Cloud SOX Regulatory Compliance: At RoseASP, we work directly with our customers to provide a comprehensive Service Level Agreement that includes the following:
Scheduled downtime and notification requirements.
Written documentation on how credits are calculated for SLA non-compliance.
Explanation of support, severity levels, and guaranteed response times.
Protocol for backup and restore routines – how often and how long our backups are kept
Recording of Recovery Point Objective (RPO) and Recovery Time Objectives (RTO).
Accounting of storage space and costs for additional space as well as what is included in the calculation of storage space.
Confidentiality and ownership of data.
Force Majeure events and how they are handled.
Ownership of data and upon termination.
Indemnification clause for both Customer and RoseASP.
Level of encryption of data and how it is monitored.
Damages and limitation including attorney’s fee.
Solicitation of company personnel for both parties.
Warranties by RoseASP and Customer.
Annual increases and any limitation on the increases.
Termination notification by both parties.
Usage of customer logo and discussion around allowed publicity.
Ability to assign the agreement by either party.
Review Regulatory Compliance Practices with RoseASP’s Chief Compliance Officer
In addition to the above, we offer complete call log history and case resolution history to our clients upon request.
View our Regulatory Compliance In The Cloud brochure for a complete listing of RoseASP’s IT internal control policies.