Applies to all standard Swazzy customers unless superseded by a bespoke agreement ·
1. Introduction
This Information Technology Maintenance Agreement (ITMA) sets out the terms under which Swazzy Pty Ltd (ABN 29 897 020 065) ("Swazzy", "we", "us") delivers IT maintenance, managed services, and support to the Client ("you"). It also functions as Swazzy’s baseline Service Level Agreement (SLA) for our general customer base.
Enterprise exceptions: Bespoke Enterprise Agreements may modify or supersede specific terms within this ITMA.
2. Objectives
Define clear service scope, standards, and performance targets.
Outline responsibilities for Swazzy and the Client.
Measure and report service performance for accountability.
Protect confidentiality, integrity, and availability of systems and data.
Continuously improve service quality and client outcomes.
Align to ITIL 4 and ISO/IEC 20000-1 service management principles.
2A. Service Management Governance
Service Catalogue — A catalogue of covered services and SLAs is maintained and referenced by this Agreement.
CMDB Linkage — Configuration items and dependencies are recorded in Swazzy's CMDB; changes update CI records.
Lifecycle — Services follow design → transition → operation → continual improvement with gates and reviews.
Auditability — Processes are aligned to ISO/IEC 20000‑1; information security aligns with ISO/IEC 27001.
3. Definitions
Agreement – This document including schedules, addendums, and updates.
Business Hours – 8:30 AM – 5:30 PM AEST, Mon–Fri (excl. VIC public holidays).
Incident – Unplanned interruption or reduction in service quality.
Service Request – Request for information, access, or a standard change.
Response Time – Time from client notification to Swazzy acknowledgement.
Resolution Time – Time to restore normal service operation.
Change Management – Controlled process for implementing changes.
Service Credit – Billing credit for missed SLA targets.
4. Scope of Services
Proactive monitoring (24/7), alerting, and health checks.
Patch, firmware, and update management.
Endpoint & infrastructure support (remote & onsite as required).
Cloud administration (e.g., Microsoft 365, Azure) and tenant hygiene.
Backup, recovery, and business continuity management.
Vendor coordination (ISPs, SaaS, hardware).
Security event monitoring and incident handling.
User lifecycle management (onboarding/offboarding) & access control.
Documentation, runbooks, and periodic reporting.
Exclusions
Non-managed or obsolete systems; hardware replacement/consumables; custom development; third‑party warranty admin unless agreed; force majeure events.
5. Service Levels
| Priority | Description | Initial Response | Target Restoration | Examples |
|---|
| P1 – Critical | Complete outage / high business impact | 30 min | 4 hrs (MTTR) | Network down, server or POS offline |
| P2 – High | Major function degraded | 1 hr | 1 business day | Multiple users impacted |
| P3 – Medium | Standard incident | 2 hrs | 3 business days | Application bug |
| P4 – Low | Minor/cosmetic | 4 hrs | 5 business days | Printer issue, info request |
| P5 – Request | Planned work | As agreed | As scheduled | User setup, software install
|
All times measured in Business Hours unless a 24/7 add‑on is contracted.
Availability Targets: For eligible managed platforms, Swazzy targets 99.9% monthly uptime excluding planned maintenance windows.
5A. Advanced Metrics & Dashboards
MTTA (Mean Time to Acknowledge) and MTTR (Mean Time to Restore) tracked monthly.
First‑Contact Resolution and CSAT reported quarterly.
Real‑time SLA compliance dashboard available to governance contacts upon request.
6. Maintenance Program
Monthly proactive health checks & capacity review.
Regular patching and firmware updates, with rollback plans.
24/7 monitoring of logs, alerts, and security signals.
Quarterly performance & SLA report.
Annual technology roadmap session.
Planned vs Emergency Maintenance
Planned: Scheduled outside business hours where feasible; at least 48 hours prior notice.
Emergency: May proceed without notice to protect system integrity; a post‑action summary will be provided.
7. Client Responsibilities
Provide timely remote/physical access to infrastructure and relevant personnel.
Maintain environmental standards, Internet connectivity, power, and rack space.
Ensure end‑users follow acceptable use and security guidelines.
Keep licenses/subscriptions active; notify Swazzy of significant changes.
Report incidents promptly with steps to reproduce and impact details.
Designate a primary contact and an authorised approver for changes.
8. Change Management (CAB)
Request — Submit via HelpHub/ticketing with business justification.
Impact Assessment — Technical, security, risk, and downtime analysis.
Approval — Client approval required for high‑impact changes.
Implementation — Executed by authorised engineers, with back‑out plan.
Verification & Documentation — Post‑change checks; CMDB/update notes.
Change Advisory Board (CAB): For enterprise clients, Swazzy participates in or convenes a CAB to govern major changes and releases.
Urgent security patches may be expedited with notification to the Client POC.
9. Fees & Payments
Invoices are issued monthly in advance unless otherwise agreed.
Payment due within 7 days of invoice date.
Ad‑hoc/non‑standard work billed at prevailing rates upon approval.
Annual fee review with 30 days notice reflecting scope/third‑party costs.
Overdue balances may incur admin fees and/or service suspension.
10. Service Credit Policy
Where Swazzy fails to meet the Service Level targets below, the Client may request credits within 10 business days of the month‑end.
| Failure | Credit |
|---|
| P1 restoration exceeded by > 2 hours | 5% of monthly fee |
| P2 restoration exceeded by > 1 business day | 2% of monthly fee |
| P3 SLA breaches in a calendar month | 10% of monthly fee
|
Credits apply to the next billing cycle; they are a performance assurance (not liquidated damages).
11. Data Sovereignty & Privacy
Primary data residency in Australia or APP‑compliant jurisdictions; OAIC Notifiable Data Breach scheme supported.
