This document describes the Service-Level Agreements applicable to the versions and platforms of Trend Micro Cloud App Security (herein referred to as the "Service" or "Cloud App Security") set forth below only and does not apply to any other Trend Micro products or services. In addition, the Service-Level Agreements do NOT apply to any Japanese language versions of the Service.
The use of a Service is subject to and conditioned on Customer’s acceptance of the terms and conditions of the applicable Trend Micro End-User License Agreement (EULA) of Trend Micro Incorporated or its affiliate (each "Trend Micro") for the use of the Service. All disclaimers of, limitations on, or exclusions from, liability/claims/damages set forth in the EULA applicable to Services shall also apply to these Service-Level Agreements. Customer must be in compliance with the EULA and all fees and charges must be current in order for the Service-Level Agreements to apply to Customer and to be eligible for a Service Credit.
Cloud App Security is a software as a service (SaaS) application security service. Additional information on the Service can be found at the Cloud App Security website.
Cloud App Security is available for the following platforms:
- Cloud App Security Exchange Online Protection
- Cloud App Security SharePoint Online Protection
- Cloud App Security Cloud Storage (OneDrive, Google Drive, Dropbox, and Box) Protection.
Service-Level Agreement Definition
There are two (2) Trend Micro Service-Level Agreements (each a "Service Level Agreement" or "SLA") applicable to Cloud App Security that are covered by this Service-Level Agreement, and should Trend Micro be notified by Customer in accordance herewith of a failure to meet either Service-Level Agreement for a billing month, then Trend Micro will provide such Customer with Service Credits as set forth herein, subject always to Trend Micro's validation and verification of such claim in accordance herewith:
- The "Service Availability SLA" set forth and described in Section III
- The "Anti-Malware Event SLA" set forth and described in Section IV
Customer Must Request Service Credit, Notice Period, Service Credit Determination
Customer will only be entitled a Service Credit if and when Trend Micro has verified and validated Customer’s entitlement hereunder. In order for Trend Micro to consider a request for Service Credit, Customer must timely submit the claim to TMCAS_SLA_Claim@trendmicro.com with the subject line "Service Level Agreement - Service Credit Claim" indicating the affected Service-Level Agreement for which the claim is being made. The claim must also include all information necessary for Trend Micro to validate and verify the claim, including, but not limited to:
- a detailed description of the Incident or Anti-Malware Event, as the case may be;
- information regarding the time and duration of the occurrence;
- the number and location(s) of affected users; and
- descriptions of Customer’s attempts to resolve the matter at the time of occurrence
Trend Micro reserves the right to request additional information from Customer to validate and verify the claim for a Service Credit.
Trend Micro will evaluate all information reasonably available to it and make a determination of whether a Service Credit is owed to Customer. Trend Micro will use commercially reasonable efforts to process claims and notify Customer of Trend Micro’s determination by the end of the subsequent month in which the claim was received by Trend Micro.
Time Limit for Making a Claim for Service Credit
In order to receive any Service Credit described herein for a Service Level Agreement, Customer must file a claim with Trend Micro within thirty (30) days from the time Customer becomes eligible to receive a Service Credit either: (a) as a result of excessive downtime under the Service Availability SLA (see Section III); or (b) the occurrence of an Anti-Malware Event under the Anti-Malware Event SLA (see Section IV). Customer recognizes that logs, records, and other verification materials are only kept for a limited number of days, therefore, a failure to timely comply with this notice of a claim requirement (for any reason or no reason) will forfeit and void Customer's right to request or receive a Service Credit with respect to such Service Level Agreement.
Maximum Service Credit
The aggregate maximum amount of Service Credits to be issued by Trend Micro to Customer for the aggregate of all Service Availability SLA and Anti-Malware Event SLA occurrences for all Platforms of Cloud App Security in a single billing month shall not exceed one (1) month of Service Credit added to the end of the term for Cloud App Security then-currently licensed to Customer. In the event that Customer makes multiple requests for Service Credits in a single billing month under one or both SLAs, Trend Micro will determine which of the requests will provide Customer with the largest Service Credit not to exceed the maximum set forth above and that will be the Service Credit granted to Customer. Service Credits may NOT be exchanged for, or converted to, monetary amounts or otherwise offset by Customer against fees payable for Services.
Sole Right and Remedy
A Service Credit, if any, granted in accordance herewith shall be Customer’s sole and exclusive right and remedy in contract, tort (including, without limitation, Trend Micro’s negligence), or otherwise arising from or related to these Service Level Agreements and/or any failure by Trend Micro to meet or exceed any Service Level Agreement herein established.
The Service Level Agreements and any applicable Service Credits do not apply to any performance or availability issues:
- Due to factors outside Trend Micro’s reasonable control (for example, natural disaster, war, acts of terrorism, riots, government action, or a network or device failure external to Trend Micro’s data centers, including at Customer site or between Customer’s site and Trend Micro’s data center).
- That result from the use of services, hardware, or software not provided by Trend Micro, including, but not limited to, issues resulting from inadequate bandwidth or related to third-party software or services.
- Due to a failure of or outage in any third party data center or cloud service, such as Microsoft Azure, Office 365, Box, Dropbox, or Google Drive.
- Caused by Customer’s use of a Service after being advised to modify its use of the Service, if Customer did not modify its use as advised by Trend Micro.
