UK flag You are currently using our US site. To see UK specific content, switch to our UK site. Continue arrow right icon US flag

close icon

Sport:80 Service Level Agreement (SLA)

Introduction

This SLA should be read alongside our supply of services agreement and/or our terms and conditions (as applicable) entered into between us (the “Agreement”). It will cover the key areas of the service provided to the Client and is supplemented by the content contained within this SLA.

This service level agreement (SLA) describes the level of service that the Client will receive from Sport:80 Services Limited (Sport:80).

The definitions used in the Agreement shall apply to this SLA.

Purpose

The Client depends on IT services that are provided, maintained and supported by Sport:80. It is accurate to say that the services provided by Sport:80 are of critical importance to the Client.

This SLA sets out what level of availability and support the Client is guaranteed to receive for specific parts of the IT service. It also explains what penalties will be applied to Sport:80 should it fail to meet these levels.

This SLA forms an important part of the contract between the Client and Sport:80. It aims to enable the two parties to work together effectively. In the event of a conflict between the terms of this SLA and the terms of the Agreement, the Agreement shall prevail.

Dates and reviews

This SLA shall run concurrently with the Agreement. The SLA may be reviewed and amended from time to time by Sport:80, and the applicable version shall be the version available on Sport:80’s website.

Services covered

This SLA covers the services outlined in the Agreement, including any exhibits attached thereto.

Exclusions

This SLA is written in a spirit of the partnership with the Client, and Sport:80 will always do everything possible to respond to and rectify issues in a timely and responsible manner.

This SLA does not apply when:

  • The Client has chosen to use software or service in a way that is not recommended by Sport:80;
  • The Client has made unauthorised changes to the configuration or set up of software or services;
  • The Client has prevented Sport:80 from performing required maintenance and update tasks; and
  • Any issues have been caused by unsupported equipment, devices, software or services.

Additionally, this SLA does not apply in circumstances that could be reasonably said to be beyond Sport:80’s control. For instance, floods, war, acts of god and so on.

This SLA also does not apply if the Client is in breach of its contract with Sport:80 for any reason (e.g. late payment of fees).

Sport:80 aims to be helpful and accommodating at all times, and will do its absolute best to assist the Client wherever reasonably possible.

Responsibilities

Sport:80 will provide and maintain the Sport:80 Management System to be used by the Client to manage and deliver all aspects of the Agreement. Additionally, Sport:80 will:

  • Ensure relevant software and services are available to the Client in line with the uptime levels listed below;
  • Respond to feature and support requests within the timescales listed below;
  • Take steps to escalate and resolve issues in an appropriate, timely manner; and
  • Maintain good communication with the Client at all times.

Client responsibilities

The Client will only use the Sport:80 Platform as intended, but is not required to use the Platform. The Agreement between Sport:80 and the Client includes full details of the IT service and its intended uses.

Additionally, the Client will:

  • Notify Sport:80 of issues or problems in a timely manner;
  • Provide Sport:80 with access to the software and services for the purposes of maintenance, updates and fault prevention;
  • Maintain good communication with Sport:80 at all times;
  • Submit feature requests in accordance with the stated process;
  • Provide support to its own members and/or customers; and
  • Adhere to policies and processes implemented by Sport:80 from time to time.

Device and Data Management

Sport:80 has fully embraced cloud computing and utilises best of breed hosting provider Amazon Web Services for the development and deployment of the Platform. Microsoft 365 has been adopted as best of breed for email and document creation and storage. Sport:80 has contracted with Ask4 Solutions to support Sport:80 with the role out and ongoing maintenance of the Microsoft ecosystem. Sport:80 do not have any physical servers and the team do not leave devices in our offices overnight. However, our physical offices are part of a gated development with fob-controlled access and egress and CCTV. Our offices are alarmed and monitored remotely.

Devices

Sport:80 uses Microsoft’s Intune Mobile Device Management platform to ensure the safety of client data. A key element to this is the enforcement of encryption on all endpoint devices that hold company and client data. This technology also enables Sport:80 to remotely wipe data in the event of device loss or theft.

All data that is held in Microsoft’s 365 ecosystem is also protected across the board by Multi-Factor Authentication which significantly increases the protection against phishing and other cyber threats. We employ ESET Anti-Virus Protection to give enhanced protection against viruses, malware and ransomware. Secure password management is enforced across all devices and systems using a leading password management tool.

Data Management

The Sport:80 team cannot inadvertently move data between client databases and clients cannot access other client data. Sport:80 utilise the relational nature of the database to tag all client specific data within the database to ensure data segregation. There is no inbuilt admin functionality available to transition/re-tag data between client data, leaving the only two exposed risks of this happening being via direct updates to the database or a bug in the low-level code that determines what client specific data to return. Sport:80 only provide database access to the bare essential members of the team who require access for maintenance and updates. Updates to the sections of code relating to the client specific checks are very infrequent and undergo multiple stages of rigorous testing before being released into production.

Security of client data is paramount, and something Sport:80 continually review and improve to ensure we stay up to date with best practice. Sport:80 applies significant resources on further segregating our client’s data for increased security and low latency. Each client’s data is hosted in a dedicated database and application server. This completely removes the risk of bugs to the low-level code that determines what client specific data to return. Two further security related updates that have been rolled out are; the option of 2FA for all users which will be enforceable on a per role basis and improved granularity for administrator access.

As aforementioned, direct database access is only granted to team members on a ‘need’ basis and who require the access for maintenance and upgrades, the number varies subject to ongoing projects. Administrator access to the Platform is again only granted to team members on a ‘need’ basis and those providing customer support to clients. Clients have the ability, within the Platform, to invoke and revoke administrator access at any time.

Sport:80 has achieved Cyber Essentials and Cyber Essentials Plus accreditation and ISO 27001 accredited.

As it currently stands if someone wishes to execute their right under any applicable data protection legislation to have data permanently deleted, the request must be submitted to Sport:80 via Zendesk. Due to the complicated nature of sport related data Sport:80 has to initiate a manual process to permanently delete user data. The rational for a manual process is the complexity around a data subject’s involvement in records, rankings and financial transactions etc. There may be the need to anonymize aspects of the data whilst permanently deleting others. It is the Client’s responsibility, as Data Controller, to write and enforce a data processing and retention policy. A copy of the Client’s data privacy and processing policy is to be provided to Sport:80 upon request. 

 

Hosting

Amazon Web Services (AWS)

Sport:80’s hosting partner is Amazon Web Services (AWS), who are recognised as the leading cloud infrastructure providers in the world. AWS abides to incredibly stringent security measures and provides high levels of availability. Protecting client applications and data is AWS’ s top priority and the organisation regularly carries out third-party audits to verify the strict levels of compliance and variety of security standards that the organisation abides to. These high standards ensure that Sport:80 web applications and client data is always safe, secure and accessible.

Data protection and security (offline)

AWS datacentres are state of the art, utilising innovative architectural and engineering approaches. AWS has many years of experience in designing, constructing and operating large-scale datacentres. This experience has been applied to the AWS platform and infrastructure. AWS datacentres are housed in non-descript facilities. Physical access is strictly controlled both at perimeter and at building ingress points by professional security staff utilising video surveillance, intrusion detection systems and other electronic means. Authorised staff must pass two-factor authentication a minimum of two times to access datacentre floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorised staff. AWS only provide datacentre access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of AWS. All physical access to datacentres by AWS employees is logged and audited routinely.

Fire detection and suppression

Automatic fire detection and suppression equipment has been installed to reduce risk. AWS fire detection systems utilise smoke detection sensors in all datacentre environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action or gaseous sprinkler systems.

Power

AWS datacentre electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Datacentres use generators to provide back-up power for the entire facility.

Climate and temperature

Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Datacentres have conditions to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.

Management

AWS monitors electrical, mechanical and life support systems and equipment so that any issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.

Storage device decommissioning

When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorised individuals. AWS uses the techniques detailed in DoD 5220.22-M (‘National Industrial Security Program Operating Manual’) or NIST 800-88 (‘Guidelines for Media Sanitization’) to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry standard practices.

Security - Database

Sport:80 hosts their database with Amazon Relational Database Service (Amazon RDS). Amazon RDS allows you to quickly create a relational database (DB) instance and flexibly scale the associated compute resource and storage capacity to meet application demand. Amazon RDS manages the database instance on behalf of Sport:80 by providing backups, handling failover and maintaining the database software.

Key RDS security features:

  • Access control – access to Amazon RDS DB Instance is controlled via DB Security Groups. DB Security Groups act like a firewall controlling network access to your DB Instance;
  • Network Isolation DB – instances run in an Amazon VPC that enables Sport:80 to isolate DB instances by specifying the IP range to use and connect to the Client’s IT infrastructure through industry-standard encrypted IPsec VPN. This means running Amazon RDS in a VPC enables Sport:80 to have a DB instance within a private subnet;
  • Encryption – connections between the and VPC and DB are encrypted using SSL;
  • Automated Backups and DB Snapshots – Amazon RDS automated backup feature enables point-in-time recovery for your DV Instance. Amazon RDS backs up the database and transaction logs, storing both for 35 days. This allows Sport:80 to restore DB Instance to any second during this period, up to the last 5 minutes; and
  • Additional Backups – Sport:80 have a script running continuously which takes a snapshot of the database every 30 minutes and stores it securely. Furthermore, prior to any alteration to the database backups are taken immediately before and after. In addition, Sport:80 implement soft deletion throughout the system. This means no user information is ever fully deleted and can be easily restored should it be required.

