This Service-Level Agreement defines the service levels provided to the Synovia End User (“Customer”) by Synovia Solutions LLC (“Synovia”). In the event of any conflict between this Service-Level Agreement and the Synsurance Agreement, the Synsurance Agreement shall govern.


I. Service Definition.


Synovia will provide software and other services as defined by the Synsurance Agreement.


II. Technical Support.


Synovia will provide Customer, through authorized account contacts, with technical support on setting up and configuring accounts, access to the Services, and other issues related to the Services. Synovia uses commercially reasonable efforts to maintain a standard response time to technical support issues. This response time will depend on the complexity of the inquiry and support request volume.


The Help Desk is open 7 AM – 6 PM (EDT), Monday–Friday. Incidents during normal business hours may be initiated via toll-free phone, email, fax, or Synovia website form. Receipt of incidents during normal business hours will be acknowledged by the Help Desk within one (1) business day. Incidents initiated after normal business hours should be directed to the After-Hours Call Center. The Help Desk or After-Hours Call Center will make an initial assessment of the issue and assign a severity level, as defined in the Scope of Services. With respect to Urgent and Critical severity level incidents, support is extended to 24/7 for agreed-upon periods and supported by staff with designated cell phone numbers.


III. Billing Disputes.


Synovia must receive notice of billing disputes within thirty (30) days of the date Customer was invoiced for the Services or Customer shall be deemed to have accepted such charges.


IV. Maintenance.


a. Scheduled Maintenance. To ensure optimal performance and security of the Services, Synovia will routinely perform maintenance on a regularly scheduled basis within its published maintenance window of 11 PM – 3 AM EDT. This may require specific Services to be suspended during the maintenance period. Synovia will use commercially reasonable efforts to notify Customer in advance of any scheduled maintenance that may adversely affect Customer Services. Scheduled Maintenance may include software updates as part of a scheduled release plan or as a resolution to critical software defects. More essential defects that affect functionality or stability of the application will be fixed prior to cosmetic and other defects that do not affect functionality or stability. Major software version releases occur every six (6) or seven (7) weeks. Hotfixes are released as necessary.


b. Emergency Maintenance. Under certain circumstances Synovia may need to perform emergency maintenance, such as security patch installation or hardware replacement. Synovia may not always be able to provide Customer with advanced notice in case of emergency maintenance.


c. Hardware Replacement. Synovia will use industry-standard practices to determine whether server hardware is functioning properly and will replace nonfunctioning hardware with similar functioning hardware. Synovia shall use commercially reasonable efforts to implement hardware replacement within four hours from the time the problem is identified.


V. Service Availability.


Synovia shall provide at least 99% Service Availability, measured on a per calendar month basis. Service Availability is defined as the ability of a Synovia Core user to retrieve positional information from his or her GPS-enabled fleet. Unavailability caused by issues beyond Synovia’s reasonable control, including denial of service or similar attacks, mail bombs, DNS resolution, Domain Name expiration, Internet availability, SYN attacks, and other events or any other Force Majeure event will be excluded from Service Availability calculations.


Synovia will contact Customer within thirty (30) minutes after Synovia’s determination that the Customer service is unavailable. Synovia will reach Customer’s designated point of contact by a method mutually agreed upon between Customer and Synovia (telephone, email, fax, or pager). Synovia agrees to attempt all methods, if necessary, to reach the point of contact. Customer is solely responsible for providing Synovia with accurate and current contact information for Customer's designated points of contact. Synovia will be relieved of its obligations if Synovia's contact information for Customer is out of date or inaccurate due to Customer action or omission or if Synovia's failure is due to reasons of Force Majeure.


VI. Server Software.


a. Software Configuration. Synovia will exercise industry-standard practices to ensure that all preinstalled software is correctly configured. In case there is more than one way to configure the software, Synovia will choose the configuration it determines, in its sole discretion, to be the most appropriate.


b. Patches, Updates, and Service Packs. Synovia will use commercially reasonable efforts to promptly install security patches, updates, and service packs. Software updates may change system behavior and functionality and as such may negatively affect the Services purchased by Customer. Synovia cannot foresee nor can it be responsible for service disruption or changes in functionality or performance due to implementation of software patches and upgrades. If such disruption or changes occur, Synovia will use commercially reasonable efforts to remedy the situation as soon as possible after being notified of the problem by Customer.


c. Required Upgrades. Synovia may be required by its software licensors to upgrade to the latest versions of the software. Licensor-required upgrades will be performed free of charge and upon reasonable notice to Customer. Software upgrades on Synovia’s servers will occur at Synovia’s discretion upon reasonable notice to Customer.


d. Incompatibilities. Synovia is not responsible for problems that may arise from incompatibilities between new versions of the software and Customer content, regardless of whether it was a requested, required, or a discretionary upgrade. Nevertheless, Synovia will use commercially reasonable efforts to assist Customer in finding a solution.


