Service Level Agreement
CSC – IT Center for Science
Service Level Agreement
for CSC EUDAT B2DROP service
Service Level Agreement
This document is an service level agreement (SLA) to cover the provision and support of the B2SDROP SERVICE.
This agreement is made between:
CSC – IT Center for Science, Keilaranta 14, Espoo, Finland
[Customer name], [address – city –country]
represented by [Customer representative].
This SLA is valid from
2018-01-01 to 2019-01-01.
The purpose of this SLA is to agree quality and reliability requirements and targets of a B2DROP SERVICE. In addition, this document defines processes, roles, and contact addresses that are used to ensure that required service level can be maintained.
CSC – IT Center for Science (CSC) is part of community providing services under EUDAT brand. CSC does not provide all the service components and supporting services by itself. Some of the supporting service and service components are provided by other EUDAT Service Providers listed in Annex A.
2. Scope & description of the service
B2DROP is a secure and trusted data exchange service for researchers and scientists to keep their research data synchronized and up-to-date and to exchange with other researchers. B2DROP is an ideal solution to store and exchange data with colleagues and team members, synchronise multiple versions of data, ensure automatic desktop synchronisation of large files.
To protect customer data, data stored into CSC B2DROP service will be replicated daily to secondary system or backed up into CSC Backup service.
B2Drop is based on NextCloud technology.
- federated authentication through B2Access service
- intuitive user-interface via the web,
- desktop clients available for Windows, MacOS, Linux, IOS, and Android systems,
- WebDAV API,
- store and exchange data with colleagues and team members,
- synchronise multiple versions of data,
- ensure automatic desktop synchronisation of files.
Additional service packages:
- Use only one file replica
3. Service hours and exceptions
The service is available on a 24x7 basis excluding time required for service maintenance and incident management. Service Desk hours are as follows:
08:30-16:00 EET, normal working days.
Normal working days are from Monday to Friday excluding following generic holidays
- New Year's Day (1.1)
- Epiphany (6.1)
- Good Friday (Friday, variable date)
- Easter Day (Sunday, variable date)
- Easter Monday (Monday, variable date)
- Labour Day (1.5)
- Ascension Day (Thursday, variable date)
- Whitsunday (Sunday, variable date)
- Midsummer Eve (variable date)
- Midsummer Day (variable date)
- All Saint’s Day (Saturday, variable date)
- Indenpendence Day (6.12)
- Christmas Eve (24.12)
- Christmas Day (25.12)
- St. Stephen's Day (26.12)
The following exceptions apply:
If not stated elsewhere, CSC EUDAT B2DROP service has a regular maintenance window every first Tuesday of the month 13:00-15:00. Regular maintenance windows are not advertised in advance.
In addition to regular maintenance break, as a part of incident management process, there may be additional maintenance breaks. Announcement about these breaks will be given at least 7 calendar days before the maintenance break. These service breaks are considered as planned and they do not affect the Service Reliability (See section 5).
Service breaks advertised in short time (less than 7 calendar days before the maintenance) are considered as emergency service breaks. Unplanned service break due to emergency maintenance is only done as a part of critical incident management process. Unplanned service breaks are taken into account on Service Reliability.
During maintenance windows, Service Availability and/or service response will be reduced.
The services covered by the scope of this SLA are provided with the following level of support.
Service Desk Response Time
Service Desk Resolution time
Service Desk Response Time is the Target time for a Service Desk to respond to a service request. Service Desk Resolution time describes the maximum time for a Service Desk to fulfil the standard service request. In most of the cases Service Desk Resolution time is considerably shorter than the Service Desk Resolution time given above. Non-standard service requests include service requests of new customers and capacity requirements over 50 TB.
4.1. Incident handling
Disruptions to the agreed service operation will be handled according to an appropriate severity classification of the incident. In this context, following guidelines apply:
Incident Responce Time
Total loss of a Service:
4 hours during normal working time
Service is degraded:
1 working day
Minor incident / warning:
4 working days
Security incident resolution coordination is to be lead by CSC security officer. Security incident is defined such that there has been an event indicating possible unauthorized access to data, applications, services, networks and/or devices by bypassing their underlying security mechanisms. Alternatively, known vulnerability and tools to utilize the vulnerability exist.
CSC helpdesk agents acknowledge the reception of the information about the incident, notify the severity level and provide, if possible, a first and not committed estimate of the time required to restore normal operational status. If an incident cannot be solved within the mentioned timeframe, i.e. Incident Resolution time, a statement explaining the reasons is issued. This statement will contain a plan how the incident will be solved during the following working days.
5. Service level targets
The following are the agreed service level minimums for the B2DROP Service:
Service Level target
Service Reliability is measured using EUDAT monitoring system. EUDAT monitoring system checks that the B2DROP service responds correctly and that a test file can be accessed. Availability checks are done in 5 minute intervals. Service Reliability is measured in daily (24 hours) level.
