PDF available for download (See attached)
Table of Contents
Table of Contents 1
PiF Technologies Service Level Agreement 2
1. Agreement Overview 2
2. Service Agreement 2
2.1 Service Scope 2
1) “E-Care” - Basic Plan 2
2) SNP – Service No Parts 3
3) Platinum Support 3
4) Softcare 3
5) Backup 3
6) Artsyl/Ancora/Docstar IDC/Advanced Capture 3
7) PIF Cloud 3
8) Frevvo Web Forms 4
2.2 Customer Requirements 5
2.3 Service Provider Requirements 6
2.4 Service Assumptions 6
3. Service Management 6
3.1 Service Availability 6
3.2 Service Requests 6
3.3 Service Maintenance 7
4.0 Customer User and Data Security in PIF Cloud 7
4.1 Admin Role 7
4.2 User Role 7
4.3 Security 7
4.3.1 User login 7
4.3.2 Data and document security 7
4.3.2.1 Data 7
4.4 AWS Network Topology 9
5.0 Cloud Hosting and Subscription 10
5.1 Termination 10
Appendix A: Associated Policies, Processes and Procedures 10
A.1 Incident Management 10
__________________________________________________________________________
1 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
A.2 Problem Management 12
A.3 Service Policies and Pricing 12
A.3 Disaster Recovery (DR) for PIF Docstar Cloud 12
PiF Technologies Service Level Agreement
1. Agreement Overview
This Agreement represents a Service Level Agreement (“SLA” or “Agreement”) between PiF
Technologies, the Service Provider and the Customer for the provisioning of IT services
required to support and sustain the DocStar Document Imaging & Electronic Filing System,
Artsyl Advanced Capture, Frevvo web forms and RatchetSoft.
This Agreement remains valid until superseded by a revised agreement mutually endorsed by
the stakeholders. Changes are recorded in the Amendments section of this Agreement and are
effective upon mutual endorsement by the primary stakeholders. This Agreement outlines the
parameters of all IT services covered as they are mutually understood by the primary
stakeholders.
This Agreement is valid from the Effective Date noted on the PiF invoice and is valid until the
Date of Termination, typically one contract year from system purchase or last expired contract.
This Agreement should be reviewed at a minimum once per fiscal year; however, in lieu of a
review during any period specified, the current Agreement will remain in effect.
2. Service Agreement
The following detailed service parameters are the responsibility of the Service Provider in the
ongoing support of this Agreement.
2.1 Service Scope
Included in the Annual Maintenance & Support Contract are the following services. PiF has
three types of maintenance and support plans as outlined below. The PiF plan type is noted on
the PiF Invoice to the Customer.
1) “E-Care” - Basic Plan
● Help Desk / Telephone Technical Support / Toll-Free 888-934-4443 or
support@piftech.com
● Remote Diagnostics, Support & Repair (via http://pifhelp.com)
● Does NOT include onsite support, parts or labor. Onsite labor can be purchased on a per
diem basis
__________________________________________________________________________
2 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
2) SNP – Service No Parts
● Help Desk / Telephone Technical Support / Toll-Free 888-934-4443 or
support@piftech.com
● Remote Diagnostics, Support & Repair (via http://pifhelp.com)
● On-Site Break / Fix & Preventative Maintenance for Scanners
● Includes labor and travel (except for end-of-life hardware/software)
● Does NOT include parts
3) Platinum Support
● Help Desk / Telephone Technical Support / Toll-Free 888-934-4443 or
support@piftech.com
● Remote Diagnostics, Support & Repair (via http://pifhelp.com)
● On-Site Break / Fix & Preventative Maintenance for Scanners
● Includes parts, labor and travel (except for end-of-life hardware/software)
4) Softcare
● Customer will receive new software version licensing from manufacturer
● PiF will apply one (1) new product upgrade at no cost
● Access to KB and FAQ Articles
● Access to carecentral and DocStar eLearning
5) Backup
● PiF will install and configure a daily backup of the DocStar archive and database files
● Backups will be stored in AWS in an encrypted state
● Customer can request a restore of a backup but note based on the size and decryption
process, customer may have to wait days, weeks or months for the data and images to
be available
6) Artsyl/Ancora/Docstar IDC/Advanced Capture
● Customer will receive all new product licensing upgrades and PiF will apply one (1)
product version upgrade per year at no charge
● PiF will make best efforts to resolve any product issues and will work directly with the
vendor (manufacturer) to secure a resolution.
