PiF Technologies Service Level Agreement

1. Agreement Overview

This Agreement represents a Service Level Agreement (“SLA” or “Agreement”) between PiF Technologies, the Service Provider, and the Customer for the provisioning of IT services required to support and sustain the DocStar Document Imaging & Electronic Filing System, Artsyl Advanced Capture, frevvo web forms, and RatchetSoft.

This Agreement remains valid until superseded by a revised agreement mutually endorsed by the stakeholders. Changes are recorded in the Amendments section of this Agreement and are effective upon mutual endorsement by the primary stakeholders. This Agreement outlines the parameters of all IT services covered as they are mutually understood by the primary stakeholders.

This Agreement is valid from the Effective Date noted on the PiF invoice and is valid until the Date of Termination, typically one contract year from system purchase or last expired contract. This Agreement should be reviewed at a minimum once per fiscal year; however, in lieu of a review during any period specified, the current Agreement will remain in effect.

2. Service Agreement

The following detailed service parameters are the responsibility of the Service Provider in the ongoing support of this Agreement.

2.1 Service Scope

Included in the Annual Maintenance & Support Contract are the following services. PiF has three types of maintenance and support plans as outlined below. The PiF plan type is noted on the PiF Invoice to the Customer.

1) “E-Care” – Basic Plan

Help Desk / Telephone Technical Support / Toll-Free 888-934-4443 or support@piftech.com
Remote Diagnostics, Support & Repair (via http://pifhelp.com)
Does NOT include onsite support, parts or labor. Onsite labor can be purchased on a per diem basis

2) SNP – Service No Parts

Help Desk / Telephone Technical Support / Toll-Free 888-934-4443 or support@piftech.com
Remote Diagnostics, Support & Repair (via http://pifhelp.com)
On-Site Break / Fix & Preventative Maintenance for Scanners
Includes labor and travel (except for end-of-life hardware/software)
Does NOT include parts

3) Platinum Support

Help Desk / Telephone Technical Support / Toll-Free 888-934-4443 or support@piftech.com
Remote Diagnostics, Support & Repair (via http://pifhelp.com)
On-Site Break / Fix & Preventative Maintenance for Scanners
Includes parts, labor and travel (except for end-of-life hardware/software)

4) Softcare

Customer will receive new software version licensing from manufacturer ● PiF will apply one (1) new product upgrade at no cost
Access to KB and FAQ Articles
Access to carecentral and DocStar eLearning

5) Backup

PiF will install and configure a daily backup of the DocStar archive and database files
Backups will be stored in AWS in an encrypted state
Customers can request a restore of a backup, but note, depending on the amount (GB) of images it could take 1-2 business days for a complete restoration of all facets of the application
In the event a restoration is required, PiF commits to a restoration of the database within 4 hours.

6) Artsyl/Ancora/Docstar IDC/Advanced Capture

Customer will receive all new product licensing upgrades and PiF will apply one (1) product version upgrade per year at no charge
PiF will make best efforts to resolve any product issues and will work directly with the vendor (manufacturer) to secure a resolution.

7) PIF Cloud

PIF hosts many different applications in the cloud which include Docstar, frevvo, Artsyl, Ancora, Safe Entry Forms, SmartPass and the like.
PIF will generally provide a 4 hour or less timeframe for a temporary or permanent fix should any of the products hosted go down.
All PIF cloud resources are managed in AWS, US based region and availability zones. No data is managed outside the US.
In case of a disaster, any DocStar cloud customer in a worst case scenario would lose only two hours of metadata. All document images are fully fault tolerant with real time replication.
PIF does not provide financial credits for downtime or system outages.
PIF conforms to the AWS BAA agreement for HIPAA compliance and well architected solution.
PIF provides standing encryption at rest of any document images as well as encryption on transmission using SSL.

8) Frevvo Web Forms

Customer will receive all new product licensing upgrades and PiF will apply one (1) product version upgrade per year at no charge
PiF will make best efforts to resolve any level 1 product issues or questions, however issues that need to be escalated to frevvo (manufacturer) will be dealt with via email. Frevvo does not include general remote or phone support with a standard support contract. Premium support is not included but can be added at an additional fee.
Premium Support Upgrade: Premium Support upgrade includes everything included in Standard Support with the addition of rapid escalation to direct phone support for S-1 and S-2 issues. Premium Support upgrades are available for an additional fee.
Minimum Response & Resolution Times: Response time refers to the length of time that frevvo has to respond to a reported issue and the length of time that frevvo strives to resolve a reported issue. When Customer support issues are presented, frevvo agrees to use reasonable commercial efforts to adhere to the response times set forth below. See chart below.

○ S1 (Critical) – conditions are defined as problems that impact the Customer’s operation to the point where the Service is unavailable or unusable, or the Service causes a complete system failure.

○ S2 (Important) – conditions are defined as problems that adversely impact the Customer’s operation, but the Service and the products with which it is intended to interoperate remain operational and usable for their primary functions.

○ S3 (Normal) – conditions are defined as normal problems that can be worked around with no loss of material functionality and limited impact to the Customer, and routine technical questions and requests for information on product capabilities.

As agreed by both parties, the Annual Maintenance & Support Contract will be based on a percentage of the acquisition cost annually following the first (12 months) from the date of the execution of the Agreement.

2.2 Customer Requirements

Customer responsibilities and/or requirements in support of this Agreement include:

Notification of PiF Technologies technical support of issues or incidents impacting the usage of the DocStar application or associated hardware in either a global or isolated fashion.
Customer must be no more than three (3) revisions behind the current released product version
Advanced scheduling, a minimum of three business days, of all onsite service related requests and other special services with PiF Technologies for services to be rendered that are not having an immediate impact on the functioning of the DocStar solution in the customer’s environment.
Reasonable availability of customer representative(s) and access to needed applications when resolving a service related incident or request.
Customer agrees to operate all provided equipment within Manufacturer / PiF specifications.
Replacement of DocSTAR hardware at its “End-of-Life” to minimize downtime risk and repetitive service requests. (see End-of-Life Policy A.3)

2.3 Service Provider Requirements

Service Provider responsibilities and/or requirements in support of this Agreement include:

Meeting response times associated with service related incidents.
Training required staff on appropriate service support tools.
Appropriate notification to Customer for all scheduled maintenance (see Service Level Management).
Facilitation of all service support activities involving incident, problem, change, and release and configuration management.

2.4 Service Assumptions

Assumptions related to in-scope services and/or components include:

Funding for major upgrades / add-ons will be provided by the Customer and treated as a project outside the scope of this Agreement.
Changes to services will be communicated and documented to all stakeholders.

3. Service Management

Effective support of in-scope services is a result of maintaining consistent service levels. This includes all PiF hardware and software deployed at all Customer locations. The following sections provide relevant details on service availability, monitoring, measurement and reporting of in-scope services and related components.

3.1 Service Availability

Coverage parameters specific to the service(s) covered by this Agreement are as follows:

8:30 A.M. to 5:00 P.M. U.S. Eastern Time
Monday – Friday

3.2 Service Requests

In support of services outlined in this Agreement, the Service Provider will respond to service related incidents and/or requests submitted by the Customer within the following time frames:
PiF Technologies will provide telephone technical support during the business hours of 8:30am and 5:00pm for reporting of service related incidents. After hours support is available for incidents that are deemed Critical (See Appendix A: for details).
Submission of service related incidents may also be submitted via email at support@piftech.com. After the reporting of an incident to PiF Technologies personnel a technician will be dispatched for an onsite service call within four hours of the reported incident for those incidents deemed to be Critical in nature. All other issues will be scheduled for next service or later.
Refer to the service support policies, processes and related procedures for additional information in Appendix A: Related Policies, Processes and Procedures.

3.3 Service Maintenance

All services and/or related components require regularly scheduled maintenance (“Maintenance Window”) in order to meet established service levels. These activities may render systems and/or scanners unavailable for normal user interaction for the following locations and timeframes:
Timeframe(s): PiF Technologies will always schedule routine maintenance on the scanners and server to minimize the impact in the production environment. Any maintenance performed during business hours will not result in application downtime without the consent of Customer. If maintenance is required that will result in downtime it will be scheduled for an after hours time between PiF Technologies and Customer personnel.

4. Customer Data & Security in PiF Cloud

4.1 Admin Role

A customer is provided with one site admin account. The account is used to set up new users/groups, reset passwords, IP restrictions, usage data and performance, content types, workflows and just about any system based setting. It is the responsibility of the customer to provide all user admin functions.

4.2 User Role

A customer is able to set up an infinite number of user accounts to access DocStar either in independent Docstar, SAML or LDAP authentication mode, Number of concurrent users is governed by each customer’s contract.

4.3 Security

4.3.1 User Login

Logins to DocStar is through single authentication point of a username and password. The first factor is a user ID password pair. The User password should be the business email of the customer, The password is comprised of a 10 character combination of upper, lower, numeric and special characters.

4.3.2 Document and Data Security

4.3.2.1 Data

Data in transit is encrypted using Transport Layer Security 1.2 (TLS, formerly called Secure Sockets Layer [SSL]) with an industry-standard AES-256 cipher. TLS is a set of industry-standard cryptographic protocols used for encrypting information that is exchanged over the wire. AES-256 is a 256-bit encryption cipher used for data transmission in TLS.
Data at rest is not encrypted by default. Options are available in the PIF FINRA cloud for standing encryption using SQL Server Enterprise
Documents in transit are encrypted using Transport Layer Security 1.2 (TLS, formerly called Secure Sockets Layer [SSL]) with an industry-standard AES-256 cipher. TLS is a set of industry-standard cryptographic protocols used for encrypting information that is exchanged over the wire. AES-256 is a 256-bit encryption cipher used for data transmission in TLS.
Documents at rest are encrypted using AWS Key Management Service (KMS) both on the AWS EC2 EBS volume and the S3 storage bucket.
PIF leverages and complies with AWS BAA for HIPAA compliant architecture where the Docstar, Frevvo and PIF corporate environments are sectioned into individual VPC. No Internet access is available to anyone of the VPC’s but rather a default VPC housing a Bastion server with RDP capabilities locks down unauthorized access.

4.4 AWS Network Topology

5. Cloud Hosting and Subscription

5.1 Termination

By default the PIF cloud contracts are 12 month terms and are evergreen (auto renew the following year). Customer must provide 30 days written notice before contract expiration date to waive the current year AWS hosting or subscription fees.Otherwise customer must pay full year AWS hosting or subscription fees.

If the customer selects to terminate the contract, a fee to export the data and documents will be accessed by the amount of storage. Customer will receive the data and documents on an encrypted external hard drive.

<50GB – $10.00/GB
51GB to 500GB – $7.50/GB
501GB to 1TB – $5.00/GB
>1.1TB – $2.50GB

If the customer does not notify PIF and fails the pay the AWS hosting or subscription fees 45 days after contract expiration, PIF will lock the Docstar tenant so no access is permitted. After 180 days from the contract expiration, data will be deleted.

Appendix A: Associated Policies, Processes, and Procedures

A.1 Incident Management

Definition: The process of managing unexpected operational events with the objective of returning service to customers as rapidly as possible.

Tool Requirements: All requests for service must be submitted to PiF Technologies at 1-888-934-4443 or support@piftech.com. All incidents are logged and linked to the customer record. PiF Technologies maintains a database of fixes for common and known issues. We also use the hosted application http://pifhelp.com for remote access problem resolution. This does require that the DocStar server have internet connectivity available and at no time does PiF Technologies have the ability to gain access to the DocStar server without the consent of the customer.

PiF Technologies has an escalation process for determining the dispatching of on-site service calls should an incident fail to be resolved remotely. Customers with a maintenance agreement always take precedence over those customers that have opted out.

The following is the escalation hierarchy with incidents defined as critical having the highest priority for onsite scheduling:

Critical: A DocStar related incidents having a high or global impact in a production environment such that data access is nonexistent or an incident such that the aforementioned is a high probability (e.g. No power on the DocStar server or network connectivity does not exist). In the event of a critical failure of hardware / software covered under a PiF Maintenance Agreement, PiF will supply “failed” hardware at no cost to Customer. In the event of a catastrophic failure (e.g., fire or a building deteriorating event), provided appropriate back-up media is supplied by Customer, Customer will procure and PiF will supply, the necessary hardware (server/scanners). Once the necessary hardware and software is deployed, PiF will have the ability to rebuild and restore your DocStar. A Technician can be made available after normal business hours for a “Critical” failure only. A charge may apply. (See Service Pricing for details)

Normal: A DocStar related incident having a limited impact. Overall DocStar usage is not impacted and solution integrity is not questioned (A single user is having an issue with the DocStar application, functionality or a scanner that is intermittently jamming or double feeding). An incident with this classification is scheduled for the next day.

Low: A DocStar related incident not having a noticeable impact on system usage (request for preventative maintenance on a scanner). These incidents are scheduled within three days.

Tool Link(s): http://pifhelp.com

PiF Technologies

888.934.4443

PiF Technologies Service Level Agreement

Table of Contents