Common use of Physical Security SLAs Clause in Contracts

Physical Security SLAs. Service Level commitment for physical security in a LightEdge data center is: Service Level Service Level Agreement SLA Credit COLOCATION SECURITY AVAILABILITY Mitigation: 15 minutes Repair: 1 day DESCRIPTION: Secured colocation space is provided to Customer as security caging or colocation rack(s) for purpose of storing and operating Customer electronic equipment in a LightEdge data center. Colocation racks are typically four post racks with combination lockable front and rear doors and locked side panels. Side panels on adjacent colocation racks will not be removed. LightEdge will maintain the colocation space and all security components such as cage entry points, doors, side panels and door locks, in good working order. In the event any colocation rack(s) needs repair or replacement of the security components, LightEdge will provide additional controls until the colocation rack(s) are returned to normal service. For example, if a door lock were the be inoperable, LightEdge might require escorted access into that data center quadrant until the door lock was repaired. MEASURED BY: Failures of customer secured colocation space must be reported to LightEdge by Customer. Service Failure occurs when any infrastructure related to critical physical security controls fails and is left unmitigated or unrepaired for an extended period, resulting in a breach of physical security of the Customer collocated equipment installed within the rack. Service Failure begins when Customer reports failure of security component of their secured colocation space, as documented by a Service Ticket. Service Failure for mitigation SLA ends when equivalent security control has been implemented and noted by timestamp in Service Ticket. Service Failure for repair SLA ends when failed infrastructure has been restored back into normal service. The physical security control repair SLA is provided during periods of normal operations and is exempt during periods of Force Majeure as defined in the Master Agreement. > 15 minutes for mitigation = 1% credit for each Service Failure > 24 hours for repair = 5% credit for each Service Failure DATA CENTER SECURITY RESPONSE 5 minutes DESCRIPTION: All entry and egress points into the data center are secured against unauthorized access. Each Customer entry point into the data center is secured by card and biometric access controls and is limited to approved Customers or LightEdge personnel. Critical operational areas such as AHU/HVAC rooms, UPS/Battery rooms and electrical rooms are secured by card access control and are limited to LightEdge personnel and approved contractors. Doors designated as emergency exits are equipped with delayed egress hardware and secured from external entry. All secured doors are alarmed for door forced and door ajar conditions. Surveillance cameras are maintained and monitored by LightEdge that cover a) all building perimeter entrances and exits, b) all access points to Customer colocation areas and c) any critical infrastructure necessary to support data center operations such as generator yards and electrical rooms. LightEdge will monitor physical security of the data center and will promptly respond to any physical security issues and alarms. LightEdge will provide fire alarm, fire suppression and emergency notification systems covering Customer colocation areas and critical infrastructure rooms. These fire systems will comply with > 5 minutes = 1% credit for each Service Failure requirements of the National Fire Protection Association (NFPA). Appropriate local and regional authorities will be notified upon activation of fire alarm or fire suppression systems. MEASURED BY: Physical security in each LightEdge data center is monitored for critical alerts by LightEdge 24x7x365 in real-time using a building management system (monitoring and management tool). Service Failure occurs when any alerts to critical security controls are not responded to promptly. Service Failure begins when a critical alert is generated from building management system related to physical security of the data center. Service Failure ends when LightEdge has documented response to critical alert as a Ticket and have begun investigation into the critical alert. DATA CENTER SECURITY AVAILABILITY Mitigation: 15 minutes Repair: 1 day DESCRIPTION: LightEdge will maintain all equipment related to physical security such as doors, locks, surveillance cameras, and alarms, in good working order. In the event any security equipment needs repair or replacement, LightEdge will provide additional controls until such security equipment is returned to normal service. For example, if a door alarm were to fail and require replacement, LightEdge might lock that door and require escorted access through the door with the failed alarm, until that alarm was repaired. MEASURED BY: Physical security infrastructure in each LightEdge data center is monitored for failure by staff 24x7x365 in real-time using a building