Mend Premium SLA
Service Level Agreement (“SLA“)
Mend.io Premium Support
Technical Service Level Standards
Mend will provide no less than ninety-nine point five percent (99.5%) Service’s Availability, as calculated on an annual basis, subject to the Exclusions below.
“Availability” shall mean the portion (in percentage terms) of Scheduled Uptime that the Service is actually Available for Use:
- Scheduled Uptime = (Total Time (24/7)) – (Scheduled Maintenance Windows)
- % Availability = (Scheduled Uptime – Time Unavailable)/Scheduled Uptime
“Available For Use” shall mean that all of the supported functions and features of the Integrated Service is capable of sending and receiving data to and from the Internet.
“Service Level Period” means 24×7: 24 hours a day, 7 days a week, 365 days a year.
“Time Unavailable” shall mean any period of time during the applicable Service Level Period that the Integrated Service is not Available For Use, except for the Exclusions set forth below.
“Scheduled Downtime” shall mean the total minutes during the year represented by the Scheduled Maintenance Window.
“Scheduled Uptime” shall mean the total minutes during the year less the total minutes represented by the Scheduled Downtime.
“Service” shall have the meaning ascribed to it under the definitive master subscription agreement, service agreement or other main agreement entered into by Mend and the customer.
Time Unavailable – Exclusions
Time Unavailable shall not include the aggregate amount of time during which the Service is not Available For Use due to:
- Scheduled maintenance, provided that such scheduled maintenance occurs during scheduled maintenance windows, currently between the hours of Friday 10:00 pm and Sunday 4:00 pm, Eastern US Time (the “Scheduled Maintenance Window”);
- Emergency maintenance – Mend may perform any reasonably required, emergency maintenance work outside of the Scheduled Maintenance Window with one (1) hour prior electronic mail or other notice to Customer;
- Interruptions in third party networks that prevent Internet users from accessing the Service, provided that the data center is served by redundant connections to the internet from multiple internet service providers;
For clarity, any time during which the Service is not Available For Use due to interruptions in electric power services serving the hosting environment shall not be excluded from Time Unavailable.
A. DEFINITIONS.
“Issue” means an error condition that causes the Service to fail to operate substantially in compliance with the Documentation.
“Bug” means an Issue that can only be resolved via a change to the Service’s code.
“Enhancement” means a new version of a Service that Mend makes generally available to its customers who are eligible to receive Support, which may improve the functionality of, or add minor functional capabilities to, the Service.
“Updates” means a set of procedures or new program code that Mend implements to fix reported Issues, and which may include modifications to improve performance or revisions to versions or releases of a Service that may improve its functionality or additions or corrections to Documentation. Such fixes are subject to product development, prioritization, and scheduled deployment cycles as determined by Mend at its sole discretion.
“Workaround” means a temporary error correction or change in operating procedure allowing Customer to continue to use the Service. It will be considered a permanent correction if it meets the required parameters for Customer utilization or if used as a means to address a recognized Service limitation,
“First Analysis” means the initial analysis, which includes the first outcome of Support work conducted on the case. First Analysis can include the analysis of provided information or an action plan, or a request for further information.
“Case Update Cadence” means the frequency with which Mend Support provides Customer with updates relating to work conducted on the relevant Issue. The updates can include details on the outcomes of investigation paths, an action plan, or a request for further information.
“Support Portal” means the Mend web support portal available for Customer use 24/7.
“Business Days”; Business Hours” for Americas-based customers: Mon-Fri, 9am – 8pm (EST), for EU-based customers and other non-Americas-based customers: Mon-Fri, 8am – 6pm (CET).
All capitalized terms not defined above shall have the meaning set forth in the main body of the license Agreement.
B. Support Services by Mend:
During the Term of the Agreement and subject to Customer’s payment of applicable fees:
- Mend will provide technical support to Customer and assistance with respect to the Service, including (i) clarification of functions and features; (ii) clarification of Documentation; and (iii) technical support and assistance in the operation of the Service. Mend shall provide support to Customer via the Support Portal.
- For tracking purposes, a case acceptance notification will be sent automatically via e-mail with a case tracking number.
- First Analysis shall be conducted based on the SLA timelines as appears in the table below.
- Mend can provide fixes through the periodic release of Updates and Enhancements.
- Mend shall not be responsible for providing support for problems resulting from unauthorized modifications of the Service; Service misuse; use of the Service in a manner other than described in the Documentation.
SEVERITY LEVEL: | GUIDING EXAMPLE CRITERIA |
---|---|
Severity 1: An Issue affecting Customer’s production environment preventing any use of the Service, rendering the Service unusable, or precluding Customer from using Service to a paralyzing degree | – Service is unreachable. e.g., all or majority of users cannot connect to the Mend UI, all or majority of scans result in server connection error – Service is unresponsive. e.g., all or majority of users experience no response in all Mend UI functions, processing of all or majority of scan requests never completes or takes an inordinate amount of time to complete – Service API is unusable. e.g., all or majority of API calls return Service related errors, all or majority of API calls never return or take an inordinate amount of time to return – Product function is unusable, preventing any use of the Service. e.g., all or majority of scans never complete, timeout, or take an inordinate amount of time to complete, all or majority of repo integration scans do not get triggered |
Severity 2: Issue disabling major functions from being performed. This condition exists when the Service is partially inoperative, but is still usable by Customer or an essential part of the Service is unusable due to a defect. | – Service performance is poor. e.g., processing of some scan requests takes a long time to complete, some reports take a long time to be generated, some API calls take a long time to process, policy checks largely delayed or timeout – Major product function issues: e.g., scans return errors or inconsistent results on multiple projects, product integration (repo, pipelines, issue tracking systems) not working as expected – Data: e.g., Issues related to security data for high-severity CVEs |
Severity 3: Customer’s use of the Service is somewhat compromised, but all essential parts can be used. | – Service performance. e.g., processing of scan requests takes a long time to complete in particular cases, specific reports that take substantially longer than normal to be generated, API calls occasionally take a long time to process or return incorrect results, delayed policy checks – Product function issues: e.g., issues with generating reports, issues with a function or plugin configuration, scans not resolving dependencies for specific projects – Data issues: e.g., issues with library data, remediation data, or library licensing |
Severity 4: Includes all other Issues or Inquiries. This condition generally exists when the Service is usable and the problems consist of inconveniences, deviation from Documentation or minor failures involving individual components of the system. | – General: e.g., user management questions, requests for global organization creation/mapping, minor UI problems, infrequent issues scanning or reading/pulling data from the Mend UI, product documentation related problems – Inquiries: e.g., questions related to Mend products, questions related to SAML configuration, questions relating to scanning best practices, questions relating latest versions of integrations |
All categories above apply only to issues within the control of the Mend or its hosting partners.
Upon receipt of service ticket and initially classifying the Severity of the reported Issue, Mend shall use commercially reasonable efforts to promptly contact Customer to confirm the Severity level of the service case, and shall use commercially reasonable efforts to respond to Issue related inquiries and reported Service deviations from Documentation, and will provide status update per the applicable Case Update Cadence according to the following schedule:
C. FIRST ANALYSIS AND CASE UPDATE CADENCE SCHEDULE
SEVERITY LEVEL | PREMIUM FIRST ANALYSIS TIME | PREMIUM CASE UPDATE CADENCE |
---|---|---|
Severity 1 | 6 business hours | Every 4 business hours |
Severity 2 | 24 business hours | Every 2 business days |
Severity 3 | 48 business hours | Every 4 business days |
Severity 4 | 48 business hours | As soon as available |
* Severity Issues will be reclassified as lower Severity Issues or marked as completed once a Workaround has been provided if as determined by Mend the Workaround provides a permanent solution to the Issue
In cases where an Issue is confirmed to be a product Bug, it is likely that longer time for correction via product Updates will be required, in which case, the Case Update Cadence will be set to only providing meaningful updates as frequently as they become available.
Time Not Included:
The measurement of time until First Analysis is achieved and until the next case status update per the applicable Case Update Cadence above shall be suspended during delays not caused by Mend (such as delays in response by Customer to questions or requests from Mend for information required or other required actions).
D. Customer’s Responsibilities
- Reporting issues promptly and accurately.
- Providing sufficient information for Mend to review, duplicate, and research the reported issue so Mend can analyze the situation and take appropriate corrective action.
- Follow Mend’s reasonable instructions, Documentation and suggestions regarding use, Workarounds, configuration changes or other related actions.