Terms of Service & Support
(using Evalueserve Insightloupe Software)
Use of Evalueserve Insightloupe Software constitutes acceptance and agreement to Evalueserve Terms of Service & Support.
1. Support Process
All Service Requests or Tickets are initially handled by SolutionSupport for problems related to Evalueserve Software. When Client reports malfunctions, SolutionSupport supports Evalueserve by providing information on how to remedy, avoid or bypass errors. The main channel for such support will be through email communication to/ from solutionsupport@evalueserve.com. All SolutionSupport persons involved in the Service Request solving process can access the status of the message at any time. SolutionSupport shall use commercially reasonable efforts to comply with the Initial Reaction Times.
2. Initial Reaction Time
SolutionSupport shall confirm receipt of the Service Request and provide Client with an initial qualified response. SolutionSupport shall provide one contact from the Support Team to respond to the Service Request. The team provides support in English only.
| Metric | Initial Reaction Time (IRT) | KPI | Measurement |
|---|---|---|---|
| Severity Level 1 | Four (4) business hours | 12 Hour Resolution Time – 100% | Severity Level 1 Service Requests will be resolved within 12 hours 100% of the time. |
| Severity Level 2 | Eight (8) business hours | 72 Hour Resolution Time – 99% | Severity Level 2 Service Requests will be resolved within 72 hours (3 business days) 99% of the time. |
| Severity Level 3 | Twenty-four (24) business hours | 10 Day Resolution Time – 99% | Severity Level 3 Service Requests will be resolved within 10 business days, 99% of the time. |
3. Security statement
The Insightloupe platform utilizes some of the most advanced technology for Internet security available today. When a Client access the software using industry standard Secure Socket Layer (SSL) technology, the information is protected using both server authentication and data encryption, ensuring that the data is safe, secure, and available only to registered Users in the Client’s organization. The data will be completely inaccessible to your competitors. Furthermore, the software’s roles and permissions system ensures that data access can also be controlled within the Client organization.
The Insightloupe Platform provides each User in the organization with a unique username and password that must be entered each time a User logs on. The Insightloupe Platform issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the username or password of the user. The Insightloupe Platform does not use cookies to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs. In addition, the Insightloupe Platform is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders.
SSL certificate
The software is available over an encrypted connection. Using an encrypted connection makes it extremely difficult for third parties intercept the actual unencrypted data while it is being transported over the internet from the Service to the user’s browser. To enable this encryption industry standard SSL certificates are used. These certificates are also used to verify the authenticity of the Service. The user’s browser can verify the authenticity of the Service with extremely high confidence and thereby ensuring the user they are communicating with our Service as opposed to a Service of an imposter. The encryption is done on the transport layer using TLS 1.2. The minimal key size of the certificate is 2048 bits and the encryption is at least 128 bit.
EVALUESERVE RESERVE THE RIGHT TO MODIFY THE TERMS OF SERVICE & SUPPORT WITHOUT NOTICE.
For any questions related to these Terms please contact solutionsupport@evalueserve.com
Appendix A: Evalueserve security controls
1. Human resources security
Adherence to Evalueserve Policies
Evalueserve adheres to all relevant applicable laws, educates its teams on these topics during training, and provides updates on a regular basis. Evalueserve expects the similar level of compliance by the vendor.
Training and Awareness Sessions
Periodic awareness sessions and training must be conducted to ensure that employees, contractors, and third parties are aware of the information security policies and procedures. Also, new hires must go through training on information security as part of the orientation program.
Disciplinary Policy
A formal disciplinary policy, based on which action is taken on users who commit security breaches and violate security policies and procedures. Information/Data classification policy: Information classification and handling procedures must be well defined, documented and communicated to all relevant stakeholders.
Data Retention Policy
Information or data stored at the vendor site must be retained based on the project’s requirement.
2. IT security policies
Change Management
Changes to the information systems are documented, tested, and authorized before implementation.
Segregation of Duties
The individuals involved in the project are authorized and have defined roles and responsibilities. Access is granted based on their roles and responsibilities, and appropriate escalation procedures established.
