Habitat3 Service Level Statement
This Service Level Statement sets out details relating to the delivery of Habitat3's Virtual Private Server hosting service.
a) General
Habitat3 will:
-
Provide professional services to facilitate the use of AWS Server & Data Hosting and Microsoft licensing.
-
Provide support for the AWS environment only. Local computer network support is not included in the Habitat3 subscription fees.
-
Recommend the appropriate server specifications (RAM and CPU) to underpin clients' requirements.
-
Recommend changes to the server specifications if the clients' requirements change- eg. if more users are added or additional software is installed/used.
-
Ensure clients’ Virtual Private Servers (VPS) are available 24 hours a day, 7 days a week at 99.9% availability across a 12 month period (this does not include advertised maintenance windows)
-
Complete server maintenance within advertised server maintenance windows which will be carried out outside of standard business hours (clients will not be able to access their server for some or all of the duration of a server maintenance window).
-
Send an email to clients' at least 24 hours prior to the server maintenance window notifying when the maintenance will commence and cease.
-
Host clients’ VPS in an Australian data-centre facility.
-
Ensure a backup is taken every night and kept for 14 days for clients with their VPS hosted at Rackspace.
-
Ensure a backup is taken every night and kept for 7 days for clients with their VPS hosted at AWS plus make an optional 2 x monthly backup available if required.
-
Provide support between 8am and 6pm (Sydney time) Monday to Friday excluding national public holidays.
-
Provide support for a server which is not accessible due to a Habitat3 or upstream provider's fault 24 hours a day, 7 days a week (after hours) - the appropriate Helpdesk ticket must be submitted.
-
Respond to client requests within 4 business hours of logging the request via the Habitat3 website.
- At it's own discretion charge additional support fees to provide support for clients’ local computers and networks to allow connectivity between the local network and the hosted server.
-
Provide comprehensive training on how clients’ are to request support.
-
Setup clients’ VPS including;
-
Windows Server operating system - installation and configuration
-
MS Office installation
-
SQL Server installation
-
Partner Software Applications and associated tools
-
Printer drivers
-
FTP folders to allow for scanning
-
Virtual Private Networks if required
-
All AntiVirus and other security tools
-
-
Migrate client data from the local network to the VPS on a scheduled weekday at (or prior to) 2pm at no charge . If a date and time outside of these hours is selected by the client additional fees will apply.
-
Charge a rescheduling fee if the data migration date is changed by the client.
-
Charge additional fees if more than one set of data is required to be migrated.
-
Recommend a server with RAM and CPU appropriate to the number of users using the server. We make a selection for you based on our experience and the number of users on your account. However, additional fees will apply for a more powerful server if more server resources are needed to support your specific requirements.
-
Ensure a minimum of 5% of Hard Drive space is available to the VPS at all times by increasing hard drive space in 50GB increments and ensure that all Hard Drive's are at a minimum of 50GB to ensure full server functionality.
-
Reserve the right to
-
restrict access to unlawful or unreasonable online information (websites) and other file sharing or internet based services from the VPS. However, internet access from onsite PCs will not be restricted in any way.
-
disconnect access to your VPS if any activities are found to be initiated on that VPS that negatively impact the overall service including denial of service or other activities including uploading or downloading large data sets.
-
restrict access to your Habitat3 VPS to any entity that would be considered a competitor of ours or our HSVPs.
-
temporarily deactivate a server in the event that its storage is full and you are unwilling to delete data or increase your storage.
-
-
Complete technical support only when a support ticket has been submitted via the Habitat3 support page.
-
Complete training with you to ensure that you are sufficiently briefed in how to use the Habitat3 support service.
-
Attempt to enable access to your Habitat3 VPS from Apple OSX and IOS but we may be unsuccessful. In addition we cannot ensure all Windows based printing functionality will function as expected from a Mac OS as printer drivers on the server and on Windows PCs are needed to provide full printing functionality.
- Install supported software into your VPS as user accounts do not have server administrative rights and therefore users will not be able to install some software. In some cases a fee may be charged for this service.
