The Common Web Platform agreement includes services and service levels, to manage your website.

CWP Service Level Agreement

Service Levels are guarantees around what an agency can expect from the Common Web Platform (CWP). The CWP has agreed service levels that SilverStripe must meet in the contract. If any of the service levels are not met, SilverStripe will provide service level credits, meaning a reduction in the following month’s invoice. This system provides a financial incentive for SilverStripe to deliver a quality service.

SilverStripe is responsible for monitoring service levels, and reporting to the agency if they have not been met.

Overview

Agencies need to refer to the Service Catalogue (external link)  for a precise definition of service levels, as the measures and exceptions are rather detailed. Contact us if you need access to this document. A summary is shown here to provide an overview. 

SL No.

Service Level - Simplified Description

Simplified Measure

SL1

Time taken from a signed contract to the Service Desk being ready for an agency (which can then be used to request new websites)

3 business days

SL2

Time taken for a new instance (website) being requested until it is ready

3 business days

SL3

Website availability (uptime)

99.7% per month (exceptions exist)

SL4

Content Management System availability (uptime)

99.7% per month (exceptions exist)

SL5

Backups: Time between requesting a backup and commencement of restoration.

4 hours after media available

SL6

Backup: Maximum time since last successful backup, known as Recovery Point Objective (RPO).

28 hours

SL7

Time taken to restore a website which is protected by the optional ‘Passive Disaster Recovery’ service, following an incident, known as Return to Operation (RTO).

< 20 hours following incident

SL8

Where a website is protected by the optional ‘Passive Disaster Recovery’ service, the maximum amount of time before data is copied off-site. This represents the level of potential data loss should the site be recovered following an incident (RPO).

< 5 minutes

SL9

Time taken to restore a website which is protected by the optional ‘Active Disaster Recovery’ service, following an incident (RTO).

< 4 hours following incident

SL10

Where a website is protected by the optional  ‘Active Disaster Recovery’ service, the maximum amount of time before data is copied off-site. This represents the level of potential data loss should the site be recovered following an incident (RPO).

< 5 minutes

SL11

Length of time between an incident being raised by an agency (via online means) and when acknowledgement occurs

P1, P2 priority: < 60 mins (during business hrs)

P3, P4 priority: < 8 business hrs

SL12

Length of time between an incident being raised by an agency (via telephone) and when acknowledgement occurs

P1, P2 priority: < 15 mins

P3, P4 priority: < 8 business hrs

SL13

Length of time between an automatic outage system being triggered and the relevant agency receiving notice of the outage

< 30 minutes

SL14

Length of time between an incident being identified and a temporary solution (“workaround”) operating.

P1: < 30 minutes

P2: < 120 minutes (exceptions exist)

Not applicable to P3 and P4.

SL15

Length of time between an incident being raised by an agency and work on solving the issue has commenced.

P1: < 30 minutes (24x7)

P2: < 120 mins (during business hours)

Not applicable to P3 and P4.

SL16

Length of time between an incident being identified and when initial diagnosis is complete.

Twice the timeframes in SL15.

SL17

Length of time between an incident being identified and work on solving the issue has satisfactorily completed.

P1: < 120 minutes (24x7)

P2: < 6 hours (during business hours)

Not applicable to P3 and P4.

Calculating service level credits

SilverStripe will calculate the credits that apply and include these in an agency’s monthly invoice. The calculation is described in detail in the contract, but in simple terms:

  • The credit pool is the maximum that can be paid. This is 40% of the monthly fee
  • Each service level has a weighting. For example SL3 (website uptime) has a weighting of 60%. The credit for failing to meet that service level would be Monthly Fee ($) x 0.6 x 0.4 = Service Level Credit ($)
  • If more than one service level has been missed, the amounts are summed, up to the credit pool maximum

Service level credits do not apply if the agency has caused the problem. For example, if third party developers released code that took the site offline.

