Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Service Level Agreement



CSC – IT Center for Science

Service Level Agreement

for CSC EUDAT B2DROP service




Service Level Agreement


1.   General

This document is an service level agreement (SLA) to cover the provision and support of the B2SDROP SERVICE.

This agreement is made between:


CSC – IT Center for Science, Keilaranta 14, Espoo, Finland




[Customer name], [address – city –country]


represented by [Customer representative].


This SLA is valid from


2018-01-01 to 2019-01-01.


The purpose of this SLA is to agree quality and reliability requirements and targets of a B2DROP SERVICE. In addition, this document defines processes, roles, and contact addresses that are used to ensure that required service level can be maintained.

CSC – IT Center for Science (CSC) is part of community providing services under EUDAT brand. CSC does not provide all the service components and supporting services by itself. Some of the supporting service and service components are provided by other EUDAT Service Providers listed in Annex A.


2.   Scope & description of the service

B2DROP is a secure and trusted data exchange service for researchers and scientists to keep their research data synchronized and up-to-date and to exchange with other researchers. B2DROP is an ideal solution to store and exchange data with colleagues and team members, synchronise multiple versions of data, ensure automatic desktop synchronisation of large files.

To protect customer data, data stored into CSC B2DROP service will be replicated daily to secondary system or backed up into CSC Backup service.

B2Drop is based on NextCloud technology.

B2DROP features

  • federated authentication through B2Access service
  • intuitive user-interface via the web,
  • desktop clients available for Windows, MacOS, Linux, IOS, and Android systems,
  • WebDAV API,
  • store and exchange data with colleagues and team members,
  • synchronise multiple versions of data,
  • ensure automatic desktop synchronisation of files.

Additional service packages:

  • Use only one file replica

3.   Service hours and exceptions

The service is available on a 24x7 basis excluding time required for service maintenance and incident management. Service Desk hours are as follows:

08:30-16:00 EET, normal working days.

Normal working days are from Monday to Friday excluding following generic holidays  

  • New Year's Day                (1.1)
  • Epiphany                               (6.1)
  • Good Friday                        (Friday, variable date)
  • Easter Day                            (Sunday, variable date)
  • Easter Monday                  (Monday, variable date)
  • Labour Day                          (1.5)
  • Ascension Day                   (Thursday, variable date)
  • Whitsunday                         (Sunday, variable date)
  • Midsummer Eve               (variable date)
  • Midsummer Day              (variable date)
  • All Saint’s Day                    (Saturday, variable date)
  • Indenpendence Day      (6.12)
  • Christmas Eve                   (24.12)
  • Christmas Day                   (25.12)
  • St. Stephen's Day             (26.12)

The following exceptions apply:

If not stated elsewhere, CSC EUDAT B2DROP service has a regular maintenance window every first Tuesday of the month 13:00-15:00. Regular maintenance windows are not advertised in advance.

In addition to regular maintenance break, as a part of incident management process, there may be additional maintenance breaks. Announcement about these breaks will be given at least 7 calendar days before the maintenance break. These service breaks are considered as planned and they do not affect the Service Reliability (See section 5).

Service breaks advertised in short time (less than 7 calendar days before the maintenance) are considered as emergency service breaks. Unplanned service break due to emergency maintenance is only done as a part of critical incident management process. Unplanned service breaks are taken into account on Service Reliability.

During maintenance windows, Service Availability and/or service response will be reduced.

4.   Support

The services covered by the scope of this SLA are provided with the following level of support.



Service Desk Response Time

4 hours

Service Desk Resolution time

4 days


Service Desk Response Time is the Target time for a Service Desk to respond to a service request. Service Desk Resolution time describes the maximum time for a Service Desk to fulfil the standard service request. In most of the cases Service Desk Resolution time is considerably shorter than the Service Desk Resolution time given above. Non-standard service requests include service requests of new customers and capacity requirements over 50 TB.

4.1.        Incident handling

Disruptions to the agreed service operation will be handled according to an appropriate severity classification of the incident. In this context, following guidelines apply:

Severity Level


Incident Responce Time

Severity 3

Total loss of a Service:

  • Service has not been available longer than 30 minutes.
  • During the last full day, Service Reliability is below 83%

4 hours during normal working time

Severity 2

Service is degraded:

  • During the 4-hour measurement interval, there has been at least four time periods when the service has not been available
  • Service has not been available during a measuring period of 30 minutes
  • During the last full day, Service Reliability is below 93%

1 working day

Severity 1

Minor incident / warning:

  • Normal or near normal user experience (i.e. no impact to Service Reliability or to Service Availability)
  • Resilience of the service degraded due to failing Service Component.
  • Minor Service Component of the service not working temporarily.
  • Data integrity mismatch in one of the data copies
  • During the last full day, Service Reliability is below 98%

4 working days

Security incident resolution coordination is to be lead by CSC security officer.  Security incident is defined such that there has been an event indicating possible unauthorized access to data, applications, services, networks and/or devices by bypassing their underlying security mechanisms. Alternatively, known vulnerability and tools to utilize the vulnerability exist.

