SCC Database and Asset Hosting
Service Level Agreement
SPECIFY COLLECTIONS CONSORTIUM
This Agreement represents a Service Level Agreement (“SLA” or “Agreement”) for Specify Collections Consortium (“SCC”) technical (system and application) support services, and for Specify Cloud Hosting (“Specify Cloud” or “Service”) on the provider and location/Zone indicated in Exhibit A for the Research Organization (“RO”) collection databases and their associated digital assets using Specify software.
The Agreement is effective as of Effective Date between the University of Kansas Center for Research, Inc., (“KUCR”), a not-for-profit corporation organized and existing under the laws of the State of Kansas, USA, affiliated with the University of Kansas (“KU”), a state institution of higher education, on behalf of the SCC, having an address at 2385 Irving Hill Rd, Lawrence, KS 66045-7568, USA and the Research Organization identified in Exhibit A. KUCR and RO are collectively referred to herein as the “Parties”.
The purpose of this SLA is to:
-
Describe how the SCC enables RO to remotely access and use the Specify software and all its customer data in “Software as a service” mode.
-
Explicitly identify the Specify Cloud Service hosting technical support services, software maintenance and updates, price, online availability, backup protocols, access restrictions, data ownership, and stakeholder responsibilities.
This SLA is valid from the Effective Date, as defined in Exhibit A, and remains valid until superseded by a revised agreement. It is renewed from year to year unless terminated by either party in accordance with this section. The SLA may be terminated by RO at any time. SCC may terminate the SLA with 30 days written notice, or if RO becomes a Member not in good standing. Either party may terminate for material breach after 30 days’ notice and opportunity to cure. Upon termination or expiration, SCC will make the most recent backups available for secure download for 30 days; after that, data will be deleted per §5.10.
Basic database and asset hosting are included in the SCC Membership. Storage is allocated for databases and assets per the SCC Membership Rights and Responsibilities (SCC MRR) based on RO’s membership level as defined in Exhibit A.
The SCC reserves the right to assess storage overage and other usage-based fees during the hosting year if the database or assets grow to exceed the basic storage allocation for RO’s membership level, as defined in Exhibit A, contracted for during that year. Storage usage is evaluated quarterly and charged at the rates described in the SCC Membership and Technical Support Services Prices.
SCC’s cloud hosting provider is defined in Exhibit A. SCC may not add subcontractors without the customer’s prior written consent. Consent will not be unreasonably withheld, conditioned, or delayed.
-
Technical support in accordance with the conditions described in SCC’s Support Services Guide for technical issues related to Specify Cloud database hosting that arise.
-
Online availability of Specify Cloud virtual server, collection database, and Specify software application.
-
Continuous server, database, and application status monitoring.
-
SCC management of Specify software and security updates, updates by the cloud hosting provider to Hosting Services, and other integral software as required.
-
Backup and recovery of hosted data as described in §5.10.
Specify Cloud Hosting is contingent on RO status as a Member in good standing in the SCC. A Member in good standing keeps all paperwork related to its membership and yearly renewal up to date and all fees paid. In the event payments are not received by SCC when due, the Member will be considered a Member not in good standing.
The SCC Help Desk acts as the point of contact for all hosting and technical support issues. Technical Support Issue requests may be sent via email to the Help Desk: support@specifysoftware.org. The Specify Help Desk staff will respond in accordance with the conditions described in SCC’s Support Services Guide.
Live technical support is available 8:00 AM -- 5:00 PM (U.S. Central Time) Monday - Friday, excluding U.S. federal and State of Kansas holidays.
For emergencies outside normal support hours that affect an RO’s ability to work, SCC staff will respond on a best‑effort basis once notified. Response times are not guaranteed after hours.
SCC staff may be reached for emergencies via both phone and email at the following contact information:
director@specifysoftware.org
membership@specifysoftware.org
support@specifysoftware.org
+1 785-864-1363Specimen data will be housed and maintained on the hosting provider defined in Exhibit A. Backups of the database and asset data will also be created and stored on the same hosting provider and in the same Location/Zone. RO is responsible for confirming that its selected Location/Zone complies with its institutional and legal data residency requirements. Exhibit A of the Membership Service Level Agreement (SLA) contains the Location/Zone for hosted data. RO’s data will not be hosted or downloaded by SCC outside that Location/Zone unless approved as indicated in the “SCC may maintain a backup of RO’s database(s)” section of Exhibit A of the Membership SLA.
Associated files of digital “Assets” (images, documents, etc.) may be hosted on the hosting provider defined in Exhibit A and maintained by SCC (Specify Cloud hosted) or hosted and maintained locally by RO (RO hosted). Exhibit A delineates whether Assets will be Specify Cloud or RO hosted. If Assets are Specify Cloud hosted, backups will be created on the hosting provider and Location/Zone defined in Exhibit A.