management system (monitoring and management tool). Service Failure occurs when any infrastructure related to critical physical security controls fails and is left unmitigated or unrepaired for an extended period, resulting in a breach of physical security of the data center. Service Failure begins when any infrastructure related to physical security in the data center fails. Service Failure for mitigation SLA ends when equivalent security control has been implemented and noted by timestamp in Service Ticket. Service Failure for repair SLA ends when failed infrastructure has been restored back into normal service. The physical security control repair SLA is provided during periods of normal operations and is exempt during periods of Force Majeure as defined in the Master Agreement. > 15 minutes for mitigation = 1% credit for each Service Failure > 24 hours for repair = 5% credit for each Service Failure DATA CENTER SECURITY RETENTION Surveillance video: 90-day retention Access logs: 1- year retention DESCRIPTION: Physical security access logs and camera surveillance footage will be maintained by LightEdge for a minimum period-of-time. MEASURED BY: Physical security infrastructure in each LightEdge data center is monitored for failure by staff 24x7x365 in real-time using a building management system (monitoring and management tool). Service Failure occurs for each Service Request where LightEdge is unable to provide Customer with physical access logs or physical surveillance video falling within the retention period commitment. 5% credit for each Service Failure DATA CENTER ACCESS REQUESTS 1 day DESCRIPTION: Access requests grant or revoke physical access to Customer employees or agents to the Customer’s Colocation Service. Access requests are initiated by Customer via Ticket. MEASURED BY: Service Failure occurs when any Customer access requests such as additions, deletions, revocations or changes are not fulfilled promptly by LightEdge. Service Failure begins when an access request is first requested by Customer, as documented by a Service Ticket. Service Failure ends when LightEdge has fulfilled the access request. Time elapsed between request for access change or revocation requests as documented by Ticket, and completion of change or revocation request. > 1 day = 1% credit for each Service Failure

Physical Security SLAs. Service Level commitment for physical security in a LightEdge Lightedge data center is: ● PRIVATE SUITE COLOCATION ● CAGE COLOCATION ● RACK COLOCATION ● SHARED COLOCATION Service Level Service Level Agreement SLA Credit COLOCATION SECURITY AVAILABILITY Mitigation: 15 minutes Repair: 1 day DESCRIPTION: Secured colocation space is provided to Customer as security caging or colocation rack(s) for purpose of storing and operating Customer electronic equipment in a LightEdge Lightedge data center. Colocation racks are typically four post racks with combination lockable front and rear doors and locked side panels. Side panels on adjacent colocation racks will not be removed. LightEdge Lightedge will maintain the colocation space and all security components such as cage entry points, doors, side panels and door locks, in good working order. In the event any colocation rack(s) needs repair or replacement of the security components, LightEdge Lightedge will provide additional controls until the colocation rack(s) are returned to normal service. For example, if a door lock were the be inoperable, LightEdge Lightedge might require escorted access into that data center quadrant until the door lock was repaired. MEASURED BY: Failures of customer secured colocation space must be reported to LightEdge Lightedge by Customer. Service Failure occurs when any infrastructure related to critical physical security controls fails and is left unmitigated or unrepaired for an extended period, resulting in a breach of physical security of the Customer collocated equipment installed within the rack. Service Failure begins when Customer reports failure of security component of their secured colocation space, as documented by a Service Ticket. Service Failure for mitigation SLA ends when equivalent security control has been implemented and noted by timestamp in Service Ticket. Service Failure for repair SLA ends when failed infrastructure has been restored back into normal service. The physical security control repair SLA is provided during periods of normal operations and is exempt during periods of Force Majeure as defined in the Master Agreement. > 15 minutes for mitigation = 1% credit for each Service Failure > 24 hours for repair = 5% credit for each Service Failure DATA CENTER SECURITY RESPONSE 5 minutes DESCRIPTION: All entry and egress points into the data center are secured against unauthorized access. Each Customer entry point into the data center is secured by card and biometric access controls and is limited to approved Customers or LightEdge Lightedge personnel. Critical operational areas such as AHU/HVAC rooms, UPS/Battery rooms and electrical rooms are secured by