top of page
Paper Abstract

AWS Managed Services - Service Level Statement

This Service Level Statement sets out the Terms of Service details relating to the delivery of Habitat3's AWS Managed Service.

a) General Service Details

Habitat3;

  1. Provides a Proactive Monitoring and Remediation Service via a Monthly Subscription

  2. Provides Support, Advisory and Technical Services via a Monthly Support Subscription

  3. Requires that each client have an AWS Developer Support plan (as a minimum) in place with AWS at all times. Learn more at:  https://aws.amazon.com/premiumsupport/plans/ 
  4. Requires delegated access to the AWS Billing Console to allow for budget alert management.
  5. Provides general support between 8am and 6pm (Sydney time) Monday to Friday excluding national public holidays.
  6. Provides critical support outside of business hours (eg. Web-Server inaccessible).

  7. Provide a first response to client requests within 4 business hours of the request being logged via the Habitat3 support web page.

  8. Provides comprehensive training on how clients’ are to request support.

  9. Attend to support requests only when a support ticket has been submitted via the Habitat3 support web page.

  10. Holds the appropriate levels of Insurance

  11. Provide your AWS account root access details at commencement of the support agreement.
     

b) Habitat3's secure support web-portal website
 

  1. Account Holders are provided with access to a secure, support web-portal to make requests relating to security (eg. updating a password) and billing (eg. adding a user account)

  2. Account Holders can nominate an Authorised Representative (AR) to act on their behalf. This is done via the support web-portal or on the initial service activation web-form. An Authorised Representative can only be nominated on the service activation form if the Account Holder is completing the form. Authorised Representatives can be nominated by the Account Holder at a later date.

  3. Authorised Representatives can access the support web-portal and therefore can make all billing and security requests.

  4. Exceptions are that Authorised Representatives cannot; 

    1. cancel a subscription/service

    2. nominate another Authorised Representative

    3. remove an Account Holder

    4. change the password of the Account Holder on the VPS

  5. The requests above must be made by the Account Holder not an Authorised Representative.

  6. Account Holders must provide an email address, the first and last name and the mobile phone number of the nominated Authorised Representative/s.  

  7. Authorised Representatives must be employed by the Habitat3 client they are representing and therefore have the same email domain name as the Account Holder (eg. employee@companyname.com.au).

  8. Habitat3 does not record the password set by Account Holders for the support web-portal.

  9. The support web-portal and all associated support ticket information (including Habitat3 client personal details are hosted by FreshWorks - privacy policy located at: https://www.freshworks.com/security/

  10. It is the client's responsibility to advise Habitat3 that an Authorised Representative has left the client's employment and should be disabled. This is done via a ticket in the Habitat3 web portal.

  11. If Habitat3 determines an Authorised Representative has left the client's employment we will automatically revoke that Authorised Representative's web portal account and they will no longer be able to make requests.

d) Habitat3 Server & Data Security

AWS DataCentres

  1. Habitat3 uses AWS DataCentres located in Australia unless otherwise specified by you. 

Data Ownership and Control

  1. The account is controlled by the Account Holder nominated in the Habitat3 AWS Support Agreement.

Habitat3 access

  1. Habitat3 staff may have the ability to access data stored within a client's webserver on AWS EBS storage. 

  2. Habitat3 completes rigorous background checks on all Habitat3 staff including an Australian National Police Check and all staff are required to sign a confidentiality agreement.

Passwords

  1. It is the client's responsibility to select strong passwords for all AWS and Habitat3 related services.

 

Data Breach

  1. Habitat3 will always notify you via email as soon as possible if a data security breach affecting your data is identified.

  2. The Office of the Australian Information Commissioner’s Guide to securing personal information: ‘Reasonable steps’ to protect personal information discusses security considerations that may be relevant under APP 11 when outsourcing your server hosting requirements.

  3. If any illegal activities (eg. copyright infringement) are conducted by any Habitat3 clients within any Habitat3 hosting services then Habitat3 holds the Habitat3 client responsible and liable to all relevant authorities.​

  4. Habitat3 expects clients to only connect to the Habitat3 Virtual Private Server from PCs that are protected by business grade AntiVirus software. 

 

e) Data Protection Laws

  1. Habitat3 is an Australian company with Australian shareholders focused on providing Australian based companies only with Australian-based technology services.

  2. Habitat3 does not consider itself an APP Entity based on the criteria set by the Office of the Australian Information Commissioner.

  3. Habitat3 does not warrant compliance with Data Protection Laws designed to protect those located in jurisdictions outside Australia including Europe.

  4. Habitat3 does not have a Data Processing Addendum in place with the providers of its Australian (Sydney) located DataCentre/infrastructure providers.

  5. Habitat3 clients as personal information controllers must not store the personal information of individuals located in the EU on Habitat3’s Hosted Virtual Private Servers (personal information processor) as Habitat3 does not warrant compliance with the GDPR.

  6. If you store data owned by the Australian Federal Government you should review your use of Habitat3's services and its upstream AWS datacentre provider's iRAP certification at : https://aws.amazon.com/compliance/irap/  

g) AWS Usage Agreement​

  1. You agree to allow Habitat3 to open an AWS Account on your behalf and you agree to the AWS Customer Agreement at - https://aws.amazon.com/agreement/

h) Webservers ​

  1. Webservers will be temporarily disconnected from the Internet if any DOS type attack is detected.

i) Service Change Requests

  1. Any requests associated with changing your service that impacts your fee must be approved by the Account Holder or Authorised Representative of the Habitat3 Account.

  2. The next monthly invoice will reflect the change for the full month. 

j) Alert Thresholds

Standard EC2 service based alerts

  • CPU above 90% for 5 minutes

  • Memory above 90% for 5 minutes (requires installation of the CloudWatch Agent on client servers)

  • HDD above 90% usage (requires installation of the cloudwatch agent, can be customised)

  • Network traffic bandwidth alerts (can be customised)

AWS Service alerts:

  • AWS GuardDuty alerts (uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment, alerts when there is a potential threat)

  • AWS Backup Failure alerts

  • AWS System Patch notifications

  • AWS Config (Alerts on non-compliance like user without MFA, EBS Disk not encrypted etc)

  • AWS outgoing data alerts

AWS Budget alerts:

  • AWS Standard Cost Anomaly Alerts

k) Miscellaneous 

  1. All AWS fees and charges are billed to you by AWS.

  2. All Habitat3 fees and charges are billed to you by Habitat3.

bottom of page