6. Limitations & constraints
The provisioning of the service under the agreed service level targets is subject to the following limitations and constraints:
▪ Support is provided in the following languages: English, Finnish
▪ Force Majeure. A party shall not be liable for any failure of or delay in the performance of this Agreement for the period that such failure or delay is due to causes beyond its reasonable control, including but not limited to acts of war, strikes or labour disputes, logistical problems caused by natural disasters, embargoes, government orders or any other force majeure event.
7. Communication, SLA violation & escalation
7.1. General communication
The following contacts will be generally used for communications related to the service in the scope of this SLA:
- CSC Service Desk contact address
- EUDAT service monitoring service
- CSC contact for security issues
- CSC contact for escalations
- Customer contact for the service provider
- Customer contact for security issues
Contacts are defined in Annex B. Contact information.
7.2. SLA violations
CSC commits to inform the CUSTOMER, if this SLA is violated or violation is anticipated. The message contain detailed information about what parts of the SLA were violated, when this violation occurred, and what kind of effects this have had to User experience. The message will also contain initial plan what will be done to ensure that SLA violations will not happen again.
The following rules are agreed for communication in the event of SLA violation:
Customer contact for the service provider will be contacted by CSC by e-mail.
7.3 Escalation & complaints
CSC is committed to support high quality services. In case the incident has not been solved during the incident resolution time or there are other issues in the service prohibiting or disturbing normal usage incident escalation (or complaint) can be initiated by contacting CSC contact for escalations.
CSC contact for escalations is a person responsible of CSC’s EUDAT service production. If needed, he/she will work in collaboration with other EUDAT Service Providers involved in B2DROP service production. CSC contact for escalation contacts the customer directly, makes an analysis of the situation, makes a plan and schedule how the issue will be solved, and informs Customer about status of the escalation process. CSC contact for escalations will also keep EUDAT operations coordinator informed.
8. Information security & data protection
8.1. Information security
The following rules for information security and data protection apply:
- EUDAT Security Guidelines
- SCI Security Framework, (https://wise-community.org/sci/)
- EU Regulation on Protection of Personal Data
8.2. Personal Data
The parties recognize European General Data Protection Directive on protection personal data in their roles of Data Processor and Data Controller, and:
- respect the rights of data subjects based on the responsibilities of the parties in such extent as personal data is in the Service
- will protect the personal data according to best practices on of information security
- will notify the other party and the supervising authority in case of a data breach
- will not export the personal data to third countries without user consent
8.3. Submitted data property
Data preservation by the EUDAT does not include or imply any transfer of ownership or immaterial property rights, unless otherwise agreed upon in writing.
The Customer is responsible for ascertaining that he is authorized to transfer the data, documents, or other content to EUDAT. This means the Customer has to secure the relevant permission from third parties, for example, from data producers, authors, and right holders.
9. Additional responsibilities CSC
The CSC ensures:
- that its actions, policies and procedures are compliant with local, national law, and EU regulations and rules;
- that agreed processes for incident response are documented and acted upon.
10. Customer responsibilities
The CUSTOMER has to:
- inform without delay CSC security officer about security incidents.
11. Training and Documentation
The following documentation of B2DROP service is available :
EUDAT provide some hands-on material in order to support the customer in the B2DROP service deployment and integration.
12. Glossary of terms
For the purpose of this SLA, the following terms and definitions apply:
See Annex C: Glossary
13. Document control
[Unique document identifier]
Service Level Agreement for CSC EUDAT B2DROP service
Definitive storage location
[Name of the person primarily responsible for maintaining and reviewing this document]
Last date of change
Next review due date
Version & change tracking
Annex A. EUDAT Service Providers
EUDAT services are provided by EUDAT Service Providers listed below:
- CSC-TIETEEN TIETOTEKNIIKAN KESKUS OY (CSC)
- BARCELONA SUPERCOMPUTING CENTER - CENTRO NACIONAL DE SUPERCOMPUTACION (BSC)
- CONSORZIO INTERUNIVERSITARIO CINECA (CINECA)
- CINES (CINES)
- THE UNIVERSITY OF EDINBURGH (UEDIN)
- FORSCHUNGSZENTRUM JULICH GMBH (JUELICH)
- INSTYTUT CHEMII BIOORGANICZNEJ POLSKIEJ AKADEMII NAUK (PSNC)
- SURFSARA BV (SURFsara)
- UNINETT SIGMA AS (SIGMA)
- SCIENCE AND TECHNOLOGY FACILITIES COUNCIL (STFC)
- GREEK RESEARCH AND TECHNOLOGY NETWORK S.A. (GRNET)
- KARLSRUHER INSTITUT FÜR TECHNOLOGIE (KIT)
- MAX PLANCK COMPUTING AND DATA FACILITY (MPCDF)
These EUDAT Service Providers are contractually through Operational Level Agreements committed to provide high quality services for EUDAT and for CUSTOMERs.
The number of service providers may change. However, new service providers will commit to same level of service as existing EUDAT Service Providers.
Annex B. Contact information
Following table defines contact addresses:
CSC Service Desk contact address
EUDAT service monitoring service
CSC contact for security issues
CSC to provide
CSC contact for escalations
CSC to provide
Customer contact for the service provider
client to provide
Customer contact for security issues
client to provide
Annex C. Glossary
Brand of the EUDAT Cloud Storage service
Brand of the EUDAT Joint Metadata Service
Brand of the EUDAT Safe Replication Service
Brand of the EUDAT Simple Store Service
Brand of the EUDAT Data Staging Service
EUDAT Collaborative Data Infrastructure
Organisation or part of an organisation that commissions EUDAT to receive one or more services, doing so on behalf of a number of users.
Information received, preserved and communicated by EUDAT. They can include data and metadata.
Change of responsibility for an event (such as an incident or problem) and / or activity to another individual or group
Note: This might be functional escalation (to someone with specific responsibility, competence or access to information / knowledge) or hierarchical escalation (to someone with a higher level of authority).
EUDAT Collaborative Data Infrastructure (CDI)
European e-infrastructure of integrated data services and resources to support research.
EUDAT Service Provider
Service providers that are contractually contractually through Operational Level Agreements committed to provide high quality IT services for EUDAT and for CUSTOMERs.
Standard for lightweight service management in federated IT infrastructures
Unplanned disruption of operation in a service or Service Component, or degradation of service quality versus the expected or agreed service level or operational level according to service level agreements (SLAs), operational level agreements (OLAs) and underpinning agreements (UAs) with suppliers.
Incident resolution time
Incident resolution time defines the maximum time from the beginning of an incident to a time normal service level is restored.
Incident response time
Maximum time taken between the time a user reports an Incident and the time that the Service Desk responds to that Incident.
Information Technology Service Management
Key performance indicator (KPI)
Metric that is used to track the performance, effectiveness or efficiency of a service or process. Note: KPIs are generally important metrics that will be aligned to critical success factors and important goals. KPIs are therefore a subset of all possible metrics, intended to allow for monitoring and correcting/ improving the effectiveness and/or efficiency of a system or process.
Operational Level Agreements (OLA)
Operational Level Agreement between a Service Provider or federation member and another part of the service provider’s organisation or the Federation to provide a Service Component or subsidiary service needed to allow provision of services to Customers
Structured set of activities, with clearly defined responsibilities, that bring about a specific objective or set of results from a set of defined inputs
Note: Generally, a process is a logical subdivision of a larger set of activities used to provide or manage services.
An organizational instance that provides, maintains and operates processing, storage and network resources at a site.
Possible negative occurrence that would impact the service or service provider. Note: Risk is made up of the probability of the threat entailed, the vulnerability to that threat of some asset, and the impact the threat would have, if it occurred.
Set of responsibilities, connected behaviours or actions collected into a logical unit that can be assigned to an individual, team or group. Note: An individual may have multiple roles.
An event has noted that indicates that there has been an unauthorized access to data, applications, services, networks and/or devices by bypassing their underlying security mechanisms. Alternatively, known vulnerability and tools to utilize the vulnerability exist.
A way to Provide Value to a User/CUSTOMER through bringing about results that they want to achieve.
Describes the time in a defined period the service was available, over the total possible available time, expressed as a percentage. It is calculated by dividing the time the system is operational in that period by the period itself and converting to a percentage (e.g. 325 days/ 365 days x 100 = 89%). Service availability is checked in 5 minute intervals.
Describes the time in a defined period the service was available, over the total possible available time, expressed as a percentage. Predefined service breaks are excluded. Service availability is checked in 5 minute intervals.
Technical or non-technical element that helps make up a service (e.g. a computer, a physical location, an authentication system, a software stack).
An agreed time period when a particular Service should be Available.
A service desk is a communications center that provides a single point of contact (SPOC) between a EUDAT and its customers, employees and business partners.
Service Desk Response Time
Target time for a Service Desk to respond to a service request.
Service Desk Resolution Time
Maximum time for a Service Desk to resolve a service request.
Service Level Agreement (SLA)
Service Level Agreement between a CUSTOMER and EUDAT that specifies the service to be provided and the service targets that define how it will be provided.
Organisation or federation or part of an organisation or federation that manages and delivers a service or services to customers
Report that details the performance of a service versus the service targets detailed in service level agreements (SLAs).
Service Level Target
Reference / target values for parameters that are used to measure the performance of a service, and that are listed in a service level agreement (SLA) related to this service
Individual that primarily benefits from and uses a service.
The benefit to a customer and their users delivered by a service
Note: Value should be considered as a composition of the utility (fitness for purpose) and warranty (fitness for use, covering sufficient availability / continuity, capacity / performance and information security) connected to a service.