STACKIT

Service Description STACKIT Cloud

1. General

1.1 Introduction

Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, Registry court Stuttgart, HRA 730995 (“SIT”) as a national provider of professional infrastructure & platform-as-a-service provides services under the brand STACKIT brand (“STACKIT Cloud Services”) based on OpenStack, which is made available exclusively as Public Cloud version to companies (“Customers”). SIT is the IT service provider for the Schwarz Group.

The STACKIT Cloud Services follow the international ISO/IEC 27001:2013 norm and an ITIL based operating model and are provided by specialized experts.

1.2 Data center location

The STACKIT Cloud Services are provided and operated in the SIT data center in Germany and in the future also in other member states of the European Union. All data centers are operated in compliance with ISO27001, ISO20000 and TÜV Level 3. As a European Cloud Service Provider, STACKIT is subject to the European General Data Protection Regulation (GDPR).

1.3 Scope

This general service description (“Service description”) forms an essential element of the contract regarding the purchase of STACKIT Cloud Services between SIT and the customer in addition to the separately regulated conditions of use and the service certificate(s) selected by the customer.

In the case of inconsistencies between the conditions of use, the service description and the valid service certificate, the service certificate takes priority over the service description and the conditions of use; the service description takes priority over the conditions of use.

1.4 Change to the service description

SIT has the right to adapt the service description. This also applies to a current contractual relationship on the purchase of STACKIT Cloud Services with effect in the future; we refer to number 6 of the conditions of use which applies here.

2. Service Level Agreement

2.1 Service transfer point

The service responsibility for STACKIT Cloud Services to be provided by SIT ends at the point of Internet transfer between the respective data center operated by SIT and the Internet Service Provider from the respective region.

2.2 Operating Times

The operating times of STACKIT Cloud Services are Monday through Sunday, “24/7”, 365 days a year (with the exception of planned maintenance work).

2.3 Availability

The general availability of STACKIT Cloud Services is – after deducting the excluded events according to number 2.42.4- 99.9% in the calendar month average, provided nothing else is regulated in the respective service certificate underlying STACKIT Cloud Services (“Availability”). Availability information is only valid for contractually agreed STACKIT Cloud Services and their components; SIT does not provide an availability promise for the availability of the customer’s own components or components from a third party (both software and hardware).

The availability target per calendar month is calculated as follows:

The general availability of the STACKIT Portal and the STACKIT Application Programming Interface (API) are not subject to the SIT availability promise. SIT aims however to attain availability for the STACKIT Portal and the STACKIT Application Programming Interface (API) of 99.9% respectively on a monthly average. Downtime, malfunctions or other inaccessibility in the STACKITACKIT Portal or the STACKIT Application Programming Interface (API) do not influence the calculation of the availability of a STACKIT Cloud Services.

2.4 Excluded events

Excluded events denote in particular those periods of time in which contractually agreed availability of STACKIT Cloud Services could not be guaranteed (“Excluded events“).due to the following listed downtime and malfunctions. Excluded events are not downtime. Excluded events include in particular:

STACKIT Cloud Services which are explicitly referred to and distributed by SIT as a test version, Beta or similar, are not subject to an availability promise from SIT. Downtime and malfunctions which occur through the use of these type of services by the customer are assessed as excluded events.

2.5 Supported software versions

STACKIT Cloud Services can exhibit specific software versions at the time of contract conclusion between the customer and SIT (“Main versions“). To keep STACKIT Cloud Services and the service provision to the customer secure and up-to-date, SIT retains the right to replace main versions of the software used with follow-up versions (“Follow-up versions“) – including in the case of concluded contractual relations.

In this case the following in particular applies:

2.6 Backup

Data backup by SIT is not performed as standard, unless something else is regulated in the individual service certificate.

If there is a data backup for an individual STACKIT Cloud Services according to the contractual underlying service certificate, the data backup complies with the corresponding STACKIT Cloud Services in line with the following standards, provided there is no other regulation in the individual service certificate or nothing else has been configured by customers:

Backup ParameterCharacteristic
Recovery Point Objective (RPO)4 h
Recovery Time Objective (RTO)4 h
Retention Period (RP)14 days, day-by-day retention after the first 4 h

2.7 Support

SIT provides their customers with qualified staff as well as supporting resources for trouble-shooting according to the parameters below.

Incoming support cases are assessed according to their critical status, which results in different response times.

SIT retains the right to downgrade in the critical level if STACKIT Cloud Services is available and the reason for the malfunction is in the customer’s area of responsibility.

SIT points out that as part of the processing of a support case it may be necessary – depending on the customer matter – for SIT to access the customer’s STACKIT Cloud Services to be able to process the support case adequately.

Support levelStandard
ChannelsHelp Center (support.stackit.cloud) E-Mail (support@stackit.de)
Availability of the malfunction indicator24/7
Response times*Incidents: < 4 h Service Requests: Best Effort
Solution time**Best Effort
Knowledge & Best PracticeZugang zur Knowledge Database (docs.stackit.cloud) Zugang zur Community (community.stackit.cloud)
PriceFree

2.8 Maintenance work

SIT conducts regular maintenance work (for example in the form of updates, patches, bug fixes or hardware exchange and hardware extensions) to guarantee the function, quality and security of the STACKIT Cloud Services.

SIT usually informs the customer of maintenance work which is likely to restrict the level of use of the STACKIT Cloud Services for the customer two weeks before it is conducted, using the STACKIT Cloud Status website. In the case of urgent maintenance work, the notification may be made within a significantly shorter time period or may be omitted entirely, depending on the individual case. SIT recommends to the customer that they regularly check for any pending maintenance work on the STACKIT Cloud Status website.

While maintenance work is being conducted access to the STACKIT Cloud Services can be temporarily halted or restricted, in particular if this is mandatory because of the type of maintenance work to be conducted.

Downtime that occurs due to maintenance work conducted will be treated as excluded events in the sense of number 2.4.

2.9 Service Payback

If the agreed availability for STACKIT Cloud Services is not adhered to as described, the customer receives a credit within the following transaction in the form of credit onto their customer account (“Service Payback“):

Availability (month) Service Payback
< 99,5%10%
< 99,0%20%
< 98,5%50%
< 95,0%100%

Other customer claims for reduction of remuneration are excluded. Any customer claims for damages remain unaffected.

3. Security Incidents

3.1 Analysis option from SIT

In the case of STACKIT Cloud Services, which are provided by SIT and used by the customer who purchases the STACKIT Cloud Services, action can be taken by SIT at their own discretion to detect weak points both in SIT’s area of responsibility as well as in the customer’s area of responsibility (“Security Incidents“) at an early stage. The customer’s area of responsibility, in particular, encompasses all hardware, applications and software from third parties which are not provided by SIT (“customer’s area of responsibility“).

If security incidents in the customer’s area of responsibility are detected by SIT or an external service provider for SIT, the customer is informed of these. Depending on the level of severity of the security incident the customer is obliged to take timely and appropriate action for their area of responsibility to avoid the security incident (e.g. by patching the affected application). If the customer’s area of responsibility is not secured with the latest patches or Workarounds, for example, the area of responsibility may harbor security risks for SIT or the customer themselves, or if the quality of the STACKIT Cloud Services is negatively influenced or put at risk by a security incident in the customer’s area of responsibility, SIT retains the right to corresponding countermeasures according to number 3.3.

3.2 Data collection for analysis options by SIT

To detect potential security incidents in the customer’s area of responsibility, log data of customer systems or perimeter data (e.g. firewalls, switches, routers and others) can undergo a rules-based evaluation for anomalies and potential security incidents. Appropriate vulnerability scans (proactive and reactive) can also be performed for systems available on the Internet.

3.3 Possible countermeasures in the case of security incidents

To protect the customer and STACKIT Cloud Services, SIT reserves the right to take appropriate measures without prior consultation with the customer (“countermeasures”) in the event of suspected cases or proven security incidents and corresponding severity. Of course a separate notification will be sent to the customer on this subject at the latest in the follow-up. Countermeasures include:

Version: 1.0