This part of the iSHARE scheme is considered normative and is therefore compliant with RFC 2119.
For Certified Parties, the following service levels apply:
Availability is a measure of the time a service is in a functioning condition. It includes the availability window and the maintenance window.
The availability window includes the times at which Certified Parties guarantee the availability of their service.
Norm: 24 hours * all days of the year
Minimum level required: 99% availability* per calendar month, from 00:00-23:59h
*Planned maintenance does NOT count as unavailability
The maintenance window includes the times at which Certified Parties can perform planned maintenance, that is likely to result in downtime, to their service(s). If no downtime is expected, maintenance can take place outside of the maintenance window. Planned maintenance does NOT include incident resolution, as this can take place outside the maintenance window as described under incidents.
- The maintenance window includes the nights from Friday to Saturday and from Saturday to Sunday, from 00:00-5.59h;
- Maintenance MUST be announced to the impacted parties directly as well as to the Scheme Owner**;
- Announcements MUST be made at least 10 working days before the maintenance and MUST include date, time, and impacted service(s).
**The Scheme Owner presents an overview of its own and Certified Parties' current and planned maintenance on its website
Performance includes the time it takes for a service to respond when requested or called upon; i.e. the time a Certified Party's service takes to respond to a received message.
- 95% of messages MUST be responded within 2 seconds;
- 99% of the messages MUST be responded within 5 seconds;
- Each Certified Party MUST be able to process at least 100 simultaneous messages while meeting above requirements.
An incident is an event, not part of the standard service operation, that results in a potential impact or risk with regards to the quality, availability, confidentiality and/or integrity of (data within) the iSHARE Scheme. This ONLY includes the data used for identification, authentication and authorisation purposes in the context of data exchange, but not the contents of the actual data exchange.
Three classifications of incidents are recognised within iSHARE, as explained in the incident management process:
- Minor incident;
- All incidents MUST be communicated by the Certified Party(s) to the Scheme Owner directly after they are discovered;
- Communication MUST include date, time, incident level as estimated by the Certified Party(s), argumentation including impacted service(s), and a potential incident manager;
- In case of a calamity or crisis, the Certified Party MUST have an incident manager available during working days, and SHOULD have an incident manager available 24 * 7;
- An update on the incident MUST be communicated to the Scheme Owner*:
- For minor incidents, at the end of each working day;
- For calamities, within 2 hours of every significant update and at the end of each working day;
- For crises, within 2 hours of every significant update and every 4 hours.
- All incidents SHOULD be handled by the Certified Party (in cooperation with the Scheme Owner as per the incident management process) within 3 working days after being appointed as the responsible party - unless agreed otherwise.
*In line with the incident management process, the Scheme Owner presents an overview of current calamities and crises on its website
Support by Certified Parties includes answering questions and requests from Adhering Parties.
Norm: Certified Parties are available for support via e-mail; they MUST confirm receiving a question/request within 1 working day. They SHOULD send an underpinned reaction (with an answer/solution or at the very least a direction) within 5 working days.
Reports are meant to monitor both compliance to the service level agreements and the (growing) use of the iSHARE network, as described in the management reporting process. The following will be reported on (non-exhaustive):
- Number of relations with Adhering Parties;
- Number of transactions;
- Number of transactions per Adhering Party;
- Number of incidents.
Certified Parties are expected to collect management information about each month: 0:00h on the first day to 23:59h on the last.
Norm: each Certified Party MUST deliver the management information about the last month, conform the iSHARE template, before 23:59h on the 5th working day of the current month