Capacity Management
Information processing systems and facilities are monitored for continued availability of the systems to meet future requirements, in terms of processing power, bandwidth, storage, etc. Patch management Evalueserve has a documented procedure for management of security updates, patches, hotfixes, and bug fixes for the information systems managed by Evalueserve. This procedure includes identifying, testing and implementing patches within an appropriate timeline which must not exceed a month for any high or critical security patch.
Protection from Malicious and Mobile Code
Adequate security controls are in place for protection from malicious and mobile code. Information security controls such as industry standard Antivirus/ malware solution are used for the information systems to ensure protection from virus attack. The AV signatures, pattern files are updated on daily basis and real time monitoring is carried out for quick detection and action on any alerts.
Media Management
Adequate controls must be documented and defined for managing removable media, such as floppies, backup media, flash disks, printed reports, hard disks, etc. Access to USB ports, and CD and floppy drives on all computers are be disabled to protect from the risk of data/ information leakage.
Log Monitoring
Logs are maintained, retained and reviewed on a regular basis to ensure that any unauthorized activity, error or exception is identified in a timely manner. Logs include security, performance, application etc.
User Access Management
Access is be restricted strictly on need to know principle and provided based on the roles and responsibilities of an individual.
Network Security Controls
Adequate network security controls are in place to ensure protection of the Information systems from any network security threats such as hacking attempts, denial of service attacks, etc. Controls include are not limited to: Firewalls, VLAN restriction, Separation of production, development and test environment, IDS/ IPS, Internet restrictions, Configuration audits and secure policies etc.
Secured Application Development Policy
Secure software development procedures and policies are followed to validate and prevent the corruption of data.
- Input and output data validation
- Message integrity
- Cryptographic controls
- Protection from technical vulnerabilities
Information Security Incident Management
Any observed or suspected security events will be reported to Client at the earliest. The incident report includes:
- Root Cause
- Impact of the incident
- Immediate action taken
- Corrective and preventive action taken
Business Continuity Management
A managed process for development and maintenance of business continuity is established. The following key components of business continuity management are considered:
- Identification of critical business processes
- Risk assessment and business impact analysis
- Preparation of business continuity planning (including disaster recovery plan, business resumption plan, and crisis management program)
- Regular testing and maintenance of BCP
Technical Compliance
Vulnerability assessment and penetration testing of Evalueserve information systems, are regularly carried out to identify and fix any security weaknesses within these systems.
Appendix B: 3rd Party Hosting provider Linode Security Controls & Privacy
The Evalueserve Insightloupe platform is hosted by Linode, a trusted 3rd party cloud provider. It provisions a secured optimised hosting environment. Through Linode Evalueserve is able to offer an incident response service designed to help cut out costly downtime. The highly experienced Managed team of Linode is here around the clock to fix any potential problems with the cloud servers that run the Insightloupe Platform.
An overview of security at linode, including certifications can be found at https://www.linode.com/security
1. Physical Security
On a physical level, security at each facility is made up of several layers. There is either a manned checkpoint or keycard access to get into the building itself (in some places, even the parking lot). Once inside the building, there are several layers of physical security before actually reaching the equipment, including biometric fingerprint, handprint, retina scan, key card, and PIN numbers. In some facilities visitors are escorted to the area at this point, but most allow you to make their own way. All of the equipment is in locked cages, so even if someone was wondering free somehow, they would still need a key, thumbprint, or keycard to get into our locked cage.
2. Network Security
Linode has their own internal monitoring solutions in place which alerts us to any issues that may arise and address them as quickly and efficiently as possible. They cannot disclose any specific information about these security implementations as this information could potentially be used to circumvent these systems, however clients can rest assured that they take a proactive approach toward the security of their network.
3. Xen Security
On the software level, each instance is a fully virtualized instance of a physical machine. Each Xen instance runs its own kernel and user space in a dedicated segment of RAM limited to that instance. There are restrictions in place on the host itself to only allow Xen instances to access the disk images assigned to the account attached to it. Additionally, clients are welcome to review these pages for more specific information on the security policies of each datacenter Linode co locates in:
- Newark, NJ: http://www.nac.net/enterprise/SAS70typeii.asp
- Atlanta, GA: http://www.atlantanap.com/index/news_sas70
- Dallas, TX: http://www.softlayer.com/sas
- London, UK: http://us.telecitygroup.com/data-centre-industry-standards-accreditations.htm
- Fremont, CA: http://www.he.net/
4. Privacy
For more information on Privacy, please find the policy of Linode here: https://www.linode.com/privacy
5. Proactive Managed Services
To avoid and manage the downtime of the Linode Cloud Hosting services, Evalueserve SolutionSupport provisions Managed Services via Linode as an incident response service designed to help our businesses to cut out costly downtime. At the 3rd party hosting provider Linode a highly experienced Managed team is around the clock (24/7/365) to fix any potential problems with the cloud server.
