Version March 31, 2016
Unless otherwise stated, these SKOPEI Cloud Hosting and Delivery Policies (the “Delivery Policies”) describe the SKOPEI Cloud Services ordered by You. These Delivery Policies may reference other SKOPEI Cloud Policy documents; any reference to “Customer” in these Delivery Policies or in such other policy documents shall be deemed to refer to “you” as defined in the ordering document. Capitalized terms that are not otherwise defined in this document shall have the meaning ascribed to them in the relevant SKOPEI Agreement, ordering document or policy.
The Cloud Services described herein are provided under the terms of the agreement, ordering document and these Delivery Policies. SKOPEI’s delivery of the services is conditional on you and your users’ compliance with your obligations and responsibilities defined in such documents and incorporated policies. These Delivery Policies, and the documents referenced herein, are subject to change at SKOPEI’s discretion; however SKOPEI policy changes will not result in a material reduction in the level of performance, security, or availability of Cloud Services provided during the Services Period.
SKOPEI provides Cloud Services from SKOPEI owned or leased data center space. SKOPEI defines the services network and systems architecture, hardware and software requirements. SKOPEI may access your services environment to perform the Cloud Services, including the provision of service support.
The Cloud Services are designed to be available 24 hours a day, 7 days a week, 365 days a year, except during system maintenance periods and technology upgrades and as otherwise set forth in the agreement, the ordering document and these Delivery Policies.
These Cloud Hosting and Delivery Policies include the following:
Customer access to the system is through the Internet. TLS encryption technology is available for SKOPEI Cloud Service access. TLS connections are negotiated for at least 128 bit encryption or stronger. The private key used to generate the cipher key is at least 2048 bits. TLS is implemented or configurable for all web-based TLS certified applications deployed at SKOPEI. It is recommended that the latest available browsers certified for SKOPEI programs, which are compatible with higher cipher strengths and have improved security, be utilized for connecting to web enabled programs. In some cases, a third-party site is used with cloud services and not under the control of SKOPEI may force a non-encrypted connection. In some cases, a third-party site that Customer wishes to integrate with the Cloud Service may not accept an encrypted connection. For Cloud Services where HTTP connections with the third party site are permitted by SKOPEI, SKOPEI will enable such HTTP connections in addition to the HTTPS connection.
SKOPEI Cloud operations teams access Customer environments through a segregated network connection, which is dedicated to environment access control and isolated from SKOPEI’s internal corporate network traffic. Authentication, authorization, and accounting are implemented through standard security mechanisms designed to ensure that only approved operations and support engineers have access to the systems.
SKOPEI is not responsible for Customer’s network connections or for conditions or problems arising from or relating to Customer’s network connections (e.g., bandwidth issues, excessive latency, network outages), or caused by the Internet. SKOPEI monitors its own networks and will work to address internal issues that may impact availability.
SKOPEI employs anti-virus software to scan uploaded files when deemed necessary by SKOPEI. Virus definitions are updated daily.
SKOPEI utilizes firewalls to control access between the Internet and SKOPEI Cloud Services by allowing only authorized traffic. SKOPEI managed firewalls are deployed in a layered approach to perform packet inspection with security policies configured to filter packets based on protocol, port, source, and destination IP address, as appropriate, in order to identify authorized sources, destinations, and traffic types.
SKOPEI employs standardized system hardening practices across SKOPEI Cloud Services. This includes restricting protocol access, removing or disabling unnecessary software and services, removing unnecessary user accounts, patch management, and logging.
SKOPEI provides secured computing facilities for both office locations and production cloud infrastructure. Common controls between office locations and co-locations/datacenters currently include, for instance:
Access to Cloud systems is controlled by restricting access to only authorized personnel. SKOPEI enforces password policies on infrastructure components and cloud management systems used to operate SKOPEI Cloud environment.
System access control includes system authentication, authorization, access approval, provisioning, and revocation for employees and any other SKOPEI-defined “users”. Customer is responsible for all end user administration within the program. SKOPEI does not manage Customer’s End User accounts. Customer may configure the programs and additional built-in security features.
Network and operating system accounts for SKOPEI employees are reviewed regularly to ensure appropriate employee access levels. In the event of employee terminations, SKOPEI will take prompt actions to terminate network, telephony, and physical access for such former employees. Customer is responsible for managing and reviewing access for its own employee accounts.
