The following is the JumboPress Service Level Agreement.
Effective December 1, 2017
1. Agreement Overview
This Agreement represents a Service Level Agreement (“SLA” or “Agreement”) between Digital Services and Client for Digital Services to provide services required to support and maintain the JumboPress content management system (“JumboPress Services” or “Services”).
This Agreement does not supersede current Tufts University processes and procedures unless explicitly stated herein.
2. Service Agreement
The parties have agreed on the following service parameters.
2.1. Responsibility of Digital Services in support of JumboPress
The following Services are covered by this Agreement:
Routine security and maintenance:
Apply available updates to WordPress core, plugins and themes quarterly
Run automated weekly scans to detect security vulnerabilities to WordPress core, plugins and themes; if a critical vulnerability is detected, updates will be expedited.
Run automated weekly scans to detect unauthorized file changes to WordPress core, plugins and themes; if unauthorized file changes are detected, Digital Services will initiate immediate disaster recovery, see section 3.2 for more information.
Authorize Google Search Console to monitor site for malware or spam issues (crawl rate determined by Google); if malware or spam is detected, Digital Services will initiate immediate disaster recovery, see section 3.2 for more information.
Keep an audit log of all WordPress changes to ease troubleshooting
Recorded trainings for new users or as a refresher.
Resolution of technical problems that impact the functioning of the site (e.g., pages not displaying properly or not loading at all); please visit the support site and submit a support request.
Embedding of special items, such as <iframe>s and other embed code, including:
Special PDF viewing portals
Google Analytics and Search Console:
Set up Google Analytics and Google Search Console for each site or network of sites.
Provide client with access to, or reports from, Google Analytics upon request; please email support requests to email@example.com.
In addition, Digital Services reserves the right to:
Flag and correct anything on the client’s site(s) that does not comply with Tufts Branding Guidelines, minimum Web Accessibility requirements, e.g., Section 508 and WCAG2.0, and other Web/Accessibility best practices, such as sizing images for optimal use of the theme.
Define any custom design/code and the process for integrating it.
Review and implement (or decide not to) plugins proposed by the client.
2.2. Responsibility of the Client
Client responsibilities and/or requirements in support of this Agreement include:
Creation, input and maintenance of all content, including text, images, audio, video, documents, forms, and adding items to menus.
Conversion of files as needed (e.g., a Word doc to a PDF, etc.).
Uploading of images and documents (e.g., PDFs).
Maintenance of Media Library, including giving every image alt text, for web accessibility compliance.
Embedding of videos from YouTube and Vimeo.
Adherence to Tufts Branding Guidelines, Section 508, and other Web/Accessibility best practices, including uploading accessible PDFs.
Configuration of form email notifications to ensure they go to the client.
Immediate notification to Digital Services of any suspicious website activity.
Adherence to instructions provided by Digital Services pertaining to the preservation of any in-page custom code created by Digital Services for the client.
WordPress hosting as provided by TTS does not currently include SSL encryption, as such clients are not allowed to collect sensitive information via forms or rely on WordPress password protection to keep sensitive information secure.
2.3. Service Exclusions
The following services are not included or allowed in the scope of this Agreement:
Custom themes or designs are not allowed.
Custom theme colors are not allowed.
Plugins other than those currently available for JumboPress sites are not allowed.
3.0 Service Management
The following sections provide details on service availability, monitoring of in-scope services, and related components.
3.1. Service Availability
Digital Services will provide the following web support and training services to JumboPress clients:
Support: When submitting a support request clients will receive a response and time estimate for completion, with the goal of a response within 3 business days.
Note that most issues can be resolved by referring to the user’s manual.
In the interest of security, only people who are going to regularly update the site should have access to the backend console. Logins and accounts are not automatically deleted when a user leaves Tufts. Thus, it is important that you inform Digital Services if someone with site access no longer works at your department or school, or they will still be able to access and edit the site.
3.2. Disaster Recovery
Coverage parameters specific to disaster recovery are as follows:
Digital Services does not provide 24/7 site monitoring.
Digital Services cannot provide any guarantees related to technical failures or downtimes outside of its control (hosting, backups, network operations, or other services managed by TTS; crawl rate by search engines).
Response times will vary depending on the severity of the reported problem:
System updates for outages (site is down) or major bug fixes (affecting the loading of the site) will be performed as soon as possible, but generally within one business day. For example, if a site experiences an outage on a Saturday, the fix will not be performed until the following Monday.
Following notification and positive verification of a suspected website breach, Digital Services will complete the following as soon as possible:
Take your site offline until all issues are resolved.
Assess the damage and identify the vulnerability; scan for malware, backdoors and spam.
Refresh all WordPress core, plugin and theme files; if applicable, update to the latest version or resolve the vulnerability.
Restore database from a clean backup of your website as made available by TTS.
Reset user passwords and session cookies.
If applicable, work with search engines to remove blacklist status.
4.0 Term; Changes; Periodic Review
This Agreement is valid from the Effective Date outlined herein and is valid until further notice. Changes to the scope of services may be required from time to time, on reasonable advance notice to Client except in case of emergency. The parties anticipate that this Agreement will be reviewed annually.