DefectDojo Service Level Agreement

DefectDojo Service Level Agreement 

(“DSLA” or “SLA”)

For Customer

by

10Security, LLC

Effective Date: June 3, 2018

Document Owner:10Security, LLC

Version

VersionDateDescriptionAuthor
1.0June 3, 2018Service Level AgreementGreg Anderson








Approval

Service is expressly made conditional on, Customer’s acceptance of these terms and the applicable terms and conditions of 10Security’s DefectDojo Service Level Agreement (“DSLA”), unless a separate written agreement governing this purchase has been executed between the parties. 10Security objects to any different or additional terms. By purchasing a DefectDojo Subscription Customer agrees to all terms and conditions outlined in this Agreement

Table of Contents

Agreement Overview

Goals & Objectives

Stakeholders

Periodic Review

Service Agreement

Service Scope

Customer Requirements

Service Provider Requirements

Service Assumptions

Software Assumptions

Software Development

Service Management

Service Availability

Silver Support

Gold Support

Platinum Support

  1. Agreement Overview

This Agreement represents a Service Level Agreement (“SLA” or “Agreement”) between 10Security, LLC. and the Customer for the provisioning of IT services required to support DefectDojo. 

This Agreement remains valid until superseded by a revised agreement mutually endorsed by the stakeholders.

This Agreement outlines the parameters of all IT services covered as they are mutually understood by the primary stakeholders. This Agreement does not supersede current processes and procedures unless explicitly stated herein.

2. Goals & Objectives

The purpose of this Agreement is to ensure that the proper elements and commitments are in place to provide consistent IT service support and delivery to the Customer(s) by the Service Provider(s). 

The goal of this Agreement is to obtain mutual agreement for IT service provisions between the Service Provider(s) and Customer(s).

The objectives of this Agreement are to:

  • Provide clear reference to service ownership, accountability, roles and/or responsibilities.
  • Present a clear, concise, and measurable description of service provisions to the customer.
  • Match perceptions of expected service provisions with actual service support & delivery.

3. Stakeholders

The following Service Provider(s) and Customer(s) will be used as the basis of the Agreement and represent the primary stakeholders associated with this SLA:

IT Service Provider(s): 10Security, LLC, a Texas Limited Liability Company.   (“Provider”)

IT Customer(s): The entity purchasing support.   (“Customer”).

4. Periodic Review

This Agreement is valid from the Effective Date outlined herein and is valid until further notice. This Agreement should be reviewed at a minimum of once per fiscal year; however, in lieu of a review during any period specified, the current Agreement will remain in effect. 

The Business Relationship Manager (“Document Owner”) is responsible for facilitating regular reviews of this document. Contents of this document may be amended as required, provided mutual agreement is obtained from the primary stakeholders and communicated to all affected parties. The Document Owner will incorporate all subsequent revisions and obtain mutual agreements / approvals as required. 

Business Relationship Manager: 10Security, LLC

Review Period: Annually (12 months)

5. Service Agreement

The following detailed service parameters are the responsibility of the Service Provider in the ongoing support of this Agreement. 

5.1 Service Scope

The following Services are covered by this Agreement:

  • Manned telephone support
  • Monitored email support
  • Web-based service desk tickets 
  • Remote assistance

5.2 Customer Requirements

Customer responsibilities and/or requirements in support of this Agreement include: 

  • Payment for all support costs at the agreed interval.
  • Reasonable availability of customer representative(s) when resolving a service related incident or request.
  • Maintenance, deployment, code merges, updates, and management of DefectDojo software.
  • Maintenance, deployment, management, and updates of all customer server(s).
  • Disaster recovery, business continuity, and backups.

5.3  Service Provider Requirements

Service Provider responsibilities and/or requirements in support of this Agreement include: 

  • Meeting response times associated with service related events.

5.4 Service Assumptions

Assumptions related to in-scope services and/or components include:

  • Changes to services will be communicated and documented to all stakeholders.

5.5 Software Assumptions

10Security cannot make any guarantees regarding DefectDojo software, including but not limited to functionality and integrity. Please refer to the DefectDojo License for more information: https://github.com/DefectDojo/django-DefectDojo/blob/master/LICENSE.md

5.6 Software Development

Any and all features, enhancements, and code developed under this Agreement will be open sourced and licensed under the standard DefectDojo Licensing Agreement: https://github.com/DefectDojo/django-DefectDojo/blob/master/LICENSE.md

Any and all features, enhancements, and code is considered to be complete, delivered, and working when the standard DefectDojo unit and integration tests that are executed by Travis CI and found in the official DefectDojo Github Repository are passed: https://github.com/DefectDojo/django-DefectDojo

6. Service Management

Effective support of in-scope services is a result of maintaining consistent service levels. The following sections provide relevant details on service availability, monitoring of in-scope services and related components.

6.1 Service Availability

Coverage parameters specific to the service(s) covered in this Agreement are as follows according to the corresponding support plan:

Silver Support

  • Service Hours: 9:00 A.M. to 6:00 P.M. (CST) Monday – Friday
    • Excludes Holidays.
  • Response Time: within 3 standard U.S. business days.
  • Phone support / Remote assistance / Software enhancements (“Support Hours”)
    •  Scheduled as necessary, not to exceed 10 hours annually.

Gold Support

  • Service Hours: 9:00 A.M. to 6:00 P.M. (CST) Monday – Friday
    • Excludes Holidays.
  • Response Time: within 2 standard U.S. business days.
  • Phone support / Remote assistance / Software enhancements (“Support Hours”)
    •  Phone scheduled within two business days, not to exceed 25 hours annually.

Platinum Support

  • Service Hours: 24 hours a day, 7 days a week, 365 days a year.
    • Includes Holidays.
  • Response Time: within 1 standard U.S. business day.
  • Phone support / Remote assistance / Software enhancements (“Support Hours”)
    •  Phone support scheduled within 24 hours, not to exceed 50 hours annually.