Data Center Services

Appendix 3

Service Description (SD)

Data Center Services

Document no. I-B-VG-005

Document name Anhang3_DatacenterSD.doc

Version/Date Version 1.3, October 20, 2011

Classification PUBLIC

Written by Roman Pfund

Release date 10/20/2011

Released by Management Board

Valid from 10/20/2011

Valid until Until revoked

Applies to Data Center Services

Responsible Information Security Officer ISO

Key words Service Description

Short description Description of all services to be provided by Green

Contents

Contents

1 Service Description

1.1 Power supply

1.2 Fire alarm system and fire extinguishing system

1.3 Cooling systems

1.4 Raised flooring

1.5 Security

1.5.1 Physical security zones

1.5.2 Periphery/property borders 1.5.3 Property 1.5.4 Building shell 1.5.5 Building interior 1.6 Storage 1.7 Forbidden materials 1.8 Electrical hazards 1.9 Compliance

1.10 Card-based access protection around the clock

1.11 Video surveillance

1.12 Intrusion detectors

1.13 Water detectors

1.14 Maintenance and fail-safe tests

1.15 Backbone connections

1.16 Customer Care Center

1.17 Service matrix

1.18 Pricing

1.18.1 Model

Page 1

Service Description

1.1 Power supply

All data centers have redundant power supplies in two separate electrical circuits. The electrical circuits are separately supported by uninterruptible power supplies. Backup batteries and diesel generators ensure the power supply over several days.

Requirements for Customer installations

Power feed: Redundant power feed to the individual racks. The Customer is personally responsible for the correct and redundant connection of equipment to the electrical circuit.

Power load Location Standard power load Maximum power load (optional) Zurich West Lupfig 1.5 kW/sq m 2.5 kW/sq m

Zurich North 1.5 kW/sq m 1.5 kW/sq m

Zurich Letzigraben 1.0 kW/sq m 1.0 kW/sq m

Brugg 1.0 kW/sq m 1.0 kW/sq m

1.2 Fire alarm system and fire extinguishing system

Smoke and fire alarm systems are installed in all green.ch data centers and are directly

connected to local fire stations. Our data centers are equipped with gas-based fire extinguishing systems.

Requirements for Customer installations

No combustible materials, such as packaging materials, etc. are to be stored in the data center zone. Metal cabinets are offered for storing spare parts, tools, etc.

1.3 Cooling systems

Three Green Datacenter AG data centers are equipped with redundant cooling systems. These systems may not be available at some smaller locations, but the air flow at these locations is also carefully controlled to minimize the risk of overheating.

Requirements for Customer installations

For optimal cooling and a low PUE, all IT equipment must be operated in a cold aisle. The cold aisle must have self-closing doors that prevent the doors from being unintentionally left open. Failure to observe this requirement will result in PUE values that are higher than average.

1.4 Raised flooring

As a rule, the data centers are equipped with electrically grounded, anti-static raised flooring.

Requirements for the Customer

For safety reasons, the raised flooring cannot be opened by the Customer. Opening of raised flooring must be announced in advance.

Load: The surface loading of the raised flooring may not exceed 1,000 kg/square meter. During installation, proper framework should be used to distribute the weight (the load caused by cable trays, etc. that we have installed is already taken into consideration in this weight requirement). Goods transported on pallets should not exceed 400 kg. If the goods are heavier than this, transporting plates must be laid out on the floors.

1.5 Security

Data is only as secure as the hardware on which it is stored and only as secure as the location where the hardware is operated. This is why Swiss Green Datacenter AG data centers are operated solely in Switzerland and guarantee customers the best security and data protection standards in line with Swiss data protection laws as well as national and international standards such as ISO 27001. Green Datacenter AG also ensures the physical security of all their equipment in their Swiss data centers.

Requirements for the Customer

Page 3 1.5.1 Physical security zones

In accordance with the intrusion prevention concept, five (5) physical security zones have been defined.

Security zone Description

Zone 0: public area Zone 0 includes nearby publicly accessible peripheral areas

outside the Green Datacenter AG building, such as parking areas, sidewalks, etc.

Zone 1: semi-public area Zone 1 includes the main entrance, the cafeteria, parking

garages, conference rooms, etc. that are easy to access.

Zone 2: staff area Zone 2 generally includes all Green Datacenter AG offices.

Zone 3: high-security area Zone 3 includes all rooms which need higher security

requirements with respect to data security, such as archives and rooms where strictly confidential documents are stored. This can include safes, closets, cupboards, and cabinets if Confidential Information is stored in them.

Zone 4: top security area Zone 4 includes all rooms assigned to the data center and all

rooms that are of vital importance to the operation of the data center (e.g. rooms containing technical systems).

The boundaries between the security zones are as follows: 1.5.2 Periphery/property borders

The periphery and property borders form the external boundaries for security level 0. 1.5.3 Property

The properties on which our buildings are located belong explicitly to security zone 0. 1.5.4 Building shell

The outer cell of the building, including all openings such as windows and doors make up the boundary between security zone 1 (semi-public area) and security zone 2 (staff area). In special cases, the building shell can belong to security zone 3 or 4. In this case, windows are expressly forbidden.

1.5.5 Building interior

The interior of the building belongs to security zones 1 to 4 depending on the purpose. Data centers, with the exception of the entry foyer, belong to security zone 4.

1.6 Storage

Green Datacenter AG data centers may not be used to store any materials or unused equipment. Fire prevention regulations expressly forbid the temporary or permanent storage of materials where they could hinder access to exits. This includes the aisles between the racks.

1.7 Forbidden materials

The Customer may not bring dangerous or forbidden materials into a Green Datacenter AG data center. This includes explosives, all sources of fire, food and drink, animals, cartons, and any other materials that could have a negative effect on the data center systems.

All equipment must be unpacked before it is brought into the data center. It is the Customer’s responsibility to remove all waste products associated with the Customer’s equipment (waste can be disposed of by Green Datacenter AG for a charge). No easily inflammable materials, such as paper, may be left in the rack.

1.8 Electrical hazards

The Customer must implement all precautionary measures required for electrical hazards. This includes wearing suitable antistatic clothing, not touching the racks or other customers’ equipment, not entering the data center with wet shoes, and other appropriate safety precautions.

1.9 Compliance

The services provided by Green Datacenter AG data centers meet the requirements of ISO 27001 and customer requirements with respect to outsourcing of business areas within the banking sector (FINMA circular 08/7). Green Datacenter AG will continue to comply with today’s and tomorrow’s standards through regular audits and by obtaining new certifications in order to provide customers the best data center space in Switzerland.

1.10 Card-based access protection around the clock

Access to the data center is solely possible using an electronic key card issued by Green

Datacenter AG. These cards can be disabled at anytime if necessary. The Zurich West and Zurich North data centers have extra biometric access protection (hand vein scanners).

1.11 Video surveillance

Our facilities have permanent remote surveillance. Strategically mounted cameras monitor key locations such as entrances and critical infrastructures to ensure the security of your equipment. Images recorded by the surveillance cameras are stored in accordance with existing data

protection standards and can be viewed by the Customer under justified circumstances.

1.12 Intrusion detectors

Our data centers are equipped with intrusion detectors that are connected directly to the operation center network and the security service.

1.13 Water detectors

Our data centers are equipped with leak detectors that monitor the floor and go off before water reaches electrical or data cables.

Page 5 1.14 Maintenance and fail-safe tests

In accordance with existing standards, Green Datacenter AG carries out maintenance and fail-safe tests for all electrical circuits, air conditioning systems, fire alarm and fire extinguishing systems, intrusion and water detection systems.

1.15 Backbone connections

Our data centers offer all redundant multi-carrier uplinks. The Customer can select from the 15 international carriers who currently provide the connections.

1.16 Customer Care Center

Members of our highly qualified, multilingual support team are available to answer your support and administrative questions at +43 56 460 23 43 or via the online ticket system at

www.green.ch/support.

Support is available from 08:00 to 17:30 (CET) from Monday to Friday (except holidays) – the Business Support Team is the first contact for all questions related to sales. Problems that cannot be solved by the Support Team will be escalated to the responsible technical or business

1.17 Service matrix

The following service matrix defines the services included in the scope of services and the services for which extra fees will be charged.

Included services

Service Cost included in

base service

Cost not included in base service/additional charge

Handover and recording of Data Center Services

Yes n.a.

Handover and recording of installation Yes n.a.

Guest access Yes n.a.

Receipt of goods during business hours at the goods receipt point

Yes n.a.

Receipt of smaller goods at the reception desk in the entry area

Yes n.a.

Incident report Yes n.a.

Management of emergency measures

(infrastructure) Yes n.a.

Problem management /

escalation management Yes n.a.

Energy management (max. power per

square meter) Yes – definition guidelines n.a.

Physical security guidelines Yes n.a.

Space management Yes n.a.

Level III data center Yes n.a.

Air conditioning / cooling Yes Cold-aisle enclosure is included

in the cost of implementation

Regular power consumption reports Yes n.a.

Annual security audit (ISO 27001) Inspection of

basic infrastructure up to 4 hours/year included Inspection of execution-specific infrastructure (4 hours/year) included if Green Datacenter AG places the execution order

Not included services

Service Cost included in

base service Cost not included in base service/additional charge

Access badge No CHF 180.00/badge

Receipt of goods outside goods receipt point business hours

No CHF 200.00/hour

Storage of goods No CHF 2.50/day/square meter

Waste disposal fee for packaging No CHF 180.00/cubic meter

Waste disposal fee, e.g., for

styrofoam, wood, or plastic No CHF 220.00/cubic meter

Waste disposal fee for electrical material

No CHF 190.00/100 kg

Cleaning No CHF 7.00/month/square meter

Customer-specific reports No Customer-specific reports as

Page 7 1.18 Pricing

1.18.1 Model

Our pricing was set up so that we can offer you exactly what you need and so that you do not have to pay for unused options.

Location:

Our server hosting offers customers a choice of a 1/4, 1/2, or 1/1 rack and shared rack space. 1/4 racks are not available at all locations.

1.18.2 Invoicing

All fees are made up of a one-time fee (NRC, non-recurring charge), regular monthly fees (MRC,

monthly recurring charge), and costs based on consumption (e.g. power). The one-time fees

are due after the service has been provided, the monthly fees are due three months in advance. Costs based on consumption are invoiced monthly after the fact.

Credit for Green Datacenter AG downtime Prerequisites

- To obtain a credit, the Customer must

- send a written request for credit within 30 days after the end of the month in which the guaranteed service level was not achieved.

Amount and restrictions

- All customer claims resulting from Green Datacenter AG not being able to provide the guaranteed level of service as agreed in the SLA will be paid to the Customer in the form of a credit against future fees. All credits are location-specific. A credit always applies solely to the month in which the related trouble ticket was opened. - Green Datacenter AG is not obliged to give the Customer a credit for not achieving the guaranteed level of service at a certain location in a specific calendar month if the credit exceeds 40% of the MRC for this location and month. Each credit is based on the MRC fees and the payment amounts are defined in the respective SLA. All MRCs for add-on services and additional services are excluded.

- Green Datacenter AG will issue the Customer a credit in the form of a written credit note. It is not permitted to omit payment of a regular invoice or to reduce the invoice amount without a written Green Datacenter AG credit note.