The people at Bulletproof are their strength - great to work with and we make a good team together

Ian Johnston, Manager Customer Services, BlueScope Steel (formerly BHP Steel)

Service Inclusions and Specifications

1. Service Inclusions

Service Inclusion

Description

Managed “Standard” Plans:

24x7 Host Down Response

If a fault is detected on any Services under a Standard Plan, Bulletproof’s engineers are immediately alerted via sms, email and by visual and audio alarms in Bulletproof’s monitoring system.

The engineers will contact the Customer’s nominated technical contact (Technical Contact), and then work to resolve the problem.

Bulletproof will respond to incidents relating to the following aspects of the Services:

(a) connectivity from the internet to the Customer’s servers and applications;

(b) operating system - ensuring it is running smoothly; and

(c) the ability to VPN to the Customer’s managed Service.

Managed “Enterprise” Plans:

24x7 Proactive Troubleshooting

In addition to the 24x7 Host Down Response above, in relation to Services running under an Enterprise Plan, Bulletproof will also respond to incidents relating to Bulletproof-approved application and database services to ensure they are operational. Support for other application services is at Bulletproof’s discretion.

Incident Resolution and Problem Analysis

Bulletproof issues the Customer with an email problem analysis for significant incidents which details the nature, impact, resolution and preventive actions relating to the incident.

Managed “Standard” Plans:

Patch Management

Includes automated patch management and application of patches which have been approved by Bulletproof.

Managed “Enterprise” Plans:

Custom Patch Management

Includes liaising with the Customer for testing, planning and rollout of new patches on Services running under an Enterprise Plan.

Adds / Moves / Changes

Configuration changes are made by Bulletproof engineers following Bulletproof’s Change and Test Process, which includes User Acceptance Testing (UAT) once the change is complete.

The following changes are chargeable (in addition to the Fees) and will be made during Business Hours under Managed Standard Plans only. The changes are not charged under Managed Enterprise Plans:

(a) firewall rule changes; and

(b) changes required for Customer to VPN to Customer’s managed Service (e.g. firewall rules, VPN tunnels to other managed CPE, VPN usernames / passwords).

Change Request Control and Testing

Changes are made using Bulletproof's Change and Test process. This includes testing, after any change is performed, by Customer User Acceptance Testing (UAT).

Advanced Troubleshooting

For troubleshooting of problems outside the responsibilities defined in schedule 4, Bulletproof's engineers can be engaged to gather information, liaise with third parties and work on the Customer’s problem to try and find a solution. Any such services will be charged as Professional Services for the purposes of this agreement.

Unlimited Domain Name Management

All Services include free re-delegation, hosting and DNS changes of all the Customer’s domain names that are registered and automatically renewed through Bulletproof.

Managed “Enterprise” Plans:

Application Management

Bulletproof’s Application Management combines Application Monitoring, Proactive Troubleshooting & Escalation on a 24 hours per day, seven days per week (24x7) basis for all Enterprise Server environments, assisting the Customer with maximising the stability of the Customer’s application environment.

Bulletproof’s advanced application monitoring is capable of interpreting Regex-based application responses, and on receiving a critical alert Bulletproof’s engineers will troubleshoot the status of the Customer’s application and respond accordingly, escalating if required through to the external application owner.

Managed “Enterprise” Plans:

Database Management

Bulletproof’s Database Management combines Database Monitoring, Proactive Troubleshooting & Escalation on a 24x7 basis for all Enterprise Server environments, assisting the Customer with maximising the stability of the Customer’s database environment.

Bulletproof’s advanced database monitoring of SQL, MySQL & MMM allows its engineers to respond to critical alerts, troubleshooting the status of the Customer’s database and responding accordingly, escalating if required through to the external database owner or administrator.

2. Service Specifications

Monitoring

2.1 The Services are managed in good faith and to the best of Bulletproof’s ability for availability, performance and security.

2.2 The Services are monitored by Bulletproof’s monitoring systems 24x7. The monitoring of the Services includes notifications by email and optionally by SMS. Notifications can be sent to the Customer 24x7, during extended hours, Business Hours, or not at all as selected by the Customer.

2.3 The monitoring of the Services includes up to 15 SMS messages per month per Service, after which a 50c/message (excluding GST) fee applies.

