DigitalHQ

Customer Support and SLA Policy

This Agreement represents a Service Level Agreement (“SLA” or “Agreement”) between DigitalHQ and its customers for professional services, software as a service, or any application support/service deliverable that was purchased from DigitalHQ on a contract basis that includes a defined scope. This Agreement remains valid until superseded by a revised agreement mutually endorsed by the stakeholders. It does not supersede current processes and procedures unless explicitly stated herein.

1. Goals and Objectives

The purpose of this Agreement is to ensure that the proper elements and commitments are in place to provide consistent service support and delivery to our clients by DigitalHQ and its affiliate providers.

The goal of this Agreement is to create a communication channel between services provisioned between DigitalHQ and our customers.

The objectives of this Agreement are to:

Provide clear reference to service ownership, accountability, roles and/or responsibilities.
Present a clear, concise and measurable description of service provision to the customer.
Match perceptions of expected services provisioned with actual service support and delivery.

2.0 Service Agreement

The following service parameters are the responsibility of DigitalHQ in ongoing support of this Agreement.

2.1 Service Scope

The following services are covered by this Agreement.

Information technology management activities.
Information security management activities.
Monitoring, health, and maintenance of infrastructure.
Monitoring support request system.
Remote support for environments, systems, and applications under management.
First line of support for third-party products under agreement with DigitalHQ.

Services other than ones listed above are considered out of scope for support. For the avoidance of doubt, the following services are not considered support:

Non-company owned assets including BYOD devices, remote clients, remote workforce environments.
Environments/Systems/Devices not under direct management.
Development of new scripts, applications, or code.
Third-party applications outside of agreement with DigitalHQ.

2.2 Customer requirements for support

Customer responsibilities and/or requirements in support of this Agreement include:

Adhere to all aspects of our SLA Policy and follow established procedures for requesting support.
Request a change in request priority if deemed necessary.
Reasonable availability of customer representative(s) when resolving a service-related incident or request.
Adequately maintain/update all hardware, operating systems, software so that they meet minimum standards determined by DigitalHQ.
Maintain patience, courtesy, and respectful demeanor at all times.
Payment for all support costs at the agreed interval.

2.3 Information Technology & Security Management Requirements

We require all organizations to practice good information security and technology management. Each organization we work with will:

Be candid about our operational needs and wants.
Name a designated representative which will coordinate support requests as well as the use of our collaboration and request systems to exchange details and resolve issues.
Follow our security recommendations which may come in various formats including meetings, e-mails, blogs, websites, and guides..
Ensure license compliance and maintain sufficient support agreements with materially significant vendors.
Train your staff and contractors on materially important security matters and operational procedures.
Acquire/Utilize a Mobile Device Management solution, when applicable.
Install our remote administration, automation, and management tools, when applicable.
Own business-class networking hardware including enterprise grade firewalls, WiFi access points, and switches with current support agreements.
Maintain a reliable internet connection with consideration given for failover.
Establish and follow policyandprocedures for:

access control (including identity control and MFA), continuity, change management, incident management, information security, network security, risk assessment, server security, vendor management, workstation security;
data handling with emphasis on secrets storage and sharing;
on/off boarding of staff and contractors;
reporting incidents and tracking knowledge within your organization;

Establish a Bring Your Own Device (BYOD) policy and a management program with specific consideration for:

Operating MDM tools on employee owned mobile devices used for

MFA
E-Mail/Communication
Text Messaging
and accessing all company data/resources.

Responding to security breaches and incidents which involve employee owned devices.

Participate in virtual meetings on a periodic basis.
Maintain business insurance that covers data breaches and cybersecurity events.
Follow our security recommendations.

We offer guidance for meeting minimum standards of information technology management.

3.0 Service Management

Effective support of in-scope services is a result of maintaining consistent service levels. The following sections provide relevant details on service availability, monitoring of in-scope services and related components.

3.1 Service Availability

Coverage parameters specific to the service(s) are customer business hours unless superseded by additional agreements. Support requests received outside of office hours will be collected, however no action can be guaranteed until the next working day.

3.2 Service Requests

DigitalHQ would provide ongoing support to customers using the approved service support channel and knowledge base resources. The time available is determined by the Request Priority and the SLA Policy for defined for each customer.

Request Priority

DigitalHQ assigns a priority to each ticket when it is received. As per section 2.2, it is the customer’s responsibility to request a change to this priority if they feel that a different priority level is required. For reference the following is a guide to how priority is determined:

Urgent: Critical production issue affecting all users, including system unavailability and data integrity issues with no workaround available.
High: Major functionality is impacted or performance is significantly degraded. Issue is persistent and affects many users. No reasonable workaround is available.
Normal: Intermittent system performance issue or bug impacting some workflows or users but not consistently. Short-term workaround is available, but not scalable.
Low: Inquiry regarding a routine technical issue; information requested on application, capabilities, navigation, installation or configuration; bug affecting a small number of users.

Default Priority

By default, customers can expect that:

Actual or suspected security incidents are treated as urgent and are subject to after-hours/extended billing.
All other requests are considered “Low” unless otherwise stated by the submitter or determined during validation.

