American Well Hosting Operations Guide for AmWell …€¦ · based on standards such as HITRUST...
Transcript of American Well Hosting Operations Guide for AmWell …€¦ · based on standards such as HITRUST...
Page 2 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
Contents Introduction .............................................................................................................................................................. 4
Scope and Purpose ................................................................................................................................... 4
Document Change Control ....................................................................................................................... 4
Description of Services .............................................................................................................................................. 5
Data Center Locations .............................................................................................................................. 5
Backup Services ........................................................................................................................................ 5
System Monitoring and Alerting .............................................................................................................. 5
Hosting Operations Audits ....................................................................................................................... 5
Service Level Commitment ....................................................................................................................................... 6
System Availability ................................................................................................................................... 6
Definitions ............................................................................................................................................... 6
System Maintenance & Continuous Delivery........................................................................................... 6
Version Support ........................................................................................................................................ 7
Service Level Exclusions ........................................................................................................................... 7
Hosting Security Practices ......................................................................................................................................... 8
Physical Security ....................................................................................................................................... 8
System Security ........................................................................................................................................ 8
Network Security ...................................................................................................................................... 8
Security Incident Reporting ...................................................................................................................... 9
Software Maintenance and Support ....................................................................................................................... 10
Definitions .............................................................................................................................................. 10
Maintenance Responsibility ................................................................................................................... 11
Support Responsibility ........................................................................................................................... 11
Level 1 and Level 2 Support .................................................................................................................. 11
Third Party Content and Services .......................................................................................................... 11
Error Classification, Reporting and Response ........................................................................................ 12
Error Classification ................................................................................................................................ 12
Page 3 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
Error Reporting and Response .............................................................................................................. 12
Escalation Procedures ........................................................................................................................... 13
On-Site Support ..................................................................................................................................... 14
Documentation ...................................................................................................................................... 14
Customer Error Reporting Guidelines .................................................................................................... 14
Page 4 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
Introduction
Scope and Purpose
The purpose of the American Well Hosting Operations Guide is to define the processes and rules that
American Well follows in order to effectively manage hosting, support and maintenance service for its
customers. This guide includes information about American Well’s scope of hosting services, service level
commitments, escalation procedures, and other support obligations. It is intended to provide guidance for
the American Well operations and support teams, and information for customers’ technical operations teams.
The primary objectives of this guideline are to
Establish practices that govern the delivery of hosting, support and maintenance services.
Promote the security of information stored within the American Well System.
Promote compliance with all local, state, and federal statutes related to information protection
Document Change Control
Revisions to the American Well Hosting Operations Guide are subject to document change control. Changes
to this document must be approved by the American Well Senior Vice President of Hosting. Notification will
be made to clients with 30 calendar days of any material change to the Guide.
Date Version Comments
10/2012 1.0 Initial version for AmWell Customers
2/2013 1.1 Updates for 2013
6/2014 5.0 Changes to match EE version.
6/2014 5.0.1 Minor changes to match EE version
5/2016 6.0 Changes to patch, upgrade and other sections
6/2016 6.01 & 6.02 Minor corrections
7/2016 6.1 Updates to support section
10/2016 7.0 Updates
Page 5 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
Description of Services
Data Center Locations
American Well delivers hosting services from sites located in the United States which are SSAE 16 SOC 1 Type
2 or SOC2 Type 2 certified or certified under another equivalent standard. Currently services are delivered
from one or more of the following locations. Our services may be offered out of any of the three sites at any
time.
Santa Clara, CA
Andover, MA
Honolulu, HI
In no event shall such hosting sites, primary, backup, DR, other otherwise, be located outside the United
States.
American Well will provide instances of its system, as follows:
1 Production instance
1 Disaster Recovery instance
Backup Services
Customer data is backed up to disk daily, encrypted, and is delivered off-site at least once daily (Monday
through Friday) to a secure remote-site facility. American Well stores no more than one year worth of offsite
backups at any given time.
