obligation incurred by either of us hereunder, including the obligation to pay Cloud Fees through the Term of this Agreement, notwithstanding that you may have elected to terminate pursuant to Section 6.8 prior to the expiration of the Term. Payment is due upon termination. Upon payment of all outstanding Cloud Fees and other fees due at the time of termination, you can request from us a disk copy of Client's data which will be provided at no additional charge.
6.10. The parties acknowledge that, on or about the date of termination of this Agreement, you may commence to perform services similar to those performed by us hereunder or you may engage a successor vendor (which may be a subcontractor, vendor or business partner we used) to perform such services. From the time that you notify us to whom you plan to migrate the services, we agree to cooperate with you (and, if applicable, the successor vendor) to effect an orderly and efficient transition. Within thirty (30) days after termination of this Agreement by either party, you shall pay the Company all undisputed amounts due and owing as of the termination of the Agreement. At such time as you reasonably determine necessary to effect the transition, we shall provide in electronic format a copy of your Confidential Information and any other data residing on our systems or within our control that is necessary for such transition. We shall continue to cooperate with you both before and after the termination of this Agreement in transitioning, converting and migrating the services provided by us to a new provider or to you yourself, which cooperation may include, without limitation, making qualified personnel available for questions and consultations, transferring contact numbers or URL addresses, providing any required technical assistance and cooperation to you as you may from time to time reasonably request. Such transition period shall not exceed three (3) months after the termination of this Agreement. For purposes of clarification, upon your request, we shall continue to provide any and all of the Services for all or part of such transition period and you will continue to pay for the same. Both of us agree to act in good faith in complying with the obligations set forth in this Section. During such transition period, you shall continue to pay our fees in a manner consistent with the payment of fees prior to the termination of the Agreement. Other transition services shall be provided pursuant to an Appendix entered into between the parties. Such transition services shall be provided on a time and materials basis at an hourly rate of no more than $195 per hour.
7. Project Change and Deliverables Control
7.1. If a change to this Agreement is required, both of us agree to use a Project Change Order Request (called "PCO") or a subsequent Stratos Order as the vehicle for communicating change. The PCO or Stratos Order must detail the change, the associated fees for the change and the effective date of the change.
7.2. A written Change Authorization and/or PCO must be accepted by both parties to authorize implementation of the proposed change and any subsequent charges.
Appendix A "Fee Schedule"
You shall pay SBS Group the fees set forth in the Stratos Order(s) you've accepted on our Marketplace.
If your order included a Setup Fee for the Cloud Services and Add-On Services, unless disputed in good faith in writing by Customer (in which case the parties shall work together to resolve the dispute), are payable in full upon execution of the SLA, SOW or Change Order as applicable through our Marketplace or via a written document.
The Stratos Private Cloud Environment shall require (3) three weeks from contract signing to complete. Subsequent timelines of application installation, configuration, testing and cutover are covered under a separate SOW.
Monthly Service Fees
You shall pay monthly support service fees and Add-On service fees as indicated in the Stratos Order(s) you've accepted. The monthly service fees and Add-On service fees are payable monthly in advance and shall be pro-rated for the first month of Services.
Appendix B "Data Backup and Disaster Recovery Procedures"
We employ an exhaustive backup and disaster recovery process for each Virtual Private Cloud environment to guarantee that data is adequately protected and can be recovered quickly. During the cloud on-boarding phase, our project manager works with you to create a customized "Disaster Recovery Plan" specific to their environment. This plan details all the specifics and logistics associated with the declaration and execution of a disaster recovery event, included a mutually agreed upon Recovery Time Objective (RTO) and Recovery Point Objective (RPO) timeframe.
This Disaster Recovery Plan serves as the governing body during a disaster. Mock disaster recovery tests are performed against this document annually to validate the process and ensure the accuracy of its content. Actual disaster recovery (DR) exercises against a production environment may also be performed upon request, although most customers elect not to do so given the impact on productivity.
The infrastructure and its configuration at each independent SBS data center mirror each other exactly. This allows our platform to remain truly abstract to the Virtual Private Cloud environments running on top of it. A significant DR benefit to this intentional design is the ability to recover from a disaster in a completely separate geographic location, quickly and with very little configuration modification.
Our default backup policy is composed of the following:
- Daily - at a frequency of every four hours and a retention period of five days.
- Weekly – at a frequency of once every week and a retention period of five weeks
SQL Database Backups:
- Transaction logs - at a frequency of one hour and a retention period of seven days
- Daily – daily Incremental database backups with a retention period of seven days
- Weekly – weekly full database backups with a retention period of five weeks
Backup Controls and Verification:
- Success and failure notifications are automatically generated and reviewed by the Operations team.
- Random full environment restores are tested no less than quarterly
- Random full database restores are tested no less than quarterly
- Annual mock geographic disaster recovery failover exercise