American Well Hosting Operations Guide for AmWell Customers. Version 7.0

Similar documents
Oracle Cloud Hosting and Delivery Policies Effective Date: Dec 1, 2015 Version 1.6

PRODUCT SPECIFIC LICENSING TERMS PSLT - Adobe Connect Managed Services (2015v2.1)

Security Monitoring Service Description

MAINTENANCE AGREEMENT FOR RSA PRODUCTS ***IMPORTANT***

Cristie Maintenance and Support

Mobile Device Management Service Service Level Agreement

Single Per Event Support Americas

OpenText Protect. 1. Introduction. Software Maintenance Program Handbook

IBM Infrastructure Security Services - Managed Security Information and Event Management (Managed SIEM)

Customer Support Guide. Customer Support Guide

Epicor Cloud ERP Services Specification Single Tenant SaaS and Single Tenant Hosting Services (Updated July 31, 2017)

IBM DemandTec for Retail

Service Level Agreement (SLA)

GOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.

IBM Content Foundation on Cloud

Moogsoft Inc. Support Addendum

Security overview. 2. Physical security

H O S T I N G S E R V I C E A D D E N D U M T O M A S T E R S E R V I C E S A G R E E M E N T

SaaS Maintenance & Customer Support Terms

ASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016

PREDICTIVE INTELLIGENCE SECURITY, PRIVACY, AND ARCHITECTURE

Statement of Work Enhanced Technical Support (ETS) for AIX

SYSTEM SOFTWARE MAINTENANCE AND SUPPORT SERVICES (Premium 24x7)

Mediaocean Global Support Policy

Master Service Level Agreement

CUSTOMER SUPPORT SERVICES POLICIES FOR ONLINE SERVICES

All terms not otherwise defined in this Addendum are as defined in the Encompass Agreement.

DESKTOP SUPPORT SERVICE LEVEL AGREEMENT

SOX 404 & IT Controls

TERMS OF SERVICES. Yourcegid Retail Advance On Demand. Yourcegid Retail Advance On Demand 2017/12

Operational Level Agreement: SQL Server Database Incidents and Requests

IBM Business Process Manager on Cloud

CIP Cyber Security Security Management Controls

Service Level Agreement ( SLA ) PLEASE READ THIS AGREEMENT CAREFULLY; THIS IS A BINDING CONTRACT.

TABLE OF CONTENTS. The Definitive Guide To SaaS Solutions For The Insurance Industry EXECUTIVE OVERVIEW... 3

Alameda Countywide. Care Council. Manual

SUPPORT POLICY AND CLOUD SERVICE LEVEL AGREEMENT

Identity Provider Policy. Identity and Authentication Services (IA Services)

REQUEST FOR PROPOSALS: INFORMATION TECHNOLOGY SUPPORT SERVICES

TECHNICAL SUPPORT HANDBOOK

Attachment A SailPoint Technologies END USER SOFTWARE LICENSE AND SUPPORT AGREEMENT

Service Level Agreement (SLA) for IPA Offices By. Dubuque Internal Medicine

SERVICE FROM THE START FOR WAVE 5000 EA REGION PARTNER CHANNEL

ProcessUnity Standard Support Policy

SUPPORT SERVICES HANDBOOK

PART II SCHEDULE. Scope of Services. Special Terms and Conditions. Virginia Railway Express

Service Option Attachment - Acquired from an IBM Business Partner - Enhanced Technical Support for IBM i

ROLES AND RESPONSIBILITIES... 2 SUPPORT POLICIES... 4 HOW TO CONTACT M*MODAL SUPPORT... 5 SERVICE LEVEL AGREEMENTS AND ESCALATION PROCEDURES...

IBM Digital Recommendations

IT Managed Services. Agenda

Service Description. Service Overview. Co ilot Support Terms and Conditions

Regulation Systems Compliance and Integrity Considerations for the AWS Cloud

BPO Service Level Agreement

THIS COPY IS INTENDED FOR PREVIEW ONLY IT2015 ETP SPECIAL TERMS AND CONDITIONS FOR SERVICES DELIVERED VIA DATA NETWORK (CLOUD SERVICE)

SAP Hybris Commerce, cloud edition and SAP Hybris Commerce, Edge cloud edition Supplemental Terms and Conditions

User s Starter Kit. For Home or Small Office Use. fcbbanks.com

DAIMLER GROUP NORTH AMERICAN COMPANIES

ACDI Maintenance & Support Terms

Section 1 General Information

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

ITS Service Level Agreement

MSC Software Standard Software Maintenance & Technical Support Usage Guide

IBM Resilient Incident Response Platform On Cloud

DRIVER ADDENDUM TO SERVICES AGREEMENT. Last update: October 20, 2015

NTT DATA Service Description

Standard Statement and Purpose

IBM Facilities and Real Estate Management on Cloud (TRIRIGA)

Liquidware Customer Support Policy

PCI COMPLIANCE PCI COMPLIANCE RESPONSE BREACH VULNERABLE SECURITY TECHNOLOGY INTERNET ISSUES STRATEGY APPS INFRASTRUCTURE LOGS

Maintenance Agreement for TMS Hosted Systems 2017

SAP HANA ENTERPRISE CLOUD SUPPLEMENTAL TERMS AND CONDITIONS

ESRI (UK) LTD SUPPORT POLICY

HOSPITAL REPORT MANAGER SUBSCRIBER - ONTARIOMD SERVICE LEVEL AGREEMENT

IT Service Catalog College of Arts & Sciences

Private Cloud. Service Description

INFORMATION TECHNOLOGY SERVICES

SIMPLE FUND 360: AN AUDITORS GUIDE. Australia s leading cloud SMSF admin solution AN AUDITORS GUIDE.

BIOVIA Support Practices and Policies

REQUEST FOR INTEREST

IBM Silverpop Engage

STANDARD SUPPORT SERVICE FOR LARGE BUSINESS CUSTOMERS SOLUTION DESCRIPTION

1. For Service Bus relay, we guarantee that the properly configured. application would be connected with deployed relay in in at least 99.

This topic focuses on how to prepare a customer for support, and how to use the SAP support processes to solve your customer s problems.

HP Solution Management Services. Solution brief

Cloud Management Service Agreement. 1.0 Terminology. 2.0 Service Description

AUSTRALIAN ENERGY MARKET OPERATOR INDEPENDENT ASSURANCE REPORT ON AEMO S COMPLIANCE WITH THE GAS SERVICES INFORMATION RULES AND GSI PROCEDURES

SIMMONS COLLEGE MOBILE DEVICE AND SUBSIDY POLICY

SOLUTION DESCRIPTION

HP Agile Manager. Key Benefits. At a glance. Project Management. Key Software Capabilities. Administration. Enterprise SaaS.

ENTERPRISE ACTIVE MAINTENANCE AND SUPPORT SERVICE

TOP 6 SECURITY USE CASES

SPECIFICATION NO. TxDOT * REVISED: AUGUST 2017 CRIMINAL BACKGROUND CHECKS

All Quotes are in US Dollars and Valid for 30 Days from April 26, 2016

BT Master Services Agreement BT Managed Microsoft Lync Service Annex to the General Service Schedule BT MSA Reference No.

Microsoft Cloud Agreement Financial Services Amendment

White Paper. Veritas Configuration Manager by Symantec. Removing the Risks of Change Management and Impact to Application Availability

evaluate UCaaS providers and ensure you make an informed decision

ENTERPRISE OPERATIONS SERVICES

SaaS Listing CA Agile Central

HYBRID FAX CRITICAL BUSINESS CONSIDERATIONS

Transcription:

American Well Hosting Operations Guide for AmWell Customers Version 7.0 October 31, 2016

Contents Introduction... 4 Scope and Purpose... 4 Document Change Control... 4 Description of Services... 5 Data Center Locations... 5 Backup Services... 5 System Monitoring and Alerting... 5 Hosting Operations Audits... 5 Service Level Commitment... 6 System Availability... 6 Definitions... 6 System Maintenance & Continuous Delivery... 6 Version Support... 7 Service Level Exclusions... 7 Hosting Security Practices... 8 Physical Security... 8 System Security... 8 Network Security... 8 Security Incident Reporting... 9 Software Maintenance and Support... 10 Definitions... 10 Maintenance Responsibility... 11 Support Responsibility... 11 Level 1 and Level 2 Support... 11 Third Party Content and Services... 11 Error Classification, Reporting and Response... 12 Error Classification... 12 Page 2 of 15

Error Reporting and Response... 12 Escalation Procedures... 13 On-Site Support... 14 Documentation... 14 Customer Error Reporting Guidelines... 14 Page 3 of 15

