Service Level Agreements (SLAs)

1. Definitions

All terms identified by a capital letter, if not defined in this service level agreement (hereinafter the “SLA”), shall have the meaning given to them in the general terms and conditions of use of the Platform.

Client: refers to any professional, natural or legal person, registered in the trade and companies register or any equivalent commercial register, who has entered into a Contract with CYBERESIST.

Contract: refers to the Customer’s subscription to the contract for the provision of the Platform.

Platform: refers to the software platform called ‘CYBERESIST’ developed and published by CYBERESIST and made available to the Customer in accordance with the terms of the Contract, for the purpose of conducting cybersecurity audits, depending on the services subscribed to by the Customer.

User: refers to the individual who benefits from the services provided by the Platform and granted to the Client, who is employed by the Client or by the Client’s subcontractors, and authorised to use all or part of the Platform, regardless of their location and the terms of their access.

CYBERESIST: refers to the company CYBERESIST, a simplified joint stock company with a capital of €1,000, having its registered office at 102 avenue des Champs-Élysées, 75008 Paris, registered with the Paris Trade and Companies Register under number 930 360 888.

Working Days and/or Working Hours: refers to weekdays from Monday to Friday between 9:00 a.m. and 5:30 p.m. (French mainland time), excluding French public holidays.

2. Object

The service level agreement (hereinafter referred to as the “SLA”) describes the support and maintenance services provided by CYBERESIST for the Platform, the availability guarantees for the Platform, the measures to be taken in the event of service failures, and the corresponding response and repair times. All the guarantees described below apply to the subscription of a licence on the Platform in Public or Private SaaS mode within the framework of the Contract. Specific developments contracted by the Client concerning the Platform are not covered by the SLA until these developments have been validated by the Client and made available on the Platform.

CYBERESIST may, at any time, modify, update or supplement this SLA. Such modifications shall be communicated to the Customer by email (one email is sufficient). The Customer has the right to object to the changes communicated to them. If the Customer does not object to all or some of the changes communicated within fifteen (15) Business Days of receiving the notification, the changes communicated shall be deemed to have been acknowledged and accepted by the Customer and shall automatically apply to them from the end of the aforementioned period. If the Customer objects to the changes communicated within the aforementioned period of fifteen (15) Business Days, the SLA will continue under the previous conditions. The Customer may send any disputes, notifications or other information to CYBERESIST at the address indicated at the end of the SLA.

3. Duration

The SLA shall take effect from the date on which the Customer subscribes to the Platform’s support and maintenance services, for the duration of the Contract.

It shall be renewed and/or terminated under the same conditions as the Contract.

4. Operators/Hosting

CYBERESIST hosts its platform with OVH, an operator and network access provider located in France.

Contingency plan:

As CYBERESIST cannot be held responsible for network line interruptions, it draws the Customer’s attention to the importance of choosing the right operator and, in particular, the backup option that it may offer by setting up a parallel line in the event of a network interruption.

CYBERESIST shall work with the Client to implement the communications contingency plan defined by the Client.

5. Platform availability

The availability rate is the percentage of time, during a given period, during which the Platform is accessible and its main features are functional.

The Platform is considered unavailable if it is affected by a blocking anomaly.

The unavailability rate is calculated as follows:

• Annual unavailability rate (%) = (total number of hours – number of hours of unavailability) / (total number of hours) x 100

The above calculations relate to a calendar year (starting on 1 January at 00:00).

The Platform’s Availability Rate Guarantee (ARG) is CYBERESIST’s commitment to provide a minimum level of Availability Rate:

