Backup and Disaster Recovery Services Addendum
This Backup and Disaster Recovery Services Addendum (the “Backup and Disaster Recovery Services Addendum”) is by and between Service Provider and Customer and applies to the Backup and Disaster Recovery Services (defined below) included in one or more Service Orders between the Parties. To the extent any Backup and Disaster Recovery Services are included in a Service Order between the Parties, this Backup and Disaster Recovery Services Addendum references and is incorporated into and made a part of the Master Services Agreement between the Parties (the “Master Services Agreement”).
Now, therefore, in consideration of the mutual covenants and agreements set forth in this Backup and Disaster Recovery Services Addendum, the Master Services Agreement, and the Additional Terms and Conditions, and for other good and valuable consideration, the receipt and sufficiency of which are acknowledge by the Parties, the Parties agree as follows:
- General Terms. By Customer accessing and using the Backup and Disaster Recovery Services, the Parties agree that Customer is bound by this Backup and Disaster Recovery Services Addendum. Service Provider may modify this Backup and Disaster Recovery Services Addendum at any time and in Service Provider’s sole discretion by sending written notice to Customer. All capitalized terms used but not defined in this Backup and Disaster Recovery Services Addendum have the meanings assigned to them in the Master Services Agreement and Additional Terms and Conditions.
- Backup and Disaster Recovery Services. Service Provider shall provide:
- an on-site Network Attached Storage (NAS) unit that acts as a local storage device and stand-by server in the event of server and/or workstation;
- incremental backups done on the NAS as frequently as every five (5) minutes;
- secure remote offsite storage provided at a hardened data center;
- day to day data restoration of files, file folders, emails or email stores, SQL databases, and SharePoint;
- full data recovery from the secure data center with the most recent information stored offsite (in the event of total catastrophe, where the on-site server and NAS are last; and
- full management, monitoring, and testing of the NAS and remote storage.
- Security. All data is fully encrypted during transmission off-site and while store off-site. All data is stored offsite, in encrypted form at all times, on multiple servers in a highly secure data center facility. Each file is encrypted using 256-bit AES and SSL key-based encryption technology, which cannot be read without the corresponding keys, so encrypted data cannot be misused. The on-site NAS unit communicates with off-site remote servers using SSL (Secure Socket Layers) technology. As a result, the online backup of data is encrypted twice. It is encrypted at all times using the 256-bit AES encryption, and it is encrypted again while it’s being sent over the Internet.
- Data Deduplication and Compression Data. Deduplication and compression occurs prior to data storage and transmission using state-of-the-art technology. This ensures that backups are completed in a shorter timeframe, less storage space is used on the on-site NAS and at the off-site data centers, and needed bandwidth to transfer data off-site remains manageable.
- Backup Frequency. Servers and/or workstations can be backed up as frequently as every 5 minutes. Retention policies can be customized to create as many archived versions of data and full recovery points as needed. Off-site backup frequency is continuous by default and may be customized to meet Internet bandwidth limitations. Off-site backup frequency is ultimately dependent on total data size, data changes, and available Internet bandwidth. Customer must have a minimum upload bandwidth of 1.5 MB per terabyte of device storage capabilities to ensure timely off-site synchronization. Customer acknowledges and agrees that Service Provider shall not be held responsible or liable for maintaining off-site backup if this requirement is not met.
- Retention. Retention policies can be set at a high level of customization for the on-site NAS. The off-site data retention policy is 30 days. The off-site retention policy can be increased on a case-by-case basis that will include an increase in cost for Customer. Service Provider retains the right to change the off-site retention policy with two (2) weeks written notice to Customer.
- Smart Data. Transport Data transmission can easily be configured to minimize Internet bandwidth consumption. The on-site NAS and propriety off-site data transfer system leverages advanced bandwidth throttling to schedule Internet bandwidth used depending on the time of day, customized for each day of the week. This allows bandwidth to be limited during business hours to maintain network functionality and maximize bandwidth during off-peak hours to efficiently transfer data off-site.
- Data Center Attributes. Service Provider provides a hardened data center with (1) highly redundant storage in multiple redundant cluster nodes at a hardened data center; (2) connectivity provided by multiple providers with automatic failover capabilities; (3) the data center facility’s power is supplemented with both battery backup and diesel generation capabilities; (5) full physical security at the facility, including global biometric authentication access methodology to track all authenticated data center personnel and prohibit the entry of any unauthorized persons; and (6) fire suppression and environmental control provided.
- Remote Storage. Customer’s data will be stored in a secure off-site data center located in Ohio. The initial backup will be sent via a SATA II drive to the primary remote storage facility. There is an approximately 2-week turnaround time to seed the initial backup off-site. Incremental backups will occur during the off-site seeding process and will collapse into the main backup once the off-site transfer is complete.
- Recovery Time Objective (RTO). Service Provider shall log all retrieval activities from Customer. Service Provider shall attempt to resolve access, backup, or retrieval problems over the phone on first call within 24 hours of the first request. Service Provider shall restore a file, file folder, email, or an entire mailbox as needed. Customer shall submit service tickets to Service Provider’s Service Desk. In a disaster, where Customer will lose its entire office, Service Provider shall provide a new NAS imaged with the most current backup information, which is usually the previous day’s data. Service Provider shall ship the new NAS overnight via FedEx or another reputable overnight carrier to a location of Customer’s choice. Service Provider shall provide the new NAS such that it is ready to be used as a virtual server and can be used to perform a bare metal restore to dissimilar hardware which means that when a new server arrives, which means the NAS can be used to restore the most current data to the new server(s) and/or workstation(s) regardless of hardware.
- Off-Site Virtualization. In a disaster where Customer will or may lose its physical servers and NAS, servers and/or workstations may be virtualized in the off-site data center. Public IP and/or VPN access will be given to connect to remote virtual machines. Virtual machines can also be accessed using VNC and/or RDP.
- Ownership of the Data. The backup data being stored on the NAS and at the data center remains the sole property of the Customer.
- Catastrophe Service. In the event of a catastrophe, including, but not limited to, the disaster scenarios set forth in Sections 10 and 11, Customer shall pay Service Provider the Service Fees for the disaster recovery services and offsite virtualization services as set forth in the applicable Service Order, plus all applicable freight and shipment costs to deliver a new NAS that will contain the most current data loaded at the data center.
- Passwords. Service Provider acknowledges that it must have access to any and all systems and resources to perform their duties under this Backup and Disaster Recovery Services Addendum. As such, Customer shall disclose to Service Provider any and all passwords related to the systems covered under this Backup and Disaster Recovery Services Addendum.