Service Level Agreement (SLA)‍

Procys legal documentation

Scope of the Service Level Agreement

Procys is committed to maintaining the highest standards of information security. As part of this commitment, Procys is ISO/IEC 27001:2013 certified. This certification ensures that Procys has established and implemented a robust Information Security Management System (ISMS) to manage and protect customer data effectively. The procedures and practices outlined in this SLA are designed to comply with ISO/IEC 27001:2013 standards, ensuring the confidentiality, integrity, and availability of information. This SLA describes the product availability and support provided by Procys towards Customer. The following API and Services are supported by Procys:

API Service

Document data recognition (OCR) and classification (ML)

Through Procys RESTful API Customer extracts data from documents based on the list of standard fields available.:


Fields defined on the API documentations: https://docs.procys.com/dashboard/getDocument

SENDING DOCUMENTS Using API method POST, Customer sends an invoice file to Procys for automatic data extraction
FORMATS / SIZE Acceptable Invoice formats include PDF, JPG, or PNG and contain a single invoice (Max. 15 pages)
DOCUMENT TYPE Native-text files are processed by Procys <45 secs, scanned documents <60 secs per page
PROCESSING TIME PDF invoices can contain native text & images (like company logos) or be image-based (scans)
PROCESSED FILES Procys returns extracted invoice data via API method GET to the Customers chosen interface
TRAINING DATA Customer returns manually validated invoice data via API method PUT to retrain Procys engine

Custom invoice fields and/or additional machine learning options (different document types) are available during Access where sufficient data is available to train the Procys data extraction engine (i.e. 1,000+ documents per month).

Procys will monitor the availability and correct workings of the API(s) and Services & will take the appropriate incident management actions when such API(s) and interfaces are not functioning as designed.

Service Window

The Service Window for Procys managed services and support is as stated in the table below. During this window it is expected that Procys support is available to accept and resolve incidents.

API / SERVICE TECHNICAL SUPPORT
24 Hours per day Working Hours (CET)

Working hours are defined as Monday to Friday from 08:00 to 18:00 CET. Exceptions to Working Hour support are made for official public holidays in the European Union and Russia.

Service Entries

Service Entries are contact points for incidents, problems and disruptions, both during and outside business hours, for any incidents or service requests the following contacts will apply:

PARTY SERVICE DESK (Phone) SERVICE DESK (EMAIL) TICKET METHOD
Procys - General Support Whatsapp: +34 674 39 82 43 [email protected] Email & Support Form

Service Availability

Procys will ensure that the Service Availability percentage (i.e. Uptime) will meet or exceed the value(s) mentioned in below table

SERVICE UPTIME %/ PERIOD MEASUREMENT PERIOD
Document Data Extraction API 98% Month

Maintenance Windows in which (maintenance) releases/changes/ML engine training are deployed, are not taken into consideration for Service Availability (i.e. Up- or Downtime during these Windows does not affect Service Availability).

When the agreed Service Availability is expected to become less than agreed for a certain period, Procys will inform Customer immediately or at latest within 1 business day.

Incident and Problem Management

Incidents and Problems are determined based on the “Impact” and “Urgency” of the disruption and help us apply the correct response and target resolution times. All incident management procedures are aligned with ISO/IEC 27001:2013 standards to ensure a systematic approach to managing and resolving incidents.

Impact is determined by looking at the service availability and/or other factors that negatively affect the usage or delivery of the API/Services and are impacted by the incident or problem reported. Urgency will be determined by the extent to which the incident or problem resolution can bear delay, e.g., how critical the affected function is for the product to function and how fast it will lead to business impact.

PRIORITY HIGH MEDIUM LOW
INCIDENT TYPE Service Unavailable Service Unavailable Minor Service Disruption

Incident Response and Resolution

Based on the Procys Priority scale, the Incidents are mapped to the below Service Level Agreement goals for Incident Response and Resolution times.

