DOMA's Service Agreement

6. Location of Data

Customer data stored with Amazon Web Services (AWS) is encrypted prior to storage. DOMA’s architecture employs multiple AWS availability zones (AZ). This constitutes a built-in alternate storage site capability for customer data stored AWS S3. S3 uses multiple availability zones by default. The multiple AWS S3 availability zones provide identical security safeguards. The replication of S3 across Availability Zones constitutes a multi-storage site capability to address typical susceptibility to network, power, and hardware outages and provides immediate recovery time and recovery point. Additional redundancy is provided by cross-region replication for disaster recovery purposes.

Using AWS Backup, snapshots and Amazon Machine Image (AMI) backups are created on a daily (and hourly) basis depending on the criticality of the system. At a minimum, ALL systems have a daily backup created, all backups are encrypted, and all backup data is retained for one calendar year. Backups are randomly restored for verifying integrity of backup data during annual restoration exercises. Snapshots and AMI’s are stored using AWS S3.

All data backed up by AWS is protected via system and file access control mechanisms including AWS Identity and Access Management (IAM) account access controls and S3 bucket access control policies. Amazon does not have the ability to decrypt DOMA data. All data is maintained by DOMA staff; no third-party vendors handle customer data.

Unless otherwise stated, DOMA systems and timestamps within our applications follow U.S. Eastern Time. Systems use network time protocol (ntp) for clock synchronization provided by Amazon Time Sync Service.

7. Data Accessibility and Portability

DOMA maintains uploaded documents and data in the original format as added to the DOMA application. Edited images, regardless of original format are converted to industry standard TIF or PDF image format during the document check-in process. Original documents are never deleted or modified, and new versions are created upon any document change. While a customer account is active, customers may request a data export on a one-time or periodic schedule for an additional fee. Exports are provided with document/records in the original format, and metadata provided in a non-proprietary CSV format that should allow portability in most all cases.

8. Customer Support

For the purposes of this agreement, a support request is defined as a request for support to fix a defect in existing application code or a request for support that involves no modifications to application code.  A request may also involve application availability to a user or group of users.  A support request is necessary to begin a resolution process.

There are three severity levels of support provided under this SLA. An issue’s severity level will be determined exclusively by DOMA.  These levels are defined as follows:

Level 1 – This is support provided by the DOMA Help Desk when it receives a support request. This represents generalist support. If this level of support cannot resolve the problem, the support request is passed to DOMA’s Level 2 support, which is the infrastructure support team.

Level 2 – This is support provided by an infrastructure support or subject matter specialist. This level of support does not perform software code modifications to resolve the problem. Operational issues will be resolved at this level. If resolution requires code modification, the support request is passed to DOMA’s Level 3 support team.

Level 3 – This is support provided by a DOMA application developer. This level of support does perform software code modifications, if required to resolve the problem.

To contact support for DOMA Technologies, customer may send an email to support@domaonline.com detailing the problem and contact information. Contacting support is available via the DX application beacon. Standard support is available during business hours, M-F 8AM – 5PM ET. After hours calls are forwarded to on-call technicians who will respond within the appropriate time frame defined by the service agreement. Premium support is available 24×7. Afterhours calls without premium coverage or any support calls not directly related to DOMA will be charged a $150 per incident charge.

The following chart is an explanation of the support severity levels and response times:

Limitations to Standard Support Offering

The following list requests types (but not limited to) is not covered by Standard Support Offering:

• Performance improvements and PC tuning
• Disinfection of malware infected computers
• On-site support
• Off-hours support
• Questions relating to the function or 3rd party applications or operating systems
• Patching of operating systems, and 3rd party applications, vulnerability patching
• Best practices of network security configuration
• Product training and/or assistance with features and functions
• Product deployment walkthroughs
• Product health checks and tune-ups

Such requests are available for an additional fee agreed upon by primary contacts of both parties.

9. Change Management

DOMA has a mature change management program. Application and infrastructure changes go through development and staging environments before being put into a production environment. Changes are documented and must be approved before a major change takes place. A major change is defined as changes that could adversely affect the DOMA service or peer service provider. Once approved, customers will be notified in advance from the DOMA Account Management Office (AMO). Customer notification will include:

• Categories of changes (any changes affecting information security will be highlighted)
• Planned date and time of the changes
• Technical description of the changes to the service and underlying systems
• Notification of the start and the completion of the changes
• Notification of When a cloud service provider offers a cloud service that depends on a peer cloud service provider, then the cloud service provider shall inform the cloud service customer of changes caused by the peer cloud service provider.

Minor changes, defined as changes that will not cause system downtime, occur only during non-business hours: M – F 8PM – 8AM ET, and weekends. Customers are not notified of minor changes.

The standard maintenance period occurs on the last Sunday of the month from 12AM – 4AM ET. Typical patch management processes occur during this maintenance window.

10. Dispute Mediation

Metrics reporting against the SLA resolution targets identified in this agreement will focus on the time to resolve tickets by application and severity. This metric will include only the support requests that are referred to DOMA support for resolution. The metrics will be reported via existing standard problem-ticket system reports as available.  Quarterly reports will be available upon request.

Issues that have Severity Levels designated 1 or 2 that do not meet the maximum acceptable resolution time will result in a customer service credit prorated against the monthly application storage charge for the amount of time over the maximum acceptable resolution time.  All requests for compensation must be received within five (5) business days of the incident in question.  The amount of compensation may not exceed the customer’s monthly recurring charge. This SLA does not apply for any month that the customer has been in breach of the Agreement or if the account is in default of payment.

For intellectual property rights complaints, please contact support@domaonline.com.

    11. Exit Strategy

Except in the case of material breach as described in Paragraph 5.2 of the Master Services Agreement, ninety (90) days termination notice must be given prior to canceling DOMA service. Upon cancellation date or termination of agreement, DOMA will remove site access and permanently delete all customer data to include record/document images, record metadata, database, storage locations, as well as all backup and replicated data. Depending on the sensitivity of the customer data, federal laws and regulations, and specific requirements outlined in the customer Master Services Agreement, different methods may be used to delete, clean, purge or destroy data and media containing data. In all cases, when customer accounts are no longer active, all customer data is permanently removed. It is in the customer’s best interest to request a data export prior to the actual cancellation date, typically this is requested at the time of the initial notification to cancel service.

    12. Modification

Notwithstanding any other provision of the Agreement to the contrary, DOMA hereby reserves the right to modify this SLA at any time, at its sole discretion.  DOMA will notify Customer of any modifications to this SLA in writing or via its website.