Procys is committed to maintaining the highest standards of information security. As part of this commitment, Procys is ISO/IEC 27001:2013 certified. This certification ensures that Procys has established and implemented a robust Information Security Management System (ISMS) to manage and protect customer data effectively. The procedures and practices outlined in this SLA are designed to comply with ISO/IEC 27001:2013 standards, ensuring the confidentiality, integrity, and availability of information. This SLA describes the product availability and support provided by Procys towards Customer. The following API and Services are supported by Procys:
Document data recognition (OCR) and classification (ML)
Through Procys RESTful API Customer extracts data from documents based on the list of standard fields available.:
Fields defined on the API documentations: https://docs.procys.com/dashboard/getDocument
Custom invoice fields and/or additional machine learning options (different document types) are available during Access where sufficient data is available to train the Procys data extraction engine (i.e. 1,000+ documents per month).
Procys will monitor the availability and correct workings of the API(s) and Services & will take the appropriate incident management actions when such API(s) and interfaces are not functioning as designed.
The Service Window for Procys managed services and support is as stated in the table below. During this window it is expected that Procys support is available to accept and resolve incidents.
Working hours are defined as Monday to Friday from 08:00 to 18:00 CET. Exceptions to Working Hour support are made for official public holidays in the European Union and Russia.
Service Entries are contact points for incidents, problems and disruptions, both during and outside business hours, for any incidents or service requests the following contacts will apply:
Procys will ensure that the Service Availability percentage (i.e. Uptime) will meet or exceed the value(s) mentioned in below table
Maintenance Windows in which (maintenance) releases/changes/ML engine training are deployed, are not taken into consideration for Service Availability (i.e. Up- or Downtime during these Windows does not affect Service Availability).
When the agreed Service Availability is expected to become less than agreed for a certain period, Procys will inform Customer immediately or at latest within 1 business day.
Incidents and Problems are determined based on the “Impact” and “Urgency” of the disruption and help us apply the correct response and target resolution times. All incident management procedures are aligned with ISO/IEC 27001:2013 standards to ensure a systematic approach to managing and resolving incidents.
Impact is determined by looking at the service availability and/or other factors that negatively affect the usage or delivery of the API/Services and are impacted by the incident or problem reported. Urgency will be determined by the extent to which the incident or problem resolution can bear delay, e.g., how critical the affected function is for the product to function and how fast it will lead to business impact.
Based on the Procys Priority scale, the Incidents are mapped to the below Service Level Agreement goals for Incident Response and Resolution times.
The RESPONSE TIME is the period between Customer sending a ticket to Procys and confirmation that the message or ticket from Customer has been received.
The RESOLUTION TIME is the time between confirmation that the message or ticket from Customer has been received and the ticket being resolved or closed by Customer.
Measurement of Resolution times starts either from (whichever comes first) the moment of:
Customer and Procys will have frequent (or even continuous) communication, in terms of progress, impact and updates. When requested, Procys will be available to join technical meetings or escalation sessions on short notice.
Where required, issues can be escalated hierarchically. This can be the case for major incidents or where maintenance and support agreements and/or additional services are not met.
Maintenance Windows for preventive, corrective and adaptive maintenance are to be aligned between Customer and Procys. The following standard maintenance windows are defined for Procys :
Procys maintenance schedule/releases/changes within such Maintenance Windows, excludes public holidays, freeze periods, and waivers received from Customer in writing.
Procys may deploy (maintenance) releases/changes at any time without prior notice to Customer if such releases or changes have no impact/outage or high risk for the API and Services agreed.
Procys ensures to deploy new versions, releases, and updates to the API and Services to solve defects and/or errors, keep the API and Services up-to-date or otherwise improve the operation or functionality of the API and Services, which may include bug fixes.
Monitoring is required for all essential functionalities of the API and Services. This will ensure that the API and Services are functioning and performing (together) the way they should, and according to the defined service levels. Procys will implement the appropriate monitoring for all of the services (e.g., functions, systems, interfaces, etc.) in its scope during the delivery of the service, including system, performance, stability, usage, and security monitoring.
All monitoring activities are conducted in compliance with ISO/IEC 27001:2013 standards, ensuring that any anomalies or issues are promptly detected and addressed to maintain the security and performance of the services.
For the avoidance of any doubt, Procys will store a copy of the OCR processed document within its data storage servers hosted by Amazon Web Services, at locations inside the European Union. Storage of training data is located at our stage environment in the Netherlands. Storage of documents can be restricted to ONLY territories within the European Union at the written request from Customer at any time during the delivery of the service.
All data handling and storage practices are conducted in compliance with ISO/IEC 27001:2013 standards, ensuring robust security measures are in place to protect against unauthorized access, data breaches, and other security threats. This includes regular audits, risk assessments, and implementation of necessary controls to safeguard customer data.
Procys will provide reporting functions to Customer for the purpose of tracking invoice processing activity. Access to reports will be through a user interface provided by Procys or Monthly Summary reports manually sent to Customer.
All reporting activities will adhere to ISO/IEC 27001:2013 standards, ensuring accurate and secure reporting of service performance, incidents, and other relevant metrics.