Fair Isaac SaaS Services Policy

The terms of this Fair Isaac SaaS Services Policy, including the Service Level Agreement, Information Security Agreement and Data Processing Addendum which are incorporated herein by this reference (collectively, the “SaaS Policy”), apply to Fair Isaac Products and service offerings provided through SaaS Services.

1. Definitions. In the SaaS Policy the following terms have the meanings indicated below, unless otherwise defined in the Attachments referenced in or attached to this SaaS Policy.

“Agreement” means, collectively, the SaaS Subscription, the SaaS Policy, and the other written agreement(s) to which the SaaS Subscription has expressly been made subject.

“Authorized User” means an individual Client employee who uses the SaaS Service on behalf of Client and is bound by the obligations of confidentiality under the Agreement, and who has been issued a user identification number and user password by Client to use the SaaS Service.

“Client Data” means all data, including consumer records, customer information, purchase information and merchant information, that is submitted by or on behalf of Client to the SaaS Service, including Client Personal Data, De-Identified Data, Cardholder Data and other Client material and content.

“Client Vendor Offerings” means products and services related to accessed through (e.g., API connection), or used with the SaaS Service that are not provided through Fair Isaac, including but not limited to such products and services that are implementation, customization and other consulting services, or that are scores, records, reports, lists, files, databases, software, applications (both offline and online) and software-as-a-service offerings.

“Data Processing Addendum” or “DPA” means the Fair Isaac Data Processing Addendum located at https://www.fico.com/en/fair-isaac-data-processing-addendum (and any successor or related locations designated by Fair Isaac), as may be updated by Fair Isaac from time to time.

“Documentation” means Fair Isaac’s standard, generally available user guide and technical manuals for the SaaS Service, whether in printed or electronic form, as may be amended by Fair Isaac from time to time.

“Fair Isaac Product” means a generally available software, component, module, functionality or analytic product of Fair Isaac, including a Model, described in a SaaS Subscription and provided through the SaaS Service, but excluding all Third Party Products.

“Information Security Agreement” means the Fair Isaac Information Security Agreement located at https://www.fico.com/en/fair-isaac-information-security-agreement (and any successor or related locations designated by Fair Isaac), as may be updated by Fair Isaac from time to time.

“SaaS Service” means a service of Fair Isaac described in a SaaS Subscription to provide Client access to a Fair Isaac Product or other service offering of Fair Isaac through cloud-based services rather than on-premises installation. SaaS Service excludes Client Confidential Information, Client Data, Client Vendor Offerings and Third Party Products.

“SaaS Subscription” means the Order Form or other written agreement executed between the parties that expressly incorporates the terms of this SaaS Policy.

“Subscription Term” is the term defined in the applicable SaaS Subscription during which time Client is permitted to access and use the SaaS Service.

“Service Level Agreement” or “SLA” means the service levels and support for the SaaS Service pursuant to Attachment 1 (Fair Isaac Service Level Agreement), as may be updated by Fair Isaac from time to time.

“Territory” means the geographic region specified in the SaaS Subscription.

“Third Party Product” means the products or services of a third party that are incorporated within or provided by Fair Isaac for use with the SaaS Service, including such third party’s software, products, services, systems, databases, open source code, reports, lists, files or other materials.

2. License and Restrictions

2.1. SaaS Service. Subject to the terms and conditions of the Agreement, Fair Isaac hereby grants to Client during the Subscription Term a personal, non-exclusive, non-transferable, non-assignable, non-sublicenseable, limited license for Authorized Users to access and use the SaaS Service for Client’s own internal business purpose within the Territory for processing Client Data only, subject to Client’s compliance with all license terms, restrictions, limitations and other terms of the SaaS Subscription and with all applicable foreign, federal, state and local laws and regulations. Client’s use of the SaaS Service under the SaaS Subscription shall be further limited solely to the Permitted Use defined in such SaaS Subscription. Client agrees that its purchase of the SaaS Service is not contingent upon the delivery of any future functionality or features, nor is it dependent upon any oral or written public comments made by Fair Isaac with respect to future functionality or features.

2.2. Documentation. Subject to the terms and conditions of the Agreement, Fair Isaac hereby grants to Client during the Subscription Term a personal, non-exclusive, non-transferable, non-assignable, non-sublicenseable, limited license to display the Documentation in the Territory solely with Client’s permitted use of the SaaS Service, and subject to the same terms, conditions and restrictions that apply to the SaaS Service. Client may internally reproduce Documentation only to the extent permitted under the Agreement.

2.3. Use of the SaaS Service. Client is responsible for all Authorized User activities and Authorized User accounts. Client shall (i) have sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Client Data and other information submitted to the SaaS Service; (ii) use commercially reasonable efforts to prevent unauthorized access to, or use of, the SaaS Service, and notify Fair Isaac promptly of any such unauthorized access or use; (iii) comply with all applicable laws, rules and regulations in using the SaaS Service; (iv) be responsible for securing any Client systems used in conjunction with the SaaS Service; and (v) use the SaaS Service only in accordance with the Agreement. Fair Isaac reserves the right to audit Client’s use of the SaaS Service.

