Compliance Standards: ISO/IEC 20000-1:2018 · ITIL v4 · EU NIS2 Directive 2022/2555 · ISO/IEC 27001:2022 · NIST CSF 2.0
1. Service Availability (Uptime Commitments)
1.1 Monthly Uptime Targets
| Plan | Monthly Uptime Target | Max Allowed Downtime/Month | Max Allowed Downtime/Year |
|---|
| Starter | 99.0% | ~7.3 hours | ~87.6 hours |
| Professional | 99.5% | ~3.6 hours | ~43.8 hours |
| Enterprise | 99.9% | ~43.8 minutes | ~8.7 hours |
1.2 Uptime Measurement Methodology
Uptime Formula:
Monthly Uptime % = ((Total Minutes in Month − Unplanned Downtime Minutes) ÷ Total Minutes in Month) × 100
Downtime Definition: A period is counted as downtime only when the platform is completely inaccessible to all users of a tenant, or when a core module (Invoicing, Inventory, or Accounting) is non-functional for more than 5 consecutive minutes.
Measurement Tool: Automated synthetic monitoring (HTTP checks from at least 3 geographic regions, every 60 seconds).
1.3 Scheduled Maintenance Windows
- Standard window: Sundays 02:00–05:00 UTC (excluded from downtime calculation)
- Advance notice: 48 hours minimum for maintenance exceeding 30 minutes (Professional/Enterprise); 24 hours minimum for Starter
- Emergency maintenance: minimum 2-hour notice; excluded from downtime if critical security patch is required
- Notification channels: email + in-app banner + status page at status.bizoraerp.com
1.4 Exclusions from Downtime
- Scheduled maintenance within the maintenance window
- Force majeure events (natural disasters, pandemics, internet infrastructure failures)
- Customer-caused outages (misconfiguration, exceeding API rate limits, malicious activity)
- Third-party provider outages outside Our reasonable control
- Incidents affecting only non-core modules or beta features
2. Support Response Times
| Priority | Description | Starter Response | Professional Response | Enterprise Response |
|---|
| P1 — Critical | Platform completely inaccessible | 4 business hours | 2 hours | 30 minutes |
| P2 — High | Core module non-functional | 8 business hours | 4 business hours | 1 hour |
| P3 — Medium | Significant feature impaired | 2 business days | 1 business day | 4 business hours |
| P4 — Low | Minor issue, general enquiry | 5 business days | 3 business days | 1 business day |
Support Channels by Plan
| Channel | Starter | Professional | Enterprise |
|---|
| Community Forum | ✓ | ✓ | ✓ |
| Email / Ticket System | ✓ | ✓ | ✓ |
| Priority Ticket Queue | — | ✓ | ✓ |
| Phone Support | — | — | ✓ |
| Dedicated CSM | — | — | ✓ |
| 24/7 Availability | — | — | ✓ |
3. Service Credits (SLA Remedies)
If We fail to meet the applicable Monthly Uptime Target in any calendar month, You are eligible to request Service Credits:
| Actual Monthly Uptime | Service Credit |
|---|
| < 99.9% (Enterprise) | 5% of monthly fee |
| < 99.5% (Enterprise / Professional) | 10% of monthly fee |
| < 99.0% (any plan) | 25% of monthly fee |
| < 95.0% (any plan) | 50% of monthly fee |
How to Claim: Submit a credit request to
support@bizoraerp.com within 30 days of the incident. Credits are applied to the next billing cycle and are the sole and exclusive remedy for downtime. Service Credits have no cash value and cannot be exchanged for refunds.
4. Incident Management
Incident Severity Classification
| Severity | Criteria | Response SLO | Resolution Target |
|---|
| SEV-1 | Full platform outage or data loss | 15 minutes | 4 hours |
| SEV-2 | Core module failure or major performance degradation | 30 minutes | 8 hours |
| SEV-3 | Non-core feature failure or moderate performance issue | 2 hours | 2 business days |
| SEV-4 | Minor bugs, cosmetic issues, feature requests | 4 business hours | Next sprint |
Incident Communication
- Status updates posted to status.bizoraerp.com
- Email notifications to subscribed users for SEV-1 and SEV-2 incidents
- Post-incident reports (PIR) delivered within 5 business days for SEV-1 incidents
- Root cause analysis (RCA) provided to Enterprise customers for SEV-1 incidents
5. Security Incident Response
In the event of a confirmed security breach affecting Customer Data:
- Immediate containment and forensic investigation
- Customer notification within 24 hours of confirmed breach detection (Enterprise) or 72 hours (all plans)
- Regulatory notification as required by GDPR Art. 33, UK GDPR, and other applicable law
- Remediation and post-incident report
- Cooperation with Customer's own security investigation
6. Backup and Disaster Recovery
| Parameter | Value |
|---|
| Backup Frequency | Every 24 hours (full), every 1 hour (incremental) |
| Backup Retention | 30 days rolling |
| Backup Encryption | AES-256 at rest |
| Recovery Point Objective (RPO) | ≤ 1 hour (Enterprise), ≤ 24 hours (Professional/Starter) |
| Recovery Time Objective (RTO) | ≤ 4 hours (Enterprise), ≤ 8 hours (Professional), ≤ 24 hours (Starter) |
| Geographic Redundancy | Multi-region replication (Enterprise) |
7. Data Portability and Exit Assistance
Upon termination or request, We will:
- Provide an export of all Customer Data in a standard, machine-readable format (CSV, JSON, or XLSX) within 7 business days of request
- Maintain access to Customer Data for a 30-day transition period post-termination
- Provide reasonable exit assistance to Enterprise customers, including data migration support
- Permanently delete all Customer Data from Our systems within 90 days of the end of the transition period, and provide a certificate of deletion upon request
8. Governing Standards
This SLA is aligned with the following industry standards and frameworks:
- ISO/IEC 20000-1:2018 — IT Service Management
- ITIL v4 — IT Service Management Best Practices
- EU NIS2 Directive 2022/2555 — Network and Information Security
- ISO/IEC 27001:2022 — Information Security Management
- NIST Cybersecurity Framework (CSF) 2.0
9. SLA Review and Updates
This SLA is reviewed annually and updated as necessary. Material changes will be communicated with at least 30 days' notice. The current version is always available at www.bizoraerp.com/sla.
Enterprise customers may negotiate custom SLA terms as part of their Enterprise agreement. Contact legal@bizoraerp.com for custom SLA discussions.