Context
This Service Description provides information on BySide platform provided by BySide pursuant to the Agreement between BySide and the Subscriber.
Onboarding
Introduction
The onboarding is the initial stage of the project. It starts with an introductory meeting to share the vision and expectations. After the goals for the contracted period are defined there will be an activation plan created, with a series of proposed actions to be implemented.
The BySide onboarding team will initiate the onboarding following the signature of the Agreement.
Onboarding will start with a kick-off session to discuss Subscriber’s challenges and to define the goals to be achieved during the contracted period. The Subscriber will get to know BySide’s team and the assigned account manager for the project. In this meeting, it is also important for the Subscriber to share how the company is structured and who will take part in the project.
Activation Plan
Based on the information obtained in the activation meeting BySide may create an activation plan. This document explains the strategy with the proposal of a series of initiatives to address the defined goals, each with their own KPIs and targets.
Onboarding Handover
The final part of the onboarding is the preparation and transition for production. Our teams will set up the account, and when ready, the Account Manager will send the onboarding guide, a document providing user access to our platform and implementation instructions. During this phase, the Account Manager will also schedule the first training sessions with the Subscriber.
Trial
BySide may agree with the Subscriber to start engagement with a Trial. This period can last from a few weeks to a few months depending on the scope of Services to be implemented. During this period, and as a partner throughout the process, BySide works closely with the Subscriber in executing the strategies proposed in the activation plan and in making sure that everything is working properly. This is how we ensure the Trial will be a success both for the Subscriber and for BySide.
Monthly Report
At the end of each month of the Trial the project progression in terms of goals achievement will be evaluated jointly, based on the determined milestones defined in the activation plan. In these reports besides being presented the monthly results, it is also provided a series of orientations to optimize the current results, that can originate in changes in the ongoing initiatives, or in the implementation of new ones.
Scope
Onboarding can include (a subset of) the following
Set goals and initiatives
Start service integration
Get familiar with the platform
Activate touchpoints
Optimize campaigns
Launch new features
Apply A/B tests
Analize campaign conversion rates
Evaluate achievements
Work on long term actions
BySide Infrastructure
Data Centers
The BySide platform is deployed in 2 Data Centers managed by third-party vendors using a IaaS (Infrastructure as a Service) setup. There are also some services which are deployed into data centers from public cloud vendors (such as Amazon Web Services or Google Cloud Platform). These data centers are operated in alignment with the Tier III+ guidelines (as per the Uptime Institute classification) and all vendors are ISO-27001 certified.
Byside runs 3 production zones and Subscriber will be assigned into 1 of the production zones according to the geographic location and time zone of the Subscriber – in order to align with the maintenance time windows.
Data Backup and Restore
Backup Scope
BySide’s infrastructure is designed with active data replication in high-availability (HA) architecture to provide resilience and data availability in disaster recover scenarios, reducing the dependency on backups. This robust system is engineered to provide maximum uptime and reliability, effectively handling most potential disruptions without significant impact.
When such a setup is not possible, or keeping multiple restore points of a dataset is required, filesystem and/or dataset backups are performed. Currently, the following systems are backed up:
Relational databases.
Subscriber files (public and private files, service configurations, etc.).
Applicational logs (using external log collection system).
These backup processes are strategically organized by zones, encompassing both production services and our designated service zones. This comprehensive approach ensures that all critical data within these areas are systematically backed up, maintaining the integrity and availability of our essential services.
Data Retention
Backup retention policies are specific to each data storage system. As a rule, the following retention policies are applied:
Relational databases – 5 daily backups, 4 weekly backups, 3 monthly backups.
Subscriber files – 5 daily backups, 4 weekly backups, 3 monthly backups.
Applicational logs – We have different retention periods depending on the source of logs (service, application) that range from a minimum of 7 days to a maximum of 6 months.
Additionally, in the event of system failures (such as disaster recovery scenarios), longer retention periods are automatically activated to ensure safe restoration once the environment returns to a healthy state.
Backup Frequency
Backup frequency is configured as follows:
Relational databases – daily snapshots.
Subscriber files – daily snapshots.
Application logs – continuously stored.
Restore Point Objective (“RPO”) and Restore Time Objective (“RTO”)
In a situation where data needs to be restored from backup, Subscriber has a RPO of 24 hours and an RTO of up to 12 hours.
Monitoring
BySide monitors its systems 24/7, using a wide range of monitoring solutions and tools internally, using a proactive approach and ensuring the swift identification and resolution of potential issues.
BySide’s monitoring can be separated into two levels:
Basic: includes any hardware/virtual machine/application checks (such as availability, CPU usage, disk health, memory utilization and network performance), as well as external system checks, licenses and certificate expiration, etc.
Advanced: Adds business intelligence Key Performance Indicators (KPIs), often in a Subscriber specific configuration.
Monitoring Tools
The following tools are used internally by BySide Operations team:
Zabbix – Utilized for its robust monitoring capabilities, Zabbix helps in tracking various system metrics, alerting us to any irregularities in real time.
Atlas – Our custom-developed monitoring tool, Atlas, is specifically designed to provide detailed monitoring of the services we offer to our Subscribers. It plays a crucial role in ensuring the correct functioning of all services, allowing us to maintain high service quality and reliability. With Atlas, we can closely observe and manage the nuances of our service delivery, ensuring that we meet our Subscribers' needs effectively.
Grafana – A powerful tool for visualizing real-time data, Grafana aids in the analysis and interpretation of complex data sets, allowing for quick identification of trends and potential issues.
Additionally, BySide platform provides a powerful data-exploration functionality where dashboards and reports can be built to extract and monitor important business KPIs that are relevant for each Subscriber business operation. Those dashboards can be accessed by the Subscriber to follow the performance of the operation.
Maintenance Services
BySide platform has been architected with high-availability in mind and most of the Maintenance Services such as deployment of new releases, hot-fixes, patches can be done without any disruption to the Service or downtime.
In the event a Service impact or downtime is expected for a Maintenance Service, Byside has defined maintenance time windows depending on the Production Zone. These maintenance windows were chosen to fit with the time where less traffic is expected, and contact center operations are not active in the majority of our Subscribers:
WE1 (Western Europe 1) and WE2 (Western Europe 2): 00h00-06h00 (WET)
SA1 (South America 1): 00h00-06h00 (BRT)
In case of downtime during planned Maintenance Services occurring during the maintenance window, that downtime will not count towards the SLA for System Availability (%).
Impacting Maintenance
Whenever Service impact is expected during a planned maintenance activity scheduled by BySide, BySide will use commercially reasonable efforts to provide at least 3 business days notice to the Subscriber.
Emerging Maintenance
In the event of a critical security patch which endangers BySide platform, BySide will execute the patch work, informing the Subscriber at least 24 hours before the emergency maintenance is carried on.
Security
BySide’s security protocols are rigorously enforced to safeguard our data and systems, limiting access to resources only to authorized BySide personnel.
Key security measures applied at BySide:
Restricted Access – In alignment with the least privilege principle, BySide’s security protocols mandate that access to our systems is strictly limited to BySide team members and only to those team members who need to access the systems to perform maintenance activities. We adhere to a clear policy of granting only the essential level of access necessary for everyone's job responsibilities. This strategy effectively minimizes potential risks by ensuring that sensitive information and critical systems are safeguarded against unauthorized access.
Data Center Access Control – BySide’s data centers (“DCs”) have stringent access control measures in place, where entry and exit are closely monitored and regulated. Access is granted exclusively to employees who require direct interaction with the DCs as part of their job roles. Every access event is meticulously recorded, and the list of authorized personnel undergoes a rigorous annual review and update. This practice not only ensures that we maintain an up-to-date and precise record of individuals with physical access to our critical infrastructure but also aligns with our annual review and update process.
Network Infrastructure Security
BySide’s network infrastructure leverages advanced security measures like VLAN and VPN for secure, segmented environments, reducing unauthorized access risks. A key component is our SIEM system, providing real-time security alert analysis and aiding in the early detection of incidents. Additionally, access to our services may be restricted to pre-approved IP addresses (upon Subscriber request), enhancing security. Collectively, these measures form a robust security framework, crucial in protecting our digital assets and ensuring service integrity.
Application Security
Multiple vulnerability disclosure channels, including general purpose, operating system, cloud provider, specific software/libraries, etc., are actively monitored for applicable reports. Reports are assessed to determine their impact on our systems and mitigations are deployed and validated with a time objective in accordance with their severity.
Penetration Testing
At BySide, we ensure the security and resilience of our internet-facing systems through regular penetration testing. These tests are conducted by a specialized certified third-party organization in a BySide reference environment. This process involves a rigorous assessment where testers simulate cyberattacks to identify vulnerabilities in our systems. By doing so, we can proactively discover and address potential security weaknesses, thereby strengthening our defenses against real-world cyber threats.
Request Management
Requests can be reported by the Subscriber through phone, email or web interface.To manage Requests, the BySide support team will use a Trouble Ticketing System (“TTS”), which supports all activities concerning Request management and problem management processes (“Request Management”).
PORTUGAL+351 225 103 881PT@BYSIDE.COMSPAIN+34 910 132 200ES@BYSIDE.COMUNITED KINGDOM+44 (0) 2032 9134 68UK@BYSIDE.COMUNITED STATES+1 (917) 789-1493US@BYSIDE.COMwww.byside.com
