Service Level Agreement (SLA)


4/17/19

This document contains the Service Level Agreement (SLA) for Clients provisioned with hosted services from NatureServe. The latest SLA is always posted at www.natureserve.org/sla and supersedes any previously downloaded agreements. Exhibits to this agreement highlight additional terms that may be applicable to specific NatureServe hosted services.

NatureServe is committed to providing a highly available and secure hosting environment to support its Clients. This SLA outlines the responsibilities of the Client and the terms of service users can expect from NatureServe hosted services, including:

  • reliability of the hosting environment
  • monitoring and maintenance services
  • system performance and bandwidth availability
  • system backup and recovery
  • data security
  • support services

1. Hosting Environment

NatureServe assumes responsibility for maintaining the hosting environment to support its hosted services in both onsite and offsite data centers. NatureServe will make all reasonable efforts to ensure 24/7 availability of its hosted services by maintaining fully redundant power, data and physical network infrastructures in its data centers, by performing scheduled maintenance on the hosting environment during low use times, and by monitoring system performance through automated monitoring services. 

NatureServe reserves the right to modify its hosting environment for purposes including, but not limited to, accommodating evolving technology and increased network demand, decommissioning older equipment, and providing enhanced services. NatureServe shall use reasonable efforts to notify Clients in advance of any planned changes to its network or facilities that may adversely affect the Services provided under this Agreement.

2.  Monitoring and Maintenance Services

NatureServe will utilize a cloud-hosted monitoring agent to monitor the availability and performance of the hosted services and the computing environment in which they operate.  The monitoring agent performs service health checks on all registered components and sends automated alerts to NatureServe support staff if any issues are detected.  For each Hosted Service, NatureServe will maintain a Service Health Dashboard available to Clients at all times from the dedicated help desk center for their hosted service. The Dashboard will display current and historic availability reports, and will display system alert notifications during an outage. In addition, Clients will receive email alerts regarding unplanned and emergency outage events.

Routine monitoring services include:

  • Physical hosting environment monitoring, including: power, temperature, leak detection, network and systems infrastructure
  • Network service connectivity
  • Server resource monitoring of CPU, memory, and disk 
  • Database event and session monitoring with response time alerts
  • Web application availability monitoring
  • Regular site testing to ensure the proper functioning of the site and maintain compatibility with new versions of web browsers

When needed, NatureServe will schedule downtime for routine maintenance or systems upgrades.  NatureServe will exercise reasonable efforts to schedule maintenance and system upgrades during low use periods and to limit downtime to no more than 4 hours per month.

Generally, scheduled downtime will occur between Sunday 12:01 AM to 8:00AM Eastern Standard Time ("Maintenance Window") and will normally not exceed 4 hours.  Maintenance schedules will be posted on the help desk center for each hosted service at least 2 days before any scheduled downtime.  NatureServe reserves the right to extend or change the times of the Maintenance Window and will make reasonable efforts to notify Clients in advance of unscheduled or emergency maintenance.

NatureServe will also regularly issue new releases or patches for its hosted services, including specific maintenance actions prompted by associated database or configuration modifications.  Release schedules will be posted on each hosted service’s help desk center.  NatureServe reserves the right to extend or change the times of scheduled releases and will make reasonable efforts to notify Clients when release schedule changes are made.

3.  System Performance and Bandwidth Availability

NatureServe will monitor system performance across its entire hosting environment and will automatically stabilize resource intensive instances exceeding set thresholds. NatureServe will monitor bandwidth to ensure hosted services perform within set thresholds.  In the event a Client anticipates the need to transfer large data sets between a Client-controlled facility and the hosting facility, the Client should contact NatureServe support staff so additional measures may be taken to ensure acceptable system performance levels are maintained.   

4.  System Backup and Recovery

NatureServe will be responsible for the routine backup and verification of all components of the Client’s hosted service.  This includes all system files required to restore the hosted service application instance and its constituent data to a fully operational state.  In the event that system recovery requires restoration of data from a backup, the restored data will reflect the last verified stable system state.

Incremental backups will be conducted daily and full backups will be conducted weekly.  Duplicated backups are simultaneously created and maintained at a secure, secondary location which will also serve as the designated transfer site where authorized users can access and download backups for local use.  See the attached Exhibit for links to the dedicated help desk center for your hosted service, where NatureServe maintains details on the purpose, frequency, and retention duration for each type of backup and instructions for accessing the designated transfer site location.

NatureServe guarantees the functioning of all hosted services and will replace any failed component at no cost to the Client. If a system failure involves replacement of a hardware component, replacement will commence immediately upon identification of the failed component, followed by any necessary recovery procedures to restore the system and data to normal functioning.

As an added emergency recovery measure, all underlying application source code and system documentation is deposited and maintained at an independent third-party facility to ensure that the Client can obtain access to the source code in the event that NatureServe cannot fulfill provision of its Hosted Services.  Should this occur, Clients who have satisfied their annual service fee payments may download a copy of the latest complete release of the application source code and system documentation at Atlassian Bitbucket cloud-based code repository. Username and password credentials for accessing the source code and documentation repository are updated annually, maintained in the NatureServe’s Board of Directors Resource Handbook, and can be obtained by contacting any current member of NatureServe’s Board of Directors.

See Hosted Application - Service Details below for further information on obtaining credentials required to access stored application source code and system documentation in the event of such an emergency situation.

5.  Data Security

Data created and managed by the Client within the NatureServe hosted environment remain the sole property of the Client.  NatureServe will not review, share, distribute, print, or reference any Client’s data except as expressly defined by the terms of a Data Sharing Agreement between NatureServe and the Client.  NatureServe may at times view or access individual records and Client configuration details for the purpose of preventive maintenance or diagnosis and resolution of system problems or user support issues.  Clients are responsible for maintaining the confidentiality and security of their system access credentials, including user names and passwords.

NatureServe will implement reasonable and appropriate measures to secure the Client’s data against accidental or unlawful access or disclosure.  Security measures are in place at multiple levels to protect against the loss, misuse, and alteration of the data managed within the NatureServe hosted services.

  • Physical Security – Physical access to the NatureServe hosting environment is limited to only authorized personnel and secured by multi-level access authorization with biometric verification and comprehensive video surveillance throughout the facility.
  • Network Security – NatureServe employs intrusion detection and prevention systems to protect and monitor all hosted services running in our hosting environment.  NatureServe and approved third-party vendors may conduct security vulnerability testing as warranted and within the Maintenance Window.
  • Data Security – All Client data resident on the hosted services are backed up regularly and stored at a secure secondary location.
  • Browser-level Security – Secure Socket Layer (SSL) encryption protects server authentication information and data transferred between the Client’s browser and the hosted service.
  • Application Access Security – NatureServe will provide the Client with the ability to administer user access to their hosted service.  The Client can assign roles and access privileges to each user through unique usernames and passwords that must be entered each time the user logs in.
  • Separation of Client Data – Each Client database is stored in a separate instance housed within the Client’s hosted server environment, and access to the database is restricted to the Client’s application and its authorized database administrator. Client data are never managed in a database instance shared by more than one Client. 

6.  Support Services

NatureServe will provide support services to the Client for the hosted services covered by this agreement.  Clients will request support services primarily through the dedicated Help Desk center, or secondarily by phone or email.  NatureServe’s help desk will be staffed during core business hours (see standard hours of operation below) and will make every effort to achieve the prompt resolution of support requests and defect reports based on the assigned level of severity.

Support services will be delivered according to the following tier structure:

Security Level Response
Urgent:  A problem that severely impacts the Client’s use of the hosted service, such as: loss of data or system is unable to function. The situation halts Client’s business operations and no procedural workarounds exist. Client will receive immediate e-mail acknowledgement following report of the issue, and an initial response from staff within 30 minutes of submitting a ticket to the Help Desk.  The Support Team will make reasonable efforts to provide a fix or procedural workaround within two (2) hours once the issue has been replicated and confirmed as a problem by NatureServe.
High:  A problem where the Client’s hosted service is functioning, but its use is severely reduced. The situation is causing a high impact to portions of the Client’s business operations and no procedural workarounds exist. Client will receive immediate e-mail acknowledgement following report of the issue, and an initial response from staff within 30 minutes of submitting a ticket to the Help Desk.  The Support Team will make reasonable efforts to provide a fix or procedural workaround within four (4) hours once the issue has been replicated and confirmed as a problem by NatureServe.
Medium:  A problem that involves partial, non-critical loss of use of the Client’s hosted service. The situation is causing a medium-to-low impact on the Client’s business operations, but users can continue to function, including by using a procedural workaround. Upon submitting a ticket to Help Desk, the Client will receive immediate e-mail acknowledgement.  A member of the Support Team will respond to the Client within 2 business days of submitting a ticket to the Help Desk.
Low:  A general usage question, reporting of a documentation error, or recommendation for a future product enhancement or modification. The situation is causing low-to-no impact on the Client’s business operations or the performance or functionality of the hosted service. The Client will be contacted by a member of the Support Team within 2 business days with a response to their support question or receive email notification that their comment or recommendation for feature enhancement has been logged in our software products tracking database or posted to a Help Desk forum.

