Service Level Agreement (SLA)

Entryscope External Attack Surface Management (EASM) Platform

Effective Date: December 2025 | Version: 1.1

1. Service Availability & Uptime Guarantee

1.1 Uptime Commitment

Entryscope commits to maintain platform availability at 99.5% per calendar month, measured from Entryscope's monitoring infrastructure across all customer instances globally.

99.5%
Monthly Uptime Commitment

Uptime Percentage Calculation:

Monthly Uptime % = [(Total Minutes in Month - Downtime Minutes) / Total Minutes in Month] x 100

For a 30-day month: Total minutes = 43,200 minutes
For a 31-day month: Total minutes = 44,640 minutes

Permitted Downtime per Month:

  • 99.5% uptime = approximately 21.6 minutes maximum monthly downtime

1.2 Excluded Downtime (Not Counted Against SLA)

The following are not counted as service unavailability:

  • Scheduled maintenance windows (with 48+ hours' notice via customer portal or email; limited to 1 window per month per customer, each ≤2 hours)
  • Issues caused by customer configurations, integrations, or API misuse
  • Issues caused by third-party services (cloud providers, DNS providers, APIs integrated by customers)
  • Network issues outside Entryscope's infrastructure (customer ISP, firewall, VPN, local network)
  • Customer-initiated suspension for non-payment or policy violation
  • Force majeure events (natural disaster, war, terrorism, pandemic, government action)
  • DDoS attacks that do not affect core scanning/discovery functionality
  • Issues caused by customer's failure to apply available security patches or updates to client-side software

1.3 Support & Response Time SLA

Entryscope provides incident response based on severity classification:

Severity Definition Initial Response Target Resolution Target
Critical Complete platform outage; core scanning/discovery not functioning; data integrity compromised; security threat affecting customer data 16 business hours 48 hours
Medium Partial functionality degraded; dashboard slow or intermittent; reporting features limited; non-critical features unavailable 32 business hours 72 hours
Low Minor features unavailable 48 business hours 96 hours
Business Hours Definition: Monday-Friday, 09:00-17:00 CET, excluding EU public holidays.

1.4 Service Credit Remedy

If monthly uptime falls below 99.5%, Entryscope will issue service credits as follows:

Monthly Uptime Service Credit
≥99.5% None
≥99.0% and <99.5% 1% of monthly fees
≥95.0% and <99.0% 5% of monthly fees
<95.0% 10% of monthly fees

Service Credit Terms:

  • Service credits are calculated based on affected customer subscription fees for the month in which the outage occurred
  • Credits are automatically applied to the customer's next invoice (no claim required for uptime-based credits)
  • Credits are the sole remedy for failure to meet uptime SLA
  • Service credits do not entitle customer to refund or service continuation; they offset future fees only
  • Service credits expire if not used within 12 months
  • Credits cannot exceed 100% of monthly fees for a given month
  • If customer terminates subscription, any accrued credits are forfeited

1.5 Resolution & Restoration Target

Entryscope aims to restore Critical-severity incidents within the 48-hour target. If restoration extends beyond 48 hours, Entryscope will:

  • Provide regular updates to the customer
  • Escalate to senior engineering leadership
  • Continue working toward restoration with no artificial breaks

2. Incident Classification & Escalation

2.1 Severity Definitions (detailed)

Critical

  • Entire platform or core discovery/scanning engine unavailable
  • Data loss or corruption affecting customer asset inventory
  • Security breach or unauthorized access to customer data
  • Dashboard inaccessible for >60 minutes
  • API endpoints non-functional (>50% of API calls failing)
  • Recurring crashes preventing basic operations

Medium

  • One or more features unavailable (e.g., reporting, integrations, alerting)
  • Dashboard or UI slow (>10 seconds load time) but functional
  • Intermittent failures affecting 15-50% of API calls
  • Scheduled scan missed or delayed >24 hours
  • Data refresh delayed >24 hours
  • Authentication issues for subset of users

Low

  • User interface performance slow but functional
  • Non-critical notification delays

2.2 Escalation Path

Customer → Entryscope Support:

  1. Customer contacts Entryscope Support via [email protected] or support portal with severity classification and issue details
  2. Support acknowledges receipt and confirms severity within response-time SLA (Section 1.3)
  3. If Critical, support immediately escalates to on-call engineering; Medium/Low escalates within business hours

If SLA Response Target Missed:

