Security Log Monitoring

Service Levels

Revised: October 31, 2019

Availability Service Level Agreement (“SLA”) for the SLM Platform and Portal

Target availability for the Security Log Monitoring Service SLM Platform and SLM Portal are measured on a calendar month basis as follows:

SLM Service Availability
Security Log Monitoring Platform 99.999%
SLM Portal 99.9%

Availability is calculated by dividing the number of minutes of unscheduled downtime in a calendar month by the total number of minutes in that calendar month.

Service Availability Availability Service Credit % of MRC for Affected Service
Security Log Monitoring Platform <99.999% to 99.99%
<99.99% to 99.9%
<99.9% to 95%
3%
10%
25%
SLM Portal <99.9% 5%

In the event of a Service Level Failure, Customer may be entitled to receive the applicable service credit set forth herein, the “Service Credits”.

SOC Monitoring Service Level Objective (“SOC Monitoring SLO”)

The SOC Monitoring SLO applies to the Services being provided by the Security Operations team monitoring Customer activities. CenturyLink will endeavor to provide the SOC Monitoring Services in accordance with the targets or objectives identified below; however, no Service Level Failure or Service Credit will be deemed to apply for any failure to meet the below referenced targets or objectives.

Service Level Objective for SOC Monitoring

Special Note: Cases escalated by the Customer will be treated by default as Priority 3, unless otherwise stipulated.

Category
Description
Resolution Target
Initial Escalation of Investigations
Communication Recommendations
P1 (Urgent) Compromise on known critical host.

Example: Critical server compromise or Denial of Service (DoS”).
Within 8 hours Escalation contact must be notified by phone

Initial Response Time and investigation update:

15 minutes
A. Escalate to Customer’s primary contact

B. Engage Customer’s primary contact and hand-off via phone or IM
P2 (High) Potential compromise on known critical host.

Example: Likely critical server compromise or DoS.
Within 24 hours Initial Response Time and investigation update:

2 hours
A. Escalate to Customer’s primary contact

B. Engage Customer’s primary contact and hand-off via email
P3 (Medium) DEFAULT Routine escalation of Events of interest indicating attack.

Example: Attacks on hosts with a reasonable probability of success.
Close 72 hours Initial Response Time and investigation update:

4 hours
A. Create investigation and escalate within defined response time, and set investigation to 'open’ for initial posting of case.

B. Set case to 'open' pending customer response.
P4 (Low) Nuisance or other informational alerts indicating configuration problems or filtering needed.

Example: High volume false positives or normal activity.
Initial Response Time and investigation update:

6 hours
A. Create investigation and escalate within defined response time, and set investigation to 'open' for initial posting of investigation.

B. Set investigation to 'closed'.

Incident Handling Service Level Objective (“Incident Handling SLO”)

CenturyLink or its vendor will attempt to respond via phone or email to all Customer requests, in writing, for support with the Incident Handling Services within 2 hours of Customer notifying CenturyLink’s SOC.

CenturyLink or its vendor’s incident responder will be assigned upon notification by Customer and will attempt to contact the Customer to obtain additional details and determine appropriate next steps, consistent with the Incident Handling Services in no more than 4 hours of acknowledging Customer’s request for support.

If Customer verifies that an Incident has occurred and has requested CenturyLink’s assistance with the Incident, CenturyLink or its vendor will begin to provide the agreed-upon Incident Handling Services to Customer, beginning no later than 24 hours (if remote) after mutual agreement that Incident Handling services will commence. If on-site presence is required, CenturyLink or its vendor will make commercially reasonable efforts to place appropriate resources on site within 24-48 hours.

The Incident Handling SLO aims to have the response times consistently fall within the above target at least 99% of the time.

If response times are delayed due to lack of Customer response to CenturyLink or its vendor correspondence, the Incident Handling SLO may be affected.

SLA Process

Customer must request any Service Credit due hereunder by submitting an e-mail to billing.department@centurylink.com within sixty (60) calendar days of the conclusion of the month in which the Service Level Failure(s) occurs. Customer waives any right to Service Credits not requested within this sixty (60) calendar day period. Once validated by CenturyLink, Service Credits will be applied toward the invoice Customer receives no later than two (2) months following Customer’s Service Credit request. All performance calculations and applicable Service Credits are based on CenturyLink records and data unless Customer can provide CenturyLink with clear and convincing evidence to the contrary.

Limitations

The applicable SLA or SLO provides Customer's sole and exclusive remedies for any Service interruptions, deficiencies, or failures of any kind. To clarify, such sole and exclusive remedies shall not apply to breaches of unrelated obligations under the Agreement such as infringement, confidentiality, etc. A Service Level Failure shall not occur, including any remedies hereunder, and Customer will not be entitled to receive a Service Credit in the case of an Excluded Event. Excluded Event means any event that adversely impacts the Service that is caused by (a) the acts or omissions of Customer, its employees, customers, contractors or agents including, by way of example the unavailability of Customer provided connectivity; (b) the failure or malfunction of equipment, applications or systems not owned or controlled by CenturyLink; (c) Force Majeure events; (d) scheduled and/or emergency maintenance; (e) any suspension of Service pursuant to the Agreement; (f) Customer’s failure to maintain currently supported hardware and software; or (g) the unavailability of required Customer personnel, including as a result of failure to provide CenturyLink with accurate, current contact information. Customer will not be eligible to receive any otherwise applicable Service Credits if Customer is in breach or default under any provisions of the Agreement at the time the Service Level Failure(s) occurred or at the time when such Service Credit is requested by Customer until such breach is cured, at which point the Service Credit will be issued. The Service Credits set forth herein are not cumulative and in no event will the Service Credits accrued in any calendar month exceed, in the aggregate across all events, fifty percent (50%) of the Affected Service MRC.

SLA Definitions

“Service Credit” means an amount deducted from fees billed to Customer in the event of a Service Level Failure related to the Availability SLA.

“Service Level Failure” means CenturyLink’s performance for a particular Service fails to meet the applicable Service Level set forth in this SLA and SLO.