DEEP Hybrid DataCloud Generic SLA
Last Document Revision
Glossary of terms
For the purpose of this SLA, the following terms and definitions apply:
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
This Corporate Service Level agreement (SLA) is valid for all IT services provided by the DEEP Hybrid DataCloud consortium, if no other agreements are in place. The Corporate Level SLA may be extended or replaced by specific SLAs.
1 - The services
Service delivery & operating times
IT services are in general delivered during 24 hours per day, 7 days per week (i.e. 365 days or 8,760 hours), to seamlessly support business operations. Planned and announced interruptions may reduce the effective operating time of a service.
2 - Service hours & exceptions
Overall availability target
For each service provided, the minimum annual availability target is 99%, independent from the criticality of the service. This means that in one year, the service must not be unavailable for more than 87 hours, if the effective operating time is 8,760 hours. Planned and agreed interruptions (e.g., for maintenance) are not considered as unavailability, since they are not part of the effective operating time. We target 99% availability time, but we do not guarantee it, therefore we do not exclude lower levels of availability.
Planned interruptions & incidents
For planned interruptions and (unplanned) incidents, the following targets apply:
- Maximum of 4 planned interruptions per year.
- Maximum duration of planned interruption: 1 day.
- Support and incident handling between 9:00 and 17:00 on business days.
- Target resolution time in case of incidents: less than 1 working day.
All other services
- Support and incident handling between 9:00 and 17:00 on business day.
- Target resolution time in case of incidents: depending on the individual priority according to incident prioritization guidelines – up to 3 business days (less than 2 or 1 business days in more urgent cases).
Any planned interruption will be announced in advance via EGI Operation portal 1 and agreed communication channels.
Any incident reported through approved channels will be acknowledged and reacted upon next business day (target reaction time). To accelerate the response to critical incidents, users recognizing a potentially critical or major incident are obliged to report this incident through dedicated emergency channels, allowing for a target reaction time of less than 60 minutes.
3 - Support
Support is provided via the EGI Global Grid User Support (GGUS) 2 "INDIGO DataCloud catch-all" Support Unit, which is the single point of contact for users for support requests and incident handling.
Service communication support is available all business days from 09:00 to 17:00.
Disruptions to the agreed service functionality or quality will be handled according to an appropriate priority based on the impact and urgency of the incident. The DEEP Hybrid DataCloud consortium will endeavor to resolve incidents within five working days.
Response and resolution times are provided as service level targets (see section "4 - Service level targets").
Fulfillment of service requests
In addition to resolving incidents, standard service requests (e.g. change or information request, documentation) will be fulfilled through the defined support channels, described above. Response and fulfillment times are provided as service level targets (see section "4 - Service level targets").
4 - Service level targets
The following are the target service level targets for all services:
Service level parameter
Overall service availability
99%, no access <3 days a year
Response time for a support request
Next Business Day
Target resolution time for a support request
5 working days
5 - Limitations & constraints
The provisioning of the service under the agreed service level targets is subject to the following limitations and constraints:
- Support is provided in English.
- Downtimes caused due to upgrades for fixing critical security issues are not considered SLA violations.
- Failures in the normal operation of the service caused by failures in service provided by the Customer are not considered SLA violations.
- Force Majeure. A party shall not be liable for any failure of or delay in the performance of this Agreement for the period that such failure or delay is due to causes beyond its reasonable control, including but not limited to war, strikes or labor disputes, embargoes, government orders, natural phenomena or any other force majeure event.
6 - Information security & data protection
The following rules for information security and data protection apply:
- The users are responsible for the security of the personal password, digital certificate and any other electronic credentials used to access the DEEP Hybrid DataCloud services.
- The user accounts are personal and are not transferable nor shareable. The users SHALL NOT share their credentials with third party under any circumstances, even if the requester is part of DEEP Hybrid DataCloud consortium.
- The users must report immediately any security incident like a lost or stolen password, a suspicious access, etc.
- The users are responsible for the security of the program/data/services executed/stored/offered including but not limited to permission rights, access control lists, open ports, etc.
- Assertion of absolute security in IT systems is impossible. The Provider is making every effort to maximize security level of users data and minimize possible harm in the event of an incident.
- The Provider will define and abide by an information security and data protection policy related to the service being provided.
7 - Responsibilities
The responsibilities of the Customers and Users are:
- Provide feedback on the quality of the service received.
- Raise any issues deemed necessary to the attention of the Provider.
- Respond to incident and problem records from the Provider in a timely manner.
- Promote an adequate and fair usage of DEEP Hybrid DataCloud services, including but not limited to hardware, software and middleware. In particular it is strictly forbidden to try any action that may impact its performance and/or is not indicated in this SLA, including "stress tests" or "benchmarking exercises".
- Ensure that any program/data/service using the DEEP Hybrid DataCloud services is under the terms of this SLA.
- Communicate if any of his organization users accessing the DEEP Hybrid DataCloud services are no longer part of his organization, or should not have access to the services anymore.
- The Customer commits to acknowledge DEEP Hybrid DataCloud in the scientific publications benefiting from the Service and will provide during Agreement review (yearly) list of scientific publications benefiting from the Service.
- The data stored in the system by the Customer must not cause any legal violation due to the content type (such as copyright infringement, dual use, illegal material).