System Monitoring and Alerting
American Well maintains multiple system monitoring and alerting tools, both local and remote, to detect
and notify the Hosting Operations team about resource utilization, component and system failures and
other potentially service impacting events. Alerts are monitored 24x7x365 by our Cyber Command Center.
Hosting Operations Audits
American Well conducts internal audits relating to the hosting services on a regular basis. These audits are
based on standards such as HITRUST CSF, HIPAA, PCI DSS and/or other applicable standards. The content and
format of these audits may be changed at the discretion of American Well.
Page 6 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
Service Level Commitment
System Availability
American Well provides System Availability target of least 99.9% during each calendar month. The Uptime
Percentage is calculated by dividing Uptime Hours by the Base Hours and multiplying the result by 100. These
calculations are made on a calendar month basis with service availability measured to the hundredth of an
hour and hundredth of a percent of system availability (e.g. 719.50 Uptime Hours or 99.93% availability)
Definitions
For purposes of this calculation, American Well uses the following definitions.
Base Hours
“Base Hours” are the total number of hours during a calendar month.
Downtime
“Downtime” occurs when some or all major functions of the American Well System are
inoperable or inaccessible. Downtime does not include periods of scheduled or emergency
maintenance, single periods lasting less than 10 minutes, or periods of inoperability or
inaccessibility to the extent caused by one of the defined Service Level Exclusions. For the
purpose of calculating System Availability, downtime begins at the moment a Severity 1 Error is
reported to American Well.
Uptime Hours
“Uptime Hours” are determined by subtracting the total Downtime from the Base Hours.
System Maintenance & Continuous Delivery
American Well employs a continuous delivery process wherein software updates and patches are regularly
deployed to ensure feature and patch currency. These changes are applied through an automated system
and may happen at any time during the month. Any potentially service-impacting updates are applied during
regular maintenance windows typically during the overnight hours. The maintenance will typically not exceed
8 hours per calendar month. In scheduling maintenance windows, American Well endeavors to minimize the
impact on all of American Well’s customers’ business operations taking into account in particular the peak
times of usage of each customer.
Page 7 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
Version Support
American Well shall provide the support and maintenance services described in this Guide for the most recent
major release of the American Well System. In addition, American Well will provide support and maintenance
services for the next most recent release of the American Well System for up to 120 days after release and
general availability of a more current version. American Well may provide minor upgrades to the American Well
System during scheduled maintenance.
Service Level Exclusions
Events or factors outside of American Well’s control may impact American Well’s ability to achieve the target
Service Levels. American Well shall not be responsible for any failure to meet the service level commitments
set forth above if the failure is due to:
A customer’s acts or omissions, including any customer misuse or abuse of the American Well System or use in violation of the customer agreement or terms of use.
Viruses, malware or malicious code (given American Well has applied generally available and approved security definitions as soon as is practicable).
Violations of the Terms of Use or malicious attacks on the American Well System.
Any cause beyond the reasonable control of American Well, so long as American Well takes prompt measures to address such causes and notifies Customer thereof.
Page 8 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
Hosting Security Practices American Well maintains a comprehensive Information Security program to protect the systems and
information under its control. This program includes protections in the following areas.
Physical Security
Physical access to American Well’s data center facilities is restricted to authorized personnel only. Where co-
location services are used, access to the cages where American Well customer information is processed is
restricted to those personnel specifically authorized by American Well. Access to the data center buildings is
limited and non-employees must be escorted by building security and/or American Well approved personnel.
Access to the American Well secure areas is controlled by a combination of physical and electronic lock and
requires photo identification and a user-specific password. All access to these areas is logged and recorded for
audit purposes
System Security
All remote administrative access to the systems behind American Well firewalls requires authentication
procedures. Authentication is implemented using a minimum of username and password verification, and where
required, two factor authentication. American Well policies require controls to ensure that passwords must be
sufficiently complex to reduce the effectiveness of “dictionary attacks” to crack these passwords. All system
access except that which is absolutely necessary to utilize and administer the American Well System is configured
by American Well to prevent an intruder from gaining access to the system. All requests which are denied access
may not receive any information about the American Well hosting configuration. American Well will track and
implement applicable security patches and updates to all software products used in the American Well system,
including but not limited to operating systems, database management systems, third party products, firewalls,
anti-virus software, anti-virus signature/definition files, intrusion prevention and detection software or firmware
used in networking equipment. Unless otherwise required, these changes shall be applied during scheduled
maintenance.