Incident Response
Actively track uptime and responsiveness for every registered system and service. If a check fails, the Linode experts will take immediate steps to get the Linodes back online as quickly as possible.
Metrics Monitoring
The SolutionSupport support team can simply add URLs, IP addresses, and TCP ports and Linode can monitor them through the multi-homed monitoring system. The team also gets access to insights from the system metrics including advanced system and service analytics. It pinpoints resource bottlenecks with up-to-the-minute graphs while gaining immediate visibility into the systems with per-process and aggregate statistics for CPU, memory, and network.
Architecture Advice when We Need It
Linode provides advice for maximizing the Linode system’s available memory, speeding up application response times, and handling all of the traffic of the instances. Data protection at no additional cost. The Backup Service is automatically enabled on all the Linodes as part of the
Managed Services Enrolment
The 3rd Party Provider assures they’ve got Evalueserve’s back if SolutionSupport need to roll back to a previous snapshot. Linode manages the entire system, from making sure backup boxes are healthy, to monitoring for failures.
Backup strategy for any situation
The Backup Service is activated instantly and runs completely independent of the Linode software stack. Three backup slots are executed and rotated automatically: a daily backup, a 2-7 day old backup, and an 8-14 day old backup. A fourth backup slot is available for on-demand backups.
Configurable Backup Window
Linode configure when automatic backups are initiated from a list of 2 hour windows, allowing to perform any database dumps before the backup occurs.
How Linode Backups Work
Backups are stored on separate systems in the same datacenter as the clients Linode. The space required to store the backups is not subtracted from the client’s storage space. Linode can store four backups of the Linode, three of which are automatically generated and rotated:
- Daily backup: Automatically initiated daily within the backup window SolutionSupport selects. Less than 24 hours old.
- Current week’s backup: Automatically initiated weekly within the backup window, on the day SolutionSupport selects. Less than 7 days old.
- Last week’s backup: Automatically initiated weekly within the backup window, on the day SolutionSupport selects. Between 8 and 14 days old.
- Manual Snapshot: User-initiated snapshot that stays the same until another snapshot is initiated.
The daily and weekly backups are automatically erased when a new backup is performed. The Linode Backup Service does not keep automated backups older than 8-14 days.
Uptime Guarantee
Linode provides a 99.9% uptime guarantee on all Evalueserve hosted hardware, and on network connectivity. In any given month, if your Linode is down for more than 0.1%, you may request a pro-rated credit for the down-time of the hosting service.
SolutionSupport regularly checks that the cloud service provider (Linode) adheres to all the confidentiality and rules for providing cloud services, and that there is no interruption in quality of their service.
Appendix C: Insightloupe Cloud Hosting
1. Insightloupe cloud architecture
| Insightloupe options | |
|---|---|
| Application | Private |
| Data (client specific) | Private |
| Releasing Updates | Monthly release cycle |
| Backup & Restore | Daily, automated |
| Data center location | Europe (UK, London) |
| Cloud Infrastructure by | Linode or Azure (optional) |
2. Definitions
Source: Wikipedia
Managed Private Cloud refers to a principle in software architecture where a single instance of the software runs on a server, serving a single client organization (tenant), and managed by Evalueserve Insightloupe team.
This is in contrast to multitenancy where multiple client organizations are on a single server, or an on-premises deployment where the client organization hosts their own instance. A multi-instance architecture provides each customer with their own unique database.
Managed Private Clouds also fall under the larger umbrella of cloud computing.
A multi-instance architecture provides each customer with their own unique database. Rather then using a large centralized database, instances are deployed on a per-customer basis, allowing the multi-instance cloud to scale horizontally and infinitely.
With this architecture and deployment model come many benefits incl. true data isolation, advanced high availability and customer-driven upgrade schedules.