SaaS Service Level Agreement

HID Global Software-as-a-Service
Service Level Agreement

This Service Level Agreement sets forth HID’s commitments with respect to Availability (as defined herein) of Service and the remedies associated with HID’s failure to meet such commitments. This is not a stand-alone agreement. This Service Level Agreement supplements the relevant service agreement between Purchaser and HID for the purchase of any of the following HID services (each a “Service”)

  • HID SAFE™ Services
  • WorkforceID™ Services
  • HID Authentication Service
  • HID Origo Management Portal
  • HID Origo Mobile Identities API
  • HydrantID Managed PKI and Trusted Digital Certificate Services
  • HID Location Services Dashboard
  • Identity Verification Service (IAMS)
  • Risk Management Solution (IAMS)

Any terms not defined herein shall have the meaning set forth in the relevant service agreement between Purchaser and HID.

A. HID SAFE™ Services, WorkforceID™ Services, and HID Authentication Services

The following is the Service Level Agreement for HID SAFE™ Services, WorkforceID™ Services, and HID Authentication Services:

1. Application of Service Levels

The Service Level Commitments described herein are offered for production instances of the Service only. Service Level Commitments are not provided for non-production (e.g. test services, evaluation, proof of concept, pre-production, etc.) instances. Notwithstanding anything to the contrary, the provisions of this Service Level Agreement do not apply to: (i) any feature of the Service where such feature is designated as beta, preview, or early access; or (ii) free trials or other unpaid use of the Service.

2. Definitions

“Available” means that the Service can process and respond to correctly constructed requests from end users and/or Customer Applications (if applicable) over the internet.

“Customer Application” means an application developed or used by End Customer that utilizes APIs and/or the Service. “Customer Application” does not include the Service and is separately provided by End Customer, not HID.

“Downtime” means a period during which the Service is not Available. Downtime does not include any downtime due to planned maintenance or emergency maintenance.

"Management Services Available" means that End Users may access the Service via its web portal and are capable of using it to manage Authentication Devices and Digital Certificates. For clarity, this term only applies to WorkforceID™ Digital Credential Manager.

"Usage Services Available" means that applications may query the status of Digital Certificates issued by the Service; HID operates and maintains CRL and OCSP capability with resources sufficient to provide a response time of ten seconds or less. IdenTrust Root CA Certificates, CRLs, and online TrustID Certificate status information are available for retrieval 24 hours a day, seven days a week. For clarity, this term only applies to WorkforceID™ Digital Credential Manager.

3. Availability

Availability of the Service is calculated on a monthly basis, by subtracting any Downtime (D) in minutes from the Total Availability (T) in minutes for the given month i.e.

Availability = Total Availability (T) – Downtime (D)

The percentage Availability is given by

Availability (%) =
T-D
T
x 100

Total Availability means the availability, 24 hours per day, 7 days per week, of the production instance of the Service (number of minutes in the month). Availability and performance metrics shall be measured by the Service on a monthly basis to ensure the Service Level Commitments, below, are met.

4. Service Level Commitment

HID’s Service Level Commitment for the Service is a monthly Availability percentage of 99.99%, excluding WorkforceID™ Digital Credential Manager. The Availability percentage for WorkforceID™ Digital Credential Manager shall be as follows: Management Service Availability of the Service per month will be at least 99.5% excluding any Force Majeure event(s) that result in downtime of the Service. Usage Service Availability of the Service per month will be at least 99.9% excluding any Force Majeure event(s) that result in downtime of the Service.

5. Credits

Subject to the Exclusions set forth herein, if HID fails to meet the applicable Service Level Commitment during a given month and Purchaser informs the HID within 7 days of such failure, Purchaser may claim an account-level credit allowance equivalent to one week of the impacted Service (irrespective of the number of users affected).

Upon request and verification by HID, the credit allowance will be automatically added to the account of the affected End Customer(s) at the time of Service renewal. Any unused credit allowance will be lost on termination of the Service and no compensation monetary or otherwise shall be due.

Notwithstanding anything to the contrary, Purchaser shall only be entitled to one credit allowance per month of Service. The credit allowance described in this Section will be Purchaser’s sole and exclusive remedy for any failure by HID to meet the applicable Service Level Commitment.

