Prevalent Service and Support Guidelines

INTRODUCTION

  1. TECHNICAL SUPPORT

Technical Support Services provided by Prevalent will include, at a minimum, the following:

  • Prevalent will provide real time technical assistance and engineering to engineering level backline support to Company for Severity technical assistance requests (“TARs”), and during Prevalent’s normal business hours of 7 am – 7 pm Eastern Time, Monday – Friday, excluding national U.S. holidays (“Prevalent’s Normal Business Hours”). Real time technical assistance will include telephone and pager access.  Telephone access will include, but not be limited to, problem solving, bug reporting, documentation clarification and technical guidance. In addition after Prevalent’s Normal Business Hours, Prevalent may respond to Severity Level 1 and Severity Level 2 TARs via pager response.  Full support includes but is not limited to code fixes or changes and error corrections, problem solving, bug reporting, documentation, updates, content updates (if applicable), and technical guidance.
  • Resolution & Response Times. Once Company has contacted Prevalent with a potential technical support issue or request for assistance, Prevalent will use reasonable commercial efforts to respond and resolve the problem within the applicable time frame specified below (“Response Time”).  .  Prevalent will be responsible for fixing bugs, testing fixes, and delivering appropriate updates to Company. As used in this Section, a response means a qualified Prevalent engineer has been assigned to the TAR and has begun to work to resolve the TAR or problem.  Unless otherwise noted, all days are calendar days.  Prevalent shall not be deemed in material breach of this Agreement for failure to meet the applicable Response Time, provided that Prevalent uses commercially reasonable efforts to meet the applicable Response Time.

 

During Prevalent’s Normal Business Hours

TAR Level Response Time Resolution Time
1 – Critical Business Impact or Security Vulnerability 1 hour
Continuous  efforts
1 day
2 – Severe Business Impact 2 hours 3 days
3 – Limited Business Impact 8 hours 7 days
4 – Minor Business Impact 1 business day As mutually agreed

 

Outside of Prevalent’s Normal Business Hours

TAR Level Response Time Resolution Time
1 – Critical Business Impact or Security Vulnerability 4 hours
Continuous efforts
1 day
2 – Severe Business Impact 6 hours 3 days

 

  • Product Technical Support Updates. Prevalent will provide to Company all generally available Updates to the licensed Products.  Updates will be tested and provided according to the following guidelines:
    • Patches and bug fixes: These are program bugs or enhancements that are fixed, ported, and tested on all supported platforms by Prevalent between normal program releases on an as-needed basis. Prevalent will make these patches and bug fixes available for additional testing by Company, if requested.
    • General maintenance releases: These are a group of program bug fixes, patches, or enhancements that have a scheduled release date. General maintenance releases will be tested by Prevalent before they are provided to Company. Prevalent will make these patches and bug fixes available for additional testing by Company, if requested.
    • Functional releases: These are releases that add new functionality to the program. Functional releases will be tested by Prevalent before they are provided to Company. Prevalent will make these patches and bug fixes available for additional testing by Company, if requested.
    • Operating System Changes: Prevalent will provide updates required by operating system changes (such as service packs) for supported operating systems within forty-five (45) days of availability of the operating system change and written request from Company.
    • Content Update(s):  Content Updates will be tested by Prevalent before they are provided to Company.  Prevalent will make these Content Updates available for additional testing by Company upon request.

 

  1. Version Support. Prevalent will provide full support for each version and its related minor releases of the Products  for at least six (6) months following Prevalent’s end of life (“EOL”); provided that in no event shall Prevalent be obligated to provide full support for any or (b) older than the current version released by Prevalent plus the immediately preceding version released by Prevalent.
  2. Host Security. Prevalent will have three security components in place for Internet facing servers: (i) “hardened” operating system (OS) builds; (ii) on-host security monitors; and (iii) a secure audit log repository. Provider’s data center will comply with the requirements for SSAE 16 and SOC 2.
  3. Secure Audit Repository. Prevalent will log 3 or more of the following information to a secure audit repository:
  • Root access to any E-Commerce server including IP address of user and original user name;
  • Any OS patch or OS configuration changes and the user and IP address making them;
  • Any changes to files in the web application directories, and the user and IP address making them;
  • Any log file deleted;
  • Any log file changed by the non-owning process;
  • Account creation, deletions, and modifications (OS not application);
  • Failed attempt to access data;
  • Failed login;
  • Log open;
  • Log closed;
  • Service start/stop not on boot;
  • Start/stop of server; and
  • Changes to firewall configuration files.

5. RPO/RTO

5.1  The Services being contemplated as part of cloud services are generally considered non-critical from a business continuation perspective.

5.2 Prevalent publishes RPO – 24 hours and RTO – 8 hours for a single customer module outage

5.3  Prevalent communicates disruption of Service primarily via email within 4 hours of a confirmed disruption.  If email is unavailable, a Prevalent representative will call the primary point of contact.