CSC helpdesk agents acknowledge the reception of the information about the incident, notify the severity level and provide, if possible, a first and not committed estimate of the time required to restore normal operational status. If an incident cannot be solved within the mentioned timeframe, i.e. Incident Resolution time, a statement explaining the reasons is issued. This statement will contain a plan how the incident will be solved during the following working days.


5.   Service level targets

The following are the agreed service level minimums for the B2DROP Service:

Service Level target


Service Reliability


Service Reliability is measured using EUDAT monitoring system. EUDAT monitoring system checks that the B2DROP service responds correctly and that a test file can be accessed. Availability checks are done in 5 minute intervals. Service Reliability is measured in daily (24 hours) level.


6.   Limitations & constraints

The provisioning of the service under the agreed service level targets is subject to the following limitations and constraints:

▪       Support is provided in the following languages: English, Finnish

▪       Force Majeure. A party shall not be liable for any failure of or delay in the performance of this Agreement for the period that such failure or delay is due to causes beyond its reasonable control, including but not limited to acts of war, strikes or labour disputes, logistical problems caused by natural disasters, embargoes, government orders or any other force majeure event.



7.   Communication, SLA violation & escalation


7.1.        General communication

The following contacts will be generally used for communications related to the service in the scope of this SLA:

  • CSC Service Desk contact address
  • EUDAT service monitoring service
  • CSC contact for security issues
  • CSC contact for escalations
  • Customer contact for the service provider
  • Customer contact for security issues

Contacts are defined in Annex B. Contact information.

7.2.        SLA violations

CSC commits to inform the CUSTOMER, if this SLA is violated or violation is anticipated.  The message contain detailed information about what parts of the SLA were violated, when this violation occurred, and what kind of effects this have had to User experience. The message will also contain initial plan what will be done to ensure that SLA violations will not happen again.

The following rules are agreed for communication in the event of SLA violation:

            Customer contact for the service provider will be contacted by CSC by e-mail.

7.3 Escalation & complaints

CSC is committed to support high quality services. In case the incident has not been solved during the incident resolution time or there are other issues in the service prohibiting or disturbing normal usage incident escalation (or complaint) can be initiated by contacting CSC contact for escalations.

CSC contact for escalations is a person responsible of CSC’s EUDAT service production. If needed, he/she will work in collaboration with other EUDAT Service Providers involved in B2DROP service production. CSC contact for escalation contacts the customer directly, makes an analysis of the situation, makes a plan and schedule how the issue will be solved, and informs Customer about status of the escalation process. CSC contact for escalations will also keep EUDAT operations coordinator informed.



8.   Information security & data protection


8.1.        Information security

The following rules for information security and data protection apply:

8.2.        Personal Data

The parties recognize European General Data Protection Directive on protection personal data in their roles of Data Processor and Data Controller, and:

  • respect the rights of data subjects based on the responsibilities of the parties in such extent as personal data is in the Service
  • will protect the personal data according to best practices on of information security
  • will notify the other party and the supervising authority in case of a data breach
  • will not export the personal data to third countries without user consent

8.3.        Submitted data property

Data preservation by the EUDAT does not include or imply any transfer of ownership or immaterial property rights, unless otherwise agreed upon in writing.

The Customer is responsible for ascertaining that he is authorized to transfer the data, documents, or other content to EUDAT. This means the Customer has to secure the relevant permission from third parties, for example, from data producers, authors, and right holders.

9.   Additional responsibilities CSC

The CSC ensures:

  • that its actions, policies and procedures are compliant with local, national law, and EU regulations and rules;
  • that agreed processes for incident response are documented and acted upon.


10. Customer responsibilities

The CUSTOMER has to:

  • inform without delay CSC security officer about security incidents.




11.  Training and Documentation


11.1 Documentation

The following documentation of B2DROP service is available :



User documentation


11.2 Training

EUDAT provide some hands-on material in order to support the customer in the B2DROP  service deployment and integration.


12. Glossary of terms

For the purpose of this SLA, the following terms and definitions apply:

See Annex C: Glossary




13.  Document control

Document ID

[Unique document identifier]

Document title

Service Level Agreement for CSC EUDAT B2DROP service

Definitive storage location


Document owner

[Name of the person primarily responsible for maintaining and reviewing this document]



Last date of change


Next review due date


Version & change tracking



















Annex A. EUDAT Service Providers


EUDAT services are provided by  EUDAT Service Providers listed below:



These EUDAT Service Providers are contractually through Operational Level Agreements committed to provide high quality services for EUDAT and for CUSTOMERs.

The number of service providers may change. However, new service providers will commit to same level of service as existing EUDAT Service Providers.





Annex B. Contact information


Following table defines contact addresses:


CSC Service Desk contact address

EUDAT service monitoring service

CSC contact for security issues

CSC to provide

CSC contact for escalations

CSC to provide

Customer contact for the service provider

client to provide

Customer contact for security issues

 client to provide







Annex C. Glossary




Brand of the EUDAT Cloud Storage service


Brand of the EUDAT Joint Metadata Service


Brand of the EUDAT Safe Replication Service


Brand of the EUDAT Simple Store Service


Brand of the EUDAT Data Staging Service


EUDAT Collaborative Data Infrastructure


Organisation or part of an organisation that commissions EUDAT to receive one or more services, doing so on behalf of a number of users.


Information received, preserved and communicated by EUDAT. They can include data and metadata.


Change of responsibility for an event (such as an incident or problem) and / or activity to another individual or group

Note: This might be functional escalation (to someone with specific responsibility, competence or access to information / knowledge) or hierarchical escalation (to someone with a higher level of authority).

EUDAT Collaborative Data Infrastructure (CDI)

European e-infrastructure of integrated data services and resources to support research.

EUDAT Services Terms of Use

EUDAT Services Terms of Use document describes rules and policies that each user must follow when using EUDAT services. Link to document can be found from page.

EUDAT Service Provider

Service providers that are contractually contractually through Operational Level Agreements committed to provide high quality IT services for EUDAT and for CUSTOMERs.


Standard for lightweight service management in federated IT infrastructures


Unplanned disruption of operation in a service or Service Component, or degradation of service quality versus the expected or agreed service level or operational level according to service level agreements (SLAs), operational level agreements (OLAs) and underpinning agreements (UAs) with suppliers.

Incident resolution time

Incident resolution time defines the maximum time from the beginning of an incident to a time normal service level is restored.

Incident response time

Maximum time taken between the time a user  reports an Incident and the time that the Service Desk responds to that Incident.


Information Technology Service Management

Key performance indicator (KPI)

Metric that is used to track the performance, effectiveness or efficiency of a service or process. Note: KPIs are generally important metrics that will be aligned to critical success factors and important goals. KPIs are therefore a subset of all possible metrics, intended to allow for monitoring and correcting/ improving the effectiveness and/or efficiency of a system or process.

Operational Level Agreements (OLA)

Operational Level Agreement between a Service Provider or federation member and another part of the service provider’s organisation or the Federation to provide a Service Component or subsidiary service needed to allow provision of services to Customers


Structured set of activities, with clearly defined responsibilities, that bring about a specific objective or set of results from a set of defined inputs

Note: Generally, a process is a logical subdivision of a larger set of activities used to provide or manage services.

Resource Provider

An organizational instance that provides, maintains and operates processing, storage and network resources at a site.


Possible negative occurrence that would impact the service or service provider. Note: Risk is made up of the probability of the threat entailed, the vulnerability to that threat of some asset, and the impact the threat would have, if it occurred.


Set of responsibilities, connected behaviours or actions collected into a logical unit that can be assigned to an individual, team or group. Note: An individual may have multiple roles.

Security incident

An event has noted that indicates that there has been an unauthorized access to data, applications, services, networks and/or devices by bypassing their underlying security mechanisms. Alternatively, known vulnerability and tools to utilize the vulnerability exist.


A way to Provide Value to a User/CUSTOMER through bringing about results that they want to achieve.

Service Availability

Describes the time in a defined period the service was available, over the total possible available time, expressed as a percentage. It is calculated by dividing the time the system is operational in that period by the period itself and converting to a percentage (e.g. 325 days/ 365 days x 100 = 89%). Service availability is checked in 5 minute intervals.

Service Reliability

Describes the time in a defined period the service was available, over the total possible available time, expressed as a percentage. Predefined service breaks are excluded. Service availability is checked in 5 minute intervals.

Service Component

Technical or non-technical element that helps make up a service (e.g. a computer, a physical location, an authentication system, a software stack).

Service hours

An agreed time period when a particular Service should be Available.

Service Desk

A service desk is a communications center that provides a single point of contact (SPOC) between a EUDAT and its customers, employees and business partners.

Service Desk  Response Time

Target time for a Service Desk to respond to a service request.

Service Desk Resolution Time

Maximum time for a Service Desk to resolve  a service request.

Service Level Agreement (SLA)

Service Level Agreement between a CUSTOMER and EUDAT that specifies the service to be provided and the service targets that define how it will be provided.

Service Provider

Organisation or federation or part of an organisation or federation that manages and delivers a service or services to customers

Service report

Report that details the performance of a service versus the service targets detailed in service level agreements (SLAs).

Service Level Target

Reference / target values for parameters that are used to measure the performance of a service, and that are listed in a service level agreement (SLA) related to this service


Individual that primarily benefits from and uses a service.


The benefit to a customer and their users delivered by a service

Note: Value should be considered as a composition of the utility (fitness for purpose) and warranty (fitness for use, covering sufficient availability / continuity, capacity / performance and information security) connected to a service.





Service Privacy Policy

Updated: 2018-06-15