Unless explicitly granted permission by RO for diagnostic or troubleshooting services, SCC staff will not access, copy, download, etc., primary or backup data for any purpose. The location of the customer’s data and backups may not be changed without the customer’s prior written consent.
Designated SCC and RO staff shall be given access to RO’s database instance on the Specify Cloud for normal technical support and adjustments. SCC staff will not have credentials for Specify application access, unless they are explicitly granted by RO. SCC will provide RO with account credentials to directly access their application server and database instances via SSH upon request. SCC personnel will access application servers and databases only to the minimum extent necessary to perform maintenance and backups; RO may audit access logs upon reasonable notice.
Specify software and specimen data and Specify Cloud hosted Assets (images, documents, etc.) will be available to RO on a 24x7 basis except for pre-scheduled and announced Specify platform software update and maintenance.
The SCC targets 99.5% annual average software and customer data availability (uptime) during RO peak hours (i.e. between 6 am and 8 pm local RO time Monday through Friday), with the exception of planned downtime and maintenance events. “Downtime” excludes (i) scheduled maintenance with 24‑hour notice, (ii) RO‑caused issues, (iii) force majeure, (iv) upstream cloud provider outages beyond SCC’s reasonable control, and (v) security emergency maintenance.
In the event that RO is no longer a Member in good standing due to non-payment for over 30 days, Specify software will become unavailable, and account credentials to access database instances and servers via SSH will be revoked. Database backups and Specify Cloud hosted Assets will remain accessible via hosting provider account credentials, allowing the Member to download them locally, for a period of three months, at which time those permissions will be revoked. Software and data will be retained for six months and access restored upon payment. Software and data unavailability due to non-payment is not counted when calculating the uptime percentage.
To verify the Specify application and database are available to RO, the SCC will automatically monitor database server operating status and availability at 10-minute intervals, through the updown.io service. During the period of 8 AM to 10 PM U.S. Central Time, if a Specify Cloud server does not return to online status within 30 minutes, the SCC will attempt to determine and remedy the cause of the server outage. If the SCC cannot remedy the server failure and return it to operation after 30 minutes, the server’s unavailability status will be communicated to RO via email. When the outage is resolved, the server is back online, and the Specify platform is accessible for use, RO will be notified of the return to operation via email.
Designated RO personnel will also be notified of server availability disruption within 10 minutes of the disruption, through the updown.io service. RO will provide the SCC with a list of designated personnel and their emails to be notified.
The SCC may occasionally perform minor maintenance on Specify Cloud servers and hosting provider resources to optimize performance. Maintenance may require Specify Cloud hosted databases to be unavailable for a short period, typically 15-30 minutes. SCC will strive to schedule server and application maintenance during RO non-peak hours (i.e. between 8 pm and 6 am local RO time). SCC will notify RO prior to any brief expected maintenance with at least 24-hour notice, or with as much time as possible in cases of degraded system performance or emergency.
In providing technical support, SCC staff will not access (open, read, copy, etc.) the data records and information contained within the Specify Cloud hosted databases or associated collection data files without explicit prior approval from RO. Senior SCC software engineers will have access to the accounts of the server platforms for normal technical support and adjustments, but will not have credentials for Specify database access, unless they are explicitly granted by RO.
Allotted storage capacity for backups and Specify Cloud hosted Assets combined will be granted up to the limit indicated in Exhibit A. If server storage capacity is exceeded, data will not be lost but access to the files may be temporarily prevented. Allotted storage capacity can be increased as needed by revised service terms between RO and the SCC.
Backups of Specify Cloud hosted databases and Specify Cloud hosted asset data will be created, managed, and stored on resources of the hosting provider defined in Exhibit A. SCC will encrypt backups at rest and in transit using industry‑standard encryption. RO is encouraged to maintain independent copies.
Database Backups. Daily, SCC staff will perform and compress SQL database dumps at a time outside of local working hours to minimize impact on the user experience and platform performance.
Asset Backups. Both backups and live asset data are stored in resources of the hosting provider defined in Exhibit A, allowing for direct access. Asset backup will be contingent on storage constraints. On the first Thursday of each quarter, a complete backup (snapshot) will be created from Specify Cloud hosted assets to create the “Quarterly Backup”. Weekly, incremental digital asset file backups using rsync will be executed, on Thursdays, between the live data and the snapshot for three months. On the first Thursday of each quarter, the process will repeat and the previous, rsync-ed backup will be replaced with the new snapshot.
Backup Retention. SCC will retain Specify Cloud hosted database backup copies in the following manner: daily backups for one week, Friday backups for one month, the first Friday of each trimester (January, May, September) for one year, yearly backups indefinitely. Daily or triannual backups can be maintained for longer or shorter periods as required by RO, contingent on storage constraints.
Contingent on storage constraints, one Specify Cloud hosted asset Quarterly backup will be stored at a time. When a new Quarterly backup is successfully created with a snapshot, the old one will be replaced. The RO is encouraged to copy and move Quarterly Backups offsite regularly.
