Generic Service Level Agreements

This document defines the acceptable and unacceptable service levels, the indicators associated with these service levels, and actions to be taken in specific circumstances.

SLA Definitions

Term	Definition
Critical Threshold	The values represent Issuer’s tolerable threshold service levels against the corresponding SLA Item. Service level deviation for an SLA Item beyond this threshold value shall give rise to an escalation.
Office Hours	Office hours are defined as 9 hours between 9:00 am to 5:00 pm during the 5 working days of a week, i.e. from Monday to Friday except for any public holidays.
Incident intimation	Zeta will be deemed to be informed of an incident immediately upon receiving the same using any of the reporting mechanisms provided by Zeta.
Incident Response	A message sent to an official email address (or such reporting mechanism) provided by Issuer will be deemed to be a Response.
Acknowledgment response	A message confirming severity level of incident sent to an official email address (or such reporting mechanism) provided by Issuer.
Acknowledgment Response Time	The time interval between incident intimation and acknowledgment response.
Customer	Please refer the definition in MSA.

Incident Resolution

Severity Level	Description	Response & Resolution Time SLA
SEV-0	The system is in a critical state and is actively impacting 100% of Fusion customers from performing financial transactions, opening of accounts and issuing of cards.	Acknowledgement response time: Within 10 minutes from the time the incident is identified and assessed as SEV-0. Resolution time: 1-2 Hours. Update Response Frequency: Every 30 minutes till resolution. RCA/PIR - 2 days after the incident BUT WITHIN 7 days Max.
SEV-1	The system is in a critical state and is actively impacting more than 85% of Fusion customers from performing financial transactions, opening of accounts and issuing of cards.	Acknowledgement response Time: Within 30 minutes from the time the incident is identified and assessed as SEV-1. Resolution time: 2-3 Hours. Update Frequency: Every 30 minutes till resolution. RCA/PIR - 4 days after the incident BUT WITHIN 10 days Max.
SEV-2	The system is in a critical state and is actively impacting more than 50% of Fusion customers financial transactions, opening of accounts and issuing of cards.	Acknowledgement response time: Within 120 minutes from the time the incident is identified and assessed as SEV-2. Resolution time: 3-6 Hours. Update Frequency: Every 30 minutes till resolution. RCA/PIR - 4 days after the incident BUT WITHIN 10 days Max.
SEV-3	Partial loss of functionality, not affecting the majority of Fusion customers, yet requires immediate attention.	Acknowledgement response time: Within 120 minutes from the time the incident is identified and assessed as SEV-3. Resolution time: 4-12 Hours. Update Frequency: Every 4 hours. RCA/PIR - 4 days after the incident BUT WITHIN 10 days Max.
SEV-4	Minor issues requiring action, but not affecting Fusion customer’s ability to use the product.	Acknowledgement response time: Within 24 hours from the time the incident is identified and assessed as SEV-4. Resolution time: Will depend on request pipeline and Issuer’s prioritisation.
SEV-5	Cosmetic issues or bugs, not affecting Fusion customer’s ability to use the product.	Acknowledgement response time: Within 2 working days from the time the incident is identified and assessed as SEV-5. Resolution time: Will depend on request pipeline and Issuer’s prioritisation.

Service Performance and Availability SLA Table

Sr No.	Scope	SLA Item	SLA Threshold	Critical Threshold
1	Processing and authorisation (The processing platform and authorization software system will be available and operational 7 days a week 24 hours a day).	Platform availability for authorisation Calculation:Availability is measured as a ratio of system uptime to total time.	99.5%	99%
		Switch availability for transaction routing Calculation: Availability is measured as a ratio of system uptime to total time.	99.5%	99%
		Authorisation response time Calculation:Calculated time taken to provide an authorisation response to the outbound queue.	99.5% in < 5 sec	99% in < 5 sec
		API and web services availability Calculation:Availability is measured as a ratio of web service uptime to total timeAuthorisation response time.	99.5%	99%
2	Portals and system interfaces part of Zeta SaaS: (Web browser-based Customer facing website functions, portals and system interfaces will be available and live 7 days a week and 24 hours a day)	Platform availability (Portals) Calculation:Availability is measured as a ratio of platform uptime to total time.	99%	97%
		API and web services availability (Mobile Apps) Calculation:Availability is measured as a ratio of service uptime to total time.	99%	97%
		API response time (Applicable for critical APIs; The list of these APIs will be shared by Issuer) Calculation:Calculated time taken to provide a response to the API call.	99% in less than 500 m secs	95% in less than 500 m secs
3	Batch files Loads, Settlements (The batch file processing system will be operational to process files 7 days a week and 24 hours a day).	Batch File processing performance - Inbound and Outbound.	100 loads per minute per product; Up to a max of 1000 loads per minute across all products.	50 loads per minute per product; Up to a max of 500 loads per minute across all products.
4	Batch files Card Creation, Card Re-Issuance (The batch file processing system will be operational to process files 7 days a week and 24 hours a day).	Embossing file generation.	30 mins for 6,000 records.	60 mins for 10,000 records.
5	BCP/DRP (This is linked to recovery process from the back-up in case of outage in the primary data centre and the amount of time till which data may be lost from the IT Service / Platform).	RTO & RPO The Recovery Time Objective (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in-order to avoid unacceptable consequences associated with a break in business continuity. A Recovery Point Objective (RPO) is defined as the maximum targeted period in which data (transactions) might be lost from an IT service due to a major incident.	RPO - 10 mins RTO - 30 mins.

Service Credits

Service credits is the sole remedy available.
The SLAs are assessed at the end of the month.
The assessment report shall be shared by the end of 15th business day of every month (or by the end of following business day if the 15th day of the month is a not a business day) for the previous month (assessment month).
For the sake of computation of recurrence of an incident, an incident opened/reopened within 24 hours will be deemed as the same incident and will be counted as one occurrence.
It is agreed between the parties that during an incident the objective of the teams will be to expeditiously resolve the incident and make reasonable assessment of the severity and call for certain elevated incident response, the true severity of an incident will be assessed only during the RCA phase, post the resolution of the incident.
Service level credits will only be applicable once the billing for the program goes live.
The following table provides the service credit applicable for deviations in meeting the Production Incident Resolution of various levels of severity within a month as a percentage of the monthly interchange fees payable for that month.
If a particular severity is not resolved within the defined time frame , then for every additional day the same amount of credit will be calculated as the original calculation For avoidance of doubt please see example- First time SLA missed for a Sev 0 will be 0.5%. If this is resolved in 4 days post resolution time total Credit will be 0.5%*4=2%.
Total amount of credit under this SLA for any month will be capped at 10%.
Adjustment will be done at the time of actual billing.

Calculated Monthly	Sev 0	Sev 1	Sev2	Sev3	Sev4
First Time SLA Missed	0.5%	Warning	Warning	Warning	Warning
Second Time SLA Missed	1%	1%	Warning	Warning	Warning
Third Time SLA Missed	2%	2%	1%	Warning	Warning
Fourth Time SLA Missed	4%	3%	2%	1%	0.5%

The following table provides the service credit applicable for Service Performance and Availability SLA breaches for various operations described in the table provided above. All consecutive month SLAs are computed considering the months immediately preceding the assessment month. The specified service credit will be applicable if there is a Critical Threshold Breach within the same SLA Item across the consecutive preceding months to the assessment as specified below, as a percentage of the minimum interchange fees payable for that month.

Critical Threshold Breaches considering the immediately preceding months from the assessment month	Service Credit
First Time Breach in a Calendar year	Warning
Any other breach in a month in the Calendar year	0.5%
Penalty for a first consecutive month breach excluding First Time Breach	1%
Penalty for a second consecutive month breach excluding First Time Breach	1.5%
Penalty for a third or subsequent consecutive month breach excluding First Time Breach	2%

Responsibilities of parties

Zeta agrees that it will use its best effort to maintain service levels at SLA Threshold for each SLA Item.
It is agreed between the parties that during an incident the objective of the teams will be to expeditiously resolve the incident and make reasonable assessment of the severity and call for certain elevated incident response.
For the sake of computation of recurrence of an incident, an incident opened/reopened within 24 hours will be deemed as the same incident and will be counted as one occurrence.
Zeta and Issuer shall appoint a SPOC for all matters related to the Zeta SAAS. Both entities follow the escalation matrix defined below in table A in appendix. This matrix may be revised from time to time.
Any planned maintenance/Downtime has 1 week of notice. For Emergency changes minimum of 1 day notice will be provided over email.

Exclusions to the SLA commitments

The SLA commitments are not applicable for services or in case of events not in control of Zeta as highlighted below.
SLA breaches due to unrecoverable underlying infrastructure failure from hosting provider or any components, services, connections that are outside Zeta’s control. Examples:
- All or at least two availability zones of AWS go down in a region.
- Any Force Majeure incidents that impact the accessibility of two or more operating locations of Zeta.
- Any performance and SLA deviations due to targeted attacks on the platform by anyone or due to the breach of fair or projected usage patterns by Issuer or its customers.
  - Distributed Denial of Service attack originating from any server.
  - A customer uploading large or malformed files that impact order processing.
  - Sudden burst of requests (at least 3x greater than previously known volume for the time window) not in line with the previously known traffic patterns.

Appendix

Table A: Escalation Matrix

Zeta will share a detailed escalation matrix with the issuer on an official email address (or such reporting mechanism) provided by Issuer. Table B: Legend of technical acronyms used in the SLA:

Acronym	Full Form
API	Application Program Interface
BCP	Business Continuity Planning
DRP	Disaster Recovery Planning
RCA	Root Cause Analysis
SPOC	Single Point of Contact

Choose your product