No third party may have access to customer Protected Health Information (PHI) or Personally Identifiable
Information (PII) without proper consent. American Well’s obligations regarding use, access to and transmission
of PHI is set forth in the Business Associate Agreement between American Well and the third party.
Network Security
The American Well network contains security devices which have been configured to permit only the protocols
necessary to allow the American Well System to function. All other protocols are explicitly denied. Monitoring
procedures of the security devices are designed to inform American Well of unauthorized access or otherwise
Page 9 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
suspicious attempts to gain access to secured portions of the system across the network.
Security Incident Reporting
American Well will use commercially reasonable efforts to investigate, respond to and terminate any security
breaches or compromises.
Subject to restrictions imposed by law enforcement or applicable law or regulations, American Well will report
any confirmed security breaches or compromises to impacted customers within one business day following the
day on which American Well qualifies the occurrence, not to exceed 5 business days following its knowledge of
the event, or earlier if required by applicable law.
To the extent known, American Well will present the impacted customer with documentation of the cause,
remedial steps, and future plans to prevent a recurrence within 5 business days following the day on which
American Well has knowledge of and qualifies the occurrence of the security breach or compromise.
Page 10 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
Software Maintenance and Support
Definitions
Documentation
The “Documentation” is the published material authorized and distributed by American Well that describes
the American Well System, and the installation and use of the American Well System.
Enhancement
An “Enhancement” is a change or addition other than an Error Correction that improves the function, adds
new function or substantially enhances the performance of the American Well System.
Error
An “Error” is a reproducible defect in the American Well System that results in the American Well System
not functioning in material conformity with the Documentation.
Error Correction
An “Error Correction” is a change to the American Well System or the Documentation, or a workaround,
that is in a form that allows its application to the American Well System or inclusion in the Documentation
to re-establish material conformity with the Documentation.
Level 1 Support
“Level 1 Support” is the service provided in response to the initial phone or other inquiry call placed by a
user which identifies and documents a suspected Error in the American Well System. This includes, but may
not be limited to, call-logging and validation, problem source identification assistance, problem analysis,
problem resolution, and preventive and corrective service information.
Level 2 Support
“Level 2 Support” is the service provided to analyze or reproduce the suspected Error or to determine that
the suspected Error is not reproducible and to resolve the reproducible Error. This includes, but is not
limited to, problem recreation, in-depth technical analysis and problem resolution and passing the
reproducible Error to Level 3 Service with proper documentation that proves the Error exists.
Level 3 Support
“Level 3 Support” is the service provided to resolve reproducible Errors that are determined to be, or are
highly probable to be, the result of a defect in the American Well System, and which requires design
engineering knowledge or expertise to isolate and resolve.
Page 11 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
Maintenance Responsibility
American Well will provide customers who subscribe to, and are current with respect to paying for,
Maintenance and Support with updates to the American Well System containing Error Corrections and/or
minor or major Enhancements. American Well will make these Error Corrections and Enhancements generally
available to all American Well hosted customers who are current with respect to billing at or around the same
time. American Well will, at no additional cost to its hosting services customers, install Error Corrections and
Enhancements on behalf of those customers. American Well will perform any additional implementation and
configuration in accordance with a Statement of Work at American Well’s then current rates. All Error
Corrections and Enhancements are owned by American Well, deemed part of the American Well System and
licensed to customers in accordance with the terms and conditions of the applicable license agreement.
