Service Level Agreement for BindID™

1. Commencing on Transmit Security’s activation of the Cloud Service to Customer, Transmit Security strives to meet the target service availability of 99.99% for the production tenant (the “Availability Target”).
2. The foregoing is contingent on the Customer’s adherence to Transmit Security’s recommended minimum technical configuration requirements for accessing and using the Cloud Service from Customer’s network infrastructure.

Following the end of each calendar month of the applicable Schedule Term, Transmit Security measures the service availability of the Cloud Service over the immediately preceding month by dividing the difference between the total number of minutes in the monthly measurement period and any Adjusted Unplanned Downtime (as further defined below) by the total number of minutes in the measurement period, and multiplying the result by 100 to reach a percent figure (“Availability Level”).

The Cloud Service is considered available in the following scenarios:

1. The Cloud Service is deployed in resilient computing facilities with resilient infrastructure, redundant network connections, and power at each hosting facility.
2. “Unplanned Downtime” means any time during which an issue with the Cloud Service prevents the Customer’s connectivity. Unplanned Downtime does not include any time during which the Cloud Service, or any component thereof, are not available due to the following:
   
   1. maintenance periods (as further discussed below);
   2. circumstances outside of Transmit Security’s control or other Force Majeure events;
   3. any actions or inactions by the Customer or its users (e.g., restarting, stopping, filling up storage, misconfiguring database parameters, installation of third-party agents/software, misconfiguration of security groups, VCN configurations or credential settings, disabling encryption keys or making the encryption keys inaccessible, not allocating adequate resources for Customer’s workload or exceeding limits specified for the Cloud Service, third party malicious acts against Customer or its users, etc.); or
   4. any suspension by Transmit Security permitted under the Agreement.

1. If in a given month the Unplanned Downtime affects 5% of Users for a period lasting two hours, the Adjusted Unplanned Downtime will be calculated as 120 minutes x 0.05 = 6 minutes of Adjusted Unplanned Downtime.
2. If in a given month the Unplanned Downtime affects 50% of Users for a period lasting 10 minutes, then Adjusted Unplanned Downtime will be calculated as 10 minutes x 0.50 = 5 minutes of Adjusted Unplanned Downtime.

1. Apportioned Monthly Fee means the apportioned monthly amount of the Minimum Annual Fee for the applicable contract year.
   

   Cloud Service Availability Level	Service Level Credit
   99.90% – 99.99%	5% of the Apportioned Monthly Fee applicable to month in which failure occurred
   99.0% – 99.90%	10% of the Apportioned Monthly Fee applicable to month in which failure occurred
   95.0% – 99.0%	20% of the Apportioned Monthly Fee applicable to month in which failure occurred
   < 95%	50% of the Apportioned Monthly Fee applicable to month in which failure occurred

Claims. Customers must submit a claim within sixty (60) days of the end of the contracted month that the Availability Target was missed. Service Level Credits cannot exceed 50% of the Apportioned Monthly Fee.

Exclusions. No Service Level Credits are given for failure to meet the Availability Target related to:

• Beta, trial, experimental, evaluations, proofs of concept, or no-charge Cloud Services.
• Test, development or other non-production tenants
• Preview Features (as defined below)
• Customer infrastructure failures, including network, hardware, facility, or power.
• Customer errors or failures to provide needed information or access to resolve an outage.
• Customer-caused security incidents or security testing.
• Any exclusions set forth in Section 4.2.
• Other causes beyond Transmit Security’s reasonable control.

1. Cloud Service Change Management and Maintenance

   The Transmit Security Operations team performs changes to cloud hardware infrastructure, operating software, product software, and supporting application software that is provided by Transmit Security as part of the Cloud Service to maintain operational stability, availability, security, and performance of the Cloud Service. Transmit Security follows formal change management procedures to review, test, and approve changes prior to application in the production service.
   Changes made through change management procedures include system and service maintenance activities, upgrades and updates, and customer-specific changes. Transmit Security’s change management procedures are designed to minimize service interruptions during the implementation of changes.

2. Emergency Maintenance

   Transmit Security may be required to execute emergency maintenance in order to protect the security, performance, availability, or stability of the Cloud Service. Emergency maintenance is required to address an exigent situation that cannot be addressed except on an emergency basis.