The response times listed above that require direct action by support staff apply during NatureServe's core business hours (8:00 AM - 8:00 PM Eastern).  For issues reported outside core business hours, response times begin at the start of the next business day.  Automated email response times apply at all times.

7.  Terms of Use and Client Responsibilities

Service Fees and Payment Terms

Annual service fee payments are due on commencement of the Hosted Service and at the beginning of each annual service term thereafter. Hosted Service payments are non-refundable, and no credits are issued in the event that the Client terminates their service during the annual term. NatureServe reserves the right to modify the annual service fee upon 90 days’ advance notification to the Client. See the attached Exhibit for links to the current annual fee for each service.

Minimum Requirements for Client’s Use of the Hosted Service

The Client must have an Internet connection with adequate bandwidth and an Internet browser to access hosted services covered by this agreement. See Hosted Application - Service Details below for further information on the minimum requirements for each hosted service.

Client Responsibilities

Authorized Users – The Client is responsible for administering user access to their hosted service and may authorize access to an unlimited number of users.  It is the Client’s responsibility to maintain the confidentiality and security of their system access credentials, including user names and passwords. NatureServe will not be held liable for any damage or loss that may result from the Client’s failure to protect their username and password.
Point of Contact – It is the Client’s responsibility to designate one primary and one alternate point of contact to receive email system status alerts. The Client will have the ability to maintain their primary and alternate contact points through the help desk center.
Acceptable Usage –  The Client is responsible for using the Hosted Service application the way it was intended to be used, in accordance with the provided system documentation. NatureServe is not responsible for the consequences of the Client’s intentional misuse of the Hosted Service. The Client is responsible for all activity that occurs under their account.

Limited Warranties and Disclaimers

NatureServe warrants to the Client that the Hosted Service, under normal use, will perform substantially in accordance with the system documentation. For any breach of this warranty, and to the extent not otherwise covered by Support Services, the Client’s sole remedy, and NatureServe’s sole liability, will be for NatureServe to use reasonable efforts to correct promptly any system documentation, reproducible errors and defects to make the Hosted Service operate as warranted.

NatureServe makes no warranties (i) that the Hosted Service will run properly on all Client hardware, (ii) that the Service will be available at all times, uninterrupted, and error-free, (iii) that all errors in the Service will be corrected, or (iv) that the Service will satisfy all Client requirements.

Limitation of Liability

The Client assumes total responsibility and risk for use of this Service.  NatureServe is not responsible for any viruses, spyware, malware, worms or related problems that may be associated with the Client’s Computer or Mobile Devices.  NatureServe is also not responsible for any errors or failures caused by any malfunction of the Computer or Mobile Devices resulting in losses or delays in transmission of information that Client provides to us or otherwise arising out of or incurred in connection with the use of any Internet or other service provider providing connection to the Internet or any browser software.

In no event shall NatureServe be liable for any direct, indirect, special, incidental, punitive, or consequential damages arising out of or related to the use of the Service, including without limitation as a result of breach of any warranty or other term of this Agreement. Any claim against NatureServe shall be exclusively limited to the annual amount paid by the Client to NatureServe for use of the Service.  To the extent that any limitation of liability set forth herein is determined to be invalid, NatureServe’s liability will be limited to the extent permitted by law.

Acceptance of Terms

By using this Service, the Client agrees to the terms and conditions in this Agreement and (after the effective date) any changes in such terms and conditions shall apply to the use of this Service by the Client. 

8.  Hosted Applications - Service Details

Biotics 5

Environmental Review Tool 

iMap