7) PIF Cloud
● PIF hosts many different applications in the cloud which include Docstar, frevvo, Artsyl,
Ancora, Safe Entry Forms, SmartPass and the like.
__________________________________________________________________________
3 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
● PIF will generally provide a 4 hour or less timeframe for a temporary or permanent fix
should any of the products hosted go down.
● All PIF cloud resources are managed in AWS, US based region and availability zones.
No data is managed outside the US.
● In case of a disaster, any Docstar cloud customer in a worst case scenario would lose
only two hours of metadata. All document images are fully fault tolerant with real time
replication.
● PIF does not provide financial credits for downtime or system outages.
● PIF conforms to the AWS BAA agreement for HIPAA compliance and well architected
solution.
● PIF provides standing encryption at rest of any document images as well as encryption
on transmission using SSL.
8) Frevvo Web Forms
● Customer will receive all new product licensing upgrades and PiF will apply one (1)
product version upgrade per year at no charge
● PiF will make best efforts to resolve any level 1 product issues or questions, however
issues that need to be escalated to frevvo (manufacturer) will be dealt with via email.
Frevvo does not include general remote or phone support with a standard support
contract. Premium support is not included but can be added at an additional fee.
● Premium Support Upgrade: Premium Support upgrade includes everything included in
Standard Support with the addition of rapid escalation to direct phone support for S-1
and S-2 issues. Premium Support upgrades are available for an additional fee.
● Minimum Response & Resolution Times: Response time refers to the length of time that
frevvo has to respond to a reported issue and the length of time that frevvo strives to
resolve a reported issue. When Customer support issues are presented, frevvo agrees
to use reasonable commercial efforts to adhere to the response times set forth below.
See chart below.
○ S1 (Critical) - conditions are defined as problems that impact the Customer's
operation to the point where the Service is unavailable or unusable, or the
Service causes a complete system failure.
○ S2 (Important) - conditions are defined as problems that adversely impact the
Customer's operation, but the Service and the products with which it is intended
to interoperate remain operational and usable for their primary functions.
○ S3 (Normal) - conditions are defined as normal problems that can be worked
around with no loss of material functionality and limited impact to the Customer,
and routine technical questions and requests for information on product
capabilities.
__________________________________________________________________________
4 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
As agreed by both parties, the Annual Maintenance & Support Contract will be based on a
percentage of the acquisition cost annually following the first (12 months) from the date of the
execution of the Agreement.
2.2 Customer Requirements
Customer responsibilities and/or requirements in support of this Agreement include:
● Notification of PiF Technologies technical support of issues or incidents impacting the
usage of the DocStar application or associated hardware in either a global or isolated
fashion.
● Customer must be no more than three (3) revisions behind the current released product
version
● Advanced scheduling, a minimum of three business days, of all onsite service related
requests and other special services with PiF Technologies for services to be rendered
that are not having an immediate impact on the functioning of the DocStar solution in the
customer’s environment.
● Reasonable availability of customer representative(s) and access to needed applications
when resolving a service related incident or request.
● Customer agrees to operate all provided equipment within Manufacturer / PiF
specifications.
● Replacement of DocSTAR hardware at its “End-of-Life” to minimize downtime risk and
repetitive service requests. (see End-of-Life Policy A.3)
__________________________________________________________________________
5 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
2.3 Service Provider Requirements
Service Provider responsibilities and/or requirements in support of this Agreement include:
● Meeting response times associated with service related incidents.