1. Severity Level Guidelines and Response Time Objectives

   Level 1: Critical Business Impact/Service Down. Business critical functionality is inoperable or critical interface has failed. This usually applies to a production environment and indicates an inability to access the Cloud Service resulting in a critical impact on operations. This condition requires an immediate solution. The Customer must log a Service Down within 24 hours of first becoming aware that there is a critical business impact and the Cloud Service is not available. Please Note: Telephone call must follow the opening of a ticket. Transmit Security will work with the Customer 24 hours a day, seven days a week to resolve critical problems provided the Customer has a technical resource available to work during those hours and Customer must reasonably assist Transmit Security with any problem diagnosis and resolution.

   Level 2: Significant Business Impact. A service, business feature, or function of the Cloud Service is severely restricted in its use.

   Level 3: Minor Business Impact. The Cloud Service or functionality of the Cloud Service is usable and the issue can be worked around without significant inconvenience.

   Level 4: Minimal business impact. An inquiry, non-technical request or general questions.

2. Response Time Objectives & Coverage

   The following table outlines response time objectives that Transmit Security strives to achieve, measured from the time Transmit Security receives the Customer’s initial request for support to the time Transmit Security provides an initial communication back to the Customer regarding its request.

   Incident	Response Time Objectives	Response Time Objectives
   Level 1	Within 1 hour	24×7
   Level 2	Within 2 hours	Monday through Friday  9:00 AM – 6:00 PM (local time)
   Level 3	12 hours	Monday through Friday  9:00 AM – 6:00 PM (local time)
   Level 4	Within 1 business day	Monday through Friday  9:00 AM – 6:00 PM (local time)

   Response Time Objectives are intended to describe Transmit Security’s goals only, and do not represent a guarantee of performance.

None of the above mentioned terms is assured to be honored in the case of non-Enterprise subscriptions, this includes proofs of concept, free trial or evaluation subscriptions and any other non-Enterprise Cloud Service subscription to be introduced in the future by Transmit Security.

1. Transmit Security will be solely responsible for categorizing incidents; however, the Customer may request to re-categorize the incident.
2. The Customer must contact the Transmit Security Technical Support number immediately after opening a Level 1 online ticket in order to facilitate an emergency response.
3. In a timely and expedient manner, Customer agrees to: (i) provide Transmit Security with reasonable detail of the nature of and circumstances surrounding an error, (ii) confirm that Transmit Security has received complete requested logs of products, and (iii) provide Transmit Security with reasonable access to Customer’s environment, as necessary, to enable Transmit Security to provide support.
4. Customer acknowledges and agrees that Transmit Security may not have a satisfactory response, or that response timelines may be significantly delayed due to Customer’s inability to produce relevant requested information about error, or Customer’s inability to respond to Transmit Security’s requests in general.
5. Transmit Security must be able to reproduce the reported error with given information, and that error must be determinable and reproducible to resolve the issue with either a work-around or a fix.
6. If the problem is diagnosed to be something other than the Transmit Security platform, then the reported issue will exit the Transmit Security escalation process and will be considered resolved.
7. Transmit Security has no obligation to provide support to Customer: (i) for any software, hardware or other element of the Customer environment not provided by Transmit Security, (ii) if Customer or a third party has altered or modified any portion of the Cloud Service, or (iii) if Customer has not used the Cloud Service in accordance with Documentation or instructions provided by Transmit Security, including failure to follow implementation procedures.
8. Customer agrees that Transmit Security is not responsible for the support of (i) the externally connected databases except for Transmit Security policies and configurations, (ii) any third-party system or API connected to the Transmit Security platform provided by another vendor, (iii) the underlying operating system unless there are conflicts with the Transmit Security platform, (iv) any network connectivity on the Customer’s premises, involving mobile device communication over a mobile network, or the Internet, (v) any firewall or networking devices that may be blocking communication between platform components due to no fault of Transmit Security.
9. Support is only available in the English language.
10. Transmit Security platform includes phone and web support for teams of up to five (5) Customer team members.

1. Preview Features. Transmit Security may make experimental, preview, or beta features available to Customer for trial or evaluation use (“Preview Features”). Transmit Security can modify or withdraw the Preview Features at any time and is under no obligation to make the Preview Features generally available. Preview Features are provided as-is without warranties of any kind, and are not subject to SLAs and support services.
2. Customer is not permitted to conduct penetration, intrusion or stress testing of the Cloud Service.