card access control and are limited to LightEdge Lightedge personnel and approved contractors. Doors designated as emergency exits are equipped with delayed egress hardware and secured from external entry. All secured doors are alarmed for door forced and door ajar conditions. Surveillance cameras are maintained and monitored by LightEdge Lightedge that cover a) all building perimeter entrances and exits, b) all access points to Customer colocation areas and c) any critical infrastructure necessary to support data center operations such as generator yards and electrical rooms. LightEdge Lightedge will monitor physical security of the data center and will promptly respond to any physical security issues and alarms. LightEdge Lightedge will provide fire alarm, fire suppression and emergency notification systems covering Customer colocation areas and critical infrastructure rooms. These fire systems will comply with > 5 minutes = 1% credit for each Service Failure requirements of the National Fire Protection Association (NFPA). Appropriate local and regional authorities will be notified upon activation of fire alarm or fire suppression systems. MEASURED BY: Physical security in each LightEdge Lightedge data center is monitored for critical alerts by LightEdge Lightedge 24x7x365 in real-time using a building management system (monitoring and management tool). Service Failure occurs when any alerts to critical security controls are not responded to promptly. Service Failure begins when a critical alert is generated from building management system related to physical security of the data center. Service Failure ends when LightEdge Lightedge has documented response to critical alert as a Ticket and have begun investigation into the critical alert. > 5 minutes = 1% credit for each Service Failure DATA CENTER SECURITY AVAILABILITY Mitigation: 15 minutes Repair: 1 day DESCRIPTION: LightEdge Lightedge will maintain all equipment related to physical security such as doors, locks, surveillance cameras, and alarms, in good working order. In the event any security equipment needs repair or replacement, LightEdge Lightedge will provide additional controls until such security equipment is returned to normal service. For example, if a door alarm were to fail and require replacement, LightEdge Lightedge might lock that door and require escorted access through the door with the failed alarm, until that alarm was repaired. MEASURED BY: Physical security infrastructure in each LightEdge Lightedge data center is monitored for failure by staff 24x7x365 in real-time using a building management system (monitoring and management tool). Service Failure occurs when any infrastructure related to critical physical security controls fails and is left unmitigated or unrepaired for an extended period, resulting in a breach of physical security of the data center. Service Failure begins when any infrastructure related to physical security in the data center fails. > 15 minutes for mitigation = 1% credit for each Service Failure > 24 hours for repair = 5% credit for each Service Failure Service Failure for mitigation SLA ends when equivalent security control has been implemented and noted by timestamp in Service Ticket. Service Failure for repair SLA ends when failed infrastructure has been restored back into normal service. The physical security control repair SLA is provided during periods of normal operations and is exempt during periods of Force Majeure as defined in the Master Agreement. > 15 minutes for mitigation = 1% credit for each Service Failure > 24 hours for repair = 5% credit for each Service Failure DATA CENTER SECURITY RETENTION Surveillance video: 90-day retention Access logs: 1- year retention DESCRIPTION: Physical security access logs and camera surveillance footage will be maintained by LightEdge for a minimum period-of-time. MEASURED BY: Physical security infrastructure in each LightEdge data center is monitored for failure by staff 24x7x365 in real-time using a building management system (monitoring and management tool). Service Failure occurs for each Service Request where LightEdge is unable to provide Customer with physical access logs or physical surveillance video falling within the retention period commitment. 5% credit for each Service Failure DATA CENTER ACCESS REQUESTS 1 day DESCRIPTION: Access requests grant or revoke physical access to Customer employees or agents to the Customer’s Colocation Service. Access requests are initiated by Customer via Ticket. MEASURED BY: Service Failure occurs when any Customer access requests such as additions, deletions, revocations or changes are not fulfilled promptly by LightEdge. Service Failure begins when an access request is first requested by Customer, as documented by a Service Ticket. Service Failure ends when LightEdge has fulfilled the access request. Time elapsed between request for access change or revocation requests as documented by Ticket, and completion of change or revocation request. > 1 day = 1% credit for each Service Failure.