SLA Policy

For all support agreements DigitalHQ uses Best Effort (BE) to respond during the stated response window. Details for each support agreement are disclosed at digitalhq.com/sla and subject to change without notice if adapt to changing security, technology or service delivery needs.

For user requests, the goal of each response is to assist the user in solving the problem themselves. For security incidents, the goal of each response is to swiftly validate/contain/remediate the problem. For alarms/notifications, the goal is to solve the issue on behalf of the customer.

For reference, the table below describes the intent and expectations of each agreement.

SLA Agreement	Objective	Expectation
Bronze	Most common choice for small business with emphasis on self-reliance, shared responsibility, and low overhead.	Next Business Day · Monday through Friday (Excluding Holidays).
Silver	Greater emphasis on planning and continuity supported by rapid response.	· Same Business Day · Monday through Friday (Excluding Holidays)
Gold	Designed for regulatory or legal compliance.	· 4-Hour Response · Monday through Friday (Excluding Holidays)
Platinum	Focused on exceeding regulatory compliance and meeting fiduciary responsibilities.	· 2-Hour Response · Monday through Friday (Excluding Holidays)

SLA Exclusions

After a report has been logged, DigitalHQ responds in compliance with the relevant Service Level, unless the Customer does not comply with its obligations; or has engaged DigitalHQ to make material changes to infrastructure or services.

3.4 Cyber Incident Response

Events are when something happens that is (most of the time) unusual, whether planned or unplanned. Incidents, on the other hand, are when something happens and it interrupts something else. Events and Incidents are not mutually exclusive. All incidents are events but not all events are incidents. Customers are able to attribute priority to all events, but additional resources are attributed to prioritized incidents.

The DigitalHQ Cyber Incident Response (CIR) policy for considers any incident with material significance as High priority. DigitalHQ offers each customer the ability to incorporate relevant portions of their Incident Response Plan (IRP) into the scope of provided services. In areas where there is a gap or lack of an IRP, the DidigtalHQ Default Cyber Incident Response policy is applied.

Materially Significant Impact

We use our judgement to help protect the confidentiality, integrity, and availability of information systems and data. Materially Significant Impact is determined by DigitalHQ by the following process:

Defined scope in customer’s letter of agreement or operational documents.
Requested by the customer as part of the report.
Perceived effects on confidentiality, availability, or integrity of customer data.
Reported details suggest the need for escalation or lack of detail – presence of ambiguity – which prompts immediate validation.

Default Response

DigitalHQ will prioritize events suspected of materially significant impact. Unless explicitly defined in customer’s letter of agreement, DigitalHQ will temporarily raise the Service Level Agreement for a customer (Bronze, Silver and Gold), on an incident basis, to the next-tier. Customers receive priority outside of an established agreement, charged at a premium and require customer communication through completion.

DigitalHQ will do the following actions in these cases:

Validatethis alert and determine whether an incident took place.
Determine the scopeof the incident and risks to your organization.
Take measures we deem necessary toprotect your systems. This may advance the request to a point of containment or through complete resolution.
Notify you of the impacts and risks.
Work with you to determine the next steps to wholly resolve the incident.
Debrief this incident if requested.

Customer responsibility during this time is as follows:

Follow Customer Requirements when reporting issues.
Supply background/contextual information
Provide a contact instructions and respond to all messages/calls.
Be prepared to immediately answer all questions promptly and name any CCs that should be added to this request.
Follow all instructions.

Billing

CIR events are billed at a higher rate, billed in increments, and require customer communicate the closure (or hold) of a request to release our team and stop billing. Billing for CIR events starts when event validation commences. Billing continues until the event is contained or resolved. Customers may request that work is stopped/paused at any time via the request system.

4.0 DigitalHQ solution

The DigitalHQ solution is a hosted SaaS platform with a guaranteed uptime of 99%. DigitalHQ is not responsible for, or held liable for, damages. The Customer assumes all risks.

NOTWITHSTANDING ANY OTHER TERM HEREIN TO THE CONTRARY AND UNLESS OTHERWISE EXPRESSLY STATED HEREIN, TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL DIGITALHQ, ITS EMPLOYEES, AGENTS, SUCCESSORS, ASSIGNS, AFFILIATES, CONSULTANTS OR SUPPLIERS BE LIABLE TO SUBSCRIBER OR ANY OTHER THIRD PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, CONSEQUENTIAL, OR STATUTORY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE DELIVERY, PERFORMANCE OR USE OF THE SERVICE, WHETHER ALLEGED AS A BREACH OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE AND STRICT LIABILITY, INCLUDING WITHOUT LIMITATION LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF USE OR DATA, DAMAGE TO SYSTEMS OR EQUIPMENT, COST OF COVER, OR OTHER PECUNIARY LOSS, EVEN IF DIGITALHQ OR SUBSCRIBER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. DIGITALHQ’S CUMULATIVE LIABILITY TO SUBSCRIBER SHALL NOT EXCEED THE AMOUNT OF FEES PAID UNDER THIS AGREEMENT IN THE MONTH IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

THE FOREGOING ALLOCATION OF RISK AND LIMITATION OF LIABILITY HAS BEEN NEGOTIATED BY THE PARTIES AND IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN DIGITALHQ AND SUBSCRIBER.

Customers wishing alternative terms may choose DigitalHQ Enterprise.