Reviewing code quality

Agencies can request SilverStripe to review code written by their suppliers or internal teams. This is a general quality check. The service is charged as a CWP professional service and added as a line item to the agency’s monthly invoice.

The review covers the following:

  • Alignment with SilverStripe coding conventions
  • Appropriate use of the architecture and tools offered by the Common Web Platform
  • Obvious performance deficiencies (We can carry out more detailed application performance analysis beyond code review, if requested)
  • Obvious security vulnerabilities
  • Sufficient coverage of unit tests
  • Sufficient user (business) and technical (developer) documentation
  • Use of undesirable APIs (eg obsolete APIs, direct SQL access, etc.)
  • Correct use of front-end markup (HTML, CSS, JavaScript) 
  • Other general best practices, as and where identified

Agencies can request the greater emphasis be placed on certain areas, or that certain items be omitted (for example, if front-end markup had already been reviewed by another party).

SilverStripe provides a written report and a question & answer session. The agency decides on what actions need to be taken. They can request SilverStripe to resolve issues, at an additional charge.

Module or extension warranties

Agencies often create custom modules to integrate with other systems, or to add new functionality. If these are not coded carefully, they can be difficult to upgrade, preventing agencies from keeping their Content Management System (CMS) patched and up to date. Designing and coding quality modules adds value to CWP and improves sharing between agencies.

The module warranty is an extension of the code review service. An agency can request SilverStripe to conduct a more detailed review of a particular module or extension, taking the same approach as the code review. The difference is that future releases of the CMS will not introduce bugs into the warranted code. If changes are needed to the core platform or module to maintain a working solution, this will be done at SilverStripe’s cost. The list of warranted modules is described at Supported Code.

The warranty shall apply to point releases (e.g. 3.1.0 to 3.1.1) and to minor releases (3.1.0 to 3.2.0) but not major releases (3.1.0 to 4.0.0). The warranty is given to a specific version of your code. Thus, if you change your code, the warranty does not apply and the changes would need to be retested. Retesting changed code is likely to be quick and affordable, with less work involved than the initial review.

The co-funded development pool

The co-funded development pool enables the creation of new features, modules and themes for the CMS. It supports both the ongoing relevance of the platform, and supports agencies using the platform to receive long term value.

How does the pool grow?

Included in the CWP fee is a monthly contribution to the pool. SilverStripe contributes an hour for each hour the agency contributes. A small instance contributes 2 hours, a medium 4 hours and a large instance 6 hours. Custom instances contribute at a rate of the closest sized instance.

What can the pooled be used for?

Anything that is beneficial to a cross-section of participating agencies. For example:

  1. New features and templates
  2. Enhancements and fixes to the SilverStripe CMS
  3. Taking modules developed by agencies and making them CWP supported modules

Read more about how the co-funded development is managed >>

Patching and upgrades

The Common Web Platform (CWP) team regularly patches and upgrades software running your website, to guard against security vulnerabilities, and prevent software from becoming unsupported.

This includes the operating system and software running on servers, and shared systems such as search, firewalls, caches, service desk, the code repository (GitLab (external link) (external link) ), and the deployment tools.

This does not include upgrades to your content management system. These are normally performed by your development team, who know how your website has been built and customised. If for some reason you you require the CWP team to apply an upgrade, raise a ticket on the service desk.

Read more about patching, upgrades and change management >>

Releasing new versions of the CWP recipe

SilverStripe releases new versions of the CMS and supported modules. These releases occur four times a year, in: February, May, August and November. The contents of a new release may come from the Co-Funded Development Pool, the open source community, developments within SilverStripe or in response to a reported security threat.

Read more about how releases are managed >>

Requesting services outside of the CWP agreement

Agencies can request support from SilverStripe for other services. Simple requests are covered by the acceptable use clause. Other tasks are charged on time and materials. For larger tasks, the CWP Statement of Work is used to agree the cost and scope. The services are charged at the professional services rate in the CWP agreement.

Last modified: