Service Levels and Exclusive Service Level Remedies

Capitalized terms used herein shall have the same meaning as set forth in the Mobileforce Terms of Service available at mobileforcesoftware.com/terms-of-service. Only Licensees having signed an Order Form and paying the associated license fees are entitled to Support Services. All End Users must obtain support directly from the enterprise Licensee that they are affiliated with and Mobileforce will have no direct obligation or liability to End Users for any maintenance or support services, or Enterprise customers who are out of service contract.

  1. Service Level

    Mobileforce will provide a Ninety-Nine Percent (99.5%) Availability Percentage for Directly Controlled Services measured on a monthly basis. Availability or Available shall mean the ability of an Internet user being able to establish a TCP connection to the appropriate Mobileforce hosted server, provided, however that the calculation of Availability shall exclude all Excluded Interruptions. Availability Percentage shall be calculated as follows: z = (n - y) X 100

    z is the Availability Percentage. n is the total number of hours in a given calendar month. y is the total number of hours any Directly Controlled Service is not Available (as defined above) in a given calendar month less any Excluded Interruptions.

    The calculation of z shall be prorated in any month in which Hosting Services commence on any day other than the first day of the month. Directly Controlled Services shall mean all components attached hereto as Attachment 1, provided, however, the Software is specifically excluded from the definition of Directly Controlled Services. Excluded Interruptions shall mean any interruptions in the Hosting Services due to any of the following: (i) anything not a Directly Controlled Service; (ii) Scheduled Maintenance; (iii) Mobileforce or its designates not being able to access the routers, firewalls or other Mobileforce Equipment or software for repair at Licensee's premises, if any; (iv) Program Errors or problems with the Software or any Content or any Licensee provided hardware or equipment; (v) Licensee provided or Licensee leased local area networks, VPN connections or ISP connections; (vi) use of unapproved or modified hardware or software; (vii) any misuse of the Directly Controlled Services or Software; (viii) damage or loss of Mobileforce Equipment located at Licensee's premises; (ix) reasons of Force Majeure; or (x) Licensee's breach of any term of this Agreement. Scheduled Maintenance shall be defined as any scheduled outages for maintenance, upgrades, enhancements or changes to the Hosting Service or the Software. Mobileforce shall provide two (2) days notice of any Scheduled Maintenance, provided that without any such notice Mobileforce may perform Scheduled Maintenance at any time during the following maintenance windows: (i} Tuesdays or Fridays between 11pm and 3am Pacific Time or (ii) Sundays between 8am and 12pm Pacific Time. Mobileforce may change the maintenance windows in the preceding sentence upon fourteen (14) days prior notice, provided that in no case will the maintenance window be set during Monday to Friday 6am to 6pm Pacific Time.

  2. Exclusive Service Level Remedies

    Notwithstanding anything to the contrary, the remedies stated in this Section, Exclusive Service Level Remedies are Licensee's sole and exclusive remedies for any service interruption or failure to provide the Availability Percentages set forth in this Exhibit B. Mobileforce shall make commercially reasonable efforts to furnish data on its compliance with the Availability Percentages no later than the 5th of the next calendar month. In the event that the Availability Percentage for Directly Controlled Services falls below Ninety-Nine Percent (99%), in any given calendar month, Licensee shall receive a credit on their next monthly invoice for Hosting Services equal to the corresponding percentage noted below of fees for the calendar month in which the Availability Percentage was insufficient.

    Application Availability Performance Credit%
    99.5% or above 0
    Less than 99.5% 5%
    Less than 98% 10%
    Less than 96% for two consecutive months Material breach cause for termination if notice of termination is received by Mobileforce within 90 days of the end of the last relevant measurement period and no early termination fees to be paid to Mobileforce in connection with such termination.

      If the Availability Percentage drops below ninety percent (96%) for two (2) consecutive calendar months, Licensee may immediately terminate this Agreement upon written notice to MobileForce, provided that neither party shall have any damages or liability to the other associated with such termination or arising out of the failure to meet the Availability Percentage.

