AWS Support Agreement - Service Level Statement

This Service Level Statement sets out details relating to the delivery of Habitat3's AWS Support Service.

a) General 

Habitat3:

  1. Will provide following services to maintain and support your AWS environment;

    1. Base Package
      1. Monitor for malicious activity using AWS CloudTrail and AWS GuardDuty
      2. Schedule and complete regular server operating level patch updates
      3. Monitor backups using AWS CloudWatch to identify any failures
      4. Monitor daily AWS Budgets to identify any overspend beyond set levels
      5. Monitor outgoing data using AWS Budgets and AWS CloudWatch
      6. VPC flow logs are collected to allow for post incident analysis
      7. IAM User Management – add, remove, delete accounts using AWS IAM best practices for security and maintenance
      8. Manage DNS and provide SSL certificates as required (clients to implement SSL within their webserver).
      9. Maintain AWS Security groups and VPC as required
    2. Add-On Pack
      1. View live and historical CPU, RAM, Hard Drive and Outgoing Data metrics
      2. Create and monitor auto-scaling solution for cost optimisation
      3. Provide general advice and guidance on future plans and optimisation (up to 2 hours per month). Additional consulting services are charged at $165 per hour.
  2. Provides each support package for the quoted fees on a per AWS account basis
  3. Requires that each client have an AWS Developer Support plan (as a minimum) in place with AWS at all times. Learn more at:  https://aws.amazon.com/premiumsupport/plans/ 
  4. Requires delegated access to the AWS Billing Console to allow for budget alert management.
  5. Provides support between 8am and 6pm (Sydney time) Monday to Friday excluding national public holidays.
  6. Provides support if an AWS service is causing a web-server to be inaccessible- 24 hours a day, 7 days a week (after hours) - the appropriate Helpdesk ticket must be submitted.

  7. Sends an email to clients' at least 24 hours prior to any system maintenance causing downtime notifying when the maintenance will commence and cease. 

  8. Responds to client requests within 4 business hours of logging the request via the Habitat3 website.

  9. Provides comprehensive training on how clients’ are to request support.

  10. Ensures a minimum of 5% of Hard Drive space is available to the webserver at all times by increasing hard drive space in 50GB increments and ensure that all Hard Drive's are at a minimum of 50GB to ensure full server functionality.

  11. Attends to support requests only when a support ticket has been submitted via the Habitat3 support page.

  12. Completes training with you to ensure that you are sufficiently briefed in how to use the Habitat3 support service.

  13. Holds the appropriate levels of Insurance

  14. Provides your AWS account root access details at commencement of the support agreement.

  15. Provides a quote to reconfigure your web-servers to allow for auto-scaling/load balancing if AutoScaling Management is required.

  16. Up to 1 hour of reactive support is provided as part of the AWS Support Package

  17. An additional 2 hours of reactive support is available when the Support Add-on Pack is added.

b) Habitat3's secure support web-portal website
 

  1. Account Holders are provided with access to a secure, support web-portal to make requests relating to security (eg. updating a password) and billing (eg. adding a user account)

  2. Account Holders can nominate an Authorised Representative (AR) to act on their behalf. This is done via the support web-portal or on the initial service activation web-form. An Authorised Representative can only be nominated on the service activation form if the Account Holder is completing the form. Authorised Representatives can be nominated by the Account Holder at a later date.

  3. Authorised Representatives can access the support web-portal and therefore can make all billing and security requests.

  4. Exceptions are that Authorised Representatives cannot; 

    1. cancel a subscription/service

    2. nominate another Authorised Representative

    3. remove an Account Holder

    4. change the password of the Account Holder on the VPS

  5. The requests above must be made by the Account Holder not an Authorised Representative.

  6. Account Holders must provide an email address, the first and last name and the mobile phone number of the nominated Authorised Representative/s.  

  7. Authorised Representatives must be employed by the Habitat3 client they are representing and therefore have the same email domain name as the Account Holder (eg. employee@companyname.com.au).

  8. Habitat3 does not record the password set by Account Holders for the support web-portal.

  9. The support web-portal and all associated support ticket information (including Habitat3 client personal details are hosted by FreshWorks - privacy policy located at: https://www.freshworks.com/security/

  10. It is the client's responsibility to advise Habitat3 that an Authorised Representative has left the client's employment and should be disabled. This is done via a ticket in the Habitat3 web portal.

  11. If Habitat3 determines an Authorised Representative has left the client's employment we will automatically revoke that Authorised Representative's web portal account and they will no longer be able to make requests.

d) Habitat3 Server & Data Security

AWS DataCentres

  1. Habitat3 uses AWS DataCentres located in Australia unless otherwise specified by you. 

Data Ownership and Control

  1. The account is controlled by the Account Holder nominated in the Habitat3 AWS Support Agreement.

Habitat3 access

  1. Habitat3 staff may have the ability to access data stored within a client's webserver on AWS EBS storage. 

  2. Habitat3 completes rigorous background checks on all Habitat3 staff including an Australian National Police Check and all staff are required to sign a confidentiality agreement.

Passwords

  1. It is the client's responsibility to select strong passwords for all AWS and Habitat3 related services.

 

Data Breach

  1. Habitat3 will always notify you via email as soon as possible if a data security breach affecting your data is identified.

  2. The Office of the Australian Information Commissioner’s Guide to securing personal information: ‘Reasonable steps’ to protect personal information discusses security considerations that may be relevant under APP 11 when outsourcing your server hosting requirements.

  3. If any illegal activities (eg. copyright infringement) are conducted by any Habitat3 clients within any Habitat3 hosting services then Habitat3 holds the Habitat3 client responsible and liable to all relevant authorities.​

  4. Habitat3 expects clients to only connect to the Habitat3 Virtual Private Server from PCs that are protected by business grade AntiVirus software. In the pre GoLive Audit, PC security will be tested. If no AntiVirus is detected Habitat3 can quote on and arrange for the appropriate software to be installed.

 

e) Data Protection Laws

  1. Habitat3 is an Australian company with Australian shareholders focused on providing Australian based companies only with Australian-based technology services.

  2. Habitat3 does not consider itself an APP Entity based on the criteria set by the Office of the Australian Information Commissioner.

  3. Habitat3 does not warrant compliance with Data Protection Laws designed to protect those located in jurisdictions outside Australia including Europe.

  4. Habitat3 does not have a Data Processing Addendum in place with the providers of its Australian (Sydney) located DataCentre/infrastructure providers.

  5. Habitat3 clients as personal information controllers must not store the personal information of individuals located in the EU on Habitat3’s Hosted Virtual Private Servers (personal information processor) as Habitat3 does not warrant compliance with the GDPR.

  6. If you store data owned by the Australian Federal Government you should review your use of Habitat3's services and its upstream AWS datacentre provider's iRAP certification at : https://aws.amazon.com/compliance/irap/  

g) AWS Usage Agreement

  1. You agree to allow Habitat3 to open an AWS Account on your behalf and you agree to the AWS Customer Agreement at - https://aws.amazon.com/agreement/

h) Microsoft Webservers

  1. Webservers will have as standard a non-default RDP port open to allow administrative access.

  2. Webservers will have port 80 open to allow http traffic.

  3. Webservers are managed by clients and Habitat3 support is limited to AWS support only.

  4. Webservers will be temporarily disconnected from the Internet if any DOS type attack is detected.

j) Service Change Requests

  1. Any requests associated with changing your service that impacts your fee must be approved by the Account Holder of Authorised Representative.

  2. The next monthly invoice will reflect the change for the full month. 

k) Miscellaneous 

  1. Any data drives sent to Habitat3 by a Habitat3 Client for data uploading into the data centre must be clearly labelled with your business name. If this is not done we cannot guarantee the return of your drive (eg. flash or USB external hard drive). To allow for return of your drive please enclose an Express Post envelope fully addressed to the location you wish to have it sent.