SafePass Customer Governance Plan

REVISION 2: 02/12/2021

1. INTRODUCTION
1.1     PURPOSE
2. SERVICE LEVEL AND SUPPORT
2.1     GENERAL REQUIREMENTS
2.1.1     Service Monitoring and Management.
2.1.2     Support Services.
2.1.3     Service Reliability.
2.2     SERVICE LEVELS
2.2.1     Availability. “Service Availability”
2.2.2     Response Time. “Response Threshold”
2.3     SUPPORT
2.4     RESPONSE TIME AND RESOLUTION TIME
2.5     ESCALATION TIME
2.6     REPORTING
2.7     CREDIT APPLICATION

Governance Personnel

PERSONNEL POSITION IN SAFEPASS ROLE IN CUSTOMER ISSUE AND ESCALATION PROCESS
Contact SafePass President Project Director
Contact SafePass Senior Vice President Project Manager
Contact SafePass Software Director Issue Manager
Duty Manager Rotational On-Call Support

Executive Steering Committee

PERSONNEL POSITION IN SAFEPASS
Contact SafePass President
Contact SafePass Director of Communications
Contact SafePass Technical Manager
Contact SafePass Advisor
Contact SafePass Advisor

1.   INTRODUCTION

1.1      PURPOSE

This document describes the service level and support expectation for the Customer Project.  The reference document for this project is titled SafePass Issue and Escalation Process.

2.   SERVICE LEVEL AND SUPPORT

The following terms and conditions apply to SafePass’ operating environment (both hardware and software) that are used to support and host the SaaS Products, as well as store the SaaS Data and Usage Data, including, but not limited to, load balancing servers, web servers, backend storage systems, and all network devices owned or managed by SafePass, used to provide Customer with the foregoing services (“SafePass Hosted Services”).

2.1      GENERAL REQUIREMENTS

2.1.1        Service Monitoring and Management.

SafePass shall monitor, in real-time, the availability and performance of the SafePass Hosted Services on a 24x7x365 basis, including, without limitation, real-time monitoring of servers and all components of SafePass’ firewall, and shall report to Customer and resolve any issues in accordance with the service levels herein.

2.1.2        Support Services.

SafePass’ live personnel shall at all times be available to Customer on a 24x7x365 basis to respond to and resolve any performance or other problems with the SafePass Hosted Services (including but not limited to any problems reported by Customer, end users, or which SafePass otherwise learns of) and to provide notices to Customer required pursuant to the Agreement and in accordance with the service levels herein.  Automated monitoring tools shall be utilized to alert SafePass (and if a Priority Level 1 or Priority Level 2 problem, Customer) personnel of problems on a 24x7x365 basis.  SafePass shall record each material failure of the SafePass Hosted Services to comply with a service level in a problem tracking system, conduct a root-cause analysis as provided below if applicable to a particular service level failure, and report monthly (or more frequently if Customer determines in good faith that it is necessary) in writing the results thereof to Customer (and in a meeting if reasonably requested by Customer).

2.1.3        Service Reliability.

SafePass shall provide uninterruptible power supplies for all operation-critical equipment used to support the SafePass Hosted Services (e.g., routers, hubs, servers), together with backup power supplies capable of providing no less than 96 hours of uninterrupted operation of the SafePass Hosted Services in the case of a prolonged power failure.  SafePass shall maintain redundancy in all key components used to support the SafePass Hosted Services to prevent outages due to individual component failures and shall at all times maintain spare components on-site (at Customer expense if such spare components are maintained solely for the SafePass Hosted Services provided to Customer and no other SafePass customers) to provide for immediate replacement in the case of component failures.  Nothing in this section is intended to limit or excuse the obligations of SafePass to comply with the general service levels herein or its other obligations under the Agreement.

2.2      SERVICE LEVELS

2.2.1        Availability. “Service Availability”

“Service Availability” means any time the SafePass Hosted Services are operational and fully functional in all material respects. SafePass will ensure that Service Availability will be 99.9% of the time during any calendar month, except for any time the SafePass Hosted Services are not operational or fully functional in all material respects to the extent caused by: (a) the acts or omissions of Customer, its employees, contractors, or agents; (b) the failure or malfunction of equipment, applications, or systems not owned, provided, or controlled by SafePass; or (c) scheduled service maintenance, alteration, or implementation, provided that: (i) the foregoing is limited to four hours in the aggregate in any calendar month; (ii) the foregoing only occurs between the hours of 12:00 AM and 5:00 AM Eastern Time; and (iii) SafePass delivers at least 72 hours advance written notice (e-mail sufficing) in each instance. Service Availability shall be measured by a commercially available software or service (e.g., Keynote, Gomez), configured to measure Service Availability at least as frequently as every 5 minutes (“Sample Period”). If the SafePass Hosted Services fail a measurement within a Sample Period, then such services shall be considered not operational for the entire duration of such Sample Period. For each 1% that Service Availability falls below 99.9% in any given month, SafePass will credit Customer 10% of the total fees paid to SafePass by Customer for such month. If the Service Availability is below 99.9% in any two out of three months during the Term, Customer may terminate the Agreement immediately upon written notice and without any further obligation to SafePass of any kind or nature.

2.2.2        Response Time. “Response Threshold”

“Response Threshold” means the percentage of all requests in a given month sent to the servers hosting the SafePass Hosted Services that are responded to within 200 ms or less, as measured on a per-request basis using commercially available monitoring software configured to measure from the time period that the last byte of the request is received at SafePass’ border router until the last byte of the response leaves the SafePass’ border router. For each 1% that the Response Threshold falls below 95% in any given month, SafePass will credit Customer 10% of the total fees paid to SafePass by Customer for such month. If Response Threshold is below 95% in any two out of three months during the Term, Customer may terminate the Agreement immediately upon written notice and without any further obligation to SafePass of any kind or nature.

2.3      SUPPORT

SafePass shall be responsible for responding to and resolving all issues related to the delivery of the SafePass Hosted Services, including responding to technical issues related to Service Availability and Response Threshold, problems, and general inquiries relating to the delivery of the SafePass Hosted Services, except for those issues which are solely within Customer’s control (“Incidents”).  SafePass will provide support for the SafePass Hosted Services directly to Customer on a 24x7x365 basis, at the following telephone number and e-mail address.

Telephone number:   888-559-0903 ext. 2

E-mail address:          [email protected]

In the event an Incident is detected by SafePass, or reported by Customer, SafePass shall use its reasonable discretion to assign a Priority to the Incident taking into account the Priority Definitions set forth in the table below.  Once an Incident has been assigned a Priority, SafePass shall respond to such Incident and resolve such Incident within the Response Time and Resolution Time for the applicable Priority in Table 1 below and escalate such Incident within the Escalation Time, along the Escalation Path, for the applicable Priority in Table 2 below.  Response Time shall be measured from the time SafePass receives notification of an Incident from Customer or independently discovers an Incident, until Customer receives a communication from a human that SafePass is aware of such Incident and has allocated resources to investigating and/or resolving it.  Resolution Time shall be measured from the time SafePass receives notification of an Incident from Customer or independently discovers an Incident, until SafePass has modified the SafePass Hosted Service so that the practical adverse effect of such Incident has been eliminated or provided SafePass with a procedure or routine that eliminates or mitigates the practical adverse effect of such Incident in a commercially reasonable manner and with minimal effort by Customer to implement.  For each Incident in a given month that SafePass fails to resolve in accordance with the applicable Resolution Time for such Incident, SafePass will credit Customer 10% of the total fees paid to SafePass by Customer for such month.  If SafePass fails to respond to an Incident in accordance with the applicable Response Time or resolve an Incident in accordance with the applicable Resolution Time in any two out of three months during the Term, Customer may terminate the Agreement immediately upon written notice and without any further obligation to SafePass of any kind or nature.

2.4      RESPONSE TIME AND RESOLUTION TIME

PRIORITY RESPONSE TIME RESOLUTION TIME PRIORITY DEFINITION
1. Critical 30 Minutes Four Hours SafePass Hosted Service completely unavailable.

Essential facilities/tools do not work.
2. Urgent One Hour Eight Hours Non-essential features and/or functionalities of the SafePass Hosted Service are unavailable or not fully functional, significantly impairing Customer’s ability to use the SafePass Hosted Service; issues that could weaken system integrity over a period of time; problems that can be ‘worked’ around in the short term but cause significant operational disruption the long term.
3. Important One Business Day Two Business Days Assistance required for technical or functional features of SafePass Hosted Service. Problems that exist, which cause minor operational difficulties with the SafePass Hosted Service.
4. Monitor Two Business Days One Week General queries to SafePass. Undefined problems that may cause minor operational difficulties. Problems that require additional research and monitoring on the part of Customer and SafePass to define and resolve.
5. Information One Week When commercially feasible Comments or suggestions on services, technical features, design or other topics.

2.5      ESCALATION TIME

PRIORITY ESCALATION TIME ESCALATION PATH
1. Critical Every Eight Hours See File: “SafePass Issue and Escalation Process_Customer”
2. Urgent Every 16 Hours See File: “SafePass Issue and Escalation Process_Customer”
3. Important Every 4 Business Days See File: “SafePass Issue and Escalation Process_Customer”
4. Monitor N/A N/A
5. Information N/A N/A

2.6      REPORTING

No later than 10 days after the end of each calendar month, SafePass shall provide to Customer a report containing reasonable detail regarding performance, usage and other criteria relating to the SafePass Hosted Services in such month (including but not limited to Service Availability, Response Threshold, Incidents reported or discovered, Incidents resolved, and status of unresolved Incidents).  Additional reports not immediately identified but focused on driving product/service enhancements may be requested from time to time by Customer, and SafePass shall provide such reports, and the Parties will discuss and reasonably agree upon the scope and frequency of such reports.  SafePass shall agree to meet with the Customer team to review all performance, usage and other criteria at least on a quarterly basis.  The output of this meeting shall be a remediation plan to address any shortcomings of the service highlighted by these reports.

2.7      CREDIT APPLICATION

In order to initiate a claim for credits pursuant to this exhibit, Customer must contact SafePass within 60 days after the end of the calendar month for which credit is requested.  The request shall provide: (a) Customer name and contact information; (b) the date and begin/end time of the claimed outage(s); and (c) a brief description of the characteristics of the claimed outage(s).  SafePass will notify Customer within 10 days of the request of the resolution of the request.  If rejected, the notification will specify the basis for rejection. If approved, SafePass will issue a credit to Customer’s account calculated as set forth in this exhibit, on the next invoice issued.  If Customer has a good faith basis for disagreeing with a rejection of a credit, Customer may appeal the rejection, and may withhold payments to SafePass that Customer reasonably approximates to be of the same value as the disputed claim.  Customer will notify SafePass in writing within 30 days of such denial by SafePass of any such disputed credit for which Customer is withholding payment and describe, in reasonable detail, the reason for such withholding.  Customer and SafePass will diligently pursue an expedited resolution of such dispute.  SafePass will continue to provide the Services to Customer during such time.

All credits set forth herein shall either be: (1) applied to SafePass’ future invoices to Customer; or (2) refunded to Customer by check or other mutually agreed upon method, to be determined in Customer’s reasonable discretion.  Under no circumstances shall the total credit for a calendar month exceed the total monthly fees payable by Customer to SafePass during the calendar month in question.