Introduction Scope and Purpose The purpose of the American Well Hosting Operations Guide is to define the processes and rules that American Well follows in order to effectively manage hosting, support and maintenance service for its customers. This guide includes information about American Well s scope of hosting services, service level commitments, escalation procedures, and other support obligations. It is intended to provide guidance for the American Well operations and support teams, and information for customers technical operations teams. The primary objectives of this guideline are to Establish practices that govern the delivery of hosting, support and maintenance services. Promote the security of information stored within the American Well System. Promote compliance with all local, state, and federal statutes related to information protection Document Change Control Revisions to the American Well Hosting Operations Guide are subject to document change control. Changes to this document must be approved by the American Well Senior Vice President of Hosting. Notification will be made to clients with 30 calendar days of any material change to the Guide. Date Version Comments 10/2012 1.0 Initial version for AmWell Customers 2/2013 1.1 Updates for 2013 6/2014 5.0 Changes to match EE version. 6/2014 5.0.1 Minor changes to match EE version 5/2016 6.0 Changes to patch, upgrade and other sections 6/2016 6.01 & 6.02 Minor corrections 7/2016 6.1 Updates to support section 10/2016 7.0 Updates Page 4 of 15

Description of Services Data Center Locations American Well delivers hosting services from sites located in the United States which are SSAE 16 SOC 1 Type 2 or SOC2 Type 2 certified or certified under another equivalent standard. Currently services are delivered from one or more of the following locations. Our services may be offered out of any of the three sites at any time. Santa Clara, CA Andover, MA Honolulu, HI In no event shall such hosting sites, primary, backup, DR, other otherwise, be located outside the United States. American Well will provide instances of its system, as follows: 1 Production instance 1 Disaster Recovery instance Backup Services Customer data is backed up to disk daily, encrypted, and is delivered off-site at least once daily (Monday through Friday) to a secure remote-site facility. American Well stores no more than one year worth of offsite backups at any given time. System Monitoring and Alerting American Well maintains multiple system monitoring and alerting tools, both local and remote, to detect and notify the Hosting Operations team about resource utilization, component and system failures and other potentially service impacting events. Alerts are monitored 24x7x365 by our Cyber Command Center. Hosting Operations Audits American Well conducts internal audits relating to the hosting services on a regular basis. These audits are based on standards such as HITRUST CSF, HIPAA, PCI DSS and/or other applicable standards. The content and format of these audits may be changed at the discretion of American Well. Page 5 of 15

Service Level Commitment System Availability American Well provides System Availability target of least 99.9% during each calendar month. The Uptime Percentage is calculated by dividing Uptime Hours by the Base Hours and multiplying the result by 100. These calculations are made on a calendar month basis with service availability measured to the hundredth of an hour and hundredth of a percent of system availability (e.g. 719.50 Uptime Hours or 99.93% availability) Definitions For purposes of this calculation, American Well uses the following definitions. Base Hours Downtime Uptime Hours Base Hours are the total number of hours during a calendar month. Downtime occurs when some or all major functions of the American Well System are inoperable or inaccessible. Downtime does not include periods of scheduled or emergency maintenance, single periods lasting less than 10 minutes, or periods of inoperability or inaccessibility to the extent caused by one of the defined Service Level Exclusions. For the purpose of calculating System Availability, downtime begins at the moment a Severity 1 Error is reported to American Well. Uptime Hours are determined by subtracting the total Downtime from the Base Hours. System Maintenance & Continuous Delivery American Well employs a continuous delivery process wherein software updates and patches are regularly deployed to ensure feature and patch currency. These changes are applied through an automated system and may happen at any time during the month. Any potentially service-impacting updates are applied during regular maintenance windows typically during the overnight hours. The maintenance will typically not exceed 8 hours per calendar month. In scheduling maintenance windows, American Well endeavors to minimize the impact on all of American Well s customers business operations taking into account in particular the peak times of usage of each customer. Page 6 of 15

Version Support American Well shall provide the support and maintenance services described in this Guide for the most recent major release of the American Well System. In addition, American Well will provide support and maintenance services for the next most recent release of the American Well System for up to 120 days after release and general availability of a more current version. American Well may provide minor upgrades to the American Well System during scheduled maintenance. Service Level Exclusions Events or factors outside of American Well s control may impact American Well s ability to achieve the target Service Levels. American Well shall not be responsible for any failure to meet the service level commitments set forth above if the failure is due to: A customer s acts or omissions, including any customer misuse or abuse of the American Well System or use in violation of the customer agreement or terms of use. Viruses, malware or malicious code (given American Well has applied generally available and approved security definitions as soon as is practicable). Violations of the Terms of Use or malicious attacks on the American Well System. Any cause beyond the reasonable control of American Well, so long as American Well takes prompt measures to address such causes and notifies Customer thereof. Page 7 of 15

