Service Level Agreement

Sandhill Subscription Agreement

1. SUPPORT

1.1 Requests for Support.
Sandhill will respond to all support requests via email to support@sandhill.co.uk for EMEA based Customers and support@sandhillconsultants.com for North American Customers.

1.2 Telephone Support.
Telephone Support is offered in English to EMEA based Customers with a Support Agreement, during support hours: Monday – Friday 0900 – 17:00 GMT /BST. For telephone support call: +44 (0)1476 568708. For North American Customers with a Support Agreement during support hours: Monday – Friday 0900 – 1700 EST. For telephone support call +1 905-847-5882.

1.3 Sandhill Response Time.
Sandhill support shall respond to all such support requests in a timely and professional manner. For faults and defects blocking the operations Sandhill shall provide an initial response within 24 hours.

2. Sandhill HOSTING

2.1 Access.
Sandhill shall make the Subscription Service available twenty-four (24) hours per day, seven (7) days a week with a minimum uptime level of ninety-nine percent (99%) measured on an aggregate quarterly basis. Such service availability does not, however, include regularly scheduled maintenance or any unscheduled downtime due to failures beyond Sandhill’s control (such as errors or malfunctions due to Customer’s computer systems, local networks or Internet connectivity).

2.2 Upgrades.
Upgrades are included in the Subscription Service and offered to all Customers on a regular basis. Upgrades will be scheduled and conducted as per agreement with Customer admin contact. Upgrades can be scheduled outside peak environment usage time to minimize downtime. Upgrades for multi-tenancy environments are automatically delivered to all instances, so downtime will be limited.

2.3 Maintenance.
Sandhill shall conduct scheduled service maintenance of the Service (“Scheduled Maintenance”) after normal business hours or on weekends, where possible. If this is not possible, Sandhill support staff will work with the customer admin to minimize disruption during peak working hours. Sandhill shall give the Customer at least twenty-four (24) hours prior notice of the exact date and time of such Scheduled Maintenance via e-mail or other timely means of communication

2.4 Data Retention and Recovery.
For environments hosted by Sandhill data is secured through AWS redundant data structures. Sandhill shall back-up the environment as follows:
(a) daily full server backups, kept for 60 days
(b) monthly full server backups, kept for 2 years.
Backups will be stored in encrypted form, in a secure secondary data centre location within the same region. Sandhill shall implement sufficient measures to ensure that the backup data is accessible and maintained in a manner to enable restoration of the backup version of the Service in the event of a system malfunction or outage.
Sandhill will ensure that Recovery Point Objective and Recovery Time Objective of environments are 24 hours, where possible. For data recovery of data older than 60 days a timeframe of 72 hours is required.
Sandhill will restore the service to a mutually agreed backup point, as part of normal service delivery, if an issue in data integrity is seen, as the result of issues with the service being delivered i.e. issues with maintenance activities, the infrastructure, services or the application itself. Sandhill does not guarantee to restore the data to a backup point, due to a customer end user having corrupted data or having incorrectly removed data from the system, whilst using the application or its API’s. The customer should reach out to Sandhill and an assessment will be made on what can be done. This may incur additional cost.

2.5 Security Measures.
Sandhill shall, at a minimum, take the following measures to protect environments hosted by Sandhill:

  • Multi-tenancy with shared server or Single tenancy with dedicated server
  • Encryption in transit (TLS 1.2 and security certificates)
  • Encryption at rest (Luks Storage encryption)
  • Firewall and security groups
  • Resource monitoring and resource threshold alerting
  • IP whitelisting available at Customer request (Single tenants only)
  • Anti-virus
  • Role-based access control
  • Full segregation of hosting environments from any standard Sandhill internal network, ensuring segregation of duties and no service data transfer except for status and license reporting
  • Sandhill Multi-factor authentication can be enabled at Customer request.