2.4. Client Responsibilities. Client and its Authorized Users, employees, representatives, and/or agents will not, with respect to the SaaS Service, Third Party Product and Documentation: (i) copy, reproduce, transmit or download all or any feature, design or graphic in them; (ii) access or use them in order to build a competitive solution or to assist a third party to build a competitive solution, or to load test them in order to test scalability or exceed the usage limits in the SaaS Subscription; (iii) incorporate them or any portion of them into any other product, service or material; (iv) transmit through them any unlawful, immoral, libelous, tortious, infringing, defamatory, false, threatening, vulgar, or obscene material or harmful to minors, or send spam or any other form of duplicative and unsolicited messages; (v) transmit to or through them material containing software viruses or other harmful or deleterious computer code, routines, files, scripts, agents, or programs that may damage, intercept or expropriate any data or system; (vi) interfere with or disrupt the integrity or performance of them or the data contained therein, such as performing any vulnerability assessment tests; (vii) attempt to gain unauthorized access, attempt to exceed an existing authorization, or allow any third party the user identification and/or password issued to Authorized Users; or (viii) transmit, send or process Personal Data in any Non-Production Environment. At all times, Client remains responsible for all Authorized Users and their use of the SaaS Service. A breach of the Agreement by any Authorized User shall be deemed a breach by Client hereunder.

2.5. Trial Usage. During any trial period granted by Fair Isaac to the Client, the Client will not, and will not permit its Authorized Users to, use any SaaS Service for any purpose other than the non-production purpose of evaluating whether to purchase access to the SaaS Service.

3. Service Level Agreement. Subject to the terms of the SaaS Subscription, Fair Isaac will provide the SaaS Services in accordance with the SLA. Client’s compliance with the terms of the SaaS Subscription and SLA is a condition to receiving the SLA and any Service Level Credit pursuant to the SLA. The SLA only applies to SaaS Services licensed under a SaaS Subscription, and to no other Fair Isaac products, services or deliverables. If Client fails to pay fees or does not comply with the license terms, conditions and restrictions, then Fair Isaac at its option may immediately suspend the SLA, until such failure or noncompliance has been cured. Such suspension is in addition to Fair Isaac termination rights under the Agreement and does not relieve Client of its payment obligations.

4. Warranty

4.1. SaaS Service. Fair Isaac warrants that the SaaS Service will function substantially in accordance with its Documentation during the Subscription Term. To assert a warranty claim, Client must report to Fair Isaac any breach of this warranty in writing within 30 days after the non-conformity occurs (along with all information available to Client that is relevant to verifying, diagnosing, or correcting the error). For any breach of this warranty, Client’s sole and exclusive remedy and Fair Isaac’s entire liability, shall be for Fair Isaac to use commercially reasonable efforts to materially correct the deficient SaaS Service that caused the breach of warranty.

4.2. Warranty Exclusions. The warranty above does not apply (i) if the SaaS Service is not used in accordance with the Agreement or its Documentation, including usage limits in the SaaS Subscription; (ii) if the non-conformity is caused by any third party product, service or materials; (iii) to any modification of the SaaS Service not performed by Fair Isaac; or (iv) to any third party software, product, service, system, database, open source code, reports, lists, files or other materials (including Third Party Products and Client Vendor Offerings), Client Data, or any combination of the foregoing. FAIR ISAAC DISCLAIMS ALL IMPLIED WARRANTIES, AND ALL FAILURES, DELAYS AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET OR CAUSED BY SYSTEMS NOT UNDER ITS CONTROL, AND FAIR ISAAC DOES NOT MAKE ANY WARRANTY OF ACCURACY, COMPLETENESS, TIMELINESS, OR UNINTERRUPTABILITY OF THE SAAS SERVICE. Fair Isaac shall not be responsible for loss of data processed, stored or transmitted on systems or networks not owned or operated by Fair Isaac, including but not limited to, telecommunications facilities and the Internet.

5. Fee Reports. In the event Fair Isaac requests information that is necessary for Fair Isaac to calculate or verify the Transaction Fees, then Client will send such information within the time specified in Fair Isaac’s request. Client is responsible for payment of all fees for any and all use, access, transmission and/or processing of the SaaS Service in all environments and phases, as well as additional costs for services or items requested by Client that are not included in the SaaS Service.

6. Client Data

6.1. Permitted Use. Client hereby grants to Fair Isaac a worldwide right and license during the Subscription Term to use, reproduce, distribute, transmit and make derivatives of the Client Data for (i) providing, metering and operation of the SaaS Service and SLA as contemplated under the Agreement; and (ii) hosting the Client Data at Data Centers. Client agrees that Fair Isaac may (a) compile statistical and other information in an aggregated or depersonalized form related to the performance, operation and use of the SaaS Service with respect to volume, size, scope and performance metrics, and (b) use such compiled information from the SaaS Service in an aggregated or depersonalized form for security and operations management, to create statistical analyses, and for research and development purposes (clauses (a) and (b) collectively referred to as “Service Analyses”). Fair Isaac may make Service Analyses publicly available, provided the Service Analyses will not incorporate Client Personal Data or any Client Confidential Information in a form that identifies Client or any individual. Fair Isaac retains all Intellectual Property Rights in the Service Analyses. Client also grants to Fair Isaac and its affiliates a perpetual, irrevocable, worldwide and royalty-free license