Service Level Agreement
Service Level Agreement
When a customer - or customer’s representative - contacts HeroDevs support issues will be categorized using the four levels of priority described below. Each priority level is associated with a different level of service. Customers shall provide reasonable assistance when requested by HeroDevs in order to reproduce, identify, and verify issues and their fixes.
P0
| A P0 Issue is one that results in: |
|---|
| Major data corruption |
| Multiple apps (or a customer’s primary app) rendered unusable |
| A High to Critical severity security weakness, as defined by the NIST CVSS v3 that has been disclosed publicly or is being actively exploited |
Procedure/Remediation:
- Acknowledge report within 24 hours
- Start investigation within 48 hours
- Provide updates every 24 hours
- Release available fix after testing
Extraordinary efforts will be made to:
- Fix Critical severity security weaknesses in 15 days
- Fix High Severity security weaknesses in 30 days
- Fix other P0 issues in 30 days
P1
| A P1 Issue is one that results in: |
|---|
| Minor data corruption |
| Important app functionality rendered unusable |
| A High to Critical severity security weakness, as defined by the NIST CVSS v3 that has not been disclosed publicly or is not being actively exploited |
Procedure/Remediation:
- Acknowledge report within 48 hours
- Start investigation within 1 week
- Provide updates once a week
- Release available fix after testing
Commercially reasonable efforts will be made to:
- Fix Critical severity security weaknesses in 15 days
- Fix High Severity security weaknesses in 30 days
- Fix other P1 issues in 60 days
P2
| A P2 Issue is one that results in: |
|---|
| A Low to Medium severity security weakness, as defined by the NIST CVSS v3 |
Procedure/Remediation:
- Acknowledge report within 1 week
- Start investigation within 1 week
- Provide updates once a month
- Release available fix after testing
Commercially reasonable efforts will be made to:
- Fix Medium severity security weaknesses in 60 days
- Fix Low Severity security weaknesses in 90 days
P3
| A P3 Issue is one that results in: |
|---|
| Ancillary or minor app functionality being unusable or requiring an inconvenient workaround |
Note
P3 issues will by default not be addressed, unless circumstances permit a low-risk or high-demand fix. When fixed, the following timelines will be considered:
Procedure/Remediation:
- Acknowledge report within 1 week
- Start investigation within 1 week
- Provide updates when released
Commercially reasonable efforts will be made to:
- Fix and release issues in 180 days
The parties acknowledge that the level of effort defined for each priority may not be sufficient to resolve exceptional issues or security weaknesses in the specified timeframe. In those cases, Company will regularly, promptly, and clearly communicate all updated expectations.