INTEGRATION HUB PRODUCT SUPPLEMENTAL TERMS
Effective July 1, 2024
Introduction to the PowerPlan Integration Hub Product Supplemental Terms
The Product Supplemental Terms that apply to Client’s PowerPlan Integration Hub license are set forth below. Please review. By completing the procurement process, Client agrees to these Product Supplemental Terms. The Integration Hub platform is cloud hosted with a component installed on-premises, if necessary. The cloud component supports the following: 1) integration pipeline ETL definitions, 2) scheduling, and 3) Client target system configuration. No Client accounting data is stored in the Integration Hub cloud environment. The on-premises component supports the following: 1) integration pipeline ETL execution, 2) data processing, and 3) outbound connectivity, if necessary. These Product Supplemental Terms explain the service level and security commitments for the Integration Hub platform but do not impact the Maintenance Policy associated with Client’s license, except where noted.
PowerPlan may update these Product Supplemental Terms at any time, and the most current version available at https://powerplan.com/legal will apply to Client’s Integration Hub license upon Client’s next renewal. PowerPlan will provide a mechanism to obtain notice of updates, and Client should check regularly for updates.
To the extent capitalized terms are used in these Product Supplemental Terms but are not defined herein, they will have the same meaning as in Agreement, except that, as used in these Product Supplemental Terms:
“Client Data” means any Client-specific data, materials, or content stored on or transmitted to or between PowerPlan environments and Client’s non-PowerPlan environments using the Integration Hub.
“Client Metadata” means (1) pipeline and account definitions that allow the Integration Hub platform to connect and interact with Client’s environments, and (2) runtime logs which contain detailed information regarding specific processes executed by the Integration Hub platform for Client. For clarity, Client Metadata supports the execution of the Integration Hub platform and includes workflow data or encrypted account information and specifically excludes Client Data.
Service Levels
-
Generally. During the applicable license term:
-
With respect to production environments, PowerPlan will use commercially reasonable efforts to achieve at least 99.5% availability of the Integration Hub platform, not including Excused Downtime.
-
With respect to non-production environments, PowerPlan will use commercially reasonable efforts to achieve at least 99.5% availability of the Integration Hub platform during Business Hours, not including Excused Downtime.
-
-
Maintenance Services. PowerPlan’s obligations under these Product Supplemental Terms shall exist only so long as Client is entitled to Maintenance Services and for Versions of the Integration Hub for which PowerPlan has the obligation to make Patches available under the Maintenance Policy.
-
“Excused Downtime” means any of the following:
-
Force majeure events as set forth in the Agreement.
-
Data transmission failures outside the control of PowerPlan not caused by PowerPlan’s negligence or willful misconduct.
-
Maintenance outages, which are generally conducted between the hours of 8:00 P.M. Saturday to 8:00 A.M. Sunday, U.S. Eastern Time. Maintenance outages include, but are not limited to, the installation of Releases, third-party software updates, and routine server and application configuration changes. PowerPlan reserves the right to plan a scheduled outage outside the regular weekly maintenance window and will endeavor to provide Client with two (2) Business Days advance notice and limit these occurrences to emergency updates and maintenance or third-party maintenance outages.
-
-
Data Disposal. If the Maintenance Services for the Integration Hub are terminated, PowerPlan will erase all configuration data in Integration Hub within 60 calendar days from the termination date.
-
Exclusions. Client shall be solely responsible for any software and networking tools that are not provided by PowerPlan. Client’s responsibility includes all administrator activities, monitoring of any Client tools, and financial concerns. Client shall be solely responsible, at its expense, for establishing, maintaining, and operating Client’s connection to the Internet (the speed of which may have a significant impact on the responsiveness of the Integration Hub), including all computer hardware and software, properly configured web browsers, modems, and access lines.
Personnel
-
All personnel will undergo criminal background checks at the time of hire. PowerPlan may conduct additional background checks in its discretion based on the individual’s specific role within PowerPlan.
-
PowerPlan will contractually obligate all personnel to avoid inappropriate use or disclosure of the confidential information of PowerPlan and its clients as a condition of employment.
-
Personnel must follow with PowerPlan’s policies which have been designed in accordance with ISO27001 standards and cover:
-
Categorization of all data based on the sensitivity levels of information and form or media through which it is accessed;
-
Appropriate access, use, and retention controls and processes according to the categorization of data as noted above;
-
Acceptable use of the IT assets and network used by PowerPlan; and
-
Account and password management.
-
PowerPlan’s security team will review such policies no less often than annually.
-
PowerPlan will train all personnel on above referenced security policies and procedures, no less often than annually.
Standards for Third-Party Providers
-
PowerPlan will ensure third parties use industry standard security protocols and PowerPlan will annually perform a security review of third parties’ SOC 2 report to ensure they have no material weaknesses and are adequately remediating any findings. This includes, but is not limited to, ensuring the third party meets disaster recovery, backups, business continuity, change management, access controls, and personnel security standards.
-
For the cloud component of the Integration Hub Platform, Client may select one of the following regions to store the hosted Client Metadata:
-
United States
-
Canada
-
Australia
-
European Union
-
Security
Although the Integration Hub platform does not store Client Data, PowerPlan will maintain reasonable administrative, physical, and technical safeguards, consistent with SSAE 18 SOC 1 Type 2, ISAE 3402, and SOC 2 Type 2 designed to preclude the interception and maintain confidentiality of Client Data and Client Metadata. PowerPlan will not: (a) disclose Client Data or Client Metadata except as compelled by law or as Client expressly permits in writing, or (b) access Client Data or Client Metadata except to provide the Integration Hub platform or prevent or address service or technical problems, or at Client’s request in connection with support matters. Client will be responsible for maintaining reasonable administrative, physical, and technical data security safeguards with respect to any portion of the Integration Hub implemented on Client controlled hardware. Client shall promptly notify PowerPlan of a known or reasonably suspected security breach of Client’s IT infrastructure, the Integration Hub, or any Client application connected to the Integration Hub, and the parties will cooperate to minimize negative impacts of such breach. PowerPlan shall promptly notify Client of a known security breach involving Client’s instance of the Integration Hub platform, and the parties will cooperate to minimize negative impacts of such breach. Furthermore, PowerPlan shall not send any material containing known software viruses, worms, Trojan horses or other PowerPlan inserted harmful computer code, files, scripts, or agents.
Change Management
PowerPlan will not perform any of the following functions on the production instance of the Integration Hub platform without your written consent:
-
Modify Client Metadata data within the Platform
Such changes may also be generally referred to as Customer Initiated Changes (CIC). For non-emergency changes, PowerPlan will deploy the changes to production Monday-Wednesday, 8:00 am-5:00 pm EST after receiving Client approval for deployment. PowerPlan will deploy emergency changes to production as needed after receiving Client approval for deployment. Emergency changes have the meaning set forth in the PowerPlan Standard Maintenance Policy for Perpetual Licenses.
PowerPlan, or third-party providers, may implement the following changes to the Integration Hub platform (including any related systems, networks, and environments) without your written consent:
-
Emergency (Break/Fix Change) (EC): A change that must be implemented as soon as possible to restore service, avoid a service disruption, or avoid a critical security risk, provided that PowerPlan will provide notice once reasonably practicable in the event this type of change is necessary.
-
Standard Change (SC): A pre-authorized change that is low risk, relatively common and follows a procedure or work instruction (e.g. – operating system patches) or changes which are not likely or intended to modify the Client Metadata in the Integration Hub.
-
Multi-Tenant Solution Platform Change (MPC): PowerPlan, or third-party providers, will deploy these changes to Integration Hub production environment based on a published schedule.
Audits
-
PowerPlan will conduct SOC 1 Type II and SOC 2 Type II audits of its cloud hosting operations no less often than annually. The SOC 1 Type II and SOC 2 Type II reports will be available within ninety (90) days of the end of the applicable audit period. PowerPlan will provide the latest available reports to you upon written request.
-
For SOC 1 (SSAE18) purposes, in the event the last available SOC 1 Type II report does not cover your requested time period, PowerPlan will, upon written request, provide a letter which will include details of any major changes to controls since the last audit period, if applicable.
-
Clients do not have the right to conduct an independent audit or review of PowerPlan’s policies, procedures, or facilities (including Data Centers). However, subject to PowerPlan’s confidentiality obligation or limitations on disclosures in accordance with industry best practices and the advice of its security advisors and auditors, PowerPlan will work in good faith to provide reasonable information regarding its policies and procedures upon receiving your written request for the same. For the avoidance of doubt, any information provided pursuant to this Audit section must be kept strictly confidential and solely used for Client’s internal purposes.
Plans
-
PowerPlan will maintain a Cybersecurity Incident Response Plan, which is designed in accordance with ISO 27001 standards and will be reviewed and tested no less frequently than annually.
-
PowerPlan will maintain a Disaster Recovery Plan, which is designed in accordance with ISO 27001 standards and will be reviewed no less frequently than annually.
THE INTEGRATION HUB PLATFORM DOES NOT INCLUDE ANY CLIENT SECURITY REQUIREMENTS BEYOND THOSE SET FORTH IN THESE PRODUCT SUPPLEMENTAL TERMS AND POWERPLAN DOES NOT MAKE ANY OTHER REPRESENTATIONS OR CERTIFICATIONS REGARDING ITS SECURITY.