SKOPEI performs security related change management and maintenance as defined as described in the SKOPEI Cloud Change Management Policy. For any security patch bundle that SKOPEI will deploy for designated SKOPEI programs, SKOPEI will apply and test the security patch bundle on a stage environment of the applicable Cloud Service. SKOPEI will apply the security patch bundle to the production environment of the Cloud Service after SKOPEI successfully completes testing on the stage environment.
During the use of SKOPEI Cloud services, SKOPEI Cloud Customers maintain control over and responsibility for their data residing in their environment. SKOPEI Cloud Services provide a variety of configurable information protection services as part of the subscribed service. Customer data is data uploaded or generated for use within the SKOPEI Cloud Services.
Designated SKOPEI personnel handle media and prepare it for transportation according to defined procedures and only as required. Digital media is logged, encrypted, securely transported, and as necessary for backup archiving vaulted by a third-party off-side vendor. Vendors are contractually obligated to comply with SKOPEI-defined terms for media protection.
Upon termination of services (as described in the SKOPEI Cloud Suspension and Termination Policy) or at Customer’s request, SKOPEI will delete environments or data residing therein in a manner designed to ensure that they cannot reasonable be accessed or read, unless there is a legal obligation imposed on SKOPEI preventing it from deleting all or part of the environments or data.
SKOPEI evaluates and responds to incidents that create suspicions of unauthorized access to or handling of Customer data whether the data is held on SKOPEI hardware assets or on the personal hardware assets of SKOPEI employees and contingent workers. When SKOPEI is informed on such incidents, SKOPEI defines escalation paths and response teams to address those incidents, depending on the nature of the activity. SKOPEI will work with Customer, the appropriate technical teams, and law enforcement where necessary to respond to the incident. The goal of the incident response will be to restore the confidentiality, integrity, and availability of the Customer’s environment, and to establish root causes and remediation steps. Operation staff has documented procedures for addressing incidents where handling of data may have been unauthorized, including prompt and reasonable reporting, escalation procedures, and chain of custody practices.
If SKOPEI determines that Customer’s data has been misappropriated, SKOPEI will report such misappropriation to Customer within 72 hours of making such determination, unless prohibited by law.
SKOPEI Cloud Services operate under Policies which are aligned with the Code of Practice for information security controls.
SKOPEI periodically makes backups of production data in Customer’s Cloud Service for SKOPEI’s sole use to minimize data loss in the event of a disaster. SKOPEI typically does not update, insert, delete or restore Customer data on behalf of Customer. However, on an exception basis and subject to written approval and additional fees, SKOPEI may assist Customer to restore data which Customer may have lost as a result of their own actions.
Commencing at SKOPEI’s activation of Customer’s production environment, and provided that the Customer remains in compliance with the terms of the ordering document (including the Agreement) and meets SKOPEI’s recommended minimum technical configuration requirements for accessing and using the services from Customer’s network infrastructure and the Customer’s user work stations as set forth in the Cloud Service Program Documentation, SKOPEI works to meet the Target Service Availability Level in accordance with the terms set forth in this Policy. In these Delivery Policies, references to the term “production” mean (i) in the context of SKOPEI Cloud Software as Service offerings, the production instances of such devices, or (ii) in the context of SKOPEI Cloud Platform as a Service offerings, the development instances of such devices.
SKOPEI aims at a Target System Availability Level of 99.5% of the production service, measurable in monthly cycles and commencing at SKOPEI’s activation of the production environment.
“Availability” or “Available” means Customer is able to log in and access the transactional portion of the SKOPEI Cloud Services, subject to the following provisions. “Unplanned Downtime” means any time during which the services are not Available, but does not include any time during which the services or any services component are not Available due to:
Following the end of each calendar month of the Services Period under an ordering document, SKOPEI measures the “System Availability Level” over the immediately preceding month. SKOPEI measures the System Availability Level by dividing the difference between the total number of minutes in the monthly measurement period and any Unplanned Downtime by the total number of minutes in the measurement period, and multiplying the result by 100 to reach a percent figure.
SKOPEI uses a variety of software tools to monitor (i) the availability and performance of Customer’s production services environment and (ii) the operation of infrastructure and network components.
Due to the potential adverse impact on service performance and availability, Customer may not use its own monitoring or testing tools (including automated user interfaces and web service calls to any SKOPEI Cloud Services) to directly or indirectly seek to measure the availability, performance, or security of any program or feature of or service component within the services or environment. SKOPEI reserves the right to remove or disable access to any tools that violate the foregoing restrictions without any liability to the Customer.
Customer may not make significant workload changes beyond the amount permitted under the entitlements provided under ordering document.
Customer may not use nor authorize the use of data scraping tools or technologies to collect data available through the SKOPEI Cloud Service user interface or via web service calls without the express written permission of SKOPEI. SKOPEI reserves the right to require Customer’s proposed data scraping tools to be validated and tested by SKOPEI prior to use in the production and to be subsequently validated and tested annual. SKOPEI may require that a written statement of work be executed to perform such testing and validation work.
SKOPEI Cloud Operations from time to time make changes to cloud hardware infrastructure, operating software, product software and supporting application software to maintain operational stability, availability, security, performance and currency of the SKOPEI Cloud. SKOPEI follows formal change management procedures to provide the necessary review, testing and approval of changes prior to application in the SKOPEI Cloud production environment.
Changes made through change management procedures include system and service maintenance activities, upgrades and updates, and Customer specific changes. SKOPEI Cloud Change Management procedures are designed to minimize service interruption during implementation of changes.
SKOPEI Reserves specific maintenance periods for changes that may require the Cloud Service to be unavailable during maintenance period. SKOPEI works to ensure that change management procedures are conducted during scheduled maintenance windows, while taking into consideration low traffic periods and geographical requirements. The typical scheduled maintenance time lines for the SKOPEI Cloud Services is available on the support page of https://360.skopei.com/
SKOPEI will work to provide prior notice of modifications to the standard maintenance period schedule. For Customer-specific changes and upgrades, where possible, SKOPEI will work to coordinate the maintenance periods with Customer.
For changes that are expected to cause service interruption, SKOPEI will work to provide prior notice of the anticipated impact. The duration of the maintenance periods for planned maintenance are not included in the calculation of Unplanned Downtime minutes in the monthly measurement period for Service Availability Level (see “SKOPEI Cloud Service Level Objective Policy”). SKOPEI uses commercially reasonable efforts to minimize the use of these reserved maintenance periods and to minimize the duration of maintenance events that cause service interruptions.
SKOPEI may periodically be required to execute emergency maintenance in order to protect the security, performance, availability, or stability of the production environment. Emergency maintenance may include program patching and/or core system maintenance as required. SKOPEI works to minimize the use of emergency maintenance and will work to provide 14 hours prior notice as of any emergency maintenance requiring a service interruption.
To help ensure continuous stability, availability, security, and performance of the Cloud Services, SKOPEI reserves the right to perform major changes to its hardware infrastructure, operating software, application software and supporting application software under its control, no more than twice a per calendar year. Each such change event is considered scheduled maintenance may cause the Cloud Service to be unavailable for up to 24 hours. Each such change event is targeted to occur at the same time as the scheduled maintenance period. SKOPEI will work to provide up to 60 days prior notice of the anticipated unavailability.
As part of SKOPEI’s delivery of Cloud Services, SKOPEI may move Customer’s Cloud Services environment between production data centers within the same Data Center Region. Except for the purpose of recovering Customer’s Cloud Services, SKOPEI will work to provide a minimum of 30 days notice to the Customer about any such data center migration.
SKOPEI requires all Cloud Services Customers to keep the software versions of SKOPEI Cloud Services current with the software versions that SKOPEI designates as generally available (GA). Software updates will follow the release of every GA release and are required to maintain version currency. SKOPEI Cloud Hosting and Delivery Policies, such as the Service Level Objective Policy, and the Cloud Support Policy, are dependent on Customer maintaining GA version currency. SKOPEI is not responsible for performance or security issues encountered with the Cloud Services that may result from running earlier versions.
SKOPEI will not support older versions beyond the End of Life Policy described as follows. SKOPEI will host and support only the designated GA versions of an SKOPEI Cloud Service. All other versions of the service are considered as “end of life” (EOL). SKOPEI does not provide Cloud Services for EOL versions. Customers are required to complete the service upgrade to the latest version before the EOL of a given version. Customer acknowledges that failure to complete the upgrade prior to the EOL of a Cloud Service version may result in an upgrade automatically performed by SKOPEI or a suspension of the services. In certain circumstances where a Cloud Service version reaches EOL and SKOPEI does not make available an upgraded version, SKOPEI may designate, and require Customers to transition to a successor cloud service.
A deprecated feature is a feature that appears on prior or existing versions of the Cloud Service and is still supported as part of the service, but for which SKOPEI has given notification that the feature will be removed from future versions. SKOPEI makes commercially reasonable efforts to post notices of feature deprecation one month in advance of their removal and reserves the right to deprecate, modify, or remove features from any new version without prior notice.
The support described in this Cloud Support Policy applies only for SKOPEI Cloud Services and is provided by SKOPEI as part of such services under the ordering document. Customer may purchase additional services for SKOPEI Cloud via other SKOPEI support service offerings that are designated by SKOPEI for Cloud Services.
The fees paid by Customer for the SKOPEI Cloud Services offering under the ordering document include the support described in this SKOPEI Cloud Support Policy. Additional fees are applicable for additional SKOPEI support services offering purchased by Customer.
SKOPEI Cloud support becomes available upon the service start date and ends upon the expiration or termination of the Cloud Service under such ordering document (the “support period”). SKOPEI is not obligated to provide the support described in this Cloud Support Period Policy beyond the end of the support period.
Customer’s technical contacts are the sole liaison between Customer and SKOPEI. Such technical contacts must have, at minimum, initial basic training for SKOPEI Cloud and, as needed, supplemental training appropriate for specific role or implementation phase, specialized service/product usage, and/or migration. Customer’s technical contacts must be knowledgeable about the SKOPEI Cloud service offerings and the SKOPEI environment in order to help resolve system issues and to assist SKOPEI in analyzing and resolving service requests. When submitting a service request, Customer’s technical contact should have sufficient understanding of the problem being encountered and an ability to reproduce the problem in order to assist SKOPEI in diagnosing and pinpointing the problem. To avoid interruptions in support services, Customer must notify SKOPEI whenever technical contact responsibilities are transferred to another individual.
Support Services for SKOPEI Cloud consists of:
Customer’s technical contacts may access live telephone support via the phone numbers and contact information found on SKOPEI’s support website at http://www.skopei.com/about-skopei/support or such address designated by SKOPEI for the applicable Cloud Services ordered.
For service request that are escalated, the SKOPEI support analyst will engage the SKOPEI service request escalation manager who will be responsible for managing the escalation. The SKOPEI Service request escalation manager will work with Customer to develop an action plan and allocate the appropriate SKOPEI resources. If the issue is underlying the service request continues to remain unresolved, Customer may contact the SKOPEI service request escalation manager to review the service request and request that it be escalated to the next level within SKOPEI as required. To facilitate the resolution of an escalated service request, Customer is required to provide contacts within Customer’s organization that are at the same level as that within SKOPEI to which the service request has been escalated.
Customer questions or requests for an exception to the SKOPEI Cloud Hosting and Delivery Policies must be made via a service request with the Cloud Customer Support Portal applicable to the service (e.g., SKOPEI 360).
For a period up to 60 days after the termination or expiration of production services under the ordering document, SKOPEI will make available Customer production data for the purpose of retrieval by Customer. SKOPEI has no obligation to retain the data for Customer purposes after this 60 day post termination period. SKOPEI Customer Support Services are terminated at the end of the 60 day period.
Pilots of SKOPEI Cloud Services adhere to the same service termination policy as normal production environments.
At service termination, if Customer needs assistance from SKOPEI to obtain access to SKOPEI’s secure server in order to retrieve its production data, Customer must create a service request in the Cloud Customer Support Portal applicable to the service.
As part of the service termination process, SKOPEI makes secured protocols available by which designated Customer users can transfer Customer data from the service.
If SKOPEI detects violation, or is contacted about violation of, SKOPEI Cloud Services terms and conditions or acceptable use policy, SKOPEI will assign an investigating agent. The investigating agent may take actions including but not limited to suspension of user account access, suspension of administrator account access, or suspension of the environment until the issues are resolved.
SKOPEI will use reasonable efforts to restore Customer’s services promptly after SKOPEI determines, in its reasonable discretion, that the issues have been resolved or the situation has been cured.