In the event that RO chooses to discontinue their membership or Specify Cloud hosting, the SCC will store the most recent database backup, and the most recent asset snapshot for three months in long-term storage, at which time they will be permanently deleted. In the event that RO is no longer a member in good standing due to non-payment for over three months, the retention period will be one year. Upon RO request, SCC will delete retained backups earlier than the standard retention when feasible and not contrary to legal holds.
Backup Access. RO is encouraged to download regular database and asset backups, then move them offsite, according to a regular schedule. Upon request, SCC staff will work with RO to assure access to these regular backups and automate the process.
SCC may also provide RO with account credentials for SSH access to the servers and SQL credentials to backup their database(s) on demand.
Recovery. If the SCC is notified of the need for a collection database or file recovery from backups, the SSC will restore the last valid copy of the database and files and restore normal operations within one business day. The restoration process itself usually is accomplished (during U.S. Central Time Zone business hours, GMT -5 or -6) in under one hour. In the event of disaster recovery, the amount of lost data would be those entered into the database since the previous backup, typically within the previous 24 hours.
All data created by RO hosted in the Specify Cloud service are RO’s property and KUCR and SCC make no claim of ownership to RO’s data. RO will not store regulated data (e.g., PHI, PCI, sensitive PII) unless separately agreed in a data protection addendum. KUCR and SCC will not access, inspect, use, or distribute RO data for testing, technical support, problem solving or for any other purpose without the express, written permission of RO. A limited administrative account in MariaDB will be required to create and restore backup files using scripts, all within the cloud servers.
The SCC uses Member Specify databases for internal testing, technical support, or problem solving purposes only with express permission granted in the Membership Service Level Agreement, Exhibit A.
SCC will notify the RO without undue delay upon confirming an incident involving RO data. Notifications may be updated as additional information becomes available. The RO retains authority over external notifications, except where law requires SCC to notify.
SERVICES ARE PROVIDED “AS IS”; SCC DISCLAIMS ALL IMPLIED WARRANTIES TO THE FULLEST EXTENT PERMITTED BY LAW. SCC’S AGGREGATE LIABILITY FOR DIRECT DAMAGES UNDER THIS SLA IS CAPPED AT THE TOTAL FEES PAID FOR HOSTING SERVICES IN THE 12 MONTHS PRECEDING THE CLAIM; NO LIABILITY FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR LOST PROFITS DAMAGES. IMMUNITY CARVE-OUT APPLIES AS IN MEMBERSHIP SLA.
Neither party is liable for delays or failures due to events beyond reasonable control, including outages of third-party networks or cloud providers, acts of God, or changes in law.
-
Payment for support costs at the agreed interval and period of service.
-
Providing reasonable availability of a RO representative when resolving a service-related incident or request.
-
Providing and maintaining the Hosting Contact List.
SCC responsibilities in support of the SLA include:
-
Meeting response times associated with service-related incidents.
-
Providing RO with an annual report of the service’s uptime
-
Notification to designated RO representatives of all planned and emergency maintenance.
-
Notification to the RO of a data breach within 24hrs of SCC becoming aware of the data breach.
-
SCC will implement reasonable administrative, technical, and physical safeguards aligned with recognized frameworks appropriate for the scale of the Services.
For KUCR / administrative:
University of Kansas Center for Research, Inc.
2385 Irving Hill Road
Lawrence, KS 66045, USA
kucrbussvs@ku.edu
For Specify Collections Consortium:
Aimee M. Stewart, Consortium Executive Director
Biodiversity Institute, University of Kansas
1345 Jayhawk Boulevard
Lawrence, KS 66045, USA
Office: +1 785-864-2233
Email: director@specifysoftware.org
Theresa M. Miller, Membership and Fulfillment Officer
Biodiversity Institute, University of Kansas
1345 Jayhawk Boulevard
Lawrence, KS 66045, USA
Office: +1 785-864-4652
Email: membership@specifysoftware.org
IN WITNESS WHEREOF, the parties have accepted and executed this Agreement through their duly authorized representatives as of the date entered below.
| Member Institution (RO) | The University of Kansas Center for Research, Inc., on behalf of the Specify Collections Consortium | |
|---|---|---|
| Signature | Signature | |
| Name | Name | |
| Title | Title | |
| Date | Date |
Exhibit A:
Research Organization (RO): ___________________________________________
RO Business Office: ______________________________________________________________
RO Legal Jurisdiction: _____________________________________________________________
Effective Date: ____________________________________________________________________
Hosting Service: __________________________________________________________________
Hosting Location/Zone: __________________________________________________________
Number Databases Hosted: _______________________________________________________
Size Limit for Hosted Databases: __________________________________________________
Assets are Hosted by SCC (Yes/No): ______________________________________________
Size Limit for Hosted Assets: ______________________________________________________