Hosting Security Practices American Well maintains a comprehensive Information Security program to protect the systems and information under its control. This program includes protections in the following areas. Physical Security Physical access to American Well s data center facilities is restricted to authorized personnel only. Where colocation services are used, access to the cages where American Well customer information is processed is restricted to those personnel specifically authorized by American Well. Access to the data center buildings is limited and non-employees must be escorted by building security and/or American Well approved personnel. Access to the American Well secure areas is controlled by a combination of physical and electronic lock and requires photo identification and a user-specific password. All access to these areas is logged and recorded for audit purposes System Security All remote administrative access to the systems behind American Well firewalls requires authentication procedures. Authentication is implemented using a minimum of username and password verification, and where required, two factor authentication. American Well policies require controls to ensure that passwords must be sufficiently complex to reduce the effectiveness of dictionary attacks to crack these passwords. All system access except that which is absolutely necessary to utilize and administer the American Well System is configured by American Well to prevent an intruder from gaining access to the system. All requests which are denied access may not receive any information about the American Well hosting configuration. American Well will track and implement applicable security patches and updates to all software products used in the American Well system, including but not limited to operating systems, database management systems, third party products, firewalls, anti-virus software, anti-virus signature/definition files, intrusion prevention and detection software or firmware used in networking equipment. Unless otherwise required, these changes shall be applied during scheduled maintenance. No third party may have access to customer Protected Health Information (PHI) or Personally Identifiable Information (PII) without proper consent. American Well s obligations regarding use, access to and transmission of PHI is set forth in the Business Associate Agreement between American Well and the third party. Network Security The American Well network contains security devices which have been configured to permit only the protocols necessary to allow the American Well System to function. All other protocols are explicitly denied. Monitoring procedures of the security devices are designed to inform American Well of unauthorized access or otherwise Page 8 of 15

suspicious attempts to gain access to secured portions of the system across the network. Security Incident Reporting American Well will use commercially reasonable efforts to investigate, respond to and terminate any security breaches or compromises. Subject to restrictions imposed by law enforcement or applicable law or regulations, American Well will report any confirmed security breaches or compromises to impacted customers within one business day following the day on which American Well qualifies the occurrence, not to exceed 5 business days following its knowledge of the event, or earlier if required by applicable law. To the extent known, American Well will present the impacted customer with documentation of the cause, remedial steps, and future plans to prevent a recurrence within 5 business days following the day on which American Well has knowledge of and qualifies the occurrence of the security breach or compromise. Page 9 of 15

Software Maintenance and Support Definitions Documentation The Documentation is the published material authorized and distributed by American Well that describes the American Well System, and the installation and use of the American Well System. Enhancement An Enhancement is a change or addition other than an Error Correction that improves the function, adds new function or substantially enhances the performance of the American Well System. Error An Error is a reproducible defect in the American Well System that results in the American Well System not functioning in material conformity with the Documentation. Error Correction An Error Correction is a change to the American Well System or the Documentation, or a workaround, that is in a form that allows its application to the American Well System or inclusion in the Documentation to re-establish material conformity with the Documentation. Level 1 Support Level 1 Support is the service provided in response to the initial phone or other inquiry call placed by a user which identifies and documents a suspected Error in the American Well System. This includes, but may not be limited to, call-logging and validation, problem source identification assistance, problem analysis, problem resolution, and preventive and corrective service information. Level 2 Support Level 2 Support is the service provided to analyze or reproduce the suspected Error or to determine that the suspected Error is not reproducible and to resolve the reproducible Error. This includes, but is not limited to, problem recreation, in-depth technical analysis and problem resolution and passing the reproducible Error to Level 3 Service with proper documentation that proves the Error exists. Level 3 Support Level 3 Support is the service provided to resolve reproducible Errors that are determined to be, or are highly probable to be, the result of a defect in the American Well System, and which requires design engineering knowledge or expertise to isolate and resolve. Page 10 of 15

