Synerion Cloud Services – Hosting and Delivery Policies
The Cloud Services described herein are provided under the terms of the agreement, ordering document and these Delivery Policies. Synerion’s delivery of the services is conditioned on you and your users’ compliance with your obligations and responsibilities defined in such documents and incorporated policies. These Delivery Policies, and the documents referenced herein, are subject to change at Synerion’s discretion; however Synerion policy changes will not result in a material reduction in the level of performance or availability of services provided during the Services Period.
Synerion provides Cloud Services from Synerion owned or leased data center space. Synerion defines the services’ network and systems architecture, hardware and software requirements. Synerion may access your services environment to perform the Cloud Services including the provision of service support.
Hours of Operation
The Cloud Services are designed to be available 24 hours a day, 7 days a week, 365 days a year, except during system maintenance periods and technology upgrades and as otherwise set forth in the agreement, the ordering document and these Delivery Policies.
The Hosting and Delivery Policies include the following:
- Security Policy
- System Resiliency Policy
- Disaster Recovery Service Policy
- Service Level Objective Policy
- Change Management Policy
- Suspension and Termination Policy
1 Security Policy
1.1 User Encryption for External Connections
Customer access to the system is through the Internet. SSL encryption technology is available for Synerion Cloud Service access. SSL connections are negotiated for at least 128 bit encryption or stronger. The private key used to generate the cipher key is at least 2048 bits. Secure Sockets Layer (SSL) encryption protocol is implemented for all web-based SSL certified applications deployed at Synerion. It is recommended that the latest available browsers certified for Synerion applications, which are compatible with higher cipher strengths and have improved security, be utilized for connecting to web enabled applications. The list of certified browsers for each version of Synerion applications can be found on the Minimum Requirements Document for the Product.
1.2 Segregation in Networks
Synerion’s data centers contain an isolated network environment used to deliver services to Synerion Cloud customers. In our Cloud environment, networking technologies are deployed in a layered approach designed to protect Customer data at the network and application level. Access controls are multi-tiered, consisting of the network, system, database, and application layers. All access is authorized on a “deny by default” base policy.
1.3 Network Access Control
Synerion Cloud operations teams access customer environments through a segregated network connection, which is dedicated to environment access control and isolated from Synerion’s internal corporate network traffic. The dedicated network functions as a secure access gateway between support systems and target application and database servers. Authentication, authorization, and accounting are implemented through standard security mechanisms designed to ensure that only approved operations and support engineers have access to the systems. Cryptographic controls are implemented to provide Cloud operations and support with secure, easily configured access to target applications.
1.4 Network Bandwidth and Latency
Synerion is not responsible for Customer’s network connections or for conditions or problems arising from or related to Customer’s network connections (e.g., bandwidth issues, excessive latency, network outages), or caused by the Internet. Synerion monitors its own networks and will notify customers of any internal issues that may impact availability.
1.5 Network Security
Synerion Cloud Services utilize firewalls to control access between the Internet and Synerion’s servers, allowing only authorized traffic.
1.5.2 System Access Control & Password Management
Access to Synerion Cloud systems is controlled by restricting access to only authorized personnel. Synerion enforces strong password policies on all infrastructure components and cloud management systems used to operate the Synerion Cloud environment. This includes requiring a minimum password length, password complexity, and regular password changes.
System access controls include system authentication, authorization, access approval, provisioning, and revocation for employees and any other Synerion-defined ‘users’. Customer is responsible for all End User administration within the application. Synerion does not manage the Customer’s Application End User accounts. Customer may configure the applications and additional built-in security features to meet their business or compliance needs.
1.6 Review of Access Rights
Network and operating system accounts for Synerion employees are reviewed regularly to ensure appropriate employee access levels. In the event of employee terminations, Synerion takes prompt actions to terminate network, telephony, and physical access for such former employees. Customer is responsible for managing and reviewing access for its own employee accounts.
1.7 Data Management / Protection
1.7.1 Data Protection
Synerion Cloud network transmission uses the SSL secure protocols to protect the data in transit over public networks. All data at rest is stored encrypted using AES-256 encryption.
1.7.2 Data Disposal
Upon termination of services or at Customer’s request, Synerion will delete application data residing therein in a manner designed to ensure that they cannot reasonably be accessed or read, unless there is a legal obligation imposed on Synerion preventing it from deleting all or part of the environments or data.
1.7.3 Secure File Transfer
Secure file transfer functionality is built on commonly secure protocols for transfer (such as SFTP and SSL). The functionality can be used to upload files to a secure location; most commonly for data import/export on the Synerion Cloud hosted service, or downloading files at service termination.
1.7.4 Data Privacy
2 System Resiliency Policy
The resiliency and backups described in this Policy apply only for Synerion Cloud services. Customer is solely responsible for developing a business continuity plan to ensure continuity of its own operations in the event of a disaster.
2.1 Synerion Cloud Services High Availability Strategy
For business continuity in the event of an incident affecting Synerion Cloud Services, Synerion deploys the services on a resilient computing infrastructure. Synerion’s production environments are hosted on data centers that have physical and logical components in place to help maintain availability of data center resources in the event of crisis like network link and hardware redundancy.
