Table of Contents


1. Agreement Overview 2

2. Service Agreement 2

2.1 Service Scope 2

1) “E-Care” - Basic Plan 2

2) SNP – Service No Parts 3

3) Platinum Support 3

4) Softcare 3

5) Backup 3

6) Artsyl/Ancora/Docstar IDC/Advanced Capture 3

7) PIF Cloud 3

8) Frevvo Web Forms 4

2.2 Customer Requirements 5

2.3 Service Provider Requirements 6

2.4 Service Assumptions 6

3. Service Management 6

3.1 Service Availability 6

3.2 Service Requests 6

3.3 Service Maintenance 7

4.0 Customer User and Data Security in PIF Cloud 7

4.1 Admin Role 7

4.2 User Role 7

4.3 Security 7

4.3.1 User login 7

4.3.2 Data and document security 7

4.3.2.1 Data 7

4.4 AWS Network Topology 9

5.0 Cloud Hosting and Subscription 10

5.1 Termination 10

Appendix A: Associated Policies, Processes and Procedures 10

A.1 Incident Management 10

A.2 Problem Management 12

A.3 Service Policies and Pricing 12

A.3 Disaster Recovery (DR) for PIF Docstar Cloud 12

PiF Technologies Service Level Agreement

1. Agreement Overview

This Agreement represents a Service Level Agreement (“SLA” or “Agreement”) between PiF

Technologies, the Service Provider and the Customer for the provisioning of IT services

required to support and sustain the DocStar Document Imaging & Electronic Filing System,

Artsyl Advanced Capture, Frevvo web forms and RatchetSoft.

This Agreement remains valid until superseded by a revised agreement mutually endorsed by

the stakeholders. Changes are recorded in the Amendments section of this Agreement and are

effective upon mutual endorsement by the primary stakeholders. This Agreement outlines the

parameters of all IT services covered as they are mutually understood by the primary

stakeholders.

This Agreement is valid from the Effective Date noted on the PiF invoice and is valid until the

Date of Termination, typically one contract year from system purchase or last expired contract.

This Agreement should be reviewed at a minimum once per fiscal year; however, in lieu of a

review during any period specified, the current Agreement will remain in effect.

2. Service Agreement

The following detailed service parameters are the responsibility of the Service Provider in the

ongoing support of this Agreement.

2.1 Service Scope

Included in the Annual Maintenance & Support Contract are the following services. PiF has

three types of maintenance and support plans as outlined below. The PiF plan type is noted on

the PiF Invoice to the Customer.

1) “E-Care” - Basic Plan

● Help Desk / Telephone Technical Support / Toll-Free 888-934-4443 or

support@piftech.com

● Remote Diagnostics, Support & Repair (via http://pifhelp.com)

● Does NOT include onsite support, parts or labor. Onsite labor can be purchased on a per

diem basis

2) SNP – Service No Parts

● Help Desk / Telephone Technical Support / Toll-Free 888-934-4443 or

support@piftech.com

● Remote Diagnostics, Support & Repair (via http://pifhelp.com)

● On-Site Break / Fix & Preventative Maintenance for Scanners

● Includes labor and travel (except for end-of-life hardware/software)

● Does NOT include parts

3) Platinum Support

● Help Desk / Telephone Technical Support / Toll-Free 888-934-4443 or

support@piftech.com

● Remote Diagnostics, Support & Repair (via http://pifhelp.com)

● On-Site Break / Fix & Preventative Maintenance for Scanners

● Includes parts, labor and travel (except for end-of-life hardware/software)

4) Softcare

● Customer will receive new software version licensing from manufacturer

● PiF will apply one (1) new product upgrade at no cost

● Access to KB and FAQ Articles

● Access to carecentral and DocStar eLearning

5) Backup

● PiF will install and configure a daily backup of the DocStar archive and database files

● Backups will be stored in AWS in an encrypted state

● Customer can request a restore of a backup but note based on the size and decryption

process, customer may have to wait days, weeks or months for the data and images to

be available

6) Artsyl/Ancora/Docstar IDC/Advanced Capture

● Customer will receive all new product licensing upgrades and PiF will apply one (1)

product version upgrade per year at no charge

● PiF will make best efforts to resolve any product issues and will work directly with the

vendor (manufacturer) to secure a resolution.

7) PIF Cloud

● PIF hosts many different applications in the cloud which include Docstar, frevvo, Artsyl,

Ancora, Safe Entry Forms, SmartPass and the like.

● PIF will generally provide a 4 hour or less timeframe for a temporary or permanent fix

should any of the products hosted go down.

● All PIF cloud resources are managed in AWS, US based region and availability zones.

No data is managed outside the US.

● In case of a disaster, any Docstar cloud customer in a worst case scenario would lose

only two hours of metadata. All document images are fully fault tolerant with real time

replication.

