Security Service Level Agreement

1        Terms and Conditions

Forcepoint™ is a premier provider of SaaS security services. Forcepoint provides these SLAs in order to demonstrate its ongoing commitment to provide top-quality SaaS security service offerings for world class organizations and businesses.

1.1     Forcepoint provides these SLAs subject to the terms and conditions of the then current Forcepoint Subscription Agreement at Subscription Agreement, as may be updated by Forcepoint from time to time. The defined terms therein shall have the same meaning when used in this SLA. The current version of these SLAs can be found at Forcepoint SaaS Security Service Level Agreement and may be modified or updated by Forcepoint from time to time in its sole discretion with or without notice to Subscriber.

1.2     In order to receive a Service Credit under any of these SLAs, the Subscriber must make a credit request in writing within thirty (30) days of the occurrence of the breach in service levels (or earlier if specifically set forth below). The Subscriber must also promptly provide Forcepoint with evidence as reasonably requested by Forcepoint of the SLA violation subject to the Service Credit request. A “Service Credit” entitles the Subscriber to the free use of the affected SaaS security service for the time period set forth in the applicable SLA.

1.3     Credits for any Subscriber problems with Forcepoint SaaS Security services will be provided under a single SLA for a single claim, with the SLA that the claim is based upon determined by the Subscriber. One claim cannot result in Service Credits under multiple SLAs.

1.4     The SLAs will not apply to situations where:

·    The SaaS Security service is unavailable for an hour or less, and the Subscriber fails to report the unavailability in writing to Forcepoint within five (5) days thereafter.

·    The SaaS Security service is incorrectly configured by the Subscriber.

·    The Subscriber provides incorrect configuration information to Forcepoint.

·    Forcepoint is performing scheduled or routine maintenance of the SaaS Security service, where the Subscriber has been notified of the maintenance no less than five (5) days in advance.

·    The Subscriber’s applications or equipment or Internet connection has failed.

·    For SaaS Email Security, where an account is not configured to use two or more co-location sites (clusters).

·    The Subscriber has acted as an open relay or open proxy, or has been using the service to send spam or viruses, or otherwise is using the SaaS Security service in violation of the Forcepoint Subscription Agreement.

·    The Subscriber has used the SaaS Security service for thirty (30) days or less.

·    The Subscriber is a trial or evaluation customer.

·    The failure of the SLA is based on reasons beyond Forcepoint’s reasonable control as set out in the Forcepoint Subscription Agreement.

1.5     The remedies set forth in these SLAs are the Subscriber’s sole and exclusive remedy for any failure by Forcepoint to comply with the SLAs. Further information regarding remedies is set forth in the Forcepoint Subscription Agreement.

2        SLAs for SaaS Email Security

2.1     Message Tracking.

·    For 95% of all emails processed, the following will be available for review in the Message Center within five (5) minutes of receipt of an email: Detailed SMTP logs and all emails that are quarantined (including those that failed a content filtering rule, were classified as spam or were infected with a virus).

·    If more than 5% of email logs or quarantined emails processed in any calendar month are not available for review within 5 minutes when the Subscriber is using the portal and following a request submitted by the Subscriber in accordance with Section 1 above, Forcepoint will credit the Subscriber with one day’s Service Credit for each email log or quarantined email that did not meet this service level, subject to a maximum credit of five (5) days in any one month.

2.2     Service Availability 

·    The SaaS Email Security service will be available 99.999% of the time.

·    SaaS Email Security “Service Unavailability” means the inability of the email filtering service to receive and process email in substantial conformance with Forcepoint’s published documenation for the email filtering service, as may be updated by Forcepoint from time to time, on behalf of the Subscriber and measured during any given calendar month.

·    In the event of Service Unavailability for more than 0.001% of any calendar month, following a request submitted by the Subscriber in accordance with Section 1 above, Forcepoint will credit the Subscriber account with one day’s Service Credit for each two (2) hour period of Service Unavailability, subject to a maximum credit of five (5) days in any one month.

2.3     Service Management

·    For 99% of all non-spam emails less than 2 Mega Bytes in size, the time required to process an email will be less than sixty (60) seconds.

·    If in any one calendar month, 1% or more of all processed non-spam emails less than 2 Mega Bytes in size takes sixty (60) seconds or longer for Forcepoint to process (following receipt, ready for processing, to attempted delivery), following a request submitted by the Subscriber in accordance with Section 1 above, Forcepoint will credit the Subscriber with one day’s Service Credit for each email that takes sixty (60) seconds or longer to receive, process and attempt to deliver, subject to a maximum credit of five (5) days in any one month. This SLA applies only to legitimate business email (non-bulk email) and does not apply to emails 2 Mega Bytes or larger in size, denial of service (DOS) attacks, or email loops.

2.4     Spam Detection Rates 

·    Spam will be detected at a rate of 99% or above during each calendar month for Subscriber’s use of the anti-spam service.

·    The spam SLA does not apply to emails using a majority of Asian language (or other non-English or non-European language) or emails sent to invalid mailboxes.

·    In the event the spam detection rate drops below 99% for a period of more than five (5) days in any one calendar month, following a request submitted by the Subscriber in accordance with Section 1 above, Forcepoint will credit the Subscriber with one (1) month’s Service Credit.

2.5     Virus Detection

·    For Subscribers subscribing to the anti-virus service, Forcepoint will protect the Subscriber from infection by 100% of all Known Viruses contained inside email that has passed through the SaaS Email Security service. This excludes links (URLs) inside email messages that take the Subscriber to a website where Viruses can be downloaded.

·    A “Known Virus” means a Virus which has already been identified and a Virus definition has been made available by one of the anti-virus services whose technology is used within Forcepoint’s SaaS Email Security service, at least thirty (30) minutes before the time the email was processed by the SaaS Email Security service.  This SLA does not apply to forms of email abuse that are not classified as viruses or malware, such as phishing, adware, spyware and spam.

·    In the event that Forcepoint identifies a Known Virus but does not stop the infected email, Forcepoint will use commercially reasonable efforts to promptly notify the Subscriber, providing information to enable the Subscriber to identify and delete the Virus-infected email. If such action prevents the infection of the Subscriber’s systems, then the remedy defined in this Section 2.5 shall not apply. Subscriber’s failure to promptly act on such information will also result in the remedy defined in this Section 2.5 being inapplicable.

·    In the event that one or more Known Viruses in any calendar month passes through the email filtering service undetected and infects the Subscriber’s systems, following a request submitted by the Subscriber in accordance with Section 1 above,  Forcepoint will credit the Subscriber with one month’s Service Credit, subject to the Subscriber providing evidence acceptable to Forcepoint that the SaaS Email Security service failed to detect the Known Virus within five (5) working days of the Virus infection.

·    The Virus Detection SLA for SaaS Email Security will not apply if (a) the Virus was contained inside an email that could not be analysed by the email filtering service, such as an encrypted email or a password-protected file, (b) the Virus infection occurred because an email which had been identified as containing a Virus was released by Forcepoint on the request of the Subscriber, or by the Subscriber through the email filtering portal, or (c) there is deliberate self-infection by the Subscriber or its authorized user.

3        SLAs for SaaS Web Security

3.1     Service Availability 

·    The SaaS Web Security service will be available 99.999% of the time.

·    SaaS Web Security “Service Unavailability” means the SaaS Web Security service being unable to receive, process and forward Web Content in substantial conformance with Forcepoint’s published documentation as may be updated by Forcepoint from time to time, on behalf of the Subscriber and measured during any given calendar month.

·    In the event of Service Unavailability for 0.001% or more of any calendar month, following a request submitted by the Subscriber in accordance with Section 1 above, Forcepoint will provide the Subscriber a credit of one day’s Service Credit for each two (2) hour period of Service Unavailability, subject to a maximum credit of five (5) days in any one calendar month.

3.2     Virus Detection

·    Forcepoint will protect the Subscriber from infection by 100% of all Known Viruses contained inside Web Content that has passed through the SaaS web protection service module of the SaaS Web Security service.

·    A “Known Virus” means a Virus which has already been identified and a Virus definition has been made available by one of the anti-virus services whose technology is used within Forcepoint’s SaaS Web Security service, at least thirty (30) minutes before the time the Web Content  was processed by the web filtering service. This SLA does not apply to forms of Web Content abuse that are not classified as viruses or malware, such as phishing, adware, spyware and spam.

·    In the event that Forcepoint identifies a Known Virus but does not stop the infected Web Content, Forcepoint will use commercially reasonable efforts to promptly notify the Subscriber, providing information to enable the Subscriber to identify and delete the Virus-infected Web Content. If such action prevents the infection of the Subscriber’s systems, then the remedy defined in this Section 3.2 shall not apply. Subscriber’s failure to promptly act on such information will also result in the remedy defined in this Section 3.2 being inapplicable.

·    In the event that one or more Known Viruses in any calendar month passes through the SaaS Web Security service undetected and infects the Subscriber’s systems, following a request submitted by the Subscriber in accordance with Section 1 above,  Forcepoint will credit the Subscriber with one month’s Service Credit, subject to the Subscriber providing evidence that the SaaS Web Security service failed to detect the Known Virus within five (5) working days of the Virus infection.

·    The Virus Detection SLA for web security will not apply if (a) the Virus was contained inside Web Content that could not be analyzed by the web security service, such as HTTPS or a password-protected file, (b) the user by-passed the web security service when downloading the Web Content, (c) the Subscriber configured the service to not filter the web content, or (d) there is deliberate self-infection by the Subscriber or its authorized user.

4.             SLAs for Email Archiving

4.1  Service Availability

·    The SaaS email archiving service will be available 99.99% of the time over a calendar month.

·    SaaS email archiving “Service Unavailability” means the inability of the email archiving server to receive and transmit Subscriber’s requests to store and retrieve archived email in conformance with Forcepoint’s published documentation, as may be updated by Forcepoint from time to time, and measured over a full calendar month.

·    In the event of Service Unavailability for more than 0.01% for any calendar month, following a request submitted by the Subscriber in accordance with Section 1 above, Forcepoint will credit the Subscriber account with one day’s Service Credit for each calendar month where Service Unavailability exceeds 0.