Records365 Service Description

Overview

The Records365 service provides organizations with a cloud-based information governance platform that is comprehensively operated and managed.

Records365 has an adaptable layer of intelligence that connects all your data and content across platforms, helping you achieve greater operational efficiency while keeping data compliant and reducing risk.

On-going assessment, proactive monitoring and reporting of the service along with a continuous update process ensures hassle-free compliance with your information governance requirements.

Records365 is available in multiple geographies in order to ensure that customer’s data sovereignty is maintained.

High-availability and continuous replication of data ensures service continuity should the primary data stores fail. High availability and replication within a data center region is included in the service.

We’re always searching for new ways to improve our products and services. Here are just a few of the ways we’re continually improving our technology, subject matter expertise, and commitment to ongoing innovation

Global reach with multiple data centers

In addition to our existing U.S. data center, we’ve expanded our customers’ global reach with data centers in the United States, Canada, the UK, and Australia, with more additions planned.

Evergreen upgrades

Records365 is always evolving. We are relentless in our pursuit to provide the best experience so that you can manage your information with an ever-growing suite of features and functions.

Extensive connector framework

We consistently release new connectors that help you extend advanced governance across multiple sources including Microsoft Exchange Online, Dropbox, Teams, and others. You can also develop your own custom connectors.

Your trusted partner

We understand security is paramount for our customers. In this trust portal you’ll find information about how RecordPoint keeps your information secure.

A better return on your investment

Our variety of plans and consumption-based licensing model help make it more affordable for any organization to subscribe to and implement Records365.

Last Updated: July 11, 2020

Architecture

Records365 consists of four major components, namely:

1. Intelligent Policy Engine
2. Connector Framework
3. Search
4. Secure Storage

The Intelligent Policy Engine sits at the heart of Records365. It is responsible for processing ingested objects from different content sources and the categorization of items using a powerful rules engine. Only the metadata of an object is required to be ingested into Records365 the file or document remains in place in the content source and can be edited by users in the content source.

The Intelligent Policy Engine allows customers to create a unified set of rules for applying information governance policies across all connected content sources.

The Connector Framework allows Records365 to easily manage content in multiple, heterogeneous content sources. A rich REST based API surface allows for content sources & types not natively supported to be rapidly integrated.

The Search component provides record managers with the ability to search through vast amounts of structured, semi-structured and unstructured data that is being managed by Records365.

Records365 federates with customer’s Azure Active Directory (AAD) to provide a seamless single sign-on (SSO) experience for users needing to access the Records365 web portal. As a result, users can use their corporate credentials to sign-in. In addition, any authentication policies such as multi-factor authentication are respected as well.

All service components are hosted on Microsoft Azure using a mix of virtualized compute resources as well as platform-as-a-service (PaaS) offerings.

All service components are built to be fault tolerant with multiple levels of redundancy. Processing tasks carried out by the service are spread across a cluster of compute nodes. Compute clusters are resilient to single and multi-node failures. Furthermore, compute clusters can be rapidly scaled to provide additional throughput when processing demand peaks. Storage & backup components of the service are geographically redundant.

Last Updated: July 11, 2020

Cloud Locations

Records365 operates out of Microsoft Azure data centers in four major geographical regions: North America, Canada, Europe and Asia Pacific.

We operate our global operations center (GOC) out of Sydney, Australia with additional centers in Seattle, USA and Reading, UK, providing true global “follow the sun” capability.

‍

Last Updated: July 12, 2020

Commercial Model

Overview

Records365 is offered on a plan-based consumption pricing model. Consumption is measured per item managed by Records365.

The service is available on term contracts for an annual service fee which is based on the Records365 plan and add-ons chosen by the customer.

The Records365 plan and add-ons chosen become fixed components of the minimum contracted service which determines the final annual price charged to a customer. Billing occurs annually in advance for the term of the agreement.

Additional add-ons or plan changes after the service is commissioned are billed in advance prorated to the anniversary date of the service. Plan changes and / or additional add-ons become part of the new minimum contracted service that a customer is charged for annually.

All plans include basic support as well as maintenance.

Records365 Plans

All Records365 plans are comprised of:

• Base Consumption Entitlement – this represents the number of managed items that are included with any given Records365 plan
• Maximum Consumption Entitlement – this represents the maximum number of managed items that can be managed with any given Records365 plan
• Essential Connectors – this represents the number of essential content sources that can be managed with the respective Records365 plan
• Starter Features – included in all Records365 plans
• Standard Features – included in Records365 Standard, Enterprise plans
• Enterprise Features – included in Records365 Enterprise plans
  
  

See features for a complete list of features included in each plan.

Records365 Add-Ons

Records365 add-ons can be added to any plan and comprise of:

• Essential Connectors – connectors to manage essential content sources beyond what is included in a plan
• Premium Connectors – connectors to manage premium content sources (i.e. email and / or chat)
• Modules – premium capabilities that are not included out-of-box in a plan (i.e. Classification Intelligence, Archiving, e-Discovery)
• Additional Consumption – additional packs of consumption that increase the consumption entitlement beyond what is included in a plan

See features for a complete list of add-ons that are available.

Managed Items

Managed items are considered any individual metadata object that has been ingested by Records365.

Managed items may include electronic and physical records as well as records containers (aggregations).

A managed item with multiple versions is commercially a single item.

Disposal Certificates

For any given entitlement of managed items, the customer is granted an additional fifty percent (50%) of managed items in disposal certificates. Disposal certificates are stubs of managed items that have been disposed through Records365. In the event that the allocation of disposal certificates is exhausted then additional disposal certificates will count towards the consumption entitlement of active items.

Example – Disposal Certificates

A customer who purchases the Records365 Standard plan is entitled to 3,000,000 managed items. An additional 1,500,000 managed items are granted in the form of disposal certificates. As a result, the customer can have up to 3,000,000 active managed items as well as 1,500,000 disposed items (disposal certificates).

Additional consumption purchased as an add-on to a Records365 plan increases the allocation of disposal certificates by 50% of the number of additional items purchased.

Example – Additional Consumption

A customer who purchases the Records365 Standard plan is entitled to 3,000,000 managed items as well as 1,500,000 disposal certificates. If the customer purchases additional consumption, as an add-on, of 3,000,000 items then their entitlements are increased as follows:

Consulting Services

Consulting services are considered extra and are charged at pre-agreed rates in addition to the service fee.

Invoicing

The annual service fee is billable in advance based on the minimum contracted service.

Additional charges are invoiced on an annual prorated basis.

Invoices are issued at the beginning of the month.

Renewals

RecordPoint will automatically generate renewal invoices 30 days in advance of term expiry.

Last Updated: July 12, 2020

Features

Records365 Features

The following table describes what features are included in each Records365 plan. For more information on Records365 plans please see Commercial Model.

Records365 Connectors

The following table describes each of the Records365 connectors that are currently available. For more information on essential and premium connectors please see Commercial Model.

‍

Service Responsibilities

The table below outlines the high-level areas of RecordPoint responsibility and customer responsibility across the Records365 service.

‍

Service Exclusions

In addition to the boundaries of the service defined in the section Service Elements, the Service specifically excludes the following:

• Office 365, other content sources or Records365 configuration and solution onboarding.
• Data migration and initial records submission.
• Network access or interconnection.
• Identity federation.
• Customer-specific security requirements.
• Custom certificates and other customer specific hardware and software requirements.
• Customer-specific solutions or system integration.
• Any item not explicitly described in the section Service Elements.
  
  

Last Updated: July 12, 2020

Prerequisites

Client Access

Records365 is designed to work with the following software:

• The current version of Edge and Chrome desktop browsers.
• The current version of Chrome for Android and IOS and Apple Safari on IOS.

To enhance security, all communication with the Service is conducted over a TLS connection.

Although RecordPoint does not recommend that you connect to Records365 by using older browsers and clients, we provide limited support so long as that software is supported by its manufacturer.

Specifically, if you continue to use older browsers and clients:

• Records365 won’t deliberately prevent you from connecting to the service.
• Records365 won’t provide code fixes to resolve problems related to those clients, but it will offer security fixes as needed.
• The quality of the user experience will diminish over time.

For the best experience using Records365, we recommend that you always use the latest browsers, Office clients, and apps. We also recommend that you install software updates when they become available.

Azure Active Directory (Azure AD)

Records365 leverages Azure AD to authenticate and authorize end-users as well as connecting to remote content sources via the connector framework. Azure AD is a pre-requisite for usage of the service. Azure AD is used to manage role assignments that provide end-users access to the Records365 portal through Azure AD.

Network Connection

The Records365 Service is hosted entirely within Microsoft Azure and is available on the public Internet. One or more network connections to the public Internet will be required in order to connect a customer’s network to the Service. All communication with the service is conducted over a TLS secured connection.

‍

Last Updated: July 12, 2020

Service Levels

The Records365 service is available to customers 24 hours per day, 7 days per week, 365 days per year.

From time to time the service may be impacted by maintenance windows. These windows will be communicated to customers via the Change Management process in advance and are not SLA impacting.

Service Availability and Service Levels

The Records365 Service is governed by a service level agreement (SLA) which is specific to you as a customer and forms part of your customer agreement.

The standard service availability, measured by Monthly Uptime Percentage for the Records365 service is 99.9%.

The method of calculation is shown below.

Downtime

Any period of time when the Records365 portal is unavailable and the service is not in a maintenance window. Unavailable is defined as an end-user being unable to connect to the Records365 portal (see service limitations for details).

No service levels are offered around ingestion latency from remote content sources. However, RecordPoint will endeavor to ensure that records are ingested continuously at a reasonable rate.

Monthly Uptime Percentage

The Monthly Uptime Percentage is calculated using the following formula:

(Service Minutes - Downtime Minutes ) / (Service Minutes)  x  100

Service Credits

Service Credits are your sole and exclusive remedy for any performance or availability issues for any Service under the Agreement and this SLA. You may not unilaterally offset your Applicable Monthly Service Fees for any performance or availability issues.

Service Credits apply only to fees paid for the particular Service, Service Resource, or Service tier for which a Service Level has not been met. In cases where Service Levels apply to individual Service Resources or to separate Service tiers, Service Credits apply only to fees paid for the affected Service Resource or Service tier, as applicable. The Service Credits awarded in any billing month for a particular Service or Service Resource will not, under any circumstance, exceed your monthly service fees for that Service or Service Resource, as applicable, in the billing month.

If you purchased Services as part of a suite or other single offer, the Applicable Monthly Service Fees and Service Credit for each Service will be available for the least expensive element of the service as determined by us in our reasonable discretion.

‍

Service Limitations

• The standard Service Level Agreement and any applicable Service Levels do not apply to any performance or availability issues:
• Due to connectivity issues on the client premise or the premise from which an end-user is attempting to connect from
• Due to content sources outages (for example, SharePoint Online, Box or DropBox experience an outage)
• Due to misconfiguration or issues with the client’s Azure Active Directory
• Due to factors outside our reasonable control (for example, natural disaster, war, acts of terrorism, riots, government action, or a network or device failure external to our data centers, including at your site or between your site and our data center)
• Due to redundancy limitations in the base Azure platform such as capacity and product availability issues that may arise during the partial or full outage of an Azure region
• Caused by Microsoft in the base Azure Platform or by third party
• That result from the use of services, hardware, or software not provided by us, including, but not limited to, issues resulting from inadequate bandwidth or related to third-party software or services
• Caused by your use of a Service after we advised you to modify your use of the Service, if you did not modify your use as advised
• During or with respect to preview, pre-release, beta or trial versions of a Service, feature or software (as determined by us) or to purchases made using subscription credits
• That result from your unauthorized action or lack of action when required, or from your employees, agents, contractors, or vendors, or anyone gaining access to our network by means of your passwords or equipment, or otherwise resulting from your failure to follow appropriate security practices
• That result from your failure to adhere to any required configurations, use supported platforms, follow any policies for acceptable use, or your use of the Service in a manner inconsistent with the features and functionality of the Service (for example, attempts to perform operations that are not supported) or inconsistent with our published guidance
• That result from faulty input, instructions, or arguments (for example, requests to access files that do not exist)
• That result from your attempts to perform operations that exceed prescribed quotas or that resulted from our throttling of suspected abusive behavior
• Due to your use of Service features that are outside of associated Support Windows; or
• For licenses reserved, but not paid for, at the time of the Incident.

Binary Protection

The binary protection feature of Records365 is not intended to substitute, in any way, shape or form, backups of the binaries (i.e. Word, Excel documents) in the content source(s) that are being managed by Records365. It is the responsibility of the client to ensure that appropriate backup & restore capabilities are in-place to protect content in the managed content source(s). Records365 binary protection supports binaries up to 500 MB in size. Any binary that exceeds this limit will not be protected by Records365.

Features in Preview

To obtain our customers’ early feedback and involve them on our Product development process, RecordPoint might make features available in a preview only mode. These features are made available to our customers with the following conditions.

Preview Features:

• Are not covered by our Standard Level Agreement;
• Are not covered by the RecordPoint Support;
• May have limited or restricted functionality;
• May be available only in selected geographical regions.
  

Last Updated: July 12, 2020

Backup and Redundancy

Backup & Restore

Records365 has technical and operational controls in place to ensure that customer data is backed up in a secure and redundant manner.

All Records365 customer data is backed up at the following frequency:

• Full backups are taken once a week
• Differential backups are taken twice a day
• Transaction log backups are taken every 5 minutes

Backups are stored in a geographically redundant manner which ensures that backups are available even in the event of a data center level failure.

Backups are encrypted at rest using AES-256 bit encryption.

Backups are retained for up to 7 days.

These technical controls have been put in place to ensure that Records365 customers incur minimal data loss in the event of a disaster or service outage.

Service Continuity & Disaster Recovery

Records365 uses a variety of technical controls as well as a distributed service architecture to maximize service availability.

Using a distributed service architecture, Records365 is able to spread processing tasks across clusters of compute nodes thereby eliminating service availability impacts of individual compute nodes failing.

In addition, the following technical controls are in place to maximize service availability:

• Service load balancing across compute clusters
• Persistent message queuing to enable service components to pass durable messages to each other
• Cloud-scale domain name systems (DNS)
• Segmentation of compute clusters into separate availability sets and update domains
• Availability sets ensure that compute nodes within the same availability set are serviced by the same physical hosts, storage units and network switches
• Update domains ensure that updates are applied in a rolling fashion (one-by-one) across a single compute cluster
• Storage redundancy to ensure that critical service data, such as customer data, is stored across multiple data centers

RecordPoint tests service continuity and disaster recovery automation and procedures on an annual basis to ensure that these are in line with the RPO and RTO below.

Recovery Point Objective

The Recovery Point Objective (RPO) represents the maximum amount of time for which data loss may occur in the event of the service outage.

RecordPoint currently offers an RPO of twelve (12) hours for Records365.

Recovery Time Objective

The Recovery Time Objective (RTO) represents the maximum amount of time before the service will become operational again after a service outage.

RecordPoint currently offers an RTO of forty-eight (48) hours for Records365.

Limitations

The above RTO commitment are not applicable in circumstances where the underlying base Azure platform is experiencing a complete outage in any of the Azure regions that Records365 is hosted in. In such scenarios, the RTO commitment only becomes effective once the impacted Azure region has recovered from the outage. The Records365 service has been designed to minimize data loss in the event of a service disruption by ensuring that connectors can track their progress of synchronizing changes from a connected content source in a durable way. This allows connectors to simply resume operation from where they left off prior to a service disruption.

‍

Last Updated: July 12, 2020

Security

Security is paramount at RecordPoint.

RecordPoint has a rigorous set of technical and policy-based controls in place to ensure that customer data is kept secure and confidential. These controls aim to comprehensively to cover the following areas:

• Incident management & reporting
• Security incident management & reporting
• Vulnerability management & reporting
• Change management
• Employee security awareness training
• Access control
• Data segregation & isolation
• Infrastructure, application & network hardening
• Patch management
• Logging and auditing
• Malware detection & prevention
• Intrusion detection & prevention
• Encryption standards
• Physical security standards

Technical Controls & Policies

The following controls are enforced by RecordPoint as part of operating the standard Records365 service:

‍

Last Updated: July 12, 2020

Security Certifications

SOC 2 Type 2

RecordPoint undergoes SOC 2 Type 2 audits to verify that technical and policy controls governing the security, availability and confidentiality of Records365 are operating correctly.

As part of the audit process, RecordPoint is assessed against the following trust service principles:

• Confidentiality – maintain all customer data as confidential
• Security – protect the service against unauthorized access
• Availability – maintain service availability for operation and use as committed or agreed

A 3rd party auditor verifies that these controls and policies pertaining to the trust service principles are operating through a series of on-site interviews, control demonstrations and evidence-based analysis.

The latest SOC 2 Type 2 report can be made available upon request by emailing compliance@recordpoint.com.

‍

Last Updated: July 12, 2020

Service Updates

Maintenance Windows

Maintenance windows enable planned service interruptions so that essential maintenance, repairs, housekeeping or service upgrades can be carried out.

Such windows will be raised and notified through the change management process. Notification and approval will include, but not be confined to, the primary customer contact.

Service Updates

Records365 is an evergreen service and service updates are regularly applied to Records365. Service updates incur no downtime and the Records365 will remain available for the duration of the update being applied.

In special circumstances, RecordPoint may need to perform more complex service updates where the Records365 becomes temporarily unavailable. In such cases, RecordPoint will schedule a maintenance window.

‍

Last Updated: July 13, 2020

Service Monitoring & Management

The service provides a fully managed and supported records management service consisting of:

• The Records365 platform, which includes a secure managed networking, compute, storage, and platform infrastructure.
• The Records365 support portal which provides the ability to log and track service incidents, resolution of acknowledged service bugs and processing of enhancements, as well as access to RecordPoint online resources.
• The background IT service and system management systems which are used to provide issue, problem, incident, change and release management.

Systems Management

A variety of systems are in-place to ensure that the systems that underpin Records365 are properly managed and monitored. These consist of:

• Help Desk System – System for clients to log support requests and work with RecordPoint support representatives

• In our Australian data center, privileged accounts with access to sensitive data are only granted to Australian citizens.

• Application Monitoring Tools

• Realtime monitoring of critical application & infrastructure metrics
• Realtime alerting based of the metrics collected using the monitoring tooling
• Historical reporting for trend & capacity analysis

• Security Monitoring

• Continuous vulnerability assessments for virtual hosts and virtual networks
• Realtime monitoring of network traffic and security events for threat analysis and protection

• Backup Tools – Capabilities such as virtual machine snapshotting and backup of critical storage components
• Change Tracking System –Platform for raising, evaluating and tracking changes to production systems
• Source Control System – Platform for engineers to submit and peer review enhancements and bug fixes to the various components that make up the service

Service Monitoring and Capacity Management

The Records365 service is monitored 24 hours per day by our Site Reliability Engineering (SRE) team.

Applications, virtual hosts, networks and storage are continuously monitored to ensure that the service operates within desired service levels. Capacity is monitored to ensure that there is adequate compute, storage and networking resources to support the current service utilization plus any anticipated growth in utilization.

We also store anonymous data that allows us to track system trends, user activity, and the technical effects of on-boarding new customers and new releases.

Anonymous usage data is collected for capacity planning and monitoring purposes.

The following table shows indicative response times to proactively monitored events.

‍

Last Updated: July 13, 2020

Support

RecordPoint provides support services to Records365 customers to ensure that any issues and questions encountered are resolved in a timely fashion.

RecordPoint offers a “follow-the-sun” support model in which support tickets are handled by and passed between support desks for increased responsiveness and around the clock support.

Upon commencement of the service, customers are onboarded to the RecordPoint support portal which can be used to log support tickets (service requests) and access the RecordPoint knowledge base.

Support desks are situated in the locations listed below. Each support desk has its own dedicated phone number.

• Sydney, Australia
• Seattle, United States
• Reading, United Kingdom

RecordPoint will support the service in conjunction with the service levels defined in the customer agreement document.

Support Entitlements

The following table describes the support entitlements are included in each Records365 plan.

A RecordPoint support engineer will assess new service requests and adjust the priority, if necessary, in line with the priority levels described below.

Service Request Priorities

The following table describes how RecordPoint support assesses the priority of a new service request.

‍

Service Request Logging

Service request logging is provided via web support portal, email and telephone.

The fastest method to get a response and a Support Engineer working on your problem is using the RecordPoint support portal. Regardless of whether service requests are logged by web, email or telephone, they are managed using the customer support portal and this will be the place where progress on support calls is reported and managed.

Last Updated: July 13, 2020

Onboarding & Offboarding

Service Activation

The Records365 service activation process consists of capturing information in the Service Data Sheet and various forms and documents that outline the service requirements, including production, staging and development service instances, site and contact details.

Information relevant to service activation includes items such as:

• Security requirements, including identity and access requirements
• Number of records
• Content sources to be managed
• Estimated content size in TB by content source (if archiving)
• Records365 Administrators
• Customer contacts for the service

Depending on the customer needs the RecordPoint offloading process service may incur additional costs charged on a cost recover basis.

The activation process then consists of the following:

• Appointment of an Onboarding Manager for the customer.
• Onboarding kick-off meeting.
• Provision of information.
• Service delivery enablement and acceptance.

Service Activation Pre-requisites

The following are pre-requisites to on-boarding:

1. Signed Customer Contract/Agreement
2. Customer purchase order
3. Approved Migration Plan

The Migration Plan is a plan outlining the phasing of users onto the service, the major technical activities required, such as access planning, security requirements and a plan for the initial submission of records into the Records365 service.

Additional Services

The following services are additional to the standard activation process and require additional scoping and investment.

• Migration Design and Implementation.
• Identity Federation.
• Other Advisory Services such as network access plan, security assessment, migration readiness, etc.
• Other customer-specific onboarding activities.

Offboarding

The service off-boarding process consists of reviewing information in the Service Data Sheet, the various forms and documents that outline the customer’s provisioned services, including production, staging and development service instances, site and contact details.

The service deactivation process then consists of the following:

• Service deactivation according to the agreed plan.
• Furnishing of final backups to customer.
• Final invoicing.
• Customer satisfaction survey.

Last Updated: July 13, 2020

Encryption Statement

At RecordPoint we are committed to upholding the strictest security on information that we retain and also to ensuring that your information remains protected when our solutions communicate with you or on your behalf.

We have made it our policy to encrypt and secure information that travels between our Records365 service and user computers, information that travels between the components of our systems that communicate over the internet and for critical data at rest.

This statement provides a summary on the use of encryption in the Records365 service and in related RecordPoint computer and communications systems.

Information In Transit

Transport Layer Security (TLS) secures communication transmitted over the Internet using standard encryption technology. Securing communication this way reduces the risk of interception, eavesdropping and forgery.

In Records365, our TLS usage has the following attributes:

• RecordPoint uses TLS uniformly across all publicly available services – including our Azure hosted web services
• RecordPoint does not make use of transport layer security prior to TLS 1.2, such as SSL 3.0 or other previous versions with well-known vulnerabilities.
• For internet communication RecordPoint makes use of signing and encryption certificates issued by Public Certification Authorities using SHA-256 (SHA2) and a key length of 2048. Depending on the client a typical cipher negotiation would be AES256-SHA.
• TLS configuration and cipher strength is reviewed annually by a third party auditor that verifies the correct TLS configuration (TLSv1.2 and above) as well as removal of weak ciphers

Information & Data Storage

Records365 applies encryption at the following layers:

• Transparent Data Encryption is applied to our Azure SQL (Postgres) clusters and instances to ensure that data stored is secure. All data stored by the service is secured via the Azure Storage Service through 256 bit AES encryption that is always on and cannot be turned off and is FIPS 140-2 compliant. Azure SQL for Postgres inherit network security and compliance from Microsoft Azure and provide a managed layered security model with DDoS protection, a secure gateway, SSL encrypted network traffic, native firewalls, native authentication, and finally all data is automatically encrypted by the service. This primarily protects against a scenario where the physical media (such as drives or backup tapes) are stolen and a malicious party is able to restore or attach the database and browse the data.
• Backup Encryption is applied to all Azure SQL (Postgres) backups which are encrypted using AES 256-bit encryption. Backups are automatically managed by Azure.

Algorithms

Ciphers in use meet or exceed the set defined as “AES-compatible” or “partially AES-compatible” according to the IETF/IRTF Cipher Catalog, or the set defined for use in the United States National Institute of Standards and Technology (NIST) publication FIPS 140-2, or any superseding documents according to the date of implementation.

Signature algorithm used is typically RSA with 2048 key length, PKCS#7.

‍

Last Updated: July 13, 2020

‍