Simployer Trust CenterOther useful contentAgreements › Service level agreement (SLA) - English

Service level agreement (SLA)

1.  System requirements

The Supplier’s systems support the following browsers:

  • Microsoft Edge (chromium based). Current version or up to 1 – one – main version older.
  • Mozilla Firefox. Current version or up to 1 – one – main version older.
  • Apple Safari. Current version or up to 1 – one – main version older.
  • Google Chrome. Current version or up to 1 – one – main version older.

Other system requirements:

  • Standard web access (https on port 443) to required domains.
  • The browser must support Javascript and cookies.
  • Integrations are established through API’s over SSL (port 443) or through secure ftp (sftp on port 22)

There are no specific requirements to PC or operating system.

Mobile applications support those mobile operating systems stated in the application description of the application stores of Apple and Google.

2.  Guaranteed uptime

The supplier strives to ensure that all systems are operational 24 hours a day, 365 days a year.

The supplier guarantees that the systems are operational (uptime) 99.5% measured over the period of measurement.

For agreed upon and established integrations, the Supplier guarantees identical uptime on the part of the integration that is the Supplier’s responsibility according to the contract.

The period of measurement is a full calendar month starting on the first of each month.

Periods of planned outages, extraordinary outages and customer caused outages, cf. Point 3, is considered uptime, and consequently not as downtime and interruption of delivery. 

2.1 Support response time

The Supplier warrants that support as specified in the agreement, received through the Supplier's customer center, shall be registered and given an initial response within 8 hours measured during opening hours.

Opening hours are Monday to Friday from 0800 to 1600 CET. In the period from June 20th to August 20th, the opening hours are from 0800 to 1530 CET. No holidays (24 hours) are included in the opening hours.

Support that requires counselling, training, consulting services and the like is not included in regular support but may be offered by special agreement.

3.  Outages

Notification

The Supplier shall notify the Customer of all scheduled outages as early as possible and preferably within 1 – one – month before the outage. The supplier operates a separate notification service where the Customer can choose which operational alerts are to be received in which channel. The Customer is responsible for opting in/out of the relevant notification lists.

In the case of the Customer's need to change agreed upon and established integrations between the system and the Customer's 3. party system, the Customer shall notify the Supplier as early as possible and preferably within 1 – one – month before the date of the required change. For such requests that require work on the part of the Supplier, the Supplier will invoice the Customer for elapsed time after the current hourly rate.

Downtime

Downtime is measured from the moment the Supplier is made aware of, or even reveals, an unforeseen outage (see below) and until the fault is rectified.

Any downtime on Customer's 3. party systems that may arise due to errors in agreed upon and established integrations are not considered downtime in this context.

Downtime reporting

At the Customer's request, the Supplier shall provide a report of the last completed measurement period showing downtime and uptime.

Examples of outages

Scheduled outages

These are periods during which the system may be down for scheduled maintenance. An overview of scheduled outages is published in the notification service at least 1 – one – month before the interruption.

Scheduled outages are not considered downtime.

Extraordinary outages

These are periods during which the systems may be down for maintenance and where maintenance needs have occurred suddenly and unforeseen based on factors over which the Supplier or the Supplier’s subcontractors have no control. Extraordinary outages, for example, consist of (the list is not exhaustive):

  • Installation of critical fixes to operating system, antivirus, firewall, and the like.
  • Internet connection breaches of a national/regional nature

Extraordinary outages shall be published through the notification service as early as possible before the interruption. Extraordinary outages are not considered downtime.

Customer caused outages

These are outages that are caused by the Customer. Examples of such outages are (the list is not exhaustive):

  • Power failure, internet breaches and the like at the Customer or the Customer's subcontractor.
  • Settings in Customer's web browser, firewall/proxy that may lead to downtime.
  • Use of unsupported browsers.
  • Customer-generated errors in the database (for example, where the Customer deletes critical data in the application).
  • Errors occurred in, or errors that can be derived from, agreed and established integrations between the system and the Customer's 3. party systems, where the errors origin from the Customer's 3. party system or data foundation from the Customer's 3. party system.

For customer caused outages that requires work on the part of the Supplier, the Supplier can invoice the Customer for elapsed time at the current hourly rate.

Customer caused outages are not considered downtime.

Unforeseen outages

These are outages that can occur suddenly and unforeseen.

Examples of such outages are (the list is not exhaustive):

  • Power outages, line outages, server breakdowns and the like at the Supplier or the Supplier’s subcontractors.
  • Errors in the system of such a nature that the Customer cannot perform the essential functions stated in the product description.

Unforeseen outages should be published through the notification service if possible. Unforeseen outages are normally considered downtime.

4.  Protection against unauthorized access etc.

In order to limit the possibility of outsiders gaining access to the system, the Supplier shall secure the system with:

  • Physical security of premises where the solution is operated.
  • Firewall that protects against intrusion and denial of service attacks.
  • Virus protection and protection against malware.
  • Setup of encrypted connections.

The Supplier performs all operation of solutions over secure network connections.

The Supplier shall restrict access to the Customer's data for its own trusted personnel based on a "need to know" approach that involves:

  • No one at the Supplier shall log on to the Customer's system without procedures that involve the Customer's consent. Access should be logged.
  • The Supplier's operational personnel do not have general access to the Customer's databases and can only be granted this access according to procedures which involve the Customer's consent.
  • The Supplier's subcontractors do not have access to the Customer’s data. The subcontractor’s access is strictly related to equipment for the purpose of supporting the operating system and running backup.

The Supplier prepares and documents internal routines for the best possible redundancy and disaster recovery for the system.

5.  Backup

The Supplier provides offsite, encrypted backups of systems and data according to the Supplier's current backup plan.

Data that might be in transit on the Supplier's middleware in connection with agreed upon and established integrations between the system and the Customer's 3. party system is not included in the backup

6.  Termination

Unless otherwise agreed, the Supplier will immediately disable all access to the Customer's data after the end of the agreement. Unless otherwise agreed, the data will then be quarantined for a period of 3 – three – months from the end of the agreement. After the end of the quarantine period, the Customer's data will be physically deleted. 90 – ninety – days after data deletion backup that was taken at the expiration of the agreement will expire, and all options for data reconstruction are gone. The Supplier will then inform the Customer in writing that the Customer's data has been permanently deleted.

On 1 – one - occasion until the end of the quarantine period, the Customer may require all data that is the property of the Customer, free of charge. After the end of the quarantine period until the Customer's data is permanently deleted and backups are expired, the Customer may still require all data that is the property of the Customer. For such requests, the Supplier will invoice the Customer for elapsed time after the current hourly rate.

The Customer's data is disclosed in its original document format. Structured data is delivered in a standardized, machine-readable format.

7. Changes in the Service Level Agreement 

The Supplier may amend or change the Service Level Agreement with effect from 90 days from the notice of change. Notice will be provided via e-mail. The most recent and effective version of the Service Level Agreement will at all times be available on the Suppliers website, see here.

V.3.2.2