Skip to main content

Service Level Commitments

Effective Date: May 4, 2026 Last Updated: May 4, 2026

This page describes our availability targets, maintenance practices, and support expectations for the ConcertoGRC platform. These commitments apply to the production environment at app.concertogrc.com.

Availability Target

We target 99.9% monthly uptime for the ConcertoGRC production environment, measured as:

Uptime % = ((Total minutes in month - Downtime minutes) / Total minutes in month) x 100

This equates to approximately 43 minutes of allowable downtime per month.

What Counts as Downtime

Downtime is defined as a period where the Platform is materially unavailable to all users. Specifically:

  • The application returns HTTP 5xx errors for more than 5 consecutive minutes
  • Users cannot authenticate or access core platform functionality
  • Data loss or corruption affecting customer records

What Does Not Count as Downtime

  • Scheduled maintenance -- Planned maintenance windows communicated at least 48 hours in advance
  • Force majeure -- Events beyond our reasonable control (natural disasters, widespread internet outages, DNS provider outages, AWS regional failures)
  • Customer-caused issues -- Problems resulting from customer's network, browser, integrations, or misuse
  • Third-party integration outages -- Downtime of connected services (identity providers, MDM providers, external scanning infrastructure)
  • Non-production environments -- Staging and development environments are not covered

Scheduled Maintenance

  • Maintenance windows -- We schedule maintenance during low-usage periods, typically weekday evenings or weekends (US Eastern time)
  • Advance notice -- At least 48 hours for routine maintenance; at least 7 days for maintenance expected to cause extended downtime
  • Zero-downtime deployments -- Most deployments are performed with zero downtime using rolling ECS Fargate deployments. Database migrations that require downtime are rare and communicated separately.
  • Emergency maintenance -- Critical security patches or data integrity fixes may be applied immediately with notification as soon as practical

Incident Response

Severity Levels

SeverityDefinitionResponse TargetUpdate Frequency
CriticalPlatform completely unavailable or data integrity at risk1 hourEvery 30 minutes
HighMajor feature unavailable, no workaround4 hoursEvery 2 hours
MediumFeature degraded, workaround available1 business dayDaily
LowMinor issue, cosmetic, or enhancement request3 business daysAs resolved

Incident Communication

During incidents, we communicate through:

  • Email -- Direct notification to affected organization administrators
  • In-app notification -- Banner alerts within the Platform when applicable
  • Status updates -- Regular updates until resolution, followed by a post-incident summary for Critical and High severity incidents

Support

Support Channels

ChannelAvailability
In-app support tickets24/7 submission; response during business hours
Email (support@concertocompliance.com)24/7 submission; response during business hours

Business hours are Monday through Friday, 9:00 AM to 6:00 PM US Eastern, excluding US federal holidays.

Support Scope

Support covers:

  • Platform functionality questions and guidance
  • Bug reports and issue investigation
  • Account and access management assistance
  • Integration configuration help
  • Data export assistance

Support does not cover:

  • Compliance consulting or advisory services
  • Custom development or feature requests (these are tracked as product feedback)
  • Third-party integration issues outside our control
  • Training on compliance frameworks themselves

Data Durability

  • Database backups -- Automated daily snapshots with point-in-time recovery
  • File storage -- Amazon S3 with 99.999999999% (11 nines) durability
  • No single point of failure -- Application runs on managed serverless infrastructure (ECS Fargate) with automatic recovery

Monitoring

We continuously monitor the Platform using:

  • Health checks -- Automated endpoint monitoring with alerting
  • Infrastructure metrics -- CPU, memory, database connections, response times
  • Error tracking -- Real-time application error detection and alerting
  • Log analysis -- Centralized logging for incident investigation

Limitations

These service level commitments represent our operational targets and best efforts. They do not constitute a guarantee or warranty. Formal SLA terms with financial remedies (service credits) are available as part of enterprise agreements. Contact sales@concertocompliance.com for details.