6. Exclusions

Notwithstanding anything to the contrary, HID is not liable, and Purchaser shall not be entitled to any credit allowance, for failure to meet the applicable Service Level Commitment due to:

  • planned maintenance, emergency maintenance, or system updates;
  • a force majeure event;
  • outages elsewhere on the internet that hinder access to the Service. For clarity, HID will guarantee only those areas of the internet considered under the control of HID;
  • use of the Service in any manner inconsistent with the features and functionality of the Service, as established by HID and/or set forth in the relevant Documentation;
  • problems due to End Customer’s failure to implement updates, upgrades, or changes in software (if any) or the Service made available or reasonably recommended by HID to the extent necessary to maintain Service Levels Commitments;
  • any fault, or incorrect configuration, of networks/equipment owned or managed by Purchaser, End Customer or any end users;
  • any failure by Purchaser to fulfill its obligations as set forth in the relevant service agreement;
  • acts or omissions of Purchaser, End Customer or any end users or acts or omissions of others engaged or authorized by Purchaser, End Customer or any end users;
  • HID’s suspension of access to the Service in accordance with the relevant service agreement; or
  • HID’s suspension of access to the Service based on End Customer and/or end user misuse of the Service or breach of the Terms of Service.

B. Identity Verification Service (IAMS)

The following is the Service Level Agreement for Identity Verification Service provided by HID’s Identity and Access Management Services group (IAMS) through a third party service provider:

1. SYSTEM AVAILABILITY – UPTIME LEVELS

1.1  Normal Availability of the Services shall entail the Services being available for not less than 97% of the time in any one quarter, being three (3) consecutive calendar months of the year.

1.2  Uptime is measured over each calendar month.  It is calculated to the nearest minute, based on the number of minutes in the given month (for instance, a 31-day month contains 44,640 minutes). 

2.  OBLIGATIONS

HID will:

  • use reasonable efforts to co-operate with the End Customer to determine the cause of and resolve any Service failure or Unplanned Outage;
  • use reasonable efforts to notify the End Customer of all Unplanned Outages; and
  • procure that service provider be exclusively responsible for the resolution of any incident assigned to them until that incident is effectively resolved.

3.  EXCLUSIONS

The provisions of this Service Level Agreement are written in good faith.  However, this Service Level Agreement and/or the provisions hereof do not apply to:

  • Problems caused by using equipment, software or Service(s) in a way that is not recommended;
  • Circumstances where End Customer has made unauthorized changes to the configuration or set-up of affected equipment, software or Services;
  • End Customer has prevented service provider and/or it agents and/or affiliates from performing required maintenance and update tasks in relation to the Services; or
  • Any issues caused by unsupported mobile devices, equipment, software or other services.

The provisions hereof do not apply if the End Customer is in breach of the Agreement for any reason (e.g. late payment of fees, violation of terms, etc.).

4. CREDITS

Subject to the Exclusions set forth herein, if uptime for any item drops below the relevant threshold set forth in Section 1 and End Customer informs HID within seven (7) days of such failure, End Customer may claim an account-level credit allowance equivalent to the number of hours for which the impacted Service was unavailable, minus any downtime permitted by this Service Level Agreement (irrespective of the number of users affected).

Upon request and verification by HID, the credit allowance will be automatically added to the account of the affected End Customer(s) at the time of Services renewal. Any unused credit allowance will be lost on termination of the Services and no compensation, monetary or otherwise, shall be due.

Notwithstanding anything to the contrary, credits in any quarter are capped at 20% of the total fee applicable to such quarter. Uptime measurements exclude period of routine maintenance. The credit allowance described in this Section will be End Customer’s sole and exclusive remedy for any failure by HID to meet the applicable uptime levels set forth herein.

C. HID Physical Access Control Systems (PACS)

The following is the Service Level Agreement for HID Origo Management Portal, HID Origo Mobile Identities API, and HID Location Services Dashboard.

Notwithstanding any other provision of this SLA, the provisions of this SLA do not apply to: (i) Any feature of any Service(s) (defined below) where such feature is designated by HID as beta, preview, or early access; or (ii) Free trials or other unpaid use of any Service(s) (defined below).

Note: Once a Mobile ID has been successfully issued to a device, its usage in terms of reader interaction is independent of the availability of the HID Origo Services.

1. Definitions

“Terms” has the meaning given such term in Section 1.

“Available” means any state in which the Services are providing the following functionality, as applicable:

  • Creation and deletion of Mobile Identities Users
  • Creation and redemption of Invitation Codes
  • Issuance and revocation of credential
  • Dashboard application available
  • Data loading in dashboard application

“Availability” means a figure calculated with reference to each calendar month, separately, during which the Services were Available. Availability is calculated on a monthly basis, by subtracting any Downtime (“D”) in minutes from the total number of minutes for the given month (“M”), divided by the total number of minutes for the given month (M). This score is multiplied by 100 to provide a percentage-based metric:

Availability =
M-D
M
x 100

Availability metrics are exclusively based on monitoring data collected by HID.

“Downtime” means the total time, measured in minutes for each month, during which the Services were not Available, subject to the Exclusions below.