● PIF does not provide financial credits for downtime or system outages.

● PIF conforms to the AWS BAA agreement for HIPAA compliance and well architected

solutions.

● PIF provides standing encryption at rest of any document images as well as encryption

on transmission using SSL.

8) Frevvo Web Forms

● Customer will receive all new product licensing upgrades and PiF will apply one (1)

product version upgrade per year at no charge

● PiF will make best efforts to resolve any level 1 product issues or questions, however

issues that need to be escalated to frevvo (manufacturer) will be dealt with via email.

Frevvo does not include general remote or phone support with a standard support

contract. Premium support is not included but can be added at an additional fee.

● Premium Support Upgrade: Premium Support upgrade includes everything included in

Standard Support with the addition of rapid escalation to direct phone support for S-1

and S-2 issues. Premium Support upgrades are available for an additional fee.

● Minimum Response & Resolution Times: Response time refers to the length of time that

frevvo has to respond to a reported issue and the length of time that frevvo strives to

resolve a reported issue. When Customer support issues are presented, frevvo agrees

to use reasonable commercial efforts to adhere to the response times set forth below.

See chart below.

○ S1 (Critical) - conditions are defined as problems that impact the Customer's

operation to the point where the Service is unavailable or unusable, or the

Service causes a complete system failure.

○ S2 (Important) - conditions are defined as problems that adversely impact the

Customer's operation, but the Service and the products with which it is intended

to interoperate remain operational and usable for their primary functions.

○ S3 (Normal) - conditions are defined as normal problems that can be worked

around with no loss of material functionality and limited impact to the Customer,

and routine technical questions and requests for information on product

capabilities.

As agreed by both parties, the Annual Maintenance & Support Contract will be based on a

percentage of the acquisition cost annually following the first (12 months) from the date of the

execution of the Agreement.

2.2 Customer Requirements

Customer responsibilities and/or requirements in support of this Agreement include:

● Notification of PiF Technologies technical support of issues or incidents impacting the

usage of the DocStar application or associated hardware in either a global or isolated

fashion.

● Customer must be no more than three (3) revisions behind the current released product

version

● Advanced scheduling, a minimum of three business days, of all onsite service related

requests and other special services with PiF Technologies for services to be rendered

that are not having an immediate impact on the functioning of the DocStar solution in the

customer’s environment.

● Reasonable availability of customer representative(s) and access to needed applications

when resolving a service related incident or request.

● Customer agrees to operate all provided equipment within Manufacturer / PiF

specifications.

● Replacement of DocSTAR hardware at its “End-of-Life” to minimize downtime risk and

repetitive service requests. (see End-of-Life Policy A.3)

2.3 Service Provider Requirements

Service Provider responsibilities and/or requirements in support of this Agreement include:

● Meeting response times associated with service related incidents.

● Training required staff on appropriate service support tools.

● Appropriate notification to Customer for all scheduled maintenance (see Service Level

Management).

● Facilitation of all service support activities involving incident, problem, change, and

release and configuration management.

2.4 Service Assumptions

Assumptions related to in-scope services and/or components include:

● Funding for major upgrades / add-ons will be provided by the Customer and treated as a

project outside the scope of this Agreement.

● Changes to services will be communicated and documented to all stakeholders.

3. Service Management

● Effective support of in-scope services is a result of maintaining consistent service levels.

This includes all PiF hardware and software deployed at all Customer locations. The

following sections provide relevant details on service availability, monitoring,

measurement and reporting of in-scope services and related components.

3.1 Service Availability

Coverage parameters specific to the service(s) covered by this Agreement are as follows:

8:30 A.M. to 5:00 P.M. U.S. Eastern Time

Monday – Friday

3.2 Service Requests

● In support of services outlined in this Agreement, the Service Provider will respond to

service related incidents and/or requests submitted by the Customer within the following

time frames:

● PiF Technologies will provide telephone technical support during the business hours of

8:30am and 5:00pm for reporting of service related incidents. After hours support is

available for incidents that are deemed Critical (See Appendix A: for details).

● Submission of service related incidents may also be submitted via email at

support@piftech.com. After the reporting of an incident to PiF Technologies personnel a

technician will be dispatched for an onsite service call within four hours of the reported

incident for those incidents deemed to be Critical in nature. All other issues will be

scheduled for next service or later.

● Refer to the service support policies, processes and related procedures for additional

information in Appendix A: Related Policies, Processes and Procedures.

3.3 Service Maintenance

● All services and/or related components require regularly scheduled maintenance

(“Maintenance Window”) in order to meet established service levels. These activities

may render systems and/or scanners unavailable for normal user interaction for the

following locations and timeframes:

● Timeframe(s): PiF Technologies will always schedule routine maintenance on the

scanners and server to minimize the impact in the production environment. Any

maintenance performed during business hours will not result in application downtime

without the consent of Customer. If maintenance is required that will result in downtime it

will be scheduled for an after hours time between PiF Technologies and Customer

personnel.

4.0 Customer User and Data Security in PIF Cloud

4.1 Admin Role

● A customer is provided with one site admin account. The account is used to set up new

users/groups, reset passwords, IP restrictions, usage data and performance, content

types, workflows and just about any system based setting. It is the responsibility of the

customer to provide all user admin functions.

4.2 User Role

● A customer is able to set up an infinite number of user accounts to access DocStar

either in independent Docstar, SAML or LDAP authentication mode, Number of

concurrent users is governed by each customers contract.

4.3 Security

4.3.1 User login

● Access to DocStar is through single authentication point of a username and password.

The first factor is a user ID password pair. The User password should be the business

email of the customer, The password is comprised of a 10 character combination of

upper, lower, numeric and special characters.

4.3.2 Data and document security

4.3.2.1 Data

● Data in transit is encrypted using Transport Layer Security 1.2 (TLS, formerly called

Secure Sockets Layer [SSL]) with an industry-standard AES-256 cipher. TLS is a set of

industry-standard cryptographic protocols used for encrypting information that is

exchanged over the wire. AES-256 is a 256-bit encryption cipher used for data

transmission in TLS.

● Documents in transit are encrypted using Transport Layer Security 1.2 (TLS, formerly

called Secure Sockets Layer [SSL]) with an industry-standard AES-256 cipher. TLS is a

set of industry-standard cryptographic protocols used for encrypting information that is

exchanged over the wire. AES-256 is a 256-bit encryption cipher used for data

transmission in TLS.

● Documents at rest are encrypted using AWS Key Management Service (KMS) both on

the AWS EC2 EBS volume and the S3 storage bucket.

● PIF leverages and complies with AWS BAA for HIPAA compliant architecture where the

Docstar, Frevvo and PIF corporate environments are sectioned into individual VPC. No

Internet access is available to anyone of the VPC’s but rather a default VPC housing a

Bastion server with RDP capabilities locks down unauthorized access.

4.4 AWS Network Topology

5.0 Cloud Hosting and Subscription

5.1 Termination

By default the PIF cloud contracts are 12 month terms and are evergreen (auto renew the

following year). Customer must provide 30 days written notice before contract expiration date to

waive the current year AWS hosting or subscription fees.Otherwise customer must pay full year

AWS hosting or subscription fees.

If the customer selects to terminate the contract, a fee to export the data and documents will be

accessed by the amount of storage. Customer will receive the data and documents on an

encrypted external hard drive.

● <50GB - $10.00/GB

● 51GB to 500GB - $7.50/GB

● 501GB to 1TB - $5.00/GB

● >1.1TB - $2.50GB

If the customer does not notify PIF and fails the pay the AWS hosting or subscription fees 45

days after contract expiration, PIF will lock the Docstar tenant so no access is permitted. After

180 days from the contract expiration, data will be deleted.

Appendix A: Associated Policies, Processes and Procedures

A.1 Incident Management

Definition: The process of managing unexpected operational events with the objective of

returning service to customers as rapidly as possible.

Tool Requirements: All requests for service must be submitted to PiF Technologies at

1-888-934-4443 or support@piftech.com. All incidents are logged and linked to the customer

record. PiF Technologies maintains a database of fixes for common and known issues. We also

use the hosted application http://pifhelp.com for remote access problem resolution. This does

require that the DocStar server have internet connectivity available and at no time does PiF

Technologies have the ability to gain access to the DocStar server without the consent of the

customer.

PiF Technologies has an escalation process for determining the dispatching of on-site service

calls should an incident fail to be resolved remotely. Customers with a maintenance agreement

always take precedence over those customers that have opted out.

The following is the escalation hierarchy with incidents defined as critical having the highest

priority for onsite scheduling:

Critical: A DocStar related incidents having a high or global impact in a production environment

such that data access is nonexistent or an incident such that the aforementioned is a high

probability (e.g. No power on the DocStar server or network connectivity does not exist). In the

event of a critical failure of hardware / software covered under a PiF Maintenance Agreement,

PiF will supply “failed” hardware at no cost to Customer. In the event of a catastrophic failure

(e.g., fire or a building deteriorating event), provided appropriate back-up media is supplied by

Customer, Customer will procure and PiF will supply, the necessary hardware

(server/scanners). Once the necessary hardware and software is deployed, PiF will have the

ability to rebuild and restore your DocStar. A Technician can be made available after normal

business hours for a “Critical” failure only. A charge may apply. (See Service Pricing for details)

Normal: A DocStar related incident having a limited impact. Overall DocStar usage is not

impacted and solution integrity is not questioned (A single user is having an issue with the

DocStar application, functionality or a scanner that is intermittently jamming or double feeding).

