Service Level Agreement (SLA)

1. Introduction

This SLA forms part of your Agreement with Harrby. It applies to the services defined in your applicable Proposal, Statement of Work (SoW), Quote, Master Services Agreement (MSA), or Service Agreement — collectively referred to as your "Agreement".

Where there is any inconsistency between this SLA and your Agreement, the terms of the Agreement will prevail unless explicitly stated otherwise.

If something in this document doesn't reflect what's been agreed for your specific engagement, your Agreement is the source of truth.

2. Definitions

3. Scope of Services

This SLA applies only to services explicitly listed in your Agreement or service schedule as being covered by formal service level commitments. Services provided on a best-effort or ad-hoc basis are excluded.

What's covered is defined in your Proposal or SoW — including the specific platforms in scope (for example, Microsoft 365, Azure, Endpoint Management, or security tooling).

What's not covered by this SLA includes ad-hoc project work, one-time requests outside scope, or services delivered under a separate arrangement unless explicitly stated.

If you're unsure whether a particular service or workload falls within your SLA scope, ask us. Clarifying upfront avoids ambiguity during an incident.

4. Service Availability

Harrby will use reasonable commercial efforts to achieve the availability targets outlined in your Agreement for all supported services and workloads.

How availability is measured:

• Targets are calculated over each monthly billing period
• Measurement excludes Planned Maintenance windows, force majeure events, and outages caused by third-party platform failures or Customer-initiated changes
• Availability is reported as a percentage of total possible uptime within the measurement period

Third-party platform availability: Many of the services we manage — including Microsoft 365, Azure, and Dynamics 365 — rely on Microsoft's global infrastructure. Where this is the case, Microsoft's published SLAs also apply and set the ceiling for what we can guarantee. We'll keep you informed of any vendor-side incidents affecting your environment.

5. Support & Response Times

All incidents and service requests must be logged via your agreed support channel — support portal, email, or phone — as defined in your Agreement.

Every ticket is assigned a priority level based on business impact and urgency. Response time targets are as follows:

Important: Response targets represent the time to acknowledge and begin investigation — not the guaranteed time to resolution. Resolution times vary based on the complexity of the issue, third-party dependencies, and the availability of required information or approvals from your team.

For after-hours support, refer to your Agreement for details on extended coverage options.

6. Maintenance & Planned Outages

Maintaining a secure, stable, and performant environment requires regular maintenance. Here's how we manage it:

Planned Maintenance

Where practical, Harrby will schedule maintenance activities outside of peak business hours and provide advance notice. Notification timelines will be as agreed in your service schedule — typically no less than 48 hours for routine maintenance.

Planned maintenance windows are excluded from availability calculations.

Emergency Maintenance

In some circumstances — such as a critical vulnerability requiring immediate patching, or active service instability — emergency maintenance may be performed without prior notice. In these cases, we'll notify you as quickly as the situation allows and provide a summary of the actions taken.

Emergency maintenance reflects our security-first approach. A brief, unplanned window is always preferable to leaving a critical vulnerability unaddressed.

7. Incident Management

When something goes wrong, our goal is simple: restore normal service as quickly as possible and minimise impact on your business.

Our incident management process:

1. Log & Triage — Every incident is logged, categorised by type, and assigned a priority based on business impact
2. Investigate & Contain — We identify the root cause and implement workarounds where possible to restore functionality while a permanent fix is developed
3. Resolve & Verify — The fix is implemented, tested, and confirmed with you before the ticket is closed
4. Post-Incident Review — For Priority 1 or major incidents, Harrby will provide a post-incident summary documenting the timeline, root cause, resolution, and any recommended preventative actions

We keep you informed throughout. For critical incidents, expect proactive updates — not radio silence while we work.

8. Customer Responsibilities

A managed service works best when both sides hold up their end. To enable Harrby to meet its SLA commitments, we ask that you:

Log incidents accurately. Provide clear, complete information when raising tickets — including symptoms, affected users or systems, and any recent changes. Better information means faster resolution.

Maintain your local infrastructure. Internet connectivity, power supply, and on-premises infrastructure not managed by Harrby remain your responsibility. SLA commitments cannot be met if foundational dependencies are outside our control.

Keep your users informed. Ensure end users follow agreed processes, security guidelines, and your Acceptable Use Policy. User behaviour is one of the most common sources of incidents.

Nominate appropriate contacts. Designate technical and business contacts who have the authority to approve changes, provide information, and make decisions during incidents. Delays in approvals translate directly into delays in resolution.

Respond to requests promptly. Where Harrby requires information, access, or a decision from your side to progress a ticket, response times on your end affect our ability to meet SLA targets. Where a delay is on the Customer side, SLA clocks may be paused.

9. Security & Privacy

Security is foundational to how we design and operate every managed environment.

Harrby follows industry best practice and vendor guidance — including Microsoft security baselines, Essential Eight (where applicable), and relevant CIS Controls — when configuring and maintaining environments under management.

Our security approach includes:

• Proactive vulnerability and patch management across managed workloads
• Security monitoring, alerting, and response through supported tooling
• Identity and access management aligned with least-privilege principles
• Regular review of security posture and compliance against agreed baselines

Privacy: How we handle your data — including collection, use, storage, and your rights — is detailed in our Privacy Policy. Any specific data processing obligations for your engagement will be captured in your Agreement.

10. Data Backup & Recovery

Backup and recovery obligations are defined per-workload in your Agreement or service schedule. Here's how responsibility is divided:

Where Harrby manages backups:

• We configure backup policies aligned with your agreed retention schedules
• Backup jobs are monitored and failures are investigated proactively
• Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO), where defined, are documented in your Proposal or SoW
• We will assist with recovery requests in line with your agreed service scope

Where the Customer manages backups: Harrby is not liable for data loss arising from incomplete, misconfigured, or absent backup policies under Customer control. If you're unsure about your current backup posture, ask us — we can assess and advise.

Important: Backup success does not guarantee recovery. We recommend periodic restore testing to validate that backups are recoverable. Where this is in scope, Harrby will document and report on restore test outcomes.

11. Changes to Services

Technology environments evolve. Changes to in-scope services are managed through a structured change management process to minimise risk and disruption.

Standard changes — Low-risk, pre-approved activities (such as routine patching or configuration updates within agreed baselines) are managed by Harrby with appropriate logging and notification.

Significant changes — Changes outside routine scope, new projects, or modifications that carry elevated risk require a formal Change Request. These will be assessed for risk, documented, approved by both parties, and scheduled within an agreed change window.

Out-of-scope work — New requirements, additional platforms, or work beyond your current service schedule may require a new Proposal or SoW and may attract additional fees. We'll be transparent about this before any work begins.

12. Limitations & Exclusions

SLA commitments apply to in-scope services under Harrby's management. They do not apply where service issues arise from:

• Customer-managed infrastructure or software — Systems, devices, or applications outside Harrby's management scope
• Unsupported or unlicensed software — Including software versions that have reached end-of-life or are running without valid licences
• Unauthorised changes — Modifications made to managed environments without Harrby's knowledge or approval
• Third-party platform outages — Vendor-wide incidents affecting Microsoft, internet service providers, or other platforms outside Harrby's control
• Force majeure events — Natural disasters, major infrastructure failures, or other events beyond reasonable control
• Customer non-compliance — Failure by the Customer or their users to meet the responsibilities outlined in this SLA or the Agreement

Where an exclusion applies, Harrby will still make reasonable efforts to assist — but formal SLA targets will not apply.

13. Service Levels & Reporting

Visibility into your environment's health is part of the service. Where included in your Agreement, Harrby provides regular service reporting covering:

• Incident and request volumes — Ticket trends, resolution times, and recurring issues
• Service availability metrics — Uptime data for covered workloads against agreed targets
• Security and compliance summaries — Patch status, security alerts, policy compliance, and recommendations
• Backup and recovery status — Job success rates and any exceptions requiring attention

Reporting cadence — Monthly or quarterly reporting will be agreed as part of your managed services package. Ad-hoc reports or specific dashboards may be available depending on your service tier.

If you're not getting the visibility you need, tell us. Harrby surfaces information proactively before you need to ask.

14. Termination & Suspension

Termination rights are governed by your Agreement. However, Harrby reserves the right to temporarily suspend non-essential services in specific circumstances, including:

• Severe or active security risk — Where continued service delivery would expose your environment or others to significant threat
• Non-payment — Where invoices remain materially overdue and the matter is unresolved despite reasonable notice
• Misuse or policy breach — Where the Customer or their users are in material breach of the Acceptable Use Policy or Agreement

On suspension: Harrby will provide notice before suspending services where circumstances allow, and will work with you to restore services once the underlying issue is resolved.

On termination: Harrby will provide reasonable assistance with transition and data handover in accordance with your Agreement. Transition support is available at agreed professional services rates. Outstanding invoices remain payable in full.

15. Contact Us

For support requests, incidents, or SLA-related enquiries:

Support Team Harrby Pty Ltd Email: support@harrby.com Portal: Via the support channel outlined in your Agreement

For escalations or account-level concerns, contact your Harrby account manager directly.

16. Updates to This SLA

This SLA will be updated as our services, best practices, and legal obligations evolve.

Where changes materially affect service levels or your obligations, Harrby will provide reasonable advance notice to affected customers. Continued use of services after notification constitutes acceptance of the updated SLA.

We'll always make material changes easy to identify and will communicate them clearly.

This SLA is a general framework. Specific service levels, availability targets, RTO/RPO commitments, and reporting obligations for your engagement are defined in your Agreement, Proposal, or SoW. Where your Agreement contains terms that differ from or expand upon this SLA, your Agreement takes precedence.