Bricknode General Service Level Agreement
Effective starting: 2016-10-24
This Service Level Agreement “SLA” between Bricknode and its subscribers of Bricknode Financial Systems “BFS” is to serve as a documentation for the agreed services, which Bricknode is to deliver.
BFS – means the software and hardware as well as infrastructure (network, hosting environment etc.), which is required to make the services available for end customers and staff of the subscriber according to the Bricknode Customer Agreement.
Hertig Johans gata 6, 541 30 Skövde, Sweden
Phone: +46 8 559 22 180
Support service levels
The support service level is defined in the http://www.bricknode.com/legal/bricknode-support-offerings/.
System availability required (i.e. up-time) is 24*7*365.
The system is monitored by 24 hours support desk and potential problems and events are logged by a Helpdesk tool.
Upgrade of the system, which implies down time will not take place during normal working hours i.e. Monday to Friday 8.30 to 17:30. Customers will be notified in advance. Bricknode has the right to implement upgrades and patches which are critical to the technical operations without getting prior customer consent.
Bricknode is responsible for adequate technical operations of BFS which includes:
Hardware, framework software and infrastructure
Technical operations, monitoring, installations, upgrades, configuration of hardware and framework software
Technical operations includes standard server applications as operating systems and core components as active directory for Windows based servers and Internet Information Services.
IT Recovery Procedures
All critical data and components are stored and mirrored in at least two physical places.
The recovery plan will be updated every 6 months and the plan is kept in several physical places.
IT Recovery Procedures are tested at least once per year.
Change Control Procedures
Procedures for change control exists.
Clients use a web based front end, which always has the latest version so no distribution of software is needed.
Secure data center
Our service is located at Amazon Web Services, which is a top-tier data center. The facility provides carrier-level support, including:
Access control and physical security
Electronic surveillance and multi-factor access control systems
Staffed 24x7 by trained security guards
Access is authorized strictly on a least privileged basis
Building engineered for local seismic, storm, and flood risks
Tracking of asset removal
Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Date centers are conditioned to maintain atmospheric conditions at optimal levels.
Personnel and systems monitor and control temperature and humidity at appropriate levels
The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.
Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services.
Fire detection and suppression
Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems
Secure transmission and sessions
Connection to the Bricknode environment is via SSL 3.0/TLS 1.0, using global step-up certificates from GeoTrust, ensuring that our users have a secure connection from their browsers to our service
Individual user sessions are identified and re-verified with each transaction, using a unique token created at login
Perimeter firewalls and edge routers block unused protocols
Internal firewalls segregate traffic between the application and database tiers
Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports
The Bricknode service performs real-time replication to disk at the data center, and daily data replication between the production data center and the disaster recovery center
Data are transmitted across encrypted links.
Disaster recovery tests verify our projected recovery times and the integrity of the customer data
All data are backed up at each data center, on a rotating schedule of incremental and full backups
The backups are cloned over secure links to a secure archive
Backups are not transported offsite and are securely destroyed when retired
Internal and Third-party testing and assessments
Bricknode tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly:
Application vulnerability threat assessments
Network vulnerability threat assessments
Selected penetration testing and code review
Security control framework review and testing
Our Information Security manager monitors notification from various sources and alerts from internal systems to identify and manage threats.