● Training required staff on appropriate service support tools.
● Appropriate notification to Customer for all scheduled maintenance (see Service Level
Management).
● Facilitation of all service support activities involving incident, problem, change, and
release and configuration management.
2.4 Service Assumptions
Assumptions related to in-scope services and/or components include:
● Funding for major upgrades / add-ons will be provided by the Customer and treated as a
project outside the scope of this Agreement.
● Changes to services will be communicated and documented to all stakeholders.
3. Service Management
● Effective support of in-scope services is a result of maintaining consistent service levels.
This includes all PiF hardware and software deployed at all Customer locations. The
following sections provide relevant details on service availability, monitoring,
measurement and reporting of in-scope services and related components.
3.1 Service Availability
Coverage parameters specific to the service(s) covered by this Agreement are as follows:
8:30 A.M. to 5:00 P.M. U.S. Eastern Time
Monday – Friday
3.2 Service Requests
● In support of services outlined in this Agreement, the Service Provider will respond to
service related incidents and/or requests submitted by the Customer within the following
time frames:
● PiF Technologies will provide telephone technical support during the business hours of
8:30am and 5:00pm for reporting of service related incidents. After hours support is
available for incidents that are deemed Critical (See Appendix A: for details).
● Submission of service related incidents may also be submitted via email at
support@piftech.com. After the reporting of an incident to PiF Technologies personnel a
technician will be dispatched for an onsite service call within four hours of the reported
incident for those incidents deemed to be Critical in nature. All other issues will be
scheduled for next service or later.
● Refer to the service support policies, processes and related procedures for additional
information in Appendix A: Related Policies, Processes and Procedures.
__________________________________________________________________________
6 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
3.3 Service Maintenance
● All services and/or related components require regularly scheduled maintenance
(“Maintenance Window”) in order to meet established service levels. These activities
may render systems and/or scanners unavailable for normal user interaction for the
following locations and timeframes:
● Timeframe(s): PiF Technologies will always schedule routine maintenance on the
scanners and server to minimize the impact in the production environment. Any
maintenance performed during business hours will not result in application downtime
without the consent of Customer. If maintenance is required that will result in downtime it
will be scheduled for an after hours time between PiF Technologies and Customer
personnel.
4.0 Customer User and Data Security in PIF Cloud
4.1 Admin Role
● A customer is provided with one site admin account. The account is used to set up new
users/groups, reset passwords, IP restrictions, usage data and performance, content
types, workflows and just about any system based setting. It is the responsibility of the
customer to provide all user admin functions.
4.2 User Role
● A customer is able to set up an infinite number of user accounts to access DocStar
either in independent Docstar, SAML or LDAP authentication mode, Number of
concurrent users is governed by each customers contract.
4.3 Security
4.3.1 User login
● Access to DocStar is through single authentication point of a username and password.
The first factor is a user ID password pair. The User password should be the business
email of the customer, The password is comprised of a 10 character combination of
upper, lower, numeric and special characters.
4.3.2 Data and document security
4.3.2.1 Data
● Data in transit is encrypted using Transport Layer Security 1.2 (TLS, formerly called
Secure Sockets Layer [SSL]) with an industry-standard AES-256 cipher. TLS is a set of
industry-standard cryptographic protocols used for encrypting information that is
exchanged over the wire. AES-256 is a 256-bit encryption cipher used for data
transmission in TLS.
__________________________________________________________________________
7 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
● Data at rest is not encrypted by default. Options are available in the PIF FINRA cloud for
standing encryption using SQL Server Enterprise
● Documents in transit are encrypted using Transport Layer Security 1.2 (TLS, formerly
called Secure Sockets Layer [SSL]) with an industry-standard AES-256 cipher. TLS is a
set of industry-standard cryptographic protocols used for encrypting information that is
exchanged over the wire. AES-256 is a 256-bit encryption cipher used for data
transmission in TLS.
● Documents at rest are encrypted using AWS Key Management Service (KMS) both on
the AWS EC2 EBS volume and the S3 storage bucket.
● PIF leverages and complies with AWS BAA for HIPAA compliant architecture where the
Docstar, Frevvo and PIF corporate environments are sectioned into individual VPC. No
Internet access is available to anyone of the VPC’s but rather a default VPC housing a
Bastion server with RDP capabilities locks down unauthorized access.
__________________________________________________________________________
8 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
4.4 AWS Network Topology
__________________________________________________________________________
9 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
5.0 Cloud Hosting and Subscription
5.1 Termination
By default the PIF cloud contracts are 12 month terms and are evergreen (auto renew the
following year). Customer must provide 30 days written notice before contract expiration date to
waive the current year AWS hosting or subscription fees.Otherwise customer must pay full year
AWS hosting or subscription fees.
If the customer selects to terminate the contract, a fee to export the data and documents will be
accessed by the amount of storage. Customer will receive the data and documents on an
encrypted external hard drive.
● <50GB - $10.00/GB
● 51GB to 500GB - $7.50/GB
● 501GB to 1TB - $5.00/GB
● >1.1TB - $2.50GB
If the customer does not notify PIF and fails the pay the AWS hosting or subscription fees 45
days after contract expiration, PIF will lock the Docstar tenant so no access is permitted. After
180 days from the contract expiration, data will be deleted.
Appendix A: Associated Policies, Processes and Procedures
A.1 Incident Management
Definition: The process of managing unexpected operational events with the objective of
returning service to customers as rapidly as possible.
Tool Requirements: All requests for service must be submitted to PiF Technologies at
1-888-934-4443 or support@piftech.com. All incidents are logged and linked to the customer
record. PiF Technologies maintains a database of fixes for common and known issues. We also
use the hosted application http://pifhelp.com for remote access problem resolution. This does
require that the DocStar server have internet connectivity available and at no time does PiF
Technologies have the ability to gain access to the DocStar server without the consent of the
customer.
PiF Technologies has an escalation process for determining the dispatching of on-site service
calls should an incident fail to be resolved remotely. Customers with a maintenance agreement
always take precedence over those customers that have opted out.
The following is the escalation hierarchy with incidents defined as critical having the highest
priority for onsite scheduling:
__________________________________________________________________________
10 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
Critical: A DocStar related incidents having a high or global impact in a production environment
such that data access is nonexistent or an incident such that the aforementioned is a high
probability (e.g. No power on the DocStar server or network connectivity does not exist). In the
event of a critical failure of hardware / software covered under a PiF Maintenance Agreement,
PiF will supply “failed” hardware at no cost to Customer. In the event of a catastrophic failure
(e.g., fire or a building deteriorating event), provided appropriate back-up media is supplied by
Customer, Customer will procure and PiF will supply, the necessary hardware
(server/scanners). Once the necessary hardware and software is deployed, PiF will have the
ability to rebuild and restore your DocStar. A Technician can be made available after normal
business hours for a “Critical” failure only. A charge may apply. (See Service Pricing for details)
Normal: A DocStar related incident having a limited impact. Overall DocStar usage is not
impacted and solution integrity is not questioned (A single user is having an issue with the
DocStar application, functionality or a scanner that is intermittently jamming or double feeding).
An incident with this classification is scheduled for the next day.
Low: A DocStar related incident not having a noticeable impact on system usage (request for
preventative maintenance on a scanner). These incidents are scheduled within three days.
Tool Link(s) : http://pifhelp.com
__________________________________________________________________________
11 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
A.2 Problem Management
Definition: Problem Management identifies the root cause of a single significant, multiple or
recurring incidents to prevent further incident activity.
Tool Requirements: All Service related incidents are logged in a central SQL database and are
linked to a specific customer record. We are able to audit service and support trends at the
customer level and can also run a query to determine potential issues that might be affecting
our customer base in a more global fashion to improve service and support efficiency.