“Maintenance” means any period of Downtime of the Services in connection with maintenance of the Service(s) by HID or of HID business operations applicable to the Service(s), communicated by HID in advance of the event per the Service Level Commitment.

“Mobile Identities User” means a data record representing a user in the Services, for which Invitation Codes and credential can be managed.

“Services” means the Mobile Identities section of the HID Origo Management Portal and the HID Origo Mobile Identities API and the HID Location Services Dashboard, as applicable. Any one such service individually, a “Service”.

“Service Status Website” means a website at which HID can provide information about the Services, such as Available status, Maintenance events and other operational aspects.

1.2 Commitment

HID will provide Availability of each Service at least 99.5% of the time each calendar month (the “Service Level Commitment”). HID’s Service Level Commitment does not apply to any unavailability due to Maintenance or Exclusions.

HID will use commercially reasonable efforts to provide notice to End Customer, for example via updates to the HID Origo Management Portal, Service Status Website(s) or via email to registered administrators, within thirty (30) minutes after a Service is detected as not Available.

HID will provide notice in advance of Maintenance events at least seven (7) days in advance of the given event, for example via updates to the HID Origo Management Portal, Service Status Website(s) or via email to registered administrators.

HID will use commercially reasonable efforts to conclude each event of Maintenance within ninety (90) minutes of the noticed start time of such event. Events qualifying as Maintenance will not occur more than twelve (12) times in any given calendar year.

2.  Exclusions

Notwithstanding anything to the contrary, HID is not liable, and Purchaser shall not be entitled to any credit allowance, for failure to meet the applicable Service Level Commitment due to:

  • planned maintenance, emergency maintenance, or system updates and other maintenance events outside of HID’s reasonable control;
  • a force majeure event;
  • failure or latency of any network, system or application, including the internet, not under HID’s direct control;
  • outages elsewhere on the internet that hinder access to the Service. For clarity, HID will guarantee only those areas of the internet considered under the control of HID;
  • use of the Service in any manner inconsistent with the features and functionality of the Service, as established by HID and/or set forth in the relevant Documentation;
  • problems due to End Customer’s failure to implement updates, upgrades, or changes in software (if any) in relation to the Service, made available or reasonably recommended by HID to the extent necessary to maintain Service Levels Commitments;
  • any fault, or incorrect configuration, of networks/equipment owned or managed by Purchaser, End Customer or any end users, including, but not limited to, End Customer’s use of unsupported software, hardware or configuration;
  • any failure by Purchaser to fulfill its obligations as set forth in the relevant service agreement;
  • acts or omissions of Purchaser, End Customer or any end users, or acts or omissions of others engaged or authorized by Purchaser, End Customer or any end users;
  • HID’s suspension of access to the Service in accordance with the relevant service agreement; or

HID’s suspension of access to the Service based on End Customer and/or end user misuse of the Service or breach of the applicable Terms of Service.

D. HYDRANTID MANAGED PKI AND TRUSTED DIGITAL CERTIFICATE SERVICES

The following is the Service Level Agreement for HydrantID Managed PKI and Trusted Digital Certificate Services:

The HID Certificate Administration Console and Technology production service will be operational 24 hours per day, 7 days per week, and 365 days per year. The services will be deemed operational if they are available 99.5 % of the time on a monthly basis. Scheduled downtime will not exceed seven hours per month and will occur (i) on Saturdays or Sundays, or (ii) at such other times and days as HID may deem necessary, provided HID gives customer at least three calendar days advance written notice of such other time and day for scheduled downtime. As the HID Certificate Administration Console and Technology application is dependent on the availability of internet communications, HID does not and cannot provide a service level guarantee that the HID Certificate Administration Console and Technology service will be accessible by customer on an uninterrupted basis.

E.   Risk Management Solution (IAMS)

The following is the Service Level Agreement for the Risk Management Solution (RMS) provided by HID’s Identity and Access Management Services group (IAMS) through a third party service provider:

Service availability of 99.5% monthly uptime, excluding planned maintenance windows.

Downtime is measured from the time End Customer reports the event until the time the Service is restored and does not include:

  • time related to a scheduled or announced maintenance outage;
  • causes beyond service provider control;
  • problems with End Customer or third party content or technology, designs or instructions;
  • unsupported system configurations and platforms; or
  • other End Customer errors or End Customer-caused security incidents or End Customer security testing.

Availability, expressed as a percentage, is calculated as: the total number of minutes in a contracted month minus the total number of minutes of Downtime in a contracted month, divided by the total number of minutes in the contracted month.

For clarity, on-premise installations service provider can guarantee only uptime of “virtual appliances with AFS Servers.” Service provider will not guarantee hardware and infrastructure parts of the solution.