Qspaces Service SLA

Qspaces Service Description (Version 1.1.3)

1. This document defines the Service Description for Qspaces Managed Cloud Solution, The structure is organized as follows:

A. Structure: An overview of the document's purpose, scope, and organization for easy reference.
B. Functional Overview Qspaces cloud managed services and Technical Availability: Description of core functionalities, details of support scope, technical capabilities and uptime guarantees.
C. Support Services and Availability: Outlines the scope of support services, including the channels, response and resolution times, and the availability of support service.
D. Specification of Related Services (if any): Outline of optional and complementary services, including integration capabilities, advanced configurations, and associated SLAs.

2. The Parties may amend the descriptions contained in the following chapters.

A. Structure and Glossary

Structure

This section provides an organized framework for the Service Description document, ensuring that all stakeholders can navigate its contents efficiently. It sets the stage for understanding the scope, responsibilities, and expectations outlined in the SLA.

Key components of the structure:

Purpose: To establish a clear and concise overview of the Qspaces Managed Solution, detailing the scope, functionality, and service levels. This section ensures that all stakeholders understand the services provided, the level of support included, and the operational terms.
Audience: Designed for both technical and business stakeholders, including clients, service providers, and support teams.
Document Organization: Each section addresses specific aspects of the service, such as technical capabilities, support, and optional add-ons, ensuring comprehensive coverage of the solution.
Flexibility and Amendments: The document is subject to revisions and updates, with all amendments mutually agreed upon. This ensures that the Service Description remains relevant and reflects any changes in service offerings, availability, or support.

Glossary

1. The glossary provides definitions for key terms used throughout the document, ensuring consistency and eliminating ambiguity. Each term with a capitalized initial letter is defined as follows:

Pos.	Term	Definition
1	Agreed Availability Time	The total period within a specified timeframe (e.g., monthly or annually) during which the customer's systems, covered by the service agreement, are guaranteed to remain operational and accessible, aligned with the agreed uptime.
2	Change Request	A proposal to modify existing systems, processes, or functionalities to address new requirements, resolve issues, or improve performance.
3	First Level Support	The organizational unit that acts as the initial point of contact for processing an Incident.
4	Force Majeure Event	Extraordinary events or circumstances beyond the control of the Parties, such as a war, strike, riot, crime, epidemic, pandemic.
5	Incident	Unplanned interruption or degradation in the quality of the Customer project
6	Incident Report	Notice issued by the Customer reporting an Incident to Qspaces.
7	Maintenance (Services)	Tasks and activities of Qspaces team to maintain and update the Customer project.
8	Planned Downtime	Time frame, agreed between the Parties, in which the Customer project is unavailable due to planned Maintenance Services.
9	Reaction Time	Time taken from when an incident or request is logged (created) until a Level 1 (SPOC “Single Point Of Contact”) member acknowledges it.
10	Resolution Time	Time taken from the assignment of the incident or request to a specific Qspaces engineer (Level 2) until ticket is resolved.
11	Response Time	The duration from when an incident or request is assigned to a Qspaces engineer (Level 2/3) to when actionable work begins on its resolution.
12	Second Level Support	The organizational unit within Qspaces responsible for providing in-depth support and resolving issues escalated from First Level Support.
13	Service Hours	Defined time frame during which Support Services are available to the Customer.
14	Technical Availability	Actual operational uptime of a system or service, as monitored and measured from a technical perspective
15	Third Level Support	An organizational unit responsible for resolving complex incidents beyond the scope of Second Level Support, including coordination and collaboration with third-party support systems as necessary.
16	Unplanned Downtime	Time frame in which the Customer’s project is unavailable to the users, and which does not qualify as Planned Downtime.

^{Table 1: Glossary}

B. Functional Overview and Technical Availability

Functional Overview - Service Features

Qspaces Managed Cloud Solution offerings provide a comprehensive range of features designed to optimize and secure Customers’ cloud infrastructure and applications. These services are tailored to meet the specific needs of Customer’s business, ensuring maximum uptime, performance, and cost-efficiency. Below are the key features included in Qspaces offerings.

Qspaces Managed Services

Pos.	Feature	Short Description
1	24/7 Cloud Monitoring and Alerts	Real-time monitoring of cloud infrastructure and applications with automated alerts for resource utilization and issues.
2	Incident Management (L2 & L3)	Rapid response to incidents with both Level 2 and Level 3 expertise for issue resolution.
3	Performance Optimizations	Identify and implement configuration adjustments to optimize resource performance and cost.
4	Backup and Disaster Recovery	Automated backups, recovery solutions, and disaster recovery planning tailored to Customers' cloud setup.
5	Security and Compliance Management	Proactive security checks, compliance audits, and vulnerability assessments across customer’s cloud infrastructure.
6	Infrastructure Design Assistance	Provide consulting and technical expertise to design scalable and reliable cloud architectures.
7	Cost Management and Reporting	Regular cost analysis and reporting with actionable recommendations to reduce cloud spend.

^{Table 2: Qspaces services}

Service Features

Pos.	Feature	Short Description
1	Centralized Monitoring	Unified monitoring across cloud resources with monitoring tools for metrics, traces, logs, and real-time insights.
2	Incident and Alert Management	Automated alerting and incident tracking using monitoring tools integrations for real-time notifications and escalations.
3	Role-Based Access Control (RBAC)	Secure usage with role-based permissions for accessing and managing dashboards and configurations.
4	Log Management	Centralized logging across cloud services , enabling quick troubleshooting and log analysis.
5	Custom Metrics and Traces	Collect and monitor custom metrics and distributed traces for advanced application performance insights.
6	Real-Time Cloud Security Monitoring	Monitor security threats for cloud accounts and services.
7	Integrated Performance Reports	Generate regular performance and availability reports tailored to cloud resource usage (as part of the quarterly business review).

^{Table 3: Service Features}

Cloud Security Features

Pos.	Feature	Short Description
1	Comprehensive Secret Management	Securely store, access, and manage secrets (e.g., credentials, keys) with encryption, access control, and audit logging, including integration for 3rd party applications.
2	Identity and Access Management (IAM)	Manage cloud IAM policies, roles, and permission boundaries for secure and flexible access control.
3	Security Monitoring	Detect security threats and anomalies, perform compliance checks, and ensure proactive cloud security.

^{Table 4: Security features}

Functional Overview – Managed Cloud Services

Qspaces managed cloud services ensure guaranteed performance, availability, and response times, offering clear metrics for Customers who require a robust, secure, and performance-driven cloud environment.

CORE CAPABILITIES

The foundation of Qspaces Services:
Qspaces’ managed cloud solution provide a robust, scalable, and secure foundation for businesses that require flexible, high-performance cloud solutions. Our core capabilities ensure seamless management, optimization, and support of Customers cloud infrastructure and applications.

Infrastructure Management

Provisioning & Scaling: Qspaces handle the provisioning of cloud resources (compute, storage, and networking) across cloud environments.
Monitoring & Performance Optimization: Monitoring of cloud infrastructure using best-in-class tools to track health, performance, and security.
High Availability & Disaster Recovery: Design and implementation of high-availability architectures that ensure service uptime and continuity.
SLA Guarantee: Qspaces infrastructure management service includes uptime guarantees , with clear response and resolution times for any service disruption, supported by clearly defined SLA-backed metrics.

Application Support

Deployment & Configuration: Qspaces team manages the end-to-end deployment lifecycle of applications, including the installation, configuration, and optimization of enterprise-grade software and services in the cloud.
Application Optimization: Qspaces team focus on optimizing application performance, memory management, ensuring customer applications run smoothly at scale.
Issue Troubleshooting & Root Cause Analysis: Qspaces team troubleshoot and resolve application-level issues, from configuration errors to performance bottlenecks.
Integration & Dependency Management
SLA Guarantee: Qspaces application support guarantees a maximum response time for critical issues, with resolution times based on severity.

Workflow Management

Workflow Automation
Reporting & Analytics
SLA Guarantee

Qspaces' core capabilities are the foundation of all our service.

Feature	Service
General Cloud Support	Included
Infrastructure Scaling & Updates	Priority Handling
Application Support	Full Support for Standard Apps
Proactive Monitoring	Enhanced Monitoring & Alerts

^{Table 5: Qspaces' core capabilities}

Technical Availability

Qspaces Managed Cloud Solution is committed to delivering highly reliable and secure cloud management for Customers.

COVERAGE AND SUPPORT LEVELS

Service:

Coverage: 24/7 monitoring and incident response.
Scope: Comprehensive management, including issue detection, root cause analysis, and resolution during any time of day, ensuring uninterrupted operation.
SLA: 99.95% uptime.
Additional Features:
- Solution maintenance and compatibility management
- Multi-partner management
- Security and compliance management
- Global support availability during working hours
- Annual optimization check.
- Support availability 24/7
- Quarterly Business Review
- Annual system and carbon footprint design review
- Dedicated Customer success manager
- CAPEX/OPEX flexibility options

AVAILABILITY COMMITMENT

Qspaces is committed to ensuring reliable and uninterrupted Technical Solution Availability, with availability levels tailored to the selected service tier:

1. Service: Guaranteed 99.95% availability per calendar month, supported by 24/7 monitoring and incident response, with a maximum of 22 minutes of unplanned downtime within a monthly total of 720 hours.

--> Availability is measured as the percentage of total agreed service time during which the cloud infrastructure and management services are operational and reachable.

Factors Considered in the SLA Calculation Formula:

1. Agreed Availability Time: The availability period specified by the service is 24/7 coverage.

2. Unplanned Downtime: Any period of unavailability that occurs outside of scheduled maintenance windows or predefined exclusions.

These factors are used in the following calculation formula: (Agreed Availability Time – (Unplanned Downtime )) / Agreed Availability Time

EXCLUSIONS FROM DOWNTIME CALCULATION

The following situations are excluded from Unplanned Downtime:

External Factors Beyond Qspaces Control:
- Third-Party Dependencies: Failures or delays caused by third-party systems (e.g Iconik), services, or infrastructure that are not under Qspaces’ direct management or control.
- Cybersecurity Events: Cyber-attacks that exceed industry-standard prevention measures despite Qspaces employing best practices for defense.
- Force Majeure: Events such as natural disasters, extreme weather conditions, governmental restrictions, or other uncontrollable external circumstances.
Customer-Caused Incidents:
- Misuse or Misconfiguration: Misconfigurations, unauthorized changes, or improper use of the cloud infrastructure by the Customer or their end-users.
- Response Delays: Delayed actions, responses, or approvals required from the Customer, which hinder issue resolution or recovery times.
Scheduled Maintenance:
- Planned Maintenance: Pre-scheduled maintenance activities communicated to the Customer at least 5–7 calendar days (common for standard updates/upgrades) in advance.
  Critical Updates: 24–48 hours for high-priority patches requiring less lead time. These updates are communicated to the Customer via predefined channels (e.g., email, ticketing system, or portal notifications) immediately upon identification of the critical need. A streamlined planning process is followed to assess impact, test updates in staging environments (where feasible), and coordinate with key stakeholders before implementation.
  Maintenance Windows: Typically scheduled during off-peak hours(e.g., nights or weekends) to minimize impact.
Third-Party Services:
- Failures caused by services outside Qspaces control, e.g. installation of security patches by a third party.

RESPONSIBILITIES AND NOTIFICATIONS

Customer Responsibility:
Customers are obligated to immediately notify Qspaces technical support team of any incidents impacting system availability. Timely reporting ensures prompt resolution and minimizes downtime.
Qspaces Responsibility:
Qspaces will perform mandatory maintenance and upgrades during pre-communicated maintenance windows to minimize service disruption. In cases of unforeseen maintenance, Qspaces will make every effort to provide advance notice wherever possible.

C. Support Services and Availability

Language of Support Services

All support services provided by Qspaces under this section will be delivered in English.

Support Services

Qspaces provides a structured, support model that ensures efficient resolution of Customer issues across multiple levels of support. Below is the detailed scope for each support level:

SCOPE OF FIRST-LEVEL SUPPORT (QSPACES SPOC)

The First-Level Support acts as the Single Point of Contact (SPOC) for the Customer to ensure initial incident handling and seamless communication with Qspaces. Responsibilities include:

Incident Management

Initial Ticket Handling:
- Logging incidents reported by end-users or monitoring systems in the designated service management tool.
- Classifying, prioritizing, and categorizing incidents according to defined SLAs.
Basic Troubleshooting:
- Performing initial diagnostics and applying quick fixes (e.g. password resets, basic reconfiguration, or FAQs).
- Escalating incidents to Second-Level Support when resolution requires deeper technical expertise.

User Communication

Providing timely updates to end-users regarding ticket status, expected resolution times, and next steps.
Offering guidance or procedural assistance for common user issues (e.g. accessing platforms or basic configurations).

Monitoring and Alerts

Acting on system alerts and determining whether escalation to Second-Level Support is required.
Ensuring continuous communication with Qspaces and relevant teams for follow-ups on escalated incidents.

SCOPE OF SECOND-LEVEL SUPPORT (QSPACES)

The responsibilities of Qspaces Second-Level Support include:

Incident Management

Incident Handling:
- Processing incidents escalated by First-Level Support or directly reported by the Customer.
- Prioritizing resolution of incidents to minimize downtime and restore defined operational states.
Problem Isolation:
- Identifying recurring issues and isolating root causes for future problem management.

Escalation Management

Escalating unresolved or complex incidents to Third-Level Support or specialized teams for further investigation.
Coordinating with the Customer and Qspaces’ internal teams to facilitate seamless escalation and resolution.

Collaboration and Communication

Maintaining regular updates to First-Level Support on the progress of incident resolution.
Documenting solutions and procedures to enhance the knowledge base.

SCOPE OF THIRD-LEVEL SUPPORT (QSPACES AND THIRD PARTIES)

The Third-Level Support provides advanced technical expertise to resolve complex incidents that require in-depth troubleshooting or development-level interventions. This includes both Qspaces and third-party vendors involved in maintaining the Customer’s environment.

Incident and Problem Management

Advanced Incident Resolution:
- Resolving incidents escalated by Second-Level Support, requiring specialized skills, access, or tools.
- Addressing issues related to the core infrastructure, application code, or hardware managed under third-party SLAs.
Root Cause Analysis:
- Conducting detailed analysis of recurring incidents to determine the root cause.
- Proposing and implementing permanent fixes or workarounds to prevent recurrence.

Collaboration and Escalation Management

Collaboration with Vendors:
- Engaging third-party providers (e.g. Iconik, AWS Support) for issues involving cloud infrastructure.
- Managing vendor SLAs to ensure timely resolution of escalated issues.
Feedback to Second-Level Support:
- Documenting fixes and providing knowledge transfer to Second-Level Support for handling similar issues in the future.

Infrastructure and Application Support

Implementing significant changes, updates, or upgrades to customer projects.
Providing architectural reviews or recommendations for improving project stability and performance.

Customer Responsibilities

The Customer must appoint an authorized employee or team as Support team to:

Act as the primary point of contact for Qspaces team regarding incident escalation and resolution.
Collaborate with Qspaces team by providing timely responses to inquiries or requests for additional information.
Ensure accurate and complete reporting of incidents to minimize delays in resolution.

Service Hours & Contacts

Service Support
Service Hours: 24/7 availability.

Contact Options:

Support Portal: Submit a ticket via QvestMedia - Powered by Kayako Help Desk Software
Ticketing Priority Email: support_tech(at)qvest.com
Contact Support Team (no ticket generation): service.tech(at)qvest.com
Contact Priority Email: support.qspaces(at)qvest.com

Scope of Service Responsibility

Service Quality at the Transfer Point

All service quality commitments are applicable up to the Transfer Point(s), defined as the boundary where Qspaces’ managed services interface with the Customer’s internal systems, infrastructure, or third-party components. Transfer Points may include, but are not limited to:

API endpoints managed by Qspaces.
Integration interfaces with the Customer’s internal tools (e.g., issue management systems or data processing platforms).

Beyond the Transfer Point(s), the following fall outside the scope of this SLA:

Data Transmission Impairments: Issues arising from the Customer’s network, internal systems, or third-party service providers.
Customer Actions: Downtime or degradation caused by unauthorized configuration changes, misuse, or negligence by the Customer.
Third-Party Limitations: Impacts due to the performance, reliability, or restrictions of external providers integrated by the Customer.

Multiple Transfer Points:
If multiple Transfer Points are applicable, they will be explicitly identified in the service agreement or supporting documentation to ensure transparency. Each Transfer Point has its own defined boundaries and responsibilities, as agreed between Qspaces and the Customer.

Operational Support Scope

Service Level Agreement (SLA) Exclusions
The SLA does not apply to activities conducted during preparatory phases, such as:

Initial setup
Configuration
Testing
Ramp-up

These phases are considered outside the scope of SLA coverage until the system is formally declared live. Similarly, the SLA excludes activities undertaken in post-operational phases, such as:

System decommissioning
Transitioning to another provider

Strict SLA commitments, including those related to availability, resolution times, or performance metrics, do not apply to these preparatory or non-operational phases. Additionally, this exclusion extends to Proof of Concept (PoC) solutions that are later transitioned into a productive state.

Inclusion of Minimum Viable Product (MVP)
The SLA explicitly includes the Minimum Viable Product (MVP) phase, provided it has been formally recognized as part of the operational scope and agreed upon by both parties. During the MVP phase:

SLA terms for monitoring, incident response, and other agreed service levels will apply as specified.
Availability, performance, and resolution time commitments will be maintained within the limits defined in the agreement.

This ensures that MVP phases are supported appropriately while respecting the operational readiness of the system.

Incident Reporting and Escalation
Customers can escalate issues that breach SLA commitments. Escalation occurs when SLA thresholds, such as response or resolution times, are exceeded. Issues can be escalated from the standard support team to the Service Desk Supervisor or senior management, depending on the severity and urgency of the breach. Customers can initiate escalation by contacting the following points of escalation:

Service Desk Ticketing Priority Email: support_tech(at)qvest.com
Contact Support Team (no ticket generation): service.tech(at)qvest.com
Contact Priority Email: support.qspaces(at)qvest.com

Incident Reporting Requirements

To ensure timely resolution, the Customer is required to report incidents using the designated Qspaces ticketing service or email. Delays in resolution caused by the unavailability of the Customer’s Support team (or contact partners) or incomplete information provided will not count toward Qspaces resolution time commitments.

When reporting an incident, the following information is required:

Detailed Incident Description: A clear explanation of the issue, including observed symptoms and potential impact on services.

Documentation of the Issue: Supporting evidence, such as error messages, logs, screenshots, or notifications, to facilitate faster diagnosis.

Remedial Steps Taken: Details of any measures already attempted by the Customer’s team and the corresponding outcomes.

Customer Contact Information: Contact details of the designated First-Level Support representative available throughout the resolution process.

Technical Environment Details:

Location of the affected infrastructure or services.
Interfaces and data formats where the incident occurred.
Software components, applications, and services impacted by the issue.

Classification of Incidents

Incidents are classified according to their severity into the following priorities:

P1 “Critical”: A complete system failure or a major functionality of the managed cloud solution becomes non-operational, and no workaround exists, resulting in a complete inability to use the solution or critical service. This includes critical security breaches that significantly impact operations or compromise the confidentiality, integrity, or availability of customer data.
Examples:
- Critical infrastructure outages.
- Database unavailability.
- Severe security breaches (e.g., data exfiltration, compromised access to sensitive systems).

Impact: Relevant solution or service cannot be accessed or used at all, leading to significant operational disruption.

P2 “Major”: Issues causing
- a) A major feature to malfunction, but a workaround exists,
- b) Substantially degraded performance of a key function.
- c) More than two minor features to fail, with no available workaround. Examples include latency issues affecting primary applications, degraded storage performance, or intermittent network disruptions.
P3 “Minor”: Issues causing
- a) Minor features to become non-operational,
- b) Slightly degraded performance of the managed services without significant business impact. Examples include user interface glitches, delayed monitoring updates, or intermittent access to non-essential services.

In the event the Parties cannot reach an agreement about the classification of an Incident, Qspaces shall be entitled to decide the classification in its reasonable discretion.

Also, a high-priority ticket may be re-prioritized to a lower priority level if a temporary solution is implemented by the Qspaces team, effectively restoring partial functionality. For example, if an Incident is initially classified as Critical (P1) due to a complete system outage, and a temporary fix is applied, the ticket may be re-prioritized to Major (P2) until the underlying root cause is fully resolved.

--> For the handling of change or feature requests please see section D.

Reaction Times

1. This is the time taken from when an incident or request is logged (created) until a Qspaces Single Point Of Contact (“SPOC”) member acknowledges it. It shows how quickly the Level 1 team reacts to the new issue.

2. The Reaction Times targeted by Qspaces team depend on the Service Levels ordered by the Customer and on priority. The priority depends on the classification of the Incident as shown below on “Table 6”

Response Times

1. The Response Time is the time taken from the assignment of the incident or request to a specific Qspaces engineer until actual, actionable work begins on resolving it.

2. Upon receipt of a complete and comprehensive Incident Report, Qspaces team shall begin with the analysis and resolution of the Incident within the agreed Response Times. Response Times shall apply only within the agreed and subscribed Service Hours.

3. The Response Times targeted by Qspaces team depend on the Service Levels ordered by the Customer and on priority. The priority depends on the classification of the Incident as shown below on “Table 6”.

Resolution Times

1. The resolution times targeted by the Qspaces team refer to the period starting from when an engineer acknowledges the ticket and begins addressing the incident until the defect is resolved or a workaround is provided. Resolution times shall apply only within the agreed and subscribed Service Hours. Qspaces team may choose the form of resolution based on its reasonable discretion.

2. Any time periods during which the Customer fails to provide the necessary cooperation, assistance, or information requested by the Qspaces team regarding the Incident will not be included in the Resolution Time but will instead extend it.

3. The Resolution Times targeted by Qspaces depend on the Service Levels ordered by the Customer and on priority. The priority depends on the classification of the Incident as shown below on “Table 6”.

State	P1	P2	P3
Reaction	30 mins	30 mins	45 mins
Response	2hrs	4hrs	8hrs
Resolution	8hrs	12hrs	1 business day

^{Table 6: Reaction, Response, and Resolution Time Chart}

Service Level Reporting

Qspaces will report its compliance with the Service Levels on a quarterly basis.

Maintenance Services

TYPES OF MAINTENANCE

Qspaces is committed to providing the Customer with maintenance services that ensure the efficient operation of the cloud solution. These services include:

Corrective maintenance

Addressing incidents by implementing solutions to known defects or providing workarounds to minimize disruptions.

Adaptive maintenance
Qspaces will perform adaptive maintenance under the following circumstances:

To mitigate risks affecting the general operational state of the managed cloud solution, especially regarding IT security.
To address changes required by applicable laws or industry standards.

Evolutionary maintenance

Regular updates to enhance solution functionality and performance.
Provision of product updates, including significant releases, which will be communicated to the Customer in advance along with a detailed implementation schedule.

Mandatory Adoption of Maintenance Updates
The Customer must accept maintenance updates, including adaptive and evolutionary releases, to ensure continued support and compliance with the SLA. Refusal to adopt updates or maintenance services will void the support obligations outlined in this Service Level Agreement.

MAINTENANCE PROCESS

Qspaces and the Customer define Maintenance Windows as follows:

Cloud solutions:
Customers utilizing cloud environments are subject to predefined, fixed Maintenance Windows during which Qspaces may perform Maintenance Services:
Regular Maintenance Window: Every Tuesday, 23:00 - 03:00 SGT

Maintenance Notifications and Service Impact

Maintenance Services may occasionally require temporary unavailability of the Customers’ resources. In such cases:

Notification Period: Any maintenance that may cause service downtime will be communicated to the Customer at least one week in advance via email.
Exclusion from Service Credits: Periods of unavailability due to announced maintenance will not be included in the calculation of Service Credits outlined in this SLA.

Service Credits

This policy establishes a two-level, hierarchical mechanism to address service level breaches while ensuring customer satisfaction is upheld.

Level 1: Downtime Carryover Mechanism

To secure a fair recognition of SLA breaches, downtime minutes will be carried over and balanced against subsequent months of service. This mechanism allows downtime to average out across a six-month period.

Rationale: This approach ensures temporary service issues are accounted for while leveraging future periods of higher uptime to restore SLA balance.
Exclusions: Carryover applies only to unplanned downtime and excludes planned maintenance or customer-attributable incidents.
Process: Downtime will be calculated monthly and carried over for up to six months to offset penalties.

Level 2: Service Credit Quantification

If downtime persists beyond Level 1 remediation, customers are entitled to service credits. These credits will be calculated as a percentage of the managed services fees payable for the hours impacted during the downtime period.

Formula: Total Downtime Hours / Total Billable Hours × Applicable Remuneration Percentage
Remuneration Rates:
- A steady increase from 0% to 3% for downtime up to 10%.
- A proportional rise reaching 10% for downtime up to 30%.
- Incremental growth up to 15% for downtime up to 50%.
- A cap at 20% for downtimes exceeding 50%.

Exclusions: Service credits will only be applied after the six-month carryover period under Level 1. If downtime is fully offset during the six months, service credits will not be issued.

Personal Data and Information Security

1. Qspaces commits to implementing appropriate technical, organizational, and security measures to safeguard the Customer's personal data against unauthorized access, alteration, disclosure, destruction, or loss. Additionally, Qspaces ensures the security and integrity of both the Customer's project and personal data.

2. Qspaces shall ensure that it implements, follows, and maintains appropriate security controls, consistent with state-of-the-art security standards, to ensure the confidentiality and integrity of Customer Content. Such appropriate security controls are operational and effective throughout the Term. Qspaces shall not downgrade the security configuration of any system processing Customer Content without prior written notice.

Breach Notification and Remediation

In the event of a breach involving personal data or misuse of Customer Content, Qspaces shall adhere to the following protocols:

Breach Notification: Qspaces shall notify the Customer of any breach involving personal data or misuse of Customer Content within agreed time of identifying the breach.
Corrective Actions: Upon notification of a breach, Qspaces shall immediately take the necessary corrective actions to:
- Contain the breach.
- Secure the affected data or content.
- Implement preventive measures to avoid future breaches.
Root Cause Analysis: A thorough investigation will be conducted to determine the cause of the breach, and a root cause analysis report will be provided to the Customer within agreed time-days of the breach.

Exclusions from Responsibility

Qspaces shall not be responsible for security incidents resulting from::

The Customer’s failure to follow recommended security practices (e.g., sharing credentials, neglecting updates).
Actions by third parties outside the control of Qspaces (e.g, external attacks).
The Customer’s own actions or negligence.

D. General Change Request Process (general regulations independent of the SLA)

The following process defines how Qspaces manages service change requests related to infrastructure adjustments and service modifications. It applies specifically to changes in the underlying infrastructure and service delivery, not to modifications in the terms of the Service Level Agreement (SLA).

Harvesting of Customer feedback

Qspaces shall gather and assess customer feedback through bilateral workshops. The feedback process will cover the following aspects:

Description of the Requirement: A clear statement of the customer’s need from their perspective.
Business Impact and Implications: An analysis of how the change will affect business operations if addressed or not addressed.
Description of Missing/Required Changes: A detailed outline of any gaps or additional changes needed to improve the service.

Classification of Service Change Requests

To clarify how changes are handled, Qspaces classifies changes as follows:

Changes Within Current service commitments:
The agreed-upon deliverables, performance metrics, and tasks outlined in the initial contract. These are the core activities, features, and functionalities that fall within the original framework of the project. Any changes or updates that do not require a relevant re-architecture or restructuring of the service are covered under these commitments, and are considered part of the ongoing work, without additional costs.
Service modifications:
Involve changes to the agreed-upon service commitments that necessitate a more extensive redesign, refactoring, or re-architecture of the system or project. These modifications will be assessed for their impact on timelines, resources, and costs, and will be considered billable work. Service modifications require formal approval before implementation and will incur additional charges based on the scope of the changes.

Commercial Considerations for service Changes:
For any service change request that alters the agreed service commitments or requires additional efforts beyond the defined package, Qspaces shall:

Provide a detailed cost estimate for the requested modification.
Offer a clear breakdown of any additional resources, time, or specialized expertise required to implement the change.
Ensure that the Customer agrees to the commercial impact of the modification before proceeding with the request.

Service Change Request Procedure:
Qspaces shall process all change requests in accordance with the following procedure:

a) Review and Categorization

Each service change request will be reviewed to assess its severity, classification, and impact on existing service commitments.
Categories include Emergency, Normal, Major, Minor, and Standard changes.
Classification will be determined as follows:
- Changes Within Current Project Scope – Handled under the standard service agreement with no major adjustments to timelines or resources.
- Changes Modifying the Current Scope – May require changes to timelines, resources, or deliverables, involving additional costs and revised schedules.

b) Decision-Making

A formal decision will be made regarding the approval or rejection of the change request.
For service modifications, a cost estimate and updated timeline will be provided to the customer for approval.

c) Implementation of Approved Changes

Approved changes will be further defined, including detailed costs and timelines.
The changes will be integrated into the roadmap planning in coordination with the development team.

d) Communication of Rejected Changes

If a change request is rejected, Qspaces will provide the customer with feedback and a clear explanation of the reasons for the decision.

e) Customer Feedback and Timeline

For approved changes, the Customer will be provided with feedback, including a rough, non-binding timeline for implementation, as well as a breakdown of any additional costs or resources involved.