  3. Backups, Disaster Recovery and Monitoring.

    3.1 Backups. A daily incremental backup of Licensee Data entered into the hosting environment since the last backup will be initiated seven (7) days per week. A full backup (complete data copy) will be initiated at least once per week. The full backup data is stored to disk on a weekly basis. The full backup data is then copied to disk at a physically separate location and copied to tape. With the exception of the content server, the tape version of these full backups will be picked up and stored in a separate, secure, off-site location weekly. Individual document restoration due to Licensee user error may be provided, as soon as reasonably practicable after receipt of Licensee's written request, and will be billed on a time and materials basis pursuant to the Professional Services Agreement between the parties. Daily incremental backups in combination with weekly full backups are complete so that no more than twenty-four (24) hours worth of data will be lost in the event of a disaster.

    3.2 Disaster Recovery. Mobileforce has a physical contingency plan in place, which can be made available to Licensee under non-disclosure restrictions at the Headquarters of Mobileforce's hosting services provider. Mobileforce's hosting facilities are located in Virginia (East Coast), with redundant infrastructure located in California (West Coast). Mobileforce's disaster protection plan shall include without limitation, the following elements:

    • Servers Architected with dual components where possible such as dual nics, dual power supplies, dual cpu's etc.
    • Redundant firewalls in place
    • Redundant Networking in place
    • SAS70 Certifications
    • SysTrust Certifications
    • Redundant Monitoring
    • Daily Backups and off site storage for LMS
    • Robust Data Center architecture with industry standard cooling, power, fire controls
    • Geographically separate data centers for contingency planning
    • Robust telecommunications network • Robust security architecture

    For most issues, in the event of an issue such as component failure, the above processes or services provide for rapid recovery. In the event of a major disaster where data center operations must be moved, there is a plan to enable an environment containing the most recent Licensee Data available, which shall not be more than seven (7) days prior to the date of failure, within 30 days at an alternate facility.

    3.3 Monitoring and Security. Mobileforce stores transaction information on computers located in a physically secure data center. Mobileforce employs technology that is consistent with industry standards for firewalls and other security technology to help prevent Mobileforce computers from being accessed by unauthorized persons. In order to protect data integrity during transfers, Mobileforce allows the use of HTTPS standard. In addition, Mobileforce provides the following security measures: SSL 128-bit encryption of portions containing Licensee Confidential Information; the ability to transfer data files including HR feeds (but not content) via secure FTP, or HTTP; and encrypted passwords for the Hosting Services. The Hosting Services are continuously monitored (24 hours per day; 7 days per week) for health and performance, and Mobileforce engineers are on-call at all times to resolve any system issues.

    3.4 Security Testing. Licensee and its users shall not (i) perform any technical security integrity review, penetration test, load test, denial-of-service simulation or vulnerability scan ("Ethical Hack") without Mobileforce's prior written consent, such consent not to be unreasonably withheld; (ii) disclose information pertaining to an Ethical Hack or (ii) attempt to access the data of another Mobileforce customer. If the parties consent to an Ethical Hack, Licensee and Mobileforce will mutually negotiate and agree to a reasonable time for performance, and Mobileforce shall have the right to monitor the Ethical Hack and direct Licensee to immediately suspend the Ethical Hack if such Ethical Hack is affecting or threatens to affect another customer's zone. Mobileforce's consent to an Ethical Hack shall not constitute a waiver of any rights or remedies Mobileforce may have based on attempts to access Mobileforce's internal network or the data of other Mobileforce customers. Information pertaining to any Ethical Hack is considered Mobileforce Confidential Information for purposes of this Agreement, except that Licensee shall be permitted to disclose and use such information during judicial proceedings to enforce Licensee's rights under this Agreement.

    3.5 Security Against Hackers. Mobileforce will periodically test its systems as part of the Hosting Services for potential areas where security could be breached. Mobileforce will make best efforts to report to Licensee immediately any breaches of security or unauthorized access to Licensee's Data on Mobileforce's systems that Mobileforce detects or becomes aware of. Mobileforce will use diligent efforts to remedy such breach of security or unauthorized access in a timely manner.

  4. Technical Requirements for Protection of Licensee Data.

    The following will apply to all Hosting Services performed by Mobileforce in addition to the other requirements of Exhibit A and this Exhibit B.

    4.1. Technical Standards:

    A. Mobileforce shall be able to recover data from the previous day's backup.

    B. The system shall support encryption of all Licensee Data in transmission through the use of SSL (at Mobileforce's then-current rates therefor).

    C. The system shall support active Licensee Data until it is made inactive by Customer and Mobileforce shall not delete Licensee Data unless specifically requested by Licensee in writing.

    4.2. Security Standards:

    A. Mobileforce will ensure all connections into Mobileforce's application servers (other than data feeds) are encrypted using 128-bit Secure Sockets Layer (SSL) which is available at Mobileforce's then-current rates therefor.

    B. The system supports encryption of all connections from Licensee's computers into Mobileforce's Application Servers using 128-bit Secure Sockets Layer (SSL) which is available at Mobileforce's then-current rates therefor.

    C. Mobileforce will ensure that all outbound traffic to the Licensee network is restricted to only what is necessary to ensure the proper workings of the Software. All other unnecessary ports and services will be blocked by firewall rules at the Mobileforce network.

    D. Except to the extent a content server is set up behind Licensee's firewall or unless otherwise requested or approved by Licensee, Mobileforce will ensure, through firewall rules that no connections into the Licensee network can be initiated from Licensee's instance of the Software.

    E. Mobileforce will ensure that all audit logs and reports are stored for a minimum of twelve (12) months and made available for Licensee's IT and Security Personnel upon request.

    F. Mobileforce will ensure that virus updates, system patches and updates are applied to their servers and the logging associated with these updates is made available for Licensee's IT Security upon request.

    G. Mobileforce will ensure that all security encryption private keys used for Licensee databases are protected against both disclosure and misuse, and are restricted to the fewest number of custodians necessary.

    H. Mobileforce will ensure that in the event of a security compromise, virus attack, or emergency outage, contact will be made to the designated Licensee contact within 4 hours of Licensee data being knowingly compromised to the extent practicable, vendor will update Licensee every 4 hours on the security incident and all reporting materials requested by Licensee IT Security, within the scope of the Hosting Services, be made available within a forty eight (48) hour period.

    I. Administrative access to Licensee Data must be agreed upon by Licensee in advance except to the extent such access is necessary for Mobileforce to comply with the terms of this Agreement.

  5. SUPPORT AVAILABILITY

    Mobileforce shall provide Technical Support as follows:

    5.1. Telephone Support. Telephone Support is available at +1 (408) 457 7960 during Business Hours of 9:00 am to 6:00 pm Pacific Standard Time, Monday through Friday (excluding holidays).

    5.2. Internet Support. Internet Support will be available at a unique email address typically defined as (support@mobileforcesoftware.com), which is monitored by multiple personnel 24/7.

    5.3 Service/Platform Monitoring. The Service/Platform is monitored 24/7 for uptime and performance levels by multiple Mobileforce personnel who are notified via email and/or telephone when interruptions occur at the platform level.

    Customer agrees to provide Mobileforce with such technical assistance and information which Mobileforce reasonably needs to provide the Service and the Support Services.

  6. OUTAGE & ERROR REPORTING

    In the event Customer encounters an outage or error in the Service (an “Incident”), Customer shall report the Incident to Mobileforce: (i) by telephone to Mobileforce Technical Support Line at (408) 457-7960 during Business Hours or (ii) via email to (support@mobileforcesoftware.com ). Upon receipt of a report, Mobileforce shall confirm that the outage or error is being caused by a problem with the Service and assign the Incident a priority level in accordance with the following chart:

    Priority Definition Table
    Incident Priority Description Definition Priority
    Priority 1 Service is inoperative or has a catastrophic error Fatal error or mission-critical problem resulting in unavailable or seriously degraded Service, affecting all users.
    Priority 2 Severe loss of functionality A critical portion of the Service is inoperative and key functions cannot be performed in a timely manner, affecting a large number of users.
    Priority 3 Individual functionality not working Service has encountered a not immediately critical problem or error. Non-time critical problem that is usually related to user experience.