6. Quality of service

• CYBERESIST is unable to guarantee the continuity of services performed remotely via the Internet, which the Customer acknowledges and accepts without reservation.
• CYBERESIST undertakes to implement effective controls to provide reasonable assurance that the Customer can access and use the Platform 24/7.
• CYBERESIST guarantees the implementation of the Platform in accordance with the SLA. The Platform, including one or more of its features, may occasionally be suspended due to preventive or upgrade maintenance necessary for the proper functioning of the servers or the Platform.
• In the event of an interruption to the Platform for maintenance, CYBERESIST undertakes to comply with the procedure described below so that the Customer can be informed as fully as possible of the interruption and can take the necessary steps sufficiently in advance to avoid any disruption to its business.
• CYBERESIST shall not be held liable for any impact this unavailability may have on the Customer’s activities, and in particular for any compensation that may be claimed by the Customer.
• CYBERESIST shall be liable for any consequences of an interruption or suspension of the Platform for maintenance if CYBERESIST has not complied with this procedure and, in particular, if it has not given the Customer sufficient advance notice to enable the Customer to anticipate the maintenance suspension and, where necessary, adapt its operations.

7. Customer support

CYBERESIST support includes, in particular:

• The necessary initial training and assistance in the proper use of the Platform.
• The necessary data and best practices for its optimal use.
• Procedures for investigating and descibing problems, implementing a workaround or correction.

Support is available during Business Days and Business Hours.

The Customer undertakes to select a group of Users (“Dedicated Users”) who will be the main points of contact for the Customer’s Users in their use of the Platform, and to assist CYBERESIST with initial installation activities, project reviews and the provision of maintenance.

Dedicated Users shall take appropriate measures to identify and resolve any issues that are not categorised as Platform Anomalies, for example, issues that may be due to:

• Improper use of the Platform,
• The User’s internet connection, or the equipment used to connect to the Platform.

If none of the procedures undertaken by the Customer’s Dedicated User(s) resolves the Platform malfunction, the Customer shall report the problem to CYBERESIST.

In order to be dealt with effectively, the problem must first be correctly characterised (e.g. precise description of all malfunctions observed, detailed steps that caused the anomaly to occur, with a copy of any error messages received).

The problem can then be reported to CYBERESIST support via the communication channels defined in Article 8 below. It will then be handled as corrective maintenance, under the conditions set out in Article 9.1 below.

8. Communication

The Customer may contact CYBERESIST support:

• By email to support@cyberesist.com
• By telephone during business days.

The Customer is informed that support is only available in French.

9. Maintenance

CYBERESIST shall provide the Client, within the framework of an obligation of means, with a Platform maintenance service, under the conditions set out below.

9.1. Maintenance corrective

During the term of the Contract, CYBERESIST shall provide corrective maintenance for the Platform and shall use its best endeavours to ensure its proper functioning.

In order to be addressed, the Anomaly must be described by the Dedicated User in a precise and documented manner.

Upon receipt of notification of the Anomaly by the Dedicated User, and in accordance with the deadlines set out in the table below, CYBERESIST will classify the Anomaly according to the criteria defined below, and will then make every effort to correct the Anomaly as soon as possible, in any case in accordance with the Recovery Time Guarantee described in the table below.

CYBERESIST will inform the customer as soon as possible if the malfunction is not related to the service.

CYBERESIST shall inform the Customer as soon as the Anomaly has been eliminated.

The method of dealing with the Anomaly shall be at CYBERESIST’s discretion and may take the form of a programme correction, the provision of a workaround or any other means of preventing the recurrence of the Anomaly concerned.

9.2. Scalable maintenance

CYBERESIST shall use its best efforts to maintain the Platform in good working order by providing and installing, in a timely manner, the necessary updates to (i) adapt the Platform to technological developments in networks and IT equipment, and (ii) improve the use of the Platform.

In order to ensure this maintenance, CYBERESIST will intervene, either on its own initiative or at the Customer’s request, when an event occurs that is likely to cause an Anomaly and requires an update to the Platform.

CYBERESIST shall automatically provide the Customer, at no additional cost, with updates to the Platform resulting from the performance of maintenance services, excluding any major updates to the Platform (new version of the Platform) and/or installation of new features, which shall be carried out on the basis of a quotation, depending on the Customer’s requests.

CYBERESIST’s interventions in the context of ongoing maintenance may render all or part of the Platform temporarily unavailable. CYBERESIST will inform the Client by any means of the availability of an update in order to avoid, as far as possible, disrupting the use of the Platform by Users.

