This Maintenance and Support Level Agreement (the “SLA”) between CERTIFY and the Customer is for the provisioning of services required to support and sustain CERTIFY services.

CERTIFY is committed to providing a highly available and secure biometric platform and services to support the Customer’s users. Providing the Customer with consistent access to CERTIFY services is a priority for CERTIFY and the basis for its commitment in the form of this SLA. This SLA provides certain rights and remedies if the Customer experiences service interruption because of failure of CERTIFY infrastructure. The overall service availability metric is 97%, measured monthly.

This SLA remains valid until superseded by a revised SLA or other agreement mutually endorsed by the Customer and CERTIFY.

This SLA outlines the parameters of all services covered as they are mutually understood by Customer and CERTIFY. This SLA does not supersede current processes and procedures unless explicitly stated herein.

For the purpose of this SLA, the terms in bold are defined as follows:

Available

When a Customer’s account is active, enabled, and Customer has reasonable access to the hosted service provided by CERTIFY, subject to the exclusions defined in Downtime Minutes below.

Availability

The percentage of planned available time that the system was available.

Total Monthly Minutes

The number of minutes during the month that the system is expected to be available. Total Monthly Minutes is equal to the Customer required hours of operation multiplied by 60 minutes per hour.

Maintenance Time

The period during which the hosted service may not be available each month so that CERTIFY can perform routine maintenance to maximize performance, is on an as needed basis.

Downtime

The total number of minutes that the Customer cannot access the hosted service for a period more than (five) 5 minutes from the time Customer notifies CERTIFY that the hosted service cannot be accessed. The calculation of Downtime Minutes excludes the time that Customer is unable to access the CERTIFY Services due to any of the following:

1. Maintenance time
2. Customer’s own internet service provider
3. Force majeure event
4. Any systemic internet failures
5. Enhanced services (Beyond the application needs like Azure services, VPN, Customer Printing, Cloud, First data, Twilio, etc.)
6. Any failure in Customer’s own hardware, software or network connectivity
7. User error
8. Customer’s bandwidth restrictions
9. Customer’s acts or omissions
10. Unavailability or maintenance of Customer’s integrated systems
11. Anything outside of the direct control of CERTIFY

CERTIFY Network
The network inside of CERTIFY border routers.

Problem Response Time
The period after CERTIFY’s confirmation of the service event, from receipt of the information required from Customer for CERTIFY’s support team to begin resolution and open a trouble ticket in CERTIFY’s systems. Due to the wider diversity of problems that can occur, and the methods required to resolve them, problem response time IS NOT defined as the time between the receipt of a call and problem resolution. After receiving a report of fault, CERTIFY shall use a reasonable method via email and/or phone call to provide Customer with a progress update.

For planned maintenance, CERTIFY will communicate the date and time that CERTIFY intends to make the CERTIFY Services unavailable by communicating to Customer’s representatives as per the notice period set below The Customer understand and agrees that there may be instances where CERTIFY needs to interrupt the CERTIFY Services without notice in order to protect the integrity of the CERTIFY Services due to security issues, virus attacks, spam issues or other unforeseen circumstances. These change controls, if possible, will usually occur in low peak hours, defined as Saturday and Sunday 1:00 am to 5:00 am GMT/ UTC or other times as determined by CERTIFY network metrics. Additional maintenance time will be scheduled for maintenance windows that require time larger than the “low peak hours” time frame. Below are the Maintenance Windows and their definitions:

Note – Preventive Maintenance – In general, CERTIFY will be contacting CUSTOMER within 30mins of the action being performed if non-urgent, or within 30mins of urgent action occurring. If the action is going to lead to a loss of usage, then immediate parallel notifications will be going on from CERTIFY’s support desk.

Maintenance time will be defined by the nature of maintenance and will be documented as part of notice provided so we have a placeholder defining the total time taken.

The following detailed service parameters are the responsibility of CERTIFY in the ongoing support of the Agreement.

1. Service Scope
The following production services are covered by this SLA:

• 1.1. CERTIFY Platform (Hosted Service).
• 1.2. CERTIFY Customer Application (Installed on Customer’s hardware or at Customer’s locations – excluded for availability of systems)

2. Customer Requirements
Customer responsibilities and/or requirements in support of this SLA include:

• • Payment for all support costs at the agreed interval.
  • Reasonable availability of Customer representative(s) when resolving a service-related incident or request.

3. CERTIFY Requirements
CERTIFY responsibilities and/or requirements in support of this SLA include:

• • Meeting response times associated with service-related incidents.
  • Appropriate notification to Customer for all scheduled maintenance.

4. Service Assumptions

Assumptions related to in-scope services and/or components include:

• CERTIFY will maintain a HITRUST certification and agree to keep our environments in a HIPAA compliant manner for the duration of this contract
• Changes to services will be documented and communicated to all stakeholders.

5. Term of the SLA

This SLA shall only become applicable to the CERTIFY services upon the later of (a) completion of the “stabilization period”, as such term is defined in the Statement of Work (if any), or (b) ninety (90) calendar days from the provisioning of the CERTIFY services.

6. Measurement and Service Level Guidance
CERTIFY uses a proprietary system to measure whether the CERTIFY services are available and Customer agrees that this system will be the sole basis for resolution of any dispute that may arise between Customer and CERTIFY regarding this SLA.

The percentage of availability is calculated based on the following formula: A=((T-M-D)/(T-M))x100 where:

A=Availability

T=Total Monthly Minutes* M=Maintenance Time D=Downtime

*Total Monthly Minutes is based on Customer Required Hours of Operation, which may be less than 24/7 operation.

CERTIFY will ensure the service Availability to be not less than 97% as calculated with the above formula.

Maintenance time will be defined by the nature of maintenance and will be documented as part of notice provided so we have a placeholder defining the total time taken.

Effective support of in-scope services is a result of maintaining consistent service levels. The following sections provide relevant details on service availability, monitoring of in-scope services and related components.

7. Support Availability and Response/Resolution SLA

Support to CUSTOMER Staff only

Support Coverage, hours of availability and response times to errors are set forth in the following tables: Tier 1: Support Coverage Hours – 24 X 7, Tier 2 & 3: Support Coverage 8AM to 6PM EST Monday-Friday excluding standard United States government holidays as published by the U.S. Office of Personnel Management.

Response Time: Call back within thirty (30) minutes by a support technician during Tier 2 & 3 Support Coverage Hours.

8. Contacting Support
Postproduction incidents identified by Customer are to be reported to CERTIFY via a call and/or email to the Certify Global support line/team.