- Due to the inability of the Service to scan attachments with content that is under the direct control of the sender (e.g. password protected and/or encrypted attachments).
- That result from Customer’s unauthorized action or lack of action when required, or from its employees, agents, contractors, or vendors, or anyone gaining access to Trend Micro’s network by means of Customer’s passwords or equipment, or otherwise resulting from Customer’s failure to follow appropriate security practices.
- That result from Customer’s failure to adhere to any required configurations, use supported platforms, follow any policies for acceptable use, or Customer’s use of the Service in a manner inconsistent with the features and functionality of the Service (for example, attempts to perform operations that are not supported) or inconsistent with Trend Micro’s user documentation.
On the terms and subject to the conditions hereof, the Service Availability SLA offered by Trend Micro is an Uptime of 99.9% for each billing month.
Definitions Related to Service Availability SLA
- Incident. A single event that results in downtime (as defined below for each platform).
- Scheduled Downtime. Periods of downtime related to network, hardware, or service maintenance or upgrades. Trend Micro will publish notice or notify Customer at least five (5) days prior to the commencement of each Scheduled Downtime.
- Service Credit. Number of days/month of Services to be added to the end of Customer’s then-current Service Term granted to Customer following Trend Micro's approval of a claim for the failure to meet the SLA for the Platform(s).
Monthly Uptime Percentage Calculation; Service Credit Determination
The Monthly Uptime Percentage for Cloud App Security during a Customer billing month is calculated using the following formula:
Aggregate Downtime is the sum (in minutes) of Downtime for all Incidents occurring for the Service during the Customer’s billing month for each Cloud App Security Platform deployed/utilized by Customer during such time. The Downtime for each Incident is calculated by determining the sum of the length (in whole minutes) of such Incident for each Platform deployed/utilized by Customer and multiplying that amount by the number of users directly impacted by that Incident.
User Minutes means the aggregate of the actual number of minutes in the relevant billing month, less all Scheduled Downtime, for each Cloud App Security Platform deployed/utilized by Customer during such period multiplied by the number of users that Customer is licensed for the Service in such billing month.
Below is the Service Credit Determination:
|Monthly Uptime Percentage||Service Credit = Days/Months of Service Added to the End of Service Term|
|< 99.9%||Seven (7) Days|
|< 99%||Fifteen (15) Days|
|< 95%||One (1) Month|
Downtime Definition for Platform
- SLA for Cloud App Security Exchange Online Protection Platform
With respect to Cloud App Security Exchange Online Protection functionality of the Service, "Downtime" is any period of time when: (a) the Service is not able to scan and protect Exchange Online email messages; and/or (b) users are not able to receive and process email messages, in each Incident due solely to a failure of the Service to perform substantially in accordance with its user documentation. Downtime does not include any Scheduled Downtime.
- SLA for Cloud App Security SharePoint Online Protection Platform
With respect to Cloud App Security SharePoint Online Protection functionality of the Service, "Downtime" is any period of time when: (a) the Service is not able to scan and protect files being uploaded to, or updated from, SharePoint Online; and/or (b) users are unable to read or write any portion of a SharePoint Online site collection for which they have appropriate permissions, in each Incident due solely to a failure of the Service to perform substantially in accordance with its user documentation. Downtime does not include any Scheduled Downtime.
- SLA Cloud App Security Cloud Storage (Enterprise versions of OneDrive, Google Drive, Dropbox and Box) Protection Platform
With respect to Cloud App Security Cloud Storage (Enterprise versions of OneDrive, Google Drive, Dropbox or Box) Protection functionality of the Service, "Downtime" is any period of time when: (a) the Service is not able to scan and protect files being uploaded to, or updated from, cloud storage; and/or (b) users are unable to view or edit files stored on their cloud storage solution, in each Incident due solely to a failure of the Service to perform substantially in accordance with its user documentation. Downtime does not include any Scheduled Downtime.
Trend Micro anti-malware scanning is a component of the Service and is applied to each Cloud App Security Platform noted above. Trend Micro has a Service-Level Agreement of no Anti-Malware Events during each billing month per Platform.
On the terms and subject to the conditions of this SLA (including Section II above), should the Customer's systems be infected by one or more Known Malware in any billing month with respect to a Platform and the Customer notifies Trend Micro in a validated support call AND a Service Credit request is submitted by Customer in accordance with Section II that a Known Malware has been passed to Customer through the Service (each an "Anti-Malware Event"), the Customer will receive, in the aggregate for all Known Malware during a billing month, one (1) month of Service Credit that is added to the end of the Term of Customer's EULA for the Service on verification by Trend Micro, subject to the limitations set forth herein.
"Known Malware" is defined as a self-replicating program code that performs unexpected or unauthorized actions that is included in Trend Micro’s pattern file data base at least sixty (60) minutes prior to the time of receipt of Customer’s content by Trend Micro that is the subject of the Anti-Malware Event. For the avoidance of doubt, the term Known Malware shall not include spyware, phishing, ransomware, adware, URL links to websites that host malicious content, or other similar content now or hereafter created.
On at least ninety (90) days prior notice by publication or in writing, Trend Micro reserves the right to amend or terminate one or both Service-Level Agreements without otherwise affecting the EULA or the Cloud App Security then-currently licensed under a EULA.