  • Escalation to Support Manager (Medium/Low issues) or VP of Engineering (Critical)
  • Automated notifications sent to customer every 4 hours on status of unresolved Critical incidents
  • Daily communication minimum for Medium; every 48 hours for Low

3. Support Coverage & Availability

3.1 Support Channels

3.2 Support Hours

Tier Availability
Critical Business hours (Mon-Fri, 09:00-17:00 CET) with 16-hour response in-hours
Medium Business hours (Mon-Fri, 09:00-17:00 CET) with 32-hour response in-hours
Low Business hours (Mon-Fri, 09:00-17:00 CET) with 48-hour response target

4. Maintenance Windows & Planned Downtime

4.1 Scheduled Maintenance Policy

Entryscope performs scheduled maintenance up to 1 window per month, lasting a maximum of 3 hours, announced with 48+ hours' notice.

Maintenance Window Requirements:

  • Scheduled during low-usage windows when possible (typically 02:00–04:00 CET, but flexibility available upon request)
  • Announced via email
  • Does not count against SLA uptime calculations
  • Post-maintenance health checks completed before return to full availability declaration

4.2 Emergency Maintenance

Entryscope may conduct emergency maintenance without notice if:

  • Security vulnerability requires immediate patching
  • Critical data integrity issue poses customer data loss risk
  • System stability threatened

Emergency maintenance lasting <2 hours is not counted against SLA; durations >2 hours count as downtime unless force majeure is declared.

5. Limitations & Disclaimers

5.1 SLA Scope

This SLA applies solely to:

  • Availability of the Entryscope core platform (discovery, scanning, reporting engines)
  • Support response and resolution times for reported incidents
  • Monthly uptime percentage measurement and service credit calculation

This SLA does not cover:

  • Scan speed, discovery accuracy, or quality of threat intelligence (see Service Description for feature specifics)
  • Third-party integrations, APIs, or services (customer responsible for their reliability)
  • Data deleted by customer action or termination of subscription
  • Downtime caused by customer configuration or misuse
  • Business interruption, lost profits, or indirect/consequential damages (see General Terms of Service for limitation of liability)

5.2 Sole Remedy

Service credits are the sole and exclusive remedy for failure to meet this SLA's uptime, response, or resolution targets. Service credits do not provide any right to refund, service continuation, or other compensation.

5.3 SLA Modification

Entryscope may modify this SLA with 15 days' notice to existing customers. Changes apply to new orders immediately and to renewal of existing subscriptions on the next renewal date.

6. Incorporation into Service Agreement

6.1 Relationship to General Terms of Service

This SLA is incorporated by reference into the Entryscope General Terms of Service and forms a binding schedule/annex to the Service Agreement between Customer and Entryscope.

Order of Precedence (in case of conflict):

  1. Customer Order Form (including any Statements of Work, custom SLA riders)
  2. Service Description (functional commitments and feature definitions)
  3. This Service Level Agreement (operational SLAs, support, remedies)
  4. General Terms of Service (legal terms, liability, governance)

6.2 MSP Reseller Agreement Flow-Down

When Entryscope Services are provided via Managed Service Provider (MSP) or reseller partners:

  • The end customer is entitled to this SLA directly from Entryscope for Critical incidents affecting their data
  • MSP or reseller is responsible for L1 support and triage per reseller agreement terms; Entryscope provides L2/L3 support and escalation
  • MSP may not offer stronger commitments to end customer than Entryscope provides in this SLA without written Entryscope approval
  • Service credits flow from Entryscope to MSP/reseller; MSP is responsible for passing credits to end customer per reseller agreement
  • MSP/reseller support response times may exceed Entryscope targets if MSP is first point of contact; however, Entryscope's SLA targets apply to time from Entryscope engagement onward

7. Customer Obligations & Best Practices

7.1 Support Cooperation

To expedite incident resolution, customers should:

  • Provide detailed information on incident onset time, scope, and any error messages
  • Confirm reproducibility and testing environment details
  • Participate in troubleshooting steps provided by support (credential sharing, log export, etc.)
  • Communicate any parallel changes or third-party integrations triggered around incident time

7.2 Security & Compliance

Customers are responsible for:

  • Securing access credentials and API keys; not sharing them with unauthorized parties
  • Complying with Entryscope's acceptable use policy (no unauthorized scanning, reverse engineering, or data mining)
  • Notifying Entryscope immediately of any suspected security breach involving Entryscope access or data

8. Contact & Escalation

Primary Support Contact:

[email protected]

Response within SLA targets defined in Section 1.3 and 3.2

Back to Home