This Agreement represents a Service Level Agreement (“SLA” or “Agreement”) between Bento Holdings, Inc. and its customers for professional services, software as a service, or any application support/service deliverable that was purchased from Bento Holdings, Inc. on a contract basis that includes a defined scope. This Agreement remains valid until superseded by a revised agreement mutually endorsed by the stakeholders. It does not supersede current processes and procedures unless explicitly stated herein.
2. Goals and Objectives
The purpose of this Agreement is to ensure that the proper elements and commitments are in place to provide consistent service support and delivery to our clients by Bento Holdings, Inc. and its affiliate providers.
The goal of this Agreement is to create a communication channel between services provisioned between Bento Holdings, Inc. and our customers.
The objectives of this Agreement are to:
- Provide clear reference to service ownership, accountability, roles and/or responsibilities.
- Present a clear, concise and measurable description of service provision to the customer.
- Match perceptions of expected services provisioned with actual service support and delivery.
3.0 Service Agreement
The following service parameters are the responsibility of Bento Holdings, Inc. in ongoing support of this Agreement.
3.1 Service Scope
The following services are covered by this Agreement.
- Information technology management activities.
- Information security management activities.
- Monitoring, health, and maintenance of infrastructure.
- Monitoring support request system.
- Remote support for environments, systems, and applications under management.
- First line of support for third-party products under agreement with Bento Holdings, Inc.
Services other than ones listed above are considered out of scope for support. For the avoidance of doubt, the following services are not considered support:
- Non-company owned assets including BYOD devices, remote clients, remote workforce environments.
- Environments/Systems/Devices not under direct management.
- Development of new scripts, applications, or code.
- Third-party applications outside of agreement with Bento Holdings, Inc.
3.2 Customer requirements for support
Customer responsibilities and/or requirements in support of this Agreement include:
- Adhere to all aspects of our SLA Policy and follow established procedures for requesting support.
- Request a change in request priority if deemed necessary.
- Reasonable availability of customer representative(s) when resolving a service-related incident or request.
- Adequately maintain/update all hardware, operating systems, software so that they meet minimum standards determined by TechBento.
- Maintain patience, courtesy, and respectful demeanor at all times.
- Payment for all support costs at the agreed interval.
3.3 Information Technology & Security Management Requirements
We require all organizations to practice good information security and technology management. Each organization we work with will:
- Be candid about our operational needs and wants.
- Name a designated representative which will coordinate support requests as well as the use of our collaboration and request systems to exchange details and resolve issues.
- Follow our security recommendations which may come in various formats including meetings, audits, cyber security evaluations, e-mails, blogs, websites, security assurance portal, and guides..
- Enable MFA on standard and privileged accounts for all services where it is available.
- Ensure license compliance and maintain sufficient support agreements with materially significant vendors.
- Train your staff and contractors on materially important security matters and operational procedures.
- Acquire/Utilize a Mobile Device Management solution capable of enforcing device-to-service trust.
- Install our remote administration, automation, and management tools.
- Implement endpoint security tools such as anti-malware, anti-virus, and threat detection.
- Own business-class networking hardware including enterprise grade firewalls, WiFi access points, and switches with current support agreements.
- Maintain a reliable internet connection with consideration given for failover.
- Establish and follow policy and procedures for:
- Periodically reviewing security assurance and news via https://my.bentosecurity.com.
- access control (including identity control and MFA), continuity, change management, incident management, information security, network security, risk assessment, server security, vendor management, workstation security;
- data handling with emphasis on secrets storage and sharing;
- on/off boarding of staff and contractors;
- reporting incidents and tracking knowledge within your organization;
- Establish a Bring Your Own Device (BYOD) policy and a management program with specific consideration for:
- Operating MDM tools on employee owned mobile devices used for
- MFA
- E-Mail/Communication
- Text Messaging
- and accessing all company data/resources.
- Responding to security breaches and incidents which involve employee owned devices.
- Operating MDM tools on employee owned mobile devices used for
- Participate in virtual meetings on a periodic basis.
- Maintain business insurance that covers data breaches and cybersecurity events.
- Never transmit passwords without encryption. Customers may use https://www.techbento.com/sms/ to submit confidential data using our PGP Keys. We also offer a PGP service for creating and using your own PGP Keys via https://www.techbento.com/smsinbox/.
- Follow our security recommendations.
We offer guidance for meeting minimum standards of information technology management via Bento Cyber Security Framework accessible from https://www.bentosecurity.org.
3.4 Information Technology & Security Management Requirements
Our letter of agreement states we accept “certain digital currency” as payment. The list below explicitly defines the digital currencies accepted today:
- Bitcoin
- Bentoreum (Coming Soon)
4.0 Service Management
Effective support of in-scope services is a result of maintaining consistent service levels. The following sections provide relevant details on service availability, monitoring of in-scope services and related components.
4.1 Service Availability
Coverage parameters specific to the service(s) are customer business hours unless superseded by additional agreements. Support requests received outside of office hours will be collected, however no action can be guaranteed until the next working day.
4.2 Service Requests
Bento Holdings, Inc. would provide ongoing support to customers using the approved service support channel and knowledge base resources. The time available is determined by the Request Priority and the SLA Policy for defined for each customer.
Request Priority
Bento Holdings, Inc. assigns a priority to each ticket when it is received. As per section 3.2, it is the customer’s responsibility to request a change to this priority if they feel that a different priority level is required. For reference the following is a guide to how priority is determined:
- Urgent: Critical production issue affecting all users, including system unavailability and data integrity issues with no workaround available.
- High: Major functionality is impacted or performance is significantly degraded. Issue is persistent and affects many users. No reasonable workaround is available.
- Normal: Intermittent system performance issue or bug impacting some workflows or users but not consistently. Short-term workaround is available, but not scalable.
- Low: Inquiry regarding a routine technical issue; information requested on application, capabilities, navigation, installation or configuration; bug affecting a small number of users.
Default Priority
By default, customers can expect that:
- Actual or suspected security incidents are treated as urgent and are subject to after-hours/extended billing.
- All other requests are considered “Low” unless otherwise stated by the submitter or determined during validation.
SLA Policy
For all support agreements Bento Holdings, Inc. uses Best Effort (BE) to respond during the stated response window. Details for each support agreement are disclosed at https://www.techbento.com/sla/ and subject to change without notice if adapt to changing security, technology or service delivery needs.
For user requests, the goal of each response is to assist the user in solving the problem themselves. For security incidents, the goal of each response is to swiftly validate/contain/remediate the problem. For alarms/notifications, the goal is to solve the issue on behalf of the customer.
For reference, the table below describes the intent and expectations of each agreement.
SLA Agreement |
Objective |
Expectation |
---|---|---|
Bronze |
Most common choice for small business with emphasis on self-reliance, shared responsibility, and low overhead. |
|
Silver |
Greater emphasis on planning and continuity supported by rapid response. |
|
Gold |
Designed for regulatory or legal compliance. |
|
Platinum |
Focused on exceeding regulatory compliance and meeting fiduciary responsibilities. |
|
SLA Exclusions
After a report has been logged, Bento Holdings, Inc. responds in compliance with the relevant Service Level, unless the Customer does not comply with its obligations; or has engaged Bento Holdings, Inc. to make material changes to infrastructure or services.
4.4 Cyber Incident Response
Events are when something happens that is (most of the time) unusual, whether planned or unplanned. Incidents, on the other hand, are when something happens and it interrupts something else. Events and Incidents are not mutually exclusive. All incidents are events but not all events are incidents. Customers are able to attribute priority to all events, but additional resources are attributed to prioritized incidents.
The Bento Holdings Cyber Incident Response (CIR) policy for considers any incident with material significance as High priority. Bento Holdings offers each customer the ability to incorporate relevant portions of their Incident Response Plan (IRP) into the scope of provided services. In areas where there is a gap or lack of an IRP, the Bento Holdings Default Cyber Incident Response policy is applied.
Materially Significant Impact
We use our judgement to help protect the confidentiality, integrity, and availability of information systems and data. Materially Significant Impact is determined by Bento Holdings by the following process:
- Defined scope in customer’s letter of agreement or operational documents.
- Requested by the customer as part of the report.
- Perceived effects on confidentiality, availability, or integrity of customer data.
- Reported details suggest the need for escalation or lack of detail – presence of ambiguity – which prompts immediate validation.
Default Response
Bento Holdings will prioritize events suspected of materially significant impact. Unless explicitly defined in customer’s letter of agreement, Bento Holdings will temporarily raise the Service Level Agreement for a customer (Bronze, Silver and Gold), on an incident basis, to the next-tier. Customers receive priority outside of an established agreement, charged at a premium and require customer communication through completion.
Bento Holdings will do the following actions in these cases:
- Validate this alert and determine whether an incident took place.
- Determine the scope of the incident and risks to your organization.
- Take measures we deem necessary to protect your systems. This may advance the request to a point of containment or through complete resolution.
- Notify you of the impacts and risks.
- Work with you to determine the next steps to wholly resolve the incident.
- Debrief this incident if requested.
Customer responsibility during this time is as follows:
- Follow Customer Requirements when reporting issues.
- Supply background/contextual information
- Provide a contact instructions and respond to all messages/calls.
- Be prepared to immediately answer all questions promptly and name any CCs that should be added to this request.
- Follow all instructions.
Billing
CIR events are billed at a higher rate, billed in increments, and require customer communicate the closure (or hold) of a request to release our team and stop billing. Billing for CIR events starts when event validation commences. Billing continues until the event is contained or resolved. Customers may request that work is stopped/paused at any time via the request system.
4.5 On-Call and After-Hours Support.
We offer on-call assets to customers at our discretion and need. The terms of on-call agreements can vary depending on scope, hours needed, and response velocity. The minimum on-call charge is 2 hours per schedule day whether or not services are rendered. On-call support is provided under strict procedures and require 48 hour notice to establish. Customers are required to provide contact details, open requests via our support portal, and follow through with a call to dedicated phone numbers assigned to the project.
After-hours support is subject to standard SLA. We monitor inbound requests using a variety of methods including alarms, AI driven analysis, and people. After-hour requests are generally answered business hours or treated as a security incident.
4.6 Automatic activation of priority response for incidents and requests.
Occasionally customers diverge from the process out of convenience, urgency, or circumstances. Despite the challenge in triaging such requests, we make an effort to answer those requests promptly. We automatically burst service level agreements to the next tier and dedicate staff to solving the issue. Bursts are billed at a higher rate, billed in block increments, and require customer communicate the closure (or hold) of a request to release our team and stop billing. Burstable requests are treated as security incidents.
4.7 Warranty and Product Support for mission critical systems.
Customers are required to maintain hardware warranties and professional support for mission critical applications with respective vendors.
- Mission-Critical systems with valid warranty and vendor support will be handled as a priority security incident by our team should it experience a failure.
- Mission-Critical systems without valid warranty or vendor support will be handled under “Best Effort” and is not subject to our SLA Guarantees regardless of business impact.
- Non-Mission-Critical systems with warranty and vendor support will be handled under SLA terms.
- Non-Mission-Critical systems without warranty or vendor support will receive validation under Best-Effort and require replacement if deemed in-operative by the initial assessment.
5.0 CloudBento Fixed Price
CloudBento Fixed Price (formerly Small Business) is a hosted remote desktop platform with a guaranteed uptime of 99%. Bento Holdings, Inc., not responsible for, or held liable for, damages. The Customer assumes all risks. Customers wishing alternative terms may choose CloudBento Bespoke (formerly Enterprise).
NOTWITHSTANDING ANY OTHER TERM HEREIN TO THE CONTRARY AND UNLESS OTHERWISE EXPRESSLY STATED HEREIN, TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL BENTO HOLDINGS, ITS EMPLOYEES, AGENTS, SUCCESSORS, ASSIGNS, AFFILIATES, CONSULTANTS OR SUPPLIERS BE LIABLE TO SUBSCRIBER OR ANY OTHER THIRD PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, CONSEQUENTIAL, OR STATUTORY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE DELIVERY, PERFORMANCE OR USE OF THE SERVICE, WHETHER ALLEGED AS A BREACH OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE AND STRICT LIABILITY, INCLUDING WITHOUT LIMITATION LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF USE OR DATA, DAMAGE TO SYSTEMS OR EQUIPMENT, COST OF COVER, OR OTHER PECUNIARY LOSS, EVEN IF BENTO HOLDINGS OR SUBSCRIBER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BENTO HOLDINGS’S CUMULATIVE LIABILITY TO SUBSCRIBER SHALL NOT EXCEED THE AMOUNT OF FEES PAID UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
THE FOREGOING ALLOCATION OF RISK AND LIMITATION OF LIABILITY HAS BEEN NEGOTIATED BY THE PARTIES AND IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN BENTO HOLDINGS AND SUBSCRIBER.
CloudBento Customer Support
All prior sections of this page apply to CloudBento Fixed Price and Enterprise customers. All requests associated with information security, information management, training, projects or admin are billed hourly rates with one exception: limited infrastructure management. Both CloudBento pricing plans include limited management of the systems that may include patches and updates, security controls or fixes, our infrastructure upgrades and repair, and tasks associated with enabling these services for our customers. End-user support is not included.