Any scheduled maintenance that results in a service interruption of more than 30 minutes shall be communicated to the Customer by e-mail with the following information at least 48 hours before the scheduled maintenance:

• Time of maintenance,
• Expected duration of the interruption and
• Expected severity of the disruption.

Where possible, any scheduled maintenance that causes a service interruption of more than 30 minutes will be carried out between 7:30 p.m. and 7:00 a.m. on Fridays.

10. Customer obligations

The Client undertakes to cooperate actively and in good faith with CYBERESIST in order to enable it to perform the maintenance services for which it is responsible in accordance with the terms of the SLA and, more generally, the Contract. In this respect, the Client undertakes (i) to spontaneously communicate any events, information or documents that may be useful for the proper use of the Platform and, more generally, for the proper performance of the Contract, (ii) to put CYBERESIST in contact with the Customer’s Dedicated Users, and (iii) to assist CYBERESIST, at its request, in performing maintenance services and to implement all measures requested by CYBERESIST in this regard.

The Customer also undertakes to regularly check with CYBERESIST for any information relating to the proper use of the Platform.

The Customer shall inform CYBERESIST as soon as possible of any factor that may directly affect the performance of the Contract.

The Customer undertakes to use the Platform in accordance with the terms of the SLA, the recommendations and instructions of CYBERESIST communicated to the Customer, in particular in the Platform documentation and/or in the context of the provision of support and/or maintenance services for the Platform and, more generally, in accordance with the terms of the Contract.

The Customer also undertakes to report to CYBERESIST, without delay and in accordance with the procedures set out in the SLA, any Anomalies, information, events, incidents and/or useful documents that may be communicated and/or transmitted to it by Users, in order to enable CYBERESIST to perform maintenance services in accordance with the terms of the SLA.

11. Security

CYBERESIST strives to secure access to and use of the Platform. CYBERESIST has implemented effective controls to protect against unauthorised physical and electronic access to CYBERESIST’s operating systems and applications, as well as to Customer Data, in order to provide reasonable assurance that access to systems and Customer Data is limited to authorised persons and that they are protected against any use that is not in accordance with their intended purpose.

CYBERESIST is also concerned with protecting the personal data of Customers and Users, in accordance with the regulations applicable to personal data protection and in particular Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the “GDPR”, and Law No. 78-17 of 6 January 1978, as amended, known as the “Data Protection Act”. For more information on the personal data protection rules published by CYBERESIST, the Customer is invited to consult CYBERESIST’s Privacy Policy, available at the following address:
https://cyberesist.com/declaration-de-confidentialite-ue/

12. Exclusions

Without prejudice to any other provision of the Contract, CYBERESIST shall be automatically released from any obligation and liability under the maintenance of the Software Solution in the following cases:

• A breach by the Customer of its obligation to cooperate as defined in the SLA, or of its payment obligation as defined in the Contract;
• In the event that the Anomaly results (i) from use of the Platform that does not comply with its intended purpose, the instructions and/or recommendations provided by CYBERESIST in the context of support or maintenance, or more generally with the provisions of the SLA, (ii) an intervention by the Customer or a third party on the Platform that has not been previously authorised in writing by CYBERESIST, or (iii) a computer program not supplied by CYBERESIST;
• The restoration of Data in the event of accidental destruction of such Data not attributable to a fault on the part of CYBERESIST;
• The lack of training for the Client and Users;
• The correction of faults, bugs, etc. originating from the Customer’s IT environment, in particular third-party software owned or otherwise licensed to the Customer.
• The development of new functions or applications;
• Modifications to be made to the Platform for its use in the Customer’s environments other than those covered by the Contract.
• Unauthorised modification of the Platform by the Customer, a User or a third party;
• The installation of any software or operating system that is not compatible with the Platform;
• The unavailability of power supply, telephone services or internet services that would prevent CYBERESIST or the Platform from accessing the Customer’s IT environment or a third-party host;
• A deliberate act of damage, malice, or sabotage;
• Any event of force majeure within the meaning of Article 1218 of the Civil Code and case law.