Data Cleansing

Strict relational constraints within the database enable Sport:80 to quickly highlight any redundant or erroneous data and cleanse accordingly.

Scalability

Cloud servers are ideal for business critical websites requiring enterprise grade high availability uptime, matched with unparalleled performance.

Traditional server hosting places all website data plus all software required to run websites (PHP, MySQL, Apache, mail, etc.) on to the same physical server. This works perfectly well until either the server fails (and causes downtime) or requirements outgrow that server, having to physically migrate from one server to another in order to upgrade (again causing downtime).

Sport:80 chose AWS as it breaks free from reliance on a single server. Sport:80 uses auto- scaling which maintains application availability and allows the Client to scale its Amazon EC2 capacity up or down automatically according to site traffic. Sport:80 utilises auto-scaling to ensure that the Client’s expectations for Amazon EC2 instances are met. Auto-scaling can also automatically increase the number of Amazon EC2 instances during demand spikes to maintain performance and decrease capacity during lulls to reduce costs. Auto-scaling is perfectly suited to manage hourly, daily or weekly variability in usage.

Guaranteed uptime

Uptime levels
Sport:80 will ensure that the Client has access to the IT services outlined in the Agreement on a twenty-four hour, seven day a week (24x7) basis of a rate of 98.9% - 100% (‘Sport:80 Uptime Metric’), measured quarterly.

The Sport:80 Uptime Metric commences on the ‘Go-Live date’. The Go-Live date is the date at which Sport:80 has concluded client and end-user testing and access, and commences the delivery of the Services under the Agreement.

Measurement and penalties
Uptime is measured using Sport:80’s automated systems over each quarter. It is calculated to the nearest minute based on the number of minutes in the given quarter.

If uptime for the service drops below the relevant threshold, a penalty is applied in the form of a credit to the Client.

The amount of the credit will be calculated depending on the number of hours for which the service was unavailable, excluding the downtime permitted by the SLA:

Quarterly uptime rating Service level Duration extension
Between 98.9% - 100% Meets SLA N/A
Below 98.9% Does not meet SLA Calculating the percentage difference (to 1 decimal place) for any availability that falls below 98.9% in any quarter (“Service Credit”) and applying the Service Credit to the Transaction Fees paid or payable by the Client under the Agreement for that quarter (see example below)


For example, if the availability over a quarter was 97%, and the Transaction Fees payable in respect of that quarter were £2,500, the service credit payable for that quarter would be £47.50 (98.9% - 97% = 1.9% = service credit of 1.9% of £2,500 = £47.50).

Any service credit shall be applied as a credit to the next invoice issued by Sport:80 to the Client or, if no subsequent invoice is due to be issued, payable in cash on demand.

Important notes:
Uptime measurements exclude periods of maintenance which must be notified by Sport:80 to the Client in advance and in writing.

 

Response Times

Guaranteed response times - Platform availability

When the Client raises an issue regarding the availability of the Platform, Sport:80 promises to respond in a timely fashion.

The response time measures how long it takes Sport:80 to respond to a support enquiry relating to the availability of the Platform. Sport:80 is deemed to have responded when it has replied to the Client’s initial request. This may be in the form of an email, telephone call or other means of communication, to either provide a solution or request further information.

Guaranteed response times depend on the priority of the support request and the severity of the issue. Sport:80’s support issue scale and response times are provided below.

Severity level Example Max. response time
Severe All users and/or all critical services are completely unavailable. 15 minutes
Medium A large number of users and/or a number of services are unavailable. 60 minutes
Minor A small number or single user is affected and/or functionality is restricted on a certain module. 120 minutes


Response times apply during standard working hours (9.00 am to 5.00 pm GMT), unless the contract between the Client and Supplier specifies provision for out of hours support or caters for different time zones.

Guaranteed response times – Support Tickets

Sport:80 is committed to providing on-going technical support to the Client. Sport:80 requests that all support tickets are submitted via the technology’s integrated support feature as this allows the Company’s support team to efficiently manage, track and respond to any queries.

Responses times

As shown below, Sport:80 guarantees response times on tickets submitted via the integrated support feature.

Support ticket submitted Max. response time
Office Hours (Mon-Fri, 9am to 5pm) 24 hours
Weekends (5pm Friday to 9am Monday) 48 hours

If there is an urgent or severe requirement, Sport:80’s support team can be contacted on an emergency phone line which is provided to the main contact within the Client’s organisation.

Member/customer support

The Client is responsible for supporting its own members and/or customers, not Sport:80. The Client must utilise Zendesk (a third party service) that works alongside the Platform’s integrated support feature to manage and respond to customer/member inquiries.

Zendesk is a globally trusted, best of breed, cloud-based customer service software and support ticket system. It is important to note that the Client incurs all costs relating to the use of Zendesk.

Sport:80 does not guarantee any response or resolution times with regards to support tickets or calls that are made directly to Sport:80 by a Client’s member or customer.

Resolution times

Sport:80 will always endeavour to resolve problems as swiftly as possible. Sport:80 recognises that the Client’s IT systems and services are key to its business and that any downtime or technical issues can negatively impact on the organisation.

However, Sport:80 is unable to provide guaranteed resolution times because the nature and causes of the problems can vary enormously. In all cases, Sport:80 will make all reasonable efforts to resolve problems as quickly as possible. It will also provide frequent progress reports to the Client.

Feature Requests & Bugs

Sport:80’s partnership model allows the Client to submit requests with regards to new features. Sport:80 has a strict request process in place to ensure that all feature requests are collated, managed and acted upon through the issue of UAC’s (as defined below). 

From the Client’s perspective, the request process is managed by a nominated main contact within the organisation. The contact will manage the feature requests from all departments within the Client organisation and submit the feature details through Zendesk.

Requests are reviewed by the Sport:80 Customer Success Team and categorised as either a ‘critical bug’, ‘high dependency bug’, ‘medium dependency bug’, ‘low level bug’ or as a ‘feature request’ or ‘training need’ (all as defined below).

In relation to bugs, these are reviewed on a daily basis and the work required to fix and release is communicated with the client throughout the process. Critical and high dependency bugs are treated with the utmost urgency.

Definitions

  • ‘Critical bug’ - issues within the live environment that are mission critical and for which there are no workarounds and prevents use of the Platform. 
  • ‘High dependency bug’ - issues that are related to core functionality and highly degrade platform performance.
  • ‘Medium dependency bug’ – have workarounds that allow users to complete tasks but platform performance degraded.
  • ‘Low level bug’ - issues that do not interfere with core functions and or annoyances that may or may not ever be fixed.
  • ‘Training need’ - education is provided where an issue can be resolved when the Client is supported by the Sport:80 Customer Success Team.
  • ‘Feature request’ - Sport:80 commits to reviewing feature requests on a regular basis and responding to the Client’s nominated main contact in order to produce User Acceptance Criteria documentation. User Acceptance Criteria (‘UAC’) is a document that is produced by Sport:80 in collaboration with the Client to ensure the feature being requested is thoroughly considered, planned, and costed where applicable. Prior to development work being scheduled a UAC is produced and signed off by the Client’s nominated main contact. A new feature will ONLY be scheduled for production once a UAC is signed and a delivery date has been agreed between the parties. Once scheduled Sport:80 will notify the client of progress regularly and will expect engagement throughout the testing period before the feature is progressed into the ‘live’ environment. Sport:80 reserves the right to decline a feature request if it doesn’t align with its strategic direction.

As a guide only: 

  • Critical bug - (where commercially reasonable) will be fixed within 48 hours; 
  • High dependency bug - (where commercially reasonable) within 2 weeks;
  • Medium dependency bug - (where commercially reasonable) within 4 weeks;
  • Low level bug - (where commercially reasonable) within 6 months; 
  • Training need - (where commercially reasonable) within 5 days; and
  • Feature request - (where commercially reasonable) within 18 months.

Right of termination

Sport:80 recognises that it provides services that are critical to the Client’s business.

If Sport:80 materially breaches the service level described in this document and/or materially fails to meet the service levels more than two times in any three month period, the Client shall be entitled to:

  • Request Sport:80 to supply a written plan setting out in reasonable detail how it will remedy such defect (“Cure Plan”) as soon as possible (and in any event no later than 20 Business Days after the date of request) without additional cost to the Customer; and
  • If the above provision is not complied with (or the Cure Plan is not successfully delivered within the period notified by the Supplier within the Cure Plan) the Client may terminate the Agreement immediately on written notice.