PRIORITY HIGH MEDIUM LOW
RESPONSE TIME Immediate (Max. 4 hours) Within 1 working day Within 2 working days
RESOLUTION TIME Within 3 working days Within 5 working days Within 30 Calendar days

The RESPONSE TIME is the period between Customer sending a ticket to Procys and confirmation that the message or ticket from Customer has been received.

The RESOLUTION TIME is the time between confirmation that the message or ticket from Customer has been received and the ticket being resolved or closed by Customer.

Measurement of Resolution times starts either from (whichever comes first) the moment of:

  1. Confirmation of receipt of the Incident at the Procys service desk, or
  2. Incident logging in the Procys ticketing tool (if applicable), or
  3. Event notification by Procys monitoring tool/process.

Major Incidents and Escalation (Contacts)

Customer and Procys will have frequent (or even continuous) communication, in terms of progress, impact and updates. When requested, Procys will be available to join technical meetings or escalation sessions on short notice.

Where required, issues can be escalated hierarchically. This can be the case for major incidents or where maintenance and support agreements and/or additional services are not met.

COMPANY ROLE / FUNCTION NAME PHONE EMAIL
PROCYS (3) Support Channel - [email protected]
PROCYS (2) Product Manager Akshay Rao [email protected]
PROCYS (1) Company Director Hicham El Hafed [email protected]

Versioning and Maintenance

Maintenance Windows for preventive, corrective and adaptive maintenance are to be aligned between Customer and Procys. The following standard maintenance windows are defined for Procys :

API / SERVICE (ML Engine Update) WITH Impact or Outage or Risk WITH NO Impact or Outage or Risk
Our Machine Learning Engine is trained every working day during 00.00-02.00 CET. No Impact, Outage or Risk is expected Not fixed. Deployments possible at all times but will always be aligned with Customer upfront Not fixed. Deployments possible at all times, no notification required

Procys maintenance schedule/releases/changes within such Maintenance Windows, excludes public holidays, freeze periods, and waivers received from Customer in writing.

Procys may deploy (maintenance) releases/changes at any time without prior notice to Customer if such releases or changes have no impact/outage or high risk for the API and Services agreed.

Procys ensures to deploy new versions, releases, and updates to the API and Services to solve defects and/or errors, keep the API and Services up-to-date  or otherwise improve the operation or functionality of the API and Services, which may include bug fixes.

Monitoring

Monitoring is required for all essential functionalities of the API and Services. This will ensure that the API and Services are functioning and performing (together) the way they should, and according to the defined service levels. Procys will implement the appropriate monitoring for all of the services (e.g., functions, systems, interfaces, etc.) in its scope during the delivery of the service, including system, performance, stability, usage, and security monitoring.

All monitoring activities are conducted in compliance with ISO/IEC 27001:2013 standards, ensuring that any anomalies or issues are promptly detected and addressed to maintain the security and performance of the services.

Data Storage

For the avoidance of any doubt, Procys will store a copy of the OCR processed document within its data storage servers hosted by Amazon Web Services, at locations inside the European Union. Storage of training data is located at our stage environment in the Netherlands. Storage of documents can be restricted to ONLY territories within the European Union at the written request from Customer at any time during the delivery of the service.

All data handling and storage practices are conducted in compliance with ISO/IEC 27001:2013 standards, ensuring robust security measures are in place to protect against unauthorized access, data breaches, and other security threats. This includes regular audits, risk assessments, and implementation of necessary controls to safeguard customer data.

Reporting

Procys will provide reporting functions to Customer for the purpose of tracking invoice processing activity. Access to reports will be through a user interface provided by Procys or Monthly Summary reports manually sent to Customer.

All reporting activities will adhere to ISO/IEC 27001:2013 standards, ensuring accurate and secure reporting of service performance, incidents, and other relevant metrics.

REPORT NAME PURPOSE
MONTHLY SUMMARY - USAGE REPORTING: Monthly summary of billed usage
- INCIDENT SUMMARY: Achieved Service Levels versus KPI´s
- SERVICE PERFORMANCE: Achieved Service Levels or KPI´s
- IMPROVEMENTS: Improvements implemented or in progress
- OUTLOOK: Planned changes, deployments and/or risks