A.3 Service Policies and Pricing
End-of-Life Policy: End-of-life is described as any hardware that has been installed for a term of
five years or greater. After five years from purchase, PIF deems the hardware/software as
end-of-life and parts, labor and travel time will not be covered at no charge.
Service Pricing:
● After Hours Technical support - $395.00 per hour
● Professional Services - $200.00 per hour
● Additional Training - $200.00 per hour
● Remote Helpdesk Support Calls - $195.00 per hour (Customers with Softcare or Online
Backup Only)
● Remote Helpdesk Support Calls - $295.00 per hour (Non SLA Customers)
A.3 Disaster Recovery (DR) for PIF Docstar Cloud
PiF is a certified AWS Consulting partner with a number of certified cloud practitioners and
architects on staff. PIF has architected the PIF DocStar AWS solution using the Well Architected
Framework provided by AWS focusing on high availability, fault tolerance and durability.
Furthermore, architectural focus is put on decoupling of servers to reduce SPOF (single point of
failure), security leveraging MFA for all AWS administrators, and multi-region replication for high
availability.
PIF offers a number of AWS preconfigured frameworks to meet the needs of each customers
compliance requirements:
1. AWS GovCloud
2. AWS Multi-tenant Docstar Cloud
3. AWS Private Cloud with Standing Encryption of Data at Rest (SQL Server Enterprise)
Each of the options above may have a different variation on how the disaster recovery plan is
executed. For the purposes of this document, the DR plan explained below is focused on the
AWS Multi-Tenant Docstar Cloud.
__________________________________________________________________________
12 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122
To understand the DR plan, let us tell you about our AWS Multi-Tenant Docstar Cloud that
utilizes a number of AWS products such as: WAF (Web Application Firewall), ELB (Elastic Load
Balancer), AutoScale leveraging EC2 (Elastic Compute Cloud) compute resources and EBS
(Elastic Block Storage) and S3 (Simple Storage Service) storage resources. Depending on the
time, current 10PM to 4AM, the Docstar app server EC2 instance is downgraded to a t5xlarge
Windows server. When load increases during peak times, using the autoscaing and load
balancing within AWS, the EC2 instance is upgraded to an M5Xlarge. This happens
automatically using AWS AMI’s (Automated Machine Images).
Since S3 buckets are storing the images/documents with multi-region replication and with a
durability of 99.999999999% uptime, the system is fault tolerant for high availability.
Docstar App Server
The source Docstar application server running on an EC2 instance is replicated via snapshot
nightly. This server does not hold any data or documents and is merely a web server that serves
up the Docstar UI. Using the autoscale technology in AWS if the heartbeat of the source app
server goes down, AWS spins up a new EC2 resource within seconds.
Image Files
When a document/image is added to Docstar, the image files are stored in S3 bucket in the N.
Virginia Region which replicates real time to the Oregan region. Should a disaster occur to the
AWS N. Virginia data center a SQL script is run to repoint to the replicated S3 bucket in Oregon.
Database
A dedicated EC2 instance of SQL Server Standard stores all metadata and system
configuration data. This server communicates with the Docstar App Server and the S3 image
store. A full backup of SQL Server is donel each night at 10PM and uploaded to S3 bucket in
Oregon Region. Additionally the SQL Server transaction logs are replicated every 2hrs to
Oregon Region. Should a disaster occur to the EC2 instance running SQL Server, PIF will
restore the previous nights SQL Server snapshot along with the most current SQL transaction
log.
SOLR Index Server
SOLR runs on a Linux EC2 instance and serves as Docstars search and document index. The
index can be rebuilt on the fly which means its recoverable regardless if there is a backup or
not. However PIF has implemented a snapshot, backed up daily. Should a disaster occur the
snapshot would be deployed to a new EC2 instance which will restore the index, while a reindex
would be initiated from the Docstar app server to cover the delta of records not found in the
snapshot from the previous night.
__________________________________________________________________________
13 PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122