An incident with this classification is scheduled for the next day.

Low: A DocStar related incident not having a noticeable impact on system usage (request for

preventative maintenance on a scanner). These incidents are scheduled within three days.

Tool Link(s) : http://pifhelp.com

A.2 Problem Management

Definition: Problem Management identifies the root cause of a single significant, multiple or

recurring incidents to prevent further incident activity.

Tool Requirements: All Service related incidents are logged in a central SQL database and are

linked to a specific customer record. We are able to audit service and support trends at the

customer level and can also run a query to determine potential issues that might be affecting

our customer base in a more global fashion to improve service and support efficiency.

A.3 Service Policies and Pricing

End-of-Life Policy: End-of-life is described as any hardware that has been installed for a term of

five years or greater. After five years from purchase, PIF deems the hardware/software as

end-of-life and parts, labor and travel time will not be covered at no charge.

Service Pricing:

● After Hours Technical support - $395.00 per hour

● Professional Services - $200.00 per hour

● Additional Training - $200.00 per hour

● Remote Helpdesk Support Calls - $195.00 per hour (Customers with Softcare or Online

Backup Only)

● Remote Helpdesk Support Calls - $295.00 per hour (Non SLA Customers)

A.3 Disaster Recovery (DR) for PIF Docstar Cloud

PiF is a certified AWS Consulting partner with a number of certified cloud practitioners and

architects on staff. PIF has architected the PIF DocStar AWS solution using the Well Architected

Framework provided by AWS focusing on high availability, fault tolerance and durability.

Furthermore, architectural focus is put on decoupling of servers to reduce SPOF (single point of

failure), security leveraging MFA for all AWS administrators, and multi-region replication for high

availability.

PIF offers a number of AWS preconfigured frameworks to meet the needs of each customers

compliance requirements:

1. AWS GovCloud

2. AWS Multi-tenant Docstar Cloud

3. AWS Private Cloud with Standing Encryption of Data at Rest (SQL Server Enterprise)

Each of the options above may have a different variation on how the disaster recovery plan is

executed. For the purposes of this document, the DR plan explained below is focused on the

AWS Multi-Tenant Docstar Cloud.

To understand the DR plan, let us tell you about our AWS Multi-Tenant Docstar Cloud that

utilizes a number of AWS products such as: WAF (Web Application Firewall), ELB (Elastic Load

Balancer), AutoScale leveraging EC2 (Elastic Compute Cloud) compute resources and EBS

(Elastic Block Storage) and S3 (Simple Storage Service) storage resources. Depending on the

time, current 10PM to 4AM, the Docstar app server EC2 instance is downgraded to a t5xlarge

Windows server. When load increases during peak times, using the autoscaing and load

balancing within AWS, the EC2 instance is upgraded to an M5Xlarge. This happens

automatically using AWS AMI’s (Automated Machine Images).

Since S3 buckets are storing the images/documents with multi-region replication and with a

durability of 99.999999999% uptime, the system is fault tolerant for high availability.

Docstar App Server

The source Docstar application server running on an EC2 instance is replicated via snapshot

nightly. This server does not hold any data or documents and is merely a web server that serves

up the Docstar UI. Using the autoscale technology in AWS if the heartbeat of the source app

server goes down, AWS spins up a new EC2 resource within seconds.

Image Files

When a document/image is added to Docstar, the image files are stored in S3 bucket in the N.

Virginia Region which replicates real time to the Oregan region. Should a disaster occur to the

AWS N. Virginia data center a SQL script is run to repoint to the replicated S3 bucket in Oregon.

Database

A dedicated EC2 instance of SQL Server Standard stores all metadata and system

configuration data. This server communicates with the Docstar App Server and the S3 image

store. A full backup of SQL Server is donel each night at 10PM and uploaded to S3 bucket in

Oregon Region. Additionally the SQL Server transaction logs are replicated every 2hrs to

Oregon Region. Should a disaster occur to the EC2 instance running SQL Server, PIF will

restore the previous nights SQL Server snapshot along with the most current SQL transaction

log.

SOLR Index Server

SOLR runs on a Linux EC2 instance and serves as Docstars search and document index. The

index can be rebuilt on the fly which means its recoverable regardless if there is a backup or

not. However PIF has implemented a snapshot, backed up daily. Should a disaster occur the

snapshot would be deployed to a new EC2 instance which will restore the index, while a reindex

would be initiated from the Docstar app server to cover the delta of records not found in the

snapshot from the previous night.

__________________________________________________________________________

PiF Technologies, Inc | 1370 Hooksett Rd, Hooksett, NH 03106 | 603-622-2122