2.2 Application servers
Customer’s environment consists of a set of one or more servers that provide application services to Customer. The overall application tier functionality may be distributed across multiple servers.
2.3 Database servers
Customer databases are deployed across multiple servers to distribute the workload.
2.4 Redundant storage
All Synerion Cloud services data resides in geographically redundant storage configurations with protection from individual disk or array failure.
2.5 Synerion Cloud Services Backup Strategy
Synerion Cloud services use disk backups to help protect against the loss of Customer production data. Synerion periodically makes backups of Synerion Cloud data in all environments.
By default, the systems used to support Customer’s environments are backed up periodically to, and can be restored from disk media. Backups are for Synerion’s sole use in the event of a disaster.
3 Disaster Recovery Service Policy
This Policy applies only to Customer’s production services within Synerion Cloud Services. The activities described in this Policy do not apply to Customer’s own disaster recovery or backup plans or activities.
Disaster Recovery services are intended to provide service restoration capability in the case of a major disaster, as declared by Synerion, that leads to loss of a data center and corresponding service unavailability.
For the purposes of this policy, a “disaster” means an unplanned event or condition that causes a complete loss of access to the primary site used to provide the Synerion Cloud Services such that the Customer production environments at the primary site are not available.
3.2 System Resilience
Synerion Cloud Services are maintained at redundant and resilient data centers with infrastructure designed to maintain high levels of availability and to recover services in the event of a significant disaster or disruption. Synerion designs its cloud services using principles of redundancy.
Synerion Cloud Services provide an infrastructure that incorporates a comprehensive data backup strategy.
Synerion has two separate data centers that function as primary and secondary sites for Synerion Cloud Services. Customer’s production standby (secondary site) environment will reside in a data center geographically separate from Customer’s primary site. Synerion will commence the disaster recovery plan under this policy upon its declaration of a disaster, and will target to recover the production data and use reasonable efforts to re-establish the production environment at the secondary site.
Customer data is replicated in physically separate facilities in order to restore full services in the event of a disaster at a primary site. Backups are for Synerion’s sole use in the event of a disaster.
3.3 Disaster Recovery
Synerion provides for the recovery and reconstitution of its Cloud Services to the most recent available state following a disaster.
Synerion reserves the right to determine when to activate the Disaster Recovery Plan. During the execution of the Disaster Recovery Plan, Synerion provides regular status updates to customers.
3.3.1 Recovery Time Objective
Recovery time objective (RTO) is Synerion’s objective for the maximum period of time between Synerion’s decision to activate the recovery processes under this Policy to failover the service to the secondary site due to a declared disaster, and the point at which Customer can resume production operations in the standby production environment. If the decision to failover is made during the period in which an upgrade is in process, the RTO extends to include the time required to complete the upgrade. The RTO does not apply if any data loads are underway when the disaster occurs. The RTO objective is 24 hours from the declaration of a disaster.
3.3.2 Recovery Point Objective
Recovery point objective (RPO) is Synerion’s objective for the maximum period of data loss measured as the time from which the first transaction is lost until Synerion’s declaration of the disaster. The RPO objective is 1 hour from the point of service loss.
3.4 Approvals and Reviews
This Policy and corresponding Disaster Recovery Plans are reviewed annually. The Plans are revised during the review process to incorporate problem resolutions and process improvements.
3.5 Service Restoration
This Policy identifies the purpose and scope of the Disaster Recovery Plans, the roles and responsibilities, management commitment, coordination among organizational entities, and compliance. The plans document the procedures for recovering a Cloud Service (including referencing separate procedures for recovery of specific components) in the event of a disaster.
Synerion is committed to minimizing down time due to any disasters or equipment failures. As part of this commitment, Synerion has a corporate business disaster recovery plan for a timely recovery and restoration of Synerion operations.
3.6 Disaster Recovery Plans
The following are the objectives of Synerion’s Disaster Recovery Plan for Synerion Cloud Services:
- In an emergency, Synerion’s top priority and objective is human health and safety.
- Maximize the effectiveness of contingency operations through the established Disaster Recovery Plan that consists of the following phases:
o Phase 1 – Disaster Recovery Launch Authorization phase – to detect service disruption or outage at the primary site, determine the extent of the damage and activate the plan.
o Phase 2 – Recovery phase – to restore temporary IT operations at the secondary site.
o Phase 3 – Reconstitution phase – to restore processing capabilities and resume operations at the primary site.
- Identify the activities, resources, and procedures to carry out processing requirements during prolonged interruptions.
- Assign responsibilities to designated personnel and provide guidance for recovery, during prolonged periods of interruption.
- Ensure coordination with other personnel responsible for disaster recovery planning strategies. Ensure coordination with external points of contact and vendors and execution of this plan.
3.7 Plan Testing
The Cloud Services Disaster Recovery Plan is tested, as a live exercise or a table-top test, on an annual basis. The tests are used for training hosting personnel and are fully coordinated with all personnel responsible for contingency planning and execution. The tests verify that online backups can be recovered and the procedures for shifting a service to the alternate processing site are adequate and effective. Results of the testing are used to improve the process and initiate corrective actions.
4 Service Level Objective Policy
4.1 Service Level Agreement (SLA)
Commencing at Synerion’s activation of Customer’s production environment, and provided that Customer remains in compliance with the terms of the ordering document (including the agreement) and meets Synerion’s recommended minimum technical configuration requirements for accessing and using the services from Customer’s network infrastructure, Synerion works to meet the Service Level in accordance with the “Synerion Cloud Services – Support Level Agreement” document.
Synerion uses a variety of software tools to monitor (i) the availability and performance of Customer’s production services environment and (ii) the operation of infrastructure and network components.
4.2.1 Monitored Components
Synerion monitors all levels of the service infrastructure, and currently generates alerts for CPU, memory, storage, database, network components, and transactions. Synerion’s Operations staff attends to any automated warnings and alerts associated with deviations of the environment from Synerion defined monitoring thresholds, and follows standard operating procedures to investigate and resolve underlying issues.
4.2.2 Customer Monitoring & Testing Tools
Due to potential adverse impact on service performance and availability, Customer may not use their own monitoring or testing tools (including automated user interfaces and web service calls to any Synerion Cloud Service) to directly or indirectly seek to measure the availability, performance, or security of any application or feature of or service component within the services or environment. Synerion reserves the right to remove or disable access to any tools that violate the foregoing restrictions without any liability to Customer.
5 Change Management Policy
5.1 Synerion Cloud Change Management and Maintenance
Synerion Cloud Operations performs changes to cloud hardware infrastructure, operating software, product software, and supporting application software to maintain operational stability, availability, security, performance, and currency of the Synerion Cloud. Synerion follows formal change management procedures to provide the necessary review, testing, and approval of changes prior to application in the Synerion Cloud production environment.
Changes made through change management procedures include system and service maintenance activities, management of application upgrades and updates, and coordination of customer specific changes where required. Synerion works to architect Cloud Services to minimize service interruption during implementation of changes.
Where an anticipated change will require the application Cloud Service to be unavailable during the change maintenance period, Synerion will work to provide reasonable prior notice of the anticipated unavailability unless otherwise specified below. The duration of the maintenance periods for planned maintenance are not included in the calculation of available minutes in the monthly measurement period for System Availability Agreement.
5.1.1 Application Upgrades and Updates
Synerion schedules regular application Upgrades and Updates outside of regular business hours which follow a quarterly release schedule.
5.1.2 Core System Maintenance
Core system maintenance involves changes to hardware, network systems, security systems, operating systems, storage systems or general supporting software of the cloud infrastructure.
5.1.3 Emergency Maintenance
Synerion may periodically be required to execute emergency maintenance in order to protect the security, performance, availability, or stability of the production environment. Emergency maintenance may include application patching and/or core system maintenance as required. Synerion works to minimize the use of emergency maintenance and will provide as much notice as reasonable under the circumstances as to any emergency maintenance requiring a service interruption.
5.1.4 Major Maintenance Changes
To ensure continuous stability, availability, security and performance of the Cloud Services, Synerion reserves the right to perform major changes to its hardware infrastructure, operating software, applications software and supporting application software under its control, no more than twice per calendar year. Each such change event is considered planned maintenance and may cause the Cloud Services to be unavailable for up to 4 hours. Each such change event is targeted to occur at the same time as either the core system maintenance or the application upgrade window. Synerion will work to provide two (2) week prior notice of the anticipated unavailability.
5.1.5 Data Center Migrations
Synerion may migrate customer services between production data centers in the same region in order to recover customer services or in the case of disaster recovery. For all other data center migrations, Synerion will provide a minimum of 30 day notice to the customer.
6 Suspension and Termination Policies
6.1 Termination of Cloud Services
6.1.1 Termination of Cloud Services
Upon termination of services or expiration of production services under the ordering document, or at Customer’s request, Synerion will delete any production data residing therein in a manner designed to ensure that they cannot reasonably be accessed or read, unless there is a legal obligation imposed on Synerion preventing it from deleting all or part of the environments.
For a period of up to 30 days after the termination or expiration of production services under the ordering document, Synerion will permit Customer to access to the service solely to the extent necessary to retrieve an export of Customer data, as it existed in the Customer’s production environment on the date of termination. Synerion has no obligation to retain the data for customer purposes after this 30 day post termination period.
Synerion shall remove the customer data in archives and remove all production and test sites after the end of the 30 day period. Data will not be available after this period expires.
6.2 Suspension Due to Violation
If Synerion detects a violation of, or is contacted about a violation of, Synerion Cloud Services terms and conditions or acceptable use policy, Synerion support team will investigate the incident. The investigating agent may take actions including but not limited to suspension of user account access, suspension of administrator account access, or suspension of the environment until the issues are resolved.
Synerion will use reasonable efforts to restore Customer’s services promptly after Synerion determines, in its reasonable discretion, that the issues have been resolved or the situation has been cured.
6.3 Exporting Data
Synerion provides different methods to export and extract Customer’s data through the standard cloud application. Such methods are available to be used by the Customer at any point in time during the availability of the Cloud Service as described in this document, including the 30 day period after the service has been terminated.