VII. Storage Capacity.


Synovia stores a rolling six (6) months of breadcrumb data and a rolling twenty-four (24) months of report data in the customer’s database. Older data is automatically archived to a flat file and stored on lower-performance disk. No data is ever deleted during the customer’s contract period. In the event data is required outside of the six (6) or twenty-four (24) month window, the appropriate flat file will be retrieved and restored to operation with forty-eight (48) hours.


VIII. Privacy and Confidentiality.


a. Privacy. Synovia is committed to protect Customer privacy and the confidentiality of Customer data to the maximum extent permitted by law and/or accepted by industry standards. Synovia will not access, view, or review any private data accessible to Synovia unless:


1. Either Customer or a government agency or regulatory body specifically requests Synovia to do so;


2. When performing routine backup and restore operations, virus scan and virus removal, spam and content filtering; or


3. If such access, view, or review is urgent and necessary to protect personal safety, perform troubleshooting, restore systems operation in the event of a server failure, remove illegal or offending content, or prevent a server failure, Service outage, or other damage. Under no other circumstances will Synovia access Customer private data or share Customer confidential data with any third parties without Customer’s prior permission, except to the extent required by law or governmental or regulatory body or necessary to render our services to Customer.


b. SSL. Synovia’s software suite is web-based and uses Secure Socket Layers (https). Data imported or exported from third-party systems is transmitted over secure web services (https).


c. Application Passwords. All Synovia applications require a valid username and password to login. The password is hashed before it is stored in the database. Synovia personnel cannot look up or derive the password after the fact. By default, Synovia applications will take any strength of password, but this can be configured per the end user's requirements.


d. Cellular Data Transmission. Data transmitted over GSM cellular networks is encrypted either using the GPRS Encryption Algorithm (GEA) or A5 algorithm. Data transmitted over the Sprint/Verizon cellular network can be configured over a private VPN tunnel using 3DES encryption. All packets sent by GPS hardware are in binary format. Without the primer to decode binaries, packets will appear as unintelligible bits.


e. Active Directory. Synovia utilizes Microsoft Active Directory to manage roles, users, and permissions at the data center. AD accounts require strong passwords, and passwords are subject to an expiration schedule. Only authorized users are given access to select servers and systems. Within MS SQL, permissions are further defined so that users have access only to specific datasets. The application is not vulnerable to SQL injection.


f. Firewalls. There are three firewalls protecting the Synovia GPS application:
 

  • Cisco ASA 5510 Adaptive Security Appliance, IOS version: 8.2(2)
     
  • Secure Platform, OS version: Linux 2.4.21-21cp#1
     
  • Checkpoint UTM-1 1070


IX. Data Integrity, Backup, and Disaster Recovery.


Synovia stores a rolling six (6) months of breadcrumb data and a rolling twenty-four (24) months of report data in the customer’s database. Older data is automatically archived to a flat file and stored on lower-performance disk. No data is ever deleted during the customer’s contract period. In the event data is required outside of the six (6) or twenty-four (24) month window, the appropriate flat file will be retrieved and restored to operation within forty-eight (48) hours.


Synovia utilizes various technologies to ensure the integrity of customer data. A CommVault solution backs up server images and customer databases daily to a geographically distributed disk infrastructure.


In the event of a catastrophic failure of the primary data center in Chicago, IL, the disaster-recovery solution allows Synovia to restore server and data backups to a virtual environment in the Lexington, KY data center. The network will be automatically migrated to the virtual environment, and critical systems will be brought online within forty-eight (48) hours. Supplementary systems will be brought online within ninety-six (96) hours. Service would continue in the virtual environment until such time as the primary facility was brought back online.


Synovia restores database backups at random on a weekly basis to validate integrity. Disaster recovery is simulated on a semiannual basis.


X. Data Retention.


While the Customer account is active, Synovia shall retain the content of the Customer database information store and backups. Synovia shall not be responsible for retaining any Customer data after account termination. All data is deleted from the servers after the Customer account is terminated and from backups during scheduled backup rotation.


XI. Facilities.


Synovia hosting facilities will provide the following:
 

  • Current SSAE-16 certification.
     
  • Security. Network Operations Center personnel onsite 24 x 7 x 365. Keyless security with electronic card strike and/or biometric hand geometry reader.
     
  • Digital camera coverage of the facility, integrated with access control and alarm system.
     
  • Backup Power. Facility will have backup power sources that will provide power for a period of at least forty-eight (48) hours if the primary source of power is unavailable.
     
  • Fire Detection and Suppression. Facility will have an early warning fire detection system and fire suppression system.
     
  • HVAC. Facility will have redundant (N+1) HVAC.
     
  • Temperature. Facility will maintain a temperature of 68-72 degrees F (+/- 5 degrees).
     
  • Humidity Control. Facility will maintain a relative humidity of 30% - 60% (+/- 5%).
     
  • Active fail over capability for the network, routers, firewall, and switches.
     
  • Servers with redundant NICs, power supplies, and RAID hard drives.


XII. Customer Responsibilities.


To access Synovia services, Customer must provide at the very minimum: