Compliance & Security
Service Level Agreement

Service Level Agreement

MineSec guarantees a Service Level Agreement (SLA) for the SoftPOS solution and services we deliver to our customers. 

The solution and services covered in this SLA may include:

  • SoftPOS Application (also known as MSA)
  • SoftPOS SDK (also known as MineHades)
  • Attestation and Monitoring back-end (also known as MineZeus)
  • Transaction Enabling Platform back-end
  • Operation Platform back-end
  • Merchant Platform back-end

The SLA response and resolution target are based on the severity level of the incident defined in table 1 of the document.

Specifically, MineSec guarantees the stability of the backend and ensures it will provide continuous service without interruption during the service period. MineSec hosts the back-end service on commercial cloud servers to provide adequate performance and reliability for customers’ usage around the world, the deployment of back-end service could depend on the location of the customers.

MineSec is responsible to contract our commercial cloud service provider for operating the service at the agreed service levels and using the necessary processes as listed below:

  • Incident Management (Incident and Response Plan)
  • Managing unplanned interruptions or degradations/reductions in service quality. MineSec will use commercially reasonable efforts to make the server available with an uptime percentage of at least 99.9%.
  • Proactive and reactive problem management to prevent problems and incidents in advance, eliminating recurring incidents and minimizing the effects of unavoidable incidents. 
  • Change Management (Change Control Process)
  • Allow changes to the service to be made with minimal disruption to the service. 
  • When there is a disruption to the service, MineSec will inform the customer of the system change 21 days in advance to allow customers to perform needed changes and/or to inform their corresponding stakeholders. 
  • Event Management (Monitoring Policy)
  • Monitoring of events occurring in the IT infrastructure to guarantee normal operation, detecting extraordinary events and escalating them if necessary. 
  • If change is required and considered as not an emergency, 21 days advance notice will be provided.
  • IT Continuity Management - To ensure agreed service levels and to avert risk and plan for necessary service recovery in the event of an emergency.
  • User (Customer) Access Management
  • Management of Access Rights 
  • Requests for information
  • Standard changes such as company logo change and add/change of users or access to service 
  • Service Reporting - Regular reporting on capacity utilization and service levels.
  • The capacity utilization reporting corresponds to information such as Total active users for the month, SDK version, Application name, etc... this information can be accessed on the back-end Analytics Portal. 
  • Billing information is based on Active Users, the information will be provided by MineSec within 10 working days after the month's end.
  • The service level reporting corresponds to the number of attestation data within the selected date range that can be shown over the Analytics Portal from the backend server.

Acknowledgement

MineSec acknowledges that we are responsible to maintain all applicable PCI DSS requirements for the security of cardholder data that we possess or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment.

Disasters Recovery 

MineSec has a Disaster Recovery plan in place. Software, database, storage, and operating system are regularly and compulsorily back-up to mitigate the impact of the disaster. The backup frequency is daily and the backup data is retained for 48 months. The backup is performed automatically through the commercial cloud server in all locations. 

We use standard products and apply industry best practices regarding methodology, frequency, monitoring and retention obligation. If a backup process fails, our personnel will inform the customer via the ticketing system and will resolve the incident. Regular tests ensure that the backup can also be restored.

RPO (Recovery Point Objective) is targeted for 15mins. RTO (Recovery Time Objective) is targeted for less than 1 hour.

Business Continuity

MineSec is obligated to continue to provide the SoftPOS solution and services to our customers without interruption under a valid contract term. Merging, acquisition or selling of MineSec will not lead to any change of terms and conditions of any existing valid contract. All contracts will be automatically transferred to the new company upon expiry. If MineSec foresees the back-end server will be discontinued or MineSec will not be able to renew or extend the contracts after expiration, MineSec will inform customers 6 months in advance before the contract expiration dates. 

In the event of termination or cancellation of this contract from MineSec, MineSec must return, transfer, delete or destroy the data held in fulfilling the contract (including but not limited to personal data files) and notify the customer in writing. 

This clause doesn’t apply to Force Majeure. 

Technical Support and Service Desk 

MineSec operates the Service Desk as a Single Point of Contact for all service-relevant customer communications on the MineSec SoftPOS solution and services. This includes incident reporting, the opening and handling of tickets and the necessary technical support by MineSec experts. 

The service desk can be reached during the support hours specified. This can be done by opening a ticket online via https://theminesec.atlassian.net/servicedesk/customer/portal (opens in a new tab) or over the telephone. The latter is only recommended when the event is categorized as critical or high severity level (refer to Table 1). 

The MineSec Service Desk provides the direct possibility to open and follow up with tickets. 

Once the ticket is opened, our team will respond to the tickets within a reasonable time depending on the incident’s severity level as defined below. 

SLA PNG

Disaster Recovery