Data at rest encrypted (AES‑256) and in transit (TLS 1.2+).
MFA enforced on support systems; least‑privilege access controls.
Access and audit logs maintained for compliance and investigations.
Sub‑processors bound by equivalent privacy and security obligations.
11A. Data Processing Addendum (GDPR)
Where Swazzy acts as a processor on behalf of a Client (controller), processing is governed by a DPA that meets GDPR Article 28 requirements, including subject matter and duration, nature and purpose, data types, categories of data subjects, and controller obligations and rights. Sub‑processors are bound by the same obligations.
12. Cybersecurity & Incident Response
Security controls align to ISO/IEC 27001 and NIST CSF; cyber hygiene aligned to Australia’s Essential Eight.
Zero‑Trust posture where feasible; MFA and least‑privilege enforced on support systems.
Ransomware Recovery Objective: For enrolled backup services, target restore‑point objective ≤ 4 hours.
Annual penetration test and annual security awareness training commitment.
Detection & Isolation — Immediate containment of affected systems.
Notification — Client POC informed within 1 hour of confirmation.
Triage & Forensics — Scope root cause, indicators of compromise.
Remediation & Recovery — Patch, restore, harden.
Post‑Incident Report — Delivered within 48 hours of resolution and including lessons learned.
Support for OAIC Notifiable Data Breach obligations available on request.
13. Confidentiality
Both parties must protect Confidential Information and use it solely for valid service delivery purposes. Swazzy ensures staff and contractors are bound by confidentiality obligations and appropriate vetting.
14. Intellectual Property
Client owns all Client data and pre‑existing assets. Swazzy retains ownership of tools, scripts, templates, and configurations created to deliver services unless otherwise agreed in writing. A non‑exclusive license is granted to operate such materials within the Client environment.
15. Warranties, Liability & Indemnity
Services delivered professionally and in good faith.
To the extent permitted by law, Swazzy is not liable for indirect or consequential loss.
Where liability cannot be excluded, it is limited to re‑supply of the service or the cost of re‑supply.
Swazzy maintains appropriate professional and cyber liability insurance.
Nothing in this Agreement limits rights under Australian Consumer Law.
15A. Dispute Resolution
Good‑faith negotiation between designated contacts.
Mediation by an agreed independent mediator.
Arbitration or court proceedings in Victoria, Australia.
15B. Benchmarking
Once every 12 months, either party may request a review of SLA competitiveness against comparable market offerings. Agreed improvements will be incorporated into the next version.
15C. Talent & Vetting
Engineers hold relevant certifications (e.g., Microsoft, Cisco, Ubiquiti) and role‑appropriate training.
All personnel are background‑checked and bound by confidentiality.
Ongoing professional development and minimum annual training hours.
15D. Optional Schedules
Schedule A – Extended Hours (24×7)
Schedule B – On‑site Response SLAs
Schedule C – Cloud Backup & Disaster Recovery
Schedule D – Vendor Management
Schedule E – Data Protection Impact Assessment Template
15E. Innovation & Technology Roadmap
Annual strategic review covering automation, AIOps, and cloud optimisation.
Client participation in roadmap workshops and proof‑of‑concepts where relevant.
16. Term, Renewal & Termination
Agreement is ongoing unless terminated with 30 days written notice.
Either party may terminate for material breach not remedied within 7 days.
Swazzy may suspend service for non‑payment or security risk.
Upon termination, Swazzy will return access credentials and provide handover support as agreed.
17. Sustainability & ESG
Swazzy supports carbon‑offset and community initiatives through the Leaders of Change Foundation and related programs. We prioritise efficient, sustainable operations and responsible procurement.
18. Continuous Improvement
Quarterly SLA performance reviews and service optimisation plans.
Feedback loops via HelpHub CSAT and governance meetings.
Automation-first mindset; ongoing staff certification.
20. Governing Law & Notices
Governing law: Victoria, Australia. Notices must be in writing and sent to the designated contact emails above; deemed received next business day.
Swazzy Pty Ltd ·
ABN 29 897 020 065
Level 4, 459 Church Street, Richmond VIC 3121
1300 792 999
Version Control
| Version | Date | Author | Notes |
|---|
| 1.1 | 01/01/2023 | Swazzy Pty Ltd | Expanded ITMA incl. service credits, change mgmt, data sovereignty, cybersecurity, ESG. |
| 1.0 | 01/12/2022 | Swazzy Pty Ltd | Initial public release.
|
Related Articles
Swazzy Retail Support Bundles — Service Level Agreement (SLA)
1) Overview & Eligibility The Retail Support Bundles provide 24/7 unlimited onsite & remote IT support for retail stores, priced per store. Bundles are designed for customers taking internet, phone, and related services through Swazzy. If a store ...
Service Level Agreements (SLA) & Customer Communication at Swazzy
Effective Customer Service Through Clear & Timely Communication At Swazzy, we are committed to delivering exceptional service across all areas of our business, whether it be IT Support, Accounts & Billing, or any other department. A critical part of ...
Tools & Resources for Swazzy’s Team
? What Do We Mean by "Tools & Resources"? For Swazzy, tools and resources are the essential apps, platforms, and reference materials that enable our support technicians to deliver fast, accurate, and professional customer service. Tools → The actual ...
Swazzy Style Guide for Customer Communications
? Purpose To ensure all communication with customers is professional, consistent, and representative of Swazzy as a team, not individual technicians. 1. General Principles Always respond as Swazzy, not as an individual. Keep language clear, simple, ...
Responding to Support Tickets
✅ Best Practices Be Direct and Clear Use simple, customer-friendly language. Avoid jargon unless you explain it. Use Step-by-Step Instructions Break down actions into numbered steps or short bullet points. Each step should be easy to follow without ...