Maintenance Responsibility American Well will provide customers who subscribe to, and are current with respect to paying for, Maintenance and Support with updates to the American Well System containing Error Corrections and/or minor or major Enhancements. American Well will make these Error Corrections and Enhancements generally available to all American Well hosted customers who are current with respect to billing at or around the same time. American Well will, at no additional cost to its hosting services customers, install Error Corrections and Enhancements on behalf of those customers. American Well will perform any additional implementation and configuration in accordance with a Statement of Work at American Well s then current rates. All Error Corrections and Enhancements are owned by American Well, deemed part of the American Well System and licensed to customers in accordance with the terms and conditions of the applicable license agreement. Support Responsibility Level 1 and Level 2 Support Level 1 Support personnel handle all interactions with end users. American Well provides Level 1 Support to all Customers with a current Maintenance and Support agreement. American Well also provides Level 2 and 3 Support where more technical expertise is required. Third Party Content and Services American Well maintains support and maintenance arrangements with third parties that provide content or software for the American Well System. When there is a problem with a third party component which affects its Customers, American Well works with the applicable third party in accordance with American Well s arrangement for maintenance and support with that third party and provides support and maintenance for such component pursuant to such terms.. Page 11 of 15

Error Classification, Reporting and Response Error Classification American Well shall respond to reported Errors according to their severity, as classified in accordance with Table 1. Table 1 - Error Classification Severity Criteria 1 An Error that results in catastrophic failure of the American Well System or poses a significant, imminent risk to protecting the privacy of Protected Health Information. 2 An Error that results in the American Well System being usable, subject to major restrictions on its essential workflows, for which there are no workarounds. 3 An Error that results in the American Well System being usable, subject to major restrictions on its essential workflows, for which there are available workarounds, or an Error that disables non-essential workflows, regardless of whether a workaround exists. 4 An Error that results in inconveniences of the American Well System, which are not critical to the its operation and for which there are workarounds. Error Reporting and Response Customers should report Errors in accordance with the standard reporting procedures described in Table 2 below. Errors that are properly reported to American Well will be acknowledged by American Well s support team, who shall assess the Error and initiate appropriate corrective action by American Well if needed. Table 2 - Error Response Severity Error Response 1 Error reports will be acknowledged by American Well within one hour. The issue will be worked on consistently until an official fix or adequate workaround is available. An action plan will be provided within 2 hours,if requested. 2 Error reports will be acknowledged by American Well within 4 hours. The issue will be worked on consistently during office hours until an official fix or adequate workaround is available. An action plan will be provided within 24 hours, if requested. 3 Error reports will be acknowledged by American Well within one business day. Page 12 of 15

Commercially reasonable efforts will be made to address prior to the next official release. An action plan will be provided within 10 business days, if requested. 4 Error reports will be acknowledged by American Well within one business day. Commercially reasonable efforts will be made to address by the next official release. Escalation Procedures In the process of resolving Severity 1 and 2 Errors, American Well will provide regular progress updates to the impacted customer. In addition, American Well and the impacted customer will each designate a representative to be available by cell phone outside of regular business hours in order to confer regarding the resolution process. Table 3 - Escalation Procedure Severity Criteria 1 If an action plan is not provided within 2 hours of a request: Account Manager If an action plan is not provided within 12 hours: Vice President If an action plan is not provided within 24 hours: Executive Vice President 2 If an action plan is not provided within 24 hours of a request: Account Manager If an action plan is not provided within 48 hours: Vice President If an action plan is not provided within 72 hours: Executive Vice President Page 13 of 15

On-Site Support All support efforts will be performed on American Well s premises. Should any on-site effort be required, customers agree to pay American Well all travel expenses at American Well s then per-diem rate unless such on-site support is the result of an Error. All expenditures will be approved by the customer in advance. Documentation Following an Error Correction or Enhancement, American Well shall supply customers with a copy of any applicable modifications, supplements, or new documentation versions as soon as they are available. Customer Error Reporting Guidelines American Well s obligations in the event of an Error are subject to its customers adherance to the following guidelines: Customers must provide American Well all information necessary for diagnosis of Errors within the response times set forth above. Customers, where appropriate, must provide experienced IT professionals and/or technical service representatives to collaborate with American Well on troubleshooting and reporting Errors. American Well may not be able to fix all Errors, and may instead provide a workaround to an Error inlieu of a fix. If American Well is asked by a customer to work on an issue that is not an Error, customer shall reimburse American Well at American Well s then current time and material rates for all work of American Well spent investigating any issues that were not Errors. Page 14 of 15

Page 15 of 15

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback