Response Protocol Clause Samples

Response Protocol. 3.1 The section outlines the response time obligation of CCS in handling Support Calls made by IMed under this SDA. 3.2 Pursuant to section 3 above, the severity classification must be established before Relief, Temporary Fix and Resolution of a Support Call. 3.3 All Support calls received will be handled in accordance with the response protocol in Table 2. 3.4 Table 2. Response Protocol for Complaint/Support calls

Response Protocol. Employees are expected to mobilize within a predefined time frame when on call, which will be detailed in the operational guidelines.

Response Protocol. EWS will use commercially reasonable efforts to respond to Software support requests from Premium Users based on the severity level of the issue (as determined in good faith by EWS). EWS does not guarantee resolution times, and a resolution may consist of a fix, workaround, service availability, or other solution to restore functionality. Customer acknowledges and agrees that the response protocol described herein does not apply to general usage questions, documentation errors, issues related to a non-production environment, or feature requests reported by Customer: Severity Level Definition Response 1 – Critical The Software is inaccessible or so severely impacted that Customer cannot reasonably use the Software. A Severity Level 1 issue could have the following characteristics: • More than 50% of Customer users cannot access the Software • Customer users cannot create or save I-9 records • Customer users cannot submit to E-Verify solely as a result of an error in the Software (i.e., issue is not caused by the E-Verify system itself) EWS will acknowledge the issue within two (2) business hours of receiving notification from Customer and handle as the highest priority until the issue is resolved. 2 – Significant Major functionality or performance of the Software is impacted and no reasonable workaround exists. A Severity Level 2 issue could have the following characteristics: • Severely degraded performance • Frequent interruptions in service • Functionality is unavailable but the Software is able to operate in a restricted fashion EWS will acknowledge the issue within four (4) business hours of receiving notification from Customer and commit full-time resources to resolve. If EWS delivers an acceptable workaround instead of a solution, the severity classification will drop to a 3 – Minimal. 3 – Minimal A Software feature is unavailable but a workaround exists and the majority of functions are still useable. A Severity Level 3 issue could have the following characteristics: • A particular feature (such as a dashboard) is not working properly, but Customer user can obtain the same information through a report • Minimal Software performance degradation • Questions on Software functionality or configuration during implementation EWS will acknowledge the issue within two (2) business days of receiving notification from Customer and use reasonable efforts to resolve.

Response Protocol. The protocol for responding to events of Interference will require the Company to provide the County Engineer an Interference remediation report that includes the following items:

Response Protocol. For the avoidance of doubt, [Name] shall be responsible for reasonable costs to the extent caused by a Security Incident, including those incurred by Credit Card Company related to investigation, remediation, monitoring and notification. Processing. [Name] shall Process Covered Data per Credit Card Company instructions. Material Modifications. [Name] shall provide Credit Card Company with 90 days prior notice of a material modification to the process, method or means by which Covered Data is Processed (including any geographic change). If Credit Card Company reasonably determines and notifies [Name] that such modification could materially degrade Covered Data security, then [Name] shall not make such modification. Data Transfers. [Name] shall encrypt Covered Data in compliance with Applicable Processing Law and in the following circumstances: (a) the Processing of Covered Data on any mobile device or mobile storage or removable media, including laptop computers, smart phones, USB devices (“thumb drives”) and tapes/DVDs, and (b) electronic transfers of Covered Data by [Name] outside of its network. VTA. If [Name] hosts an Internet-facing and/or mobile application capable of Processing Covered Data, then [Name] shall annually have a vulnerability threat assessment (“VTA”) performed by a reputable vendor (from the then-current Payment Card Industry Council Approved Scanning Vendor list) and provide Credit Card Company with a summary attestation of the VTA including: (a) a definition of how the vulnerabilities are rated (e.g., high / medium / low, serious / moderate / minimal), (b) evidence that the application has no open vulnerabilities at the high rating, and (c) the number of vulnerabilities at any below high ratings and evidence that such vulnerabilities have been promptly remediated.

Response Protocol. In the event that Customer reports to Provider an Error in the SaaS (the Severity Level to be reasonably determined by Provider), Provider shall respond to such reports as follows: Severity Level Definition Response

Response Protocol. The protocol for responding to events of interference will require Company to provide Licensor’s City Engineer an interference remediation report that includes the following items: Remediation Plan. Devise a remediation plan to stop the event of interference; Time Frame for Execution. Provide the expected time frame for execution of the remediation plan; and Additional Information. Include any additional information relevant to the execution of the remediation plan.