Support Responsibility
Level 1 and Level 2 Support
Level 1 Support personnel handle all interactions with end users. American Well provides Level 1 Support to
all Customers with a current Maintenance and Support agreement. American Well also provides Level 2 and
3 Support where more technical expertise is required.
Third Party Content and Services
American Well maintains support and maintenance arrangements with third parties that provide content or
software for the American Well System. When there is a problem with a third party component which affects
its Customers, American Well works with the applicable third party in accordance with American Well’s
arrangement for maintenance and support with that third party and provides support and maintenance for
such component pursuant to such terms. .
Page 12 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
Error Classification, Reporting and Response
Error Classification
American Well shall respond to reported Errors according to their severity, as classified in accordance with
Table 1.
Table 1 - Error Classification
Severity Criteria
1 An Error that results in catastrophic failure of the American Well System or poses a significant, imminent risk to protecting the privacy of Protected Health Information.
2 An Error that results in the American Well System being usable, subject to major restrictions on its essential workflows, for which there are no workarounds.
3 An Error that results in the American Well System being usable, subject to major restrictions on its essential workflows, for which there are available workarounds, or an Error that disables non-essential workflows, regardless of whether a workaround exists.
4 An Error that results in inconveniences of the American Well System, which are not critical to the its operation and for which there are workarounds.
Error Reporting and Response
Customers should report Errors in accordance with the standard reporting procedures described in Table 2
below. Errors that are properly reported to American Well will be acknowledged by American Well’s support
team, who shall assess the Error and initiate appropriate corrective action by American Well if needed.
Table 2 - Error Response
Severity Error Response
1 Error reports will be acknowledged by American Well within one hour. The issue will be worked on consistently until an official fix or adequate workaround is available. An action plan will be provided within 2 hours,if requested.
2 Error reports will be acknowledged by American Well within 4 hours. The issue will be worked on consistently during office hours until an official fix or adequate workaround is available. An action plan will be provided within 24 hours, if requested.
3 Error reports will be acknowledged by American Well within one business day.
Page 13 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
Commercially reasonable efforts will be made to address prior to the next official release. An action plan will be provided within 10 business days, if requested.
4 Error reports will be acknowledged by American Well within one business day. Commercially reasonable efforts will be made to address by the next official release.
Escalation Procedures
In the process of resolving Severity 1 and 2 Errors, American Well will provide regular progress updates to the
impacted customer. In addition, American Well and the impacted customer will each designate a
representative to be available by cell phone outside of regular business hours in order to confer regarding
the resolution process.
Table 3 - Escalation Procedure
Severity Criteria
1 If an action plan is not provided within 2 hours of a request: Account Manager If an action plan is not provided within 12 hours: Vice President If an action plan is not provided within 24 hours: Executive Vice President
2 If an action plan is not provided within 24 hours of a request: Account Manager If an action plan is not provided within 48 hours: Vice President If an action plan is not provided within 72 hours: Executive Vice President
Page 14 of 15
Copyright © 2016 American Well / Confidential
American Well Hosting Operations Guide for AmWell Customers
On-Site Support
All support efforts will be performed on American Well’s premises. Should any on-site effort be required,
customers agree to pay American Well all travel expenses at American Well’s then per-diem rate unless such
on-site support is the result of an Error. All expenditures will be approved by the customer in advance.
Documentation
Following an Error Correction or Enhancement, American Well shall supply customers with a copy of any
applicable modifications, supplements, or new documentation versions as soon as they are available.
Customer Error Reporting Guidelines
American Well’s obligations in the event of an Error are subject to its customers’ adherance to the following
guidelines:
Customers must provide American Well all information necessary for diagnosis of Errors within the response times set forth above.
Customers, where appropriate, must provide experienced IT professionals and/or technical service representatives to collaborate with American Well on troubleshooting and reporting Errors.
American Well may not be able to fix all Errors, and may instead provide a workaround to an Error in-lieu of a fix. If American Well is asked by a customer to work on an issue that is not an Error, customer shall reimburse American Well at American Well’s then current time and material rates for all work of American Well spent investigating any issues that were not Errors.