Standard Service Level Agreement

This Standard Service Level Agreement (“SLA”) applies to all services supplied by Sautech (Pty) Ltd unless superseded by a separate signed agreement between Sautech and the Client.

Where a signed customer-specific SLA exists, the signed SLA shall prevail.

By utilising any Sautech service — including hosting, cloud services, Microsoft 365, backup, disaster recovery, cyber security, monitoring, connectivity, managed services or consulting services — the Client agrees to this SLA.

This SLA may apply to:

• Shared Hosting
• Dedicated Servers
• Virtual Servers
• Cloud Hosting
• Microsoft 365 Services
• Backup Services
• Disaster Recovery Services
• Connectivity Services
• Managed IT Services
• Cyber Security Services
• Monitoring Services
• Hosted Applications
• Storage Services
• Remote Support Services

Sautech targets high availability across all platforms.

Unless otherwise agreed in writing, the standard uptime target for hosted services is:

The uptime calculation excludes:

• Scheduled maintenance
• Emergency maintenance
• Internet provider failures
• Fibre outages
• Power utility failures
• Third-party cloud provider outages
• Force majeure events
• Customer-caused interruptions
• Cyber attacks against third-party providers

Service availability is measured using Sautech monitoring systems.

No service credits shall apply unless specifically agreed in writing.

Response targets are not repair guarantees.

Where backup services are supplied:

• Backups are provided on a commercially reasonable best-effort basis.
• Successful backups do not guarantee successful recovery.
• Recovery times cannot be guaranteed.
• Backup integrity cannot be guaranteed in all circumstances.
• Backup services reduce risk but do not eliminate risk.

Clients remain responsible for:

• Verifying critical data is protected.
• Testing restoration procedures.
• Maintaining copies of critical information where required.

Sautech shall not be liable for loss resulting from failed backups, incomplete backups, corrupted backups or unsuccessful recovery attempts.

Disaster Recovery services are designed to improve business continuity.

Disaster Recovery services do not guarantee:

• Zero downtime.
• Zero data loss.
• Immediate restoration.
• Recovery of all data.

Actual recovery times and recovery points may vary depending on:

• Incident type
• System complexity
• Infrastructure availability
• Third-party provider availability
• Extent of corruption or damage

Cyber security services reduce risk but cannot eliminate risk.

No security service provided by Sautech guarantees protection against:

• Ransomware
• Malware
• Data breaches
• Insider threats
• Phishing attacks
• Zero-day exploits
• Advanced persistent threats

The Client acknowledges that cyber incidents may still occur despite security controls being in place.

The Client remains responsible for:

• Data ownership
• Regulatory compliance
• POPIA compliance
• Password management
• User access approvals
• Employee conduct
• Security awareness training
• Verification of backups
• Validation of business continuity requirements

Managed services do not transfer responsibility for the Client's data, systems, compliance obligations or cyber security governance to Sautech.

Cyber insurance, cyber warranty or cyber protection benefits shall only apply where explicitly confirmed in writing by Sautech.

No quotation, marketing material, proposal, presentation or website content shall constitute confirmation of cover.

All cyber insurance and warranty products remain subject to:

• Written confirmation
• Product eligibility
• Compliance requirements
• Insurer conditions
• Applicable exclusions

Sautech relies upon third-party providers including but not limited to:

• Microsoft
• Check Point
• SentinelOne
• N-able
• Veeam
• Internet Service Providers
• Domain Registrars
• Datacentres
• Cloud Providers

Sautech shall not be liable for outages, delays or failures caused by third-party providers.

Sautech shall not be liable for any failure, delay or interruption caused by events beyond its reasonable control. Such events include:

• Natural disasters
• Fire
• Flooding
• Civil unrest
• Labour action
• Government intervention
• Power grid failures
• Fibre cable theft
• Internet outages
• Datacentre failures
• Cloud provider failures
• Cyber warfare
• Large-scale cyber attacks
• Terrorism
• Pandemic events

Service levels shall be suspended during any force majeure event.

To the maximum extent permitted by law, Sautech shall not be liable for:

• Data loss
• Loss of profits
• Loss of revenue
• Business interruption
• Reputational damage
• Consequential damages
• Indirect damages

Regardless of cause.

Sautech's maximum liability shall not exceed the fees paid by the Client during the preceding three months for the affected service.

Sautech may suspend services without notice where:

• Accounts are overdue.
• Infrastructure security is threatened.
• Illegal activity is detected.
• Abuse of services occurs.
• Continued operation creates risk to other customers.

Use of any Sautech service shall constitute acceptance of this SLA.

This SLA may be amended from time to time and the latest published version shall apply unless superseded by a signed agreement.