2.4 Non-intrusive methods are used for monitoring the standard functions of the Services, including standard internet services such as SMTP and SNMP-based process checks. The frequency of the checks is approximately every five minutes. This can be tuned to be less often at the Customer’s request. Custom testing can be engineered as requested by the Customer, Any such services will be charged as Professional Services for the purposes of this agreement.

2.5 Bulletproof will respond to monitoring incidents included in the managed Service as defined in Schedule 3 and elsewhere of this agreement, according to its standard response times. Work performed outside such inclusions or coverage times at the Customer’s request will be charged as Professional Services for the purposes of this agreement.

Change Requests and Support and Maintenance

2.6 Any support or maintenance services performed by Bulletproof outside of the Response and Resolution Times set out in Schedule 5 will be charged as Professional Services for the purposes of this agreement.

2.7 As part of its receipt of the Services, the Customer must nominate one or more Technical Contacts. Change Requests must come from, and incident and other reporting and liaison will be sent to, such Technical Contacts. Changes to persons designated as Technical Contacts must come from either another Technical Contact or the person who signed this agreement on behalf of the Customer.

2.8 Change Requests will be fielded during Business Hours and commenced within one Business Day of the Customer’s lodgement of the Change Request in writing from a Technical Contact.

2.9 Bulletproof’s maintenance window is 00:00 - 03:00 AEST or AEDT on Thursday every week. During this time Bulletproof’s infrastructure may be unavailable for short periods. Bulletproof will announce any scheduled outage or downtime during this period with a minimum of 24 hours notice to the Customer. Bulletproof reserves the right to perform hazardous work during this maintenance window without notice to the Customer.

2.10 Emergency scheduled downtime may occur for security reasons. Due to their nature minimal notice may be given for such events. Bulletproof will use reasonable endeavours to minimise such occurrences.

Service Level Agreements

AWS Hosted Infrastructure:

2.11 Customer use of AWS infrastructure is subject to applicable AWS Service Level Agreements and Terms & Conditions as located at the following URLs:

http://aws.amazon.com/ec2-sla/;

http://aws.amazon.com/s3-sla/ and

http://aws.amazon.com/agreement/.

To the extent necessary and/or applicable, such terms are deemed to be incorporated into this agreement.

Bulletproof Infrastructure:

2.12 Dedicated VM Hosting service availability will be 99.995%, as measured over any 12 month period, excluding any outages or downtime related to maintenance or management work, scheduled downtime or customer initiated downtime (including downtime due to Change Requests). This Service Level Agreement only covers host availability (that the dedicated virtual machine is up and available to the internet) and those aspects of the Hosting Environment that are within Bulletproof’s exclusive control. It does not cover any services running on the dedicated virtual machine itself.

2.13 Service rebates will be provided in accordance to the following:

(a) from 99.99% to less than 99.995% availability: 25% of one months' Dedicated VM Hosting Service base Fees;

(b) from 99.9% to less than 99.99%: 50% of one months' Dedicated VM Hosting Service base Fees; and

(c) less than 99.9%: 75% of one months' Dedicated VM Hosting Service base Fees.

2.14 Dedicated VM Hosting Service base Fees pertain only to the base monthly plan Fee and do not pertain to any additional pre-purchased or excess bandwidth, SMS charges, Professional Services fees, software rental charges, or any other add-on or on-sold service fees.

Service rebates must be claimed by the Customer sending an email to support@bulletproof.net within 30 days of the outage.

Bulletproof Response Times:

AWS Hosted Infrastructure:

2.15 In the event that Bulletproof do not Acknowledge or Respond to at least 3 confirmed Severity 1 level issues within the timeframes (as defined in Schedule 5), in one calendar month, a 25% rebate on the management fees for the impacted service/s would be payable; or

In the event that Bulletproof do not Acknowledge or Respond to at least 6 confirmed Severity 1 or 2 level issues with the timeframes (as defined in Schedule 5), in one calendar month, a 50% rebate on the management fees for the impacted service/s would be payable.

BP Hosted Infrastructure:

2.16 In the event that the Customer disputes the classification of a Severity 3 or 4 level fault (as defined in Schedule 5) and the issue is impacting Service performance or availability, the Customer can request in writing (including via email) that the fault be escalated to a higher level severity; the reclassification of which Bulletproof must acknowledge and respond within the Severity 3 or 4 level timeframe (as set out in Schedule 5), or the Customer’s requested classification will automatically prevail.

Deployment:

2.17 Dedicated VM Hosting Fast Deployment is completed by Close of Business the next Business Day for orders placed before 12pm provided that all relevant and correct details required to allow Bulletproof to correctly deploy the Service have been supplied. If a Service is not deployed within this timeframe, the standard deployment setup Fee applies (as set out in Part 1 of Schedule 2 or otherwise notified by Bulletproof to the Customer).

2.18 Dedicated VM Hosting Standard Deployment is five Business Days provided that all relevant and correct details required to allow Bulletproof to correctly deploy the Service have been supplied. If a Service is not deployed within this timeframe, no setup Fee is payable.

Backups:

2.19 Backups will be retrieved within 4 hours from Bulletproof’s receipt of the initial retrieval request from the Customer. If a backup is not retrieved within this timeframe, no backup retrieval Fee is payable.

Other Service Conditions

2.20 In the event a failure of the Co-location Facility prevents Bulletproof from providing any Services, Bulletproof will make reasonable commercial efforts to work with the providers of the Co-location Facility to find the cause, to notify the Customer of the nature and cause of the failure, and to have the supplier(s) of the Co-location Facility rectify the failure in a timely manner.

2.21 At all times Bulletproof is responsible for managing the relationship between AWS and the Customer. Bulletproof is responsible for all activities in relation to the management and administration of all Services and will provide the Services with due care and skill, in accordance with industry best practice and in accordance with any agreed service levels.

2.22 Bulletproof will make reasonable commercial efforts to prevent security breaches in the Hosting Environment that provides the Hosting Service in terms of local network, operating system, and hardware that is in Bulletproof’s exclusive control. The Customer is responsible for any and all security for the Customer’s applications, data or services that are hosted with or transmitted from the Hosting Service.

2.23 Information hosted using the Services must be compliant with all applicable laws. Bulletproof complies with the Internet Industry Codes of Practice. Accordingly, Bulletproof may ask you to remove information from or cease transmitting information using the Services if instructed to do so by the Australian Broadcasting Association or other law enforcement authority. This action is known as a "Take-Down Notice".

2.24 Bulletproof reserves the right to remove content from, and cease the transmission of information using, the Hosting Service if that content or information is illegal or breaches any laws or regulations, or if it may threaten the continued operation of the Hosting Service.

2.25 Bulletproof will retain full administrative access to any Hosting Service. If Bulletproof access is removed from a Service, Bulletproof reserves the right to disable the Service until such access is restored.

2.26 A single snapshot of each running Virtual Machine is kept and updated by Bulletproof on a no responsibility basis. Upon a Customer’s request, Bulletproof will attempt to restore this entire image. Any restoration will be charged as Professional Services for the purposes of this agreement.

2.27 Patch management of managed Hosting Services is for vendor-supported operating systems only. The timing and priority of the patch application is subject to the risk of the security vulnerability as assessed by, and at the absolute discretion of, Bulletproof.

2.28 For custom patch management, the time that a patch will be applied will be discussed with the Customer to minimise business impact, notwithstanding the above security assessment. The Customer is responsible for testing of patches in the Customer’s test environment before a patch is applied to the Customer’s production environment (where applicable).

2.29 File system compression is prohibited on the Dedicated VM Hosting Service.

2.30 Bulletproof reserves the right to require that the Customer upgrade their service at Bulletproof’s absolute discretion. Any such upgrade will be subject to the agreement of the Customer. If no agreement can be reached, the Services and this agreement may be terminated by Bulletproof in accordance with clause 13.2.

2.31 Database management does not include Database Administration (DBA) services. DBA services can be arranged through a Bulletproof partner, if desired.

2.32 Running correctly configured and updated anti-virus (AV) software is mandatory on any Hosting Service. Enterprise grade AV software is provided by Bulletproof, on a no-responsibility basis, on all Microsoft™ Windows-based Hosting Services managed by Bulletproof.