- Run all scripts that need to run under administrative rights under a Habitat3 controlled administrative account. Habitat3 will also need to check the scripts before they are run.
-
Complete a maximum of 2 full VPS or file restores on request per calendar month. Additional fees will be charged per additional restore requested within that same month.
-
Export your data from your VPS to an FTP location to allow for download or to an external hard drive and post it to you on request. A fee will be charged to complete this export process. To receive data clients must send us an appropriate sized USB3 hard drive and a self-addressed express post envelope/satchel.
-
Charge a fee per GB of data that is sent out of the client's VPS over 5GB per active user in a single calendar month charged on the 1st of the month for the prior month's usage at a rate of $0.55 per GB (inc GST) over the 5GB per active user level. Example: If you have 5 users you have a 5 x 5GB allocation = 25GB of outgoing data. More than 25GB will be charged at $0.55 per GB.
- Provide a report to clients on request to show outgoing client VPS data traffic volumes.
-
Hold the appropriate levels of Insurance
-
Email clients via a subscriber email list to provide information about the service including price increases and service notifications. If a client unsubscribes from the list they will no longer receive these important updates.
-
Manage all upstream provider support activities (including Rackspace and AWS) on behalf of Habitat3 clients.
-
Not remove your local PCs from your local server's domain. If you are currently connecting to the Internet via a local server we recommend you disconnect your PCs from the local server’s domain to allow you to access the Internet via the modem/router. This will ensure that you are able to remove the local server without stopping access to the Internet. Habitat3 is not responsible for disconnecting your PCs from your local domain at the time of migrating your applications and data to our hosted environment.
b) Software Support within the VPS
-
Software hosted by clients within their VPS is only supported by the Habitat3 HelpDesk if the software is supported by the associated software vendor under the operating system used by Habitat3 (eg. Windows Server 2019 using Windows Remote Desktop).
-
Habitat3 does not accept any responsibility for application or data related problems associated with any software you choose to host within your Habitat3 VPS.
-
We reserve the right to refuse to support and may uninstall any software you have installed or requested to be installed on the Habitat3 VPS other than provided by a Habitat3 Software Partner Vendor (HSPV).
-
Habitat3 may charge additional fees to host a non-HSPV provided software. Examples include CCH, MYOB and Reckon.
-
MYOB Specific Support - Habitat3 provides support for MYOB when hosted within a client VPS for a monthly fee based on the application year version (2016, 2017) and the application edition (eg AccountRight and Essentials).
-
If you use the OzBiz/Optomate/MYOB link solution OzBiz are responsible for ensuring your MYOB is functioning correctly and can import the data from Optomate (via OzBiz). If you use sync software to receive your Optomate export data to be imported into MYOB via OzBiz a monthly fee will apply.
-
Habitat3 supports the VPS to ensure your software performs as expected. In some cases if you require Habitat3 to complete software maintenance activities that are not related to the server's functionality or a standard upgrade process we will charge an hourly rate to complete the work.
-
We expect you to have a basic working understanding of Windows PC operating systems and the basic functions required to access the Habitat3 service.
-
Remote access software is not supported on your VPS. These types of programs can negatively impact your internet quota, can reduce bandwidth and performance, can introduce a range of trojans and malware/viruses and ultimately can allow your data to be sent to external server outside of Australia which we specifically do not allow as part of our commitment to ensure all data stored on our system does not leave Australian borders.
-
If you do not use Microsoft's MS Office 365 email service we may not be able to restore emails due to your email service provider's functionality. We strongly recommend the use of MS Office 365 email.
-
Although in some cases we complete software upgrades for our clients, there are occasions where our clients do need to complete parts of an upgrade process specific to their needs (eg. Roll-Over of clients in HandiSoft
-
We reserve the right to charge additional fees if you wish to host two or more instances and associated databases of your primary software (eg. HandiSoft, Optomate, FittingWizard, MedicalDirector, FilePro etc) or two SQL based applications (eg Medical Director and Best Practice).
-
We reserve the right to introduce additional support fees to maintain software hosted on your VPS which is in addition to your primary software.
-
We reserve the right to introduce additional support fees to host and maintain SQL databases.
-
Connecting your Noah software on your PC to your Noah Database on your Habitat3 server is not officially tested or supported by Noah and therefore is not recommended by Habitat3 and Habitat3 does not accept any responsibility for any security or data loss related issues associated with the Noah database. However, Habitat3 will implement the solution as securely as possible at all times. Therefore Habitat3 requires all clients to use a Habitat3 provided VPN connection to link the Noah software on their PCs to the Noah database on the Habitat3 server. Habitat3 also expects you to use a unique password to protect your Noah database (functionality provided by Noah) when hosted on your Habitat3 server and setup a Noah specific backup (also functionality provided by Noah).
-
Software associated with VOIP and Video Conferencing (eg. Teams) is not supported on Habitat3 virtual servers. This software is designed to be used on a PC operating system and not within Microsoft's Remote Desktop (RDP). You will have issues with ensuring microphones and cameras operate reliably from the local PC to the RDP session.
-
All HandiSoft software updates released/published via the HandiSoft website can be completed by you our client.
-
MedicalDirector/PracSoft/Bluechip updates are completed on your behalf at no additional charge.
-
FilePro updates are completed by FilePro .
-
FittingWizard updates are completed by Biotronic.
-
Optomate has an auto-update feature which automatically upgrades the software to the latest version.
-
If you require us to complete any software upgrades for you a fee may apply.
-
We do not support file syncing applications including Dropbox, Google Drive and OneDrive. These applications will be blocked unless approved by Habitat3 and the Account Holder.
-
Third party cloud backup services can be used if authorised by Habitat3 but clients must complete all file selections, scheduling and monitoring of backup success. Habitat3 is in no way responsible for ensuring the correct files are backed up and that the backup facility is functioning as expected.
-
The HotDocs integration with Optomate does not use the Monkey Software provided API integration and accesses the Optomate database directly. It is not supported by Monkey Software nor recommended by Habitat3 as this direct access to the database poses a number of security risks.
-
We do support the use of all i360 Cloud Services within the Habitat3 remote desktop environment.
c) Habitat3's secure support web-portal website
-
Account Holders are provided with access to a secure, support web-portal to make requests relating to security (eg. updating a password) and billing (eg. adding a user account)
-
Account Holders can nominate an Authorised Representative (AR) to act on their behalf. This is done via the support web-portal or on the initial service activation web-form. An Authorised Representative can only be nominated on the service activation form if the Account Holder is completing the form. Authorised Representatives can be nominated by the Account Holder at a later date.
-
Authorised Representatives can access the support web-portal and therefore can make all billing and security requests.
-
Exceptions are that Authorised Representatives cannot;
-
cancel a subscription/service
-
nominate another Authorised Representative
-
remove an Account Holder
-
request a full copy of data via FTP or Hard Drive
-
change the password of the Account Holder on the VPS
-
The requests above must be made by the Account Holder not an Authorised Representative.
-
Account Holders must provide an email address, the first and last name and the mobile phone number of the nominated Authorised Representative/s.
-
Authorised Representatives must be employed by the Habitat3 client they are representing and therefore have the same email domain name as the Account Holder (eg. employee@companyname.com.au).
-
Habitat3 does not record the password set by Account Holders for the support web-portal.
-
The support web-portal and all associated support ticket information (including Habitat3 client personal details are hosted by FreshWorks - privacy policy located at: https://www.freshworks.com/security/
-
It is the client's responsibility to advise Habitat3 that an Authorised Representative has left the client's employment and should be disabled. This is done via a ticket in the Habitat3 web portal.
-
If Habitat3 determines an Authorised Representative has left the client's employment we will automatically revoke that Authorised Representative's web portal account and they will no longer be able to make requests.
d) Habitat3 Server & Data Security
Habitat3 is committed to keeping your Virtual Private Server and the data stored within secure and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure. We also offer optional security upgrades which we recommend all clients take up and use.
DataCentres and Geolocation
-
Habitat3 uses DataCentres located in Australia only to store VPS data. At no time does Habitat3 send VPS data outside of Australia.
-
VPS and all associated data and primary backups are stored by the following providers:
-
Amazon Web Services (AWS) - Sydney Region. AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 9001:2015, and CSA STAR CCM v3.0.1. Learn more about AWS ISO certifications at : https://aws.amazon.com/compliance/iso-certified/
-
AWS has multiple DataCentes in it's Sydney "Region" called an availability zone to ensure business continuity. Learn more about AWS Regions and Availability Zones
Data Ownership and Control
-
Account Holder's warrant that the data they upload (or ask Habitat3 to upload) to their AWS hosted VPS is lawfully theirs to access and control.
-
Habitat3 will not host data owned by multiple entities on the one AWS hosted VPS.
-
Habitat3 clients’ store, modify and delete their business data as required and are able to request Habitat3 provide a full copy of their complete data set at any time. Fees do apply to complete these requests.
-
Habitat3 may grant some entities permanent admin level access to clients’ VPS when requested to do so by clients via the Habitat3 Helpdesk Portal.
-
Under all and any circumstances client data stored within AWS remains the property of the organisation that has signed the Habitat3 Service Supply Agreement.
-
The account is controlled by the Account Holder nominated in the Habitat3 Service Supply Agreement.
-
The Account Holder controls their own dedicated AWS Account, within which all their data and applications are hosted.
Recommended Optional Security Upgrades
-
Use Two Factor Authentication when users login to Your VPS
-
Access the VPS via encrypted Virtual Private Network (VPN) access
-
Disable copy/paste functionality between the VPS and the PCs logging in
-
Lock down access to the VPS from a set of source IP addresses
-
Stop access to the VPS from specific countries or all countries other than Australia
The recommendations listed above are not mandatory but are very strongly recommended to keep your data safe.
Habitat3 access
-
Habitat3 staff have access to clients' AWS hosted VPS to provide support and therefore do have access to information stored on the VPS.
-
Habitat3 completes rigorous background checks on all Habitat3 staff including an Australian National Police Check and all staff are required to sign a confidentiality agreement.
Passwords
-
Habitat3 recommends all clients password protect all their applications and data for additional security.
-
It is the client's responsibility to select strong passwords for all Habitat3 related services (eg; servers and secure web-portal), to change them regularly and to safeguard them appropriately.
Third Party Access
-
Habitat3 grants third party entities (eg. software vendors) temporary access to clients’ VPS when requested to do so by Account Holders and Authorised Representatives.
-
If the third party entities require administrative rights Habitat3 will require the third party to make an appointment with Habitat3 and the remote session will be supervised by Habitat3 throughout the access period to ensure no damage is done to the Habitat3 server environment.
-
In some cases, although difficult, it may be possible for third parties to copy data from the server even under supervision. Only trusted persons should be granted access - even under supervision.
-
Clients are able to authorise ongoing 3rd party access for specific entities with Habitat3's approval.
Data Backups
-
Each VPS is backed up once every 24 hours allowing for full server and granular file restores.
-
Full VPS backups provide for a 7 day history of data restores.
-
Full VPS backups can be extended to capture 2 x monthly backups for additional fees.
-
Email stored within an Outlook OST file (Office365) is not restorable but a separate backup service is offered and recommended for additional quoted fees.
-
Each client's main database (eg. HandiSoft or Optomate) is also backed up internally within the VPS.
Data Provision
-
Data is provided in accordance with the Habitat3 Data Provision Policy.
Data Synchronization
-
Habitat3 may facilitate the connection of applications on the AWS hosted VPS with external cloud based applications on request from the Account Holder.
-
In some cases users may be able to create data synchronizations without the assistance or knowledge of Habitat3.
-
In all cases any file syncing websites or applications (including API based) are controlled and managed by the Client and it is the responsibility of the Client to ensure the cloud based applications or websites are appropriate and secure.
-
Habitat3 is able to block user access to specific websites and/or syncing applications if requested by the Client.
Virtual Private Server Security
-
Each VPS is a fully complete installation of Windows Server using Microsoft’s Remote Desktop Services.
-
Each VPS is hosted at AWS and is contained within an AWS VPC.
-
Each VPS is made accessible via Windows Remote Desktop using a unique (non-standard) RDP port number.
-
All users on each VPS will be disconnected from the remote session after 1 hour of idle time.
-
If the disconnected session is not logged back into within 3 hours the user account will be logged off. Clients may opt to remove this auto-log-off feature however it may negatively impact your VPS performance.
-
All users on each VPS will be logged off at 3am daily unless logged in at that time. Clients may opt to remove this auto-log-off feature however it may negatively impact your VPS performance.
-
All users on each VPS will be completely logged off the server (includes the closing of documents and applications) at least once every week outside of business hours (typically late on Sunday night).
-
If VPS passwords are entered incorrectly 3 times the user account will be “locked” to prevent brute force access.
-
Each VPS server’s access can be limited to Virtual Private Network access if requested.
-
Each VPS access can be limited to source IP address if requested.
-
Each VPS is protected by a secure firewall as well as mandatory web filtering and AntiVirus.
-
Cryptolocking trojans (often called Ransomware) are activated by user actions (eg. malicious website or email attachment) and cannot always be detected by Habitat3's security protocols. If clients identify any encrypted files or know they have activated this type of attack on your VPS clients must advise Habitat3 as soon as possible as restoring encrypted files from backup is the only solution (each nightly backup is retained for a maximum of 7 days).
-
Each VPS has a unique set of user passwords for user access which can be changed by you on demand by accessing the Habitat3 support portal.
-
Habitat3 conducts penetration testing which is completed on a regular basis to identify any potential security risks.
-
Each VPS logs when users on that specific VPS log in and log out
-
Data storage within VPS environments is encrypted at rest via AWS EBS encryption.
-
RDP sessions encrypt data in transit to and from VPS environments using SSL.
Data Protection
-
Habitat3 will always notify you via email as soon as possible if a data security breach affecting your data is identified. The email will require you to call Habitat3 and be identified via Photo ID to allow for re-registration with Habitat3 to ensure identity validation.
-
The Office of the Australian Information Commissioner’s Guide to securing personal information: ‘Reasonable steps’ to protect personal information discusses security considerations that may be relevant under APP 11 when outsourcing your server hosting requirements.
-
If any illegal activities (eg. copyright infringement) are conducted by any Habitat3 clients within any Habitat3 hosting services then Habitat3 holds the Habitat3 client responsible and liable to all relevant authorities.
-
Habitat3 expects clients to only connect to the Habitat3 Virtual Private Server from PCs that are protected by business grade AntiVirus software. In the pre GoLive Audit, PC security will be tested. If no AntiVirus is detected Habitat3 can quote on and arrange for the appropriate software to be installed.
e) Data Protection Compliance
-
Habitat3 is an Australian company with Australian shareholders focused on providing Australian based companies only with Australian-based technology services.
-
Habitat3 does not consider itself an APP Entity based on the criteria set by the Office of the Australian Information Commissioner.
-
Habitat3 does not warrant compliance with Data Protection Laws designed to protect those located in jurisdictions outside Australia including Europe.
-
Habitat3 does not have a Data Processing Addendum in place with the providers of its Australian (Sydney) located DataCentre/infrastructure providers.
-
Habitat3 clients as personal information controllers must not store the personal information of individuals located in the EU on Habitat3’s Hosted Virtual Private Servers (personal information processor) as Habitat3 does not warrant compliance with the GDPR.
-
Habitat3 does not warrant compliance with Australian Government department's data protection requirements for the storage of Government records.
-
AWS iRAP certification at : https://aws.amazon.com/compliance/irap/
f) Microsoft SQL Licensing
-
Some software may require the use of Microsoft SQL
-
Habitat3 is able to install, support and license SQL
-
Habitat3 supports SQL WebEdition, Standard Edition and Express
-
Where software vendors recommend the use of SQL Standard Edition Habitat3 will always install and charge for SQL Standard to ensure the performance, reliability and security of software databases.
-
Clients are able to apply to Habitat3 for an exemption but any exemptions can be revoked at any time.
-
We reserve the right to introduce additional hosting fees if an additional server is required to host SQL Databases.
g) AWS Usage
-
You authorise Habitat3 to open an AWS Account on your behalf using your Habitat3 Account Holder email address and agree to the AWS Customer Agreement at - https://aws.amazon.com/agreement/
-
We provide you with your AWS root credentials via your Account Holder helpdesk portal profile.
h) Microsoft Webservers
-
Webservers will have as standard a non-default RDP port open to allow administrative access.
-
Webservers will have port 80 open to allow http traffic.
-
Webservers are managed by clients and Habitat3 support is limited to Windows server OS functionality only.
-
Webservers will be disconnected from the Internet if any DOS type attack is detected.
i) Virtual Private Networks
-
We will assist you in creating an IPSEC VPN link between your office and your Habitat3 VPS via Internet connections.
-
We are able to do so via hardware (modem) or software (installed on your Windows PC)
-
You will be charged a monthly fee for VPN connections which will be quoted prior to proceeding with the setup.
-
You will be responsible for purchasing your own VPN modem/router and we will provide details of a recommended router.
-
Using the recommended router is important as we will not provide additional assistance in connecting a non-recommended router to the your VPS.
-
You must ensure a static IP is provided for your internet connection by your internet service provider (ISP).
-
We will provide the required VPN configuration details to allow you (or your onsite technical representative) to complete the router VPN setup.
-
If you are using the modem/router we have recommended and cannot establish a functional VPN connection for the first time we will work with you to complete a successful connection.
-
If you are not using a recommended router and we are unable to successfully create a VPN connection then we can provide your onsite technical representative with the appropriate details to attempt to make the connection via the non-recommended router.
-
If you are not using the recommended router and we are unable to successfully create a VPN connection to the VPS then we will require you to obtain the recommended router before further assistance can be provided.
-
Using an Internet connection to access your VPS that is also used for VOIP services is not recommended due to the negative impact each service will have on the other.
-
Accessing your Habitat3 VPS via a VPN will incur monthly fees.
j) Service Change Requests
-
Any requests associated with changing your service that impacts your fee must be approved by the Account Holder of Authorised Representative.
-
Server Specification Changes
-
Server specification (CPU/RAM) changes can be requested once per month.
-
Adding/removing or upgrading/downgrading a server or server specification will incur a pro-rata fee or credit from the provisioning/change date to the next billing cycle date.
-
The next monthly invoice will reflect the change for the full month.
-
k) Miscellaneous
-
Habitat3 can provide specific information to assist end users (and their local IT support provider) in completing the Printer Vendor’s Installation forms however Habitat3 does not complete the Printer Vendor’s Installation form on their behalf.
-
Habitat3 support provided as part of your monthly subscription covers all aspects of your server environment. It does not include any work required on your local network. Local printers must be able to print locally to allow printing from the server. PCs must be connected to the internet to allow access to the Habitat3 hosted server. In some cases Habitat3 will provide quotes to complete work on your local network if requested.
-
Scanning can be completed direct to the hosted virtual server via FTP.
-
Internet service must not be a shared service with a 3rd party
-
Internet service must not be shared with a VOIP service
-
Recommended VPN modem/router if VPN connections are requested
-
Although access to your VPS is available from Apple OSX 10.11 and above we are unable to ensure optimal performance from these devices. In additional Habitat3 cannot ensure all Windows based printing functionality will function as expected from a Mac OS as printer drivers on the server and on Windows PCs are needed to provide full printing functionality.
-
Any data drives sent to Habitat3 by a Habitat3 Client for data uploading into the data centre must be clearly labelled with your business name. If this is not done we cannot guarantee the return of your drive (eg. flash or USB external hard drive). To allow for return of your drive please enclose an Express Post envelope fully addressed to the location you wish to have it sent.
-
If the Habitat3 service is cancelled by either party Habitat3 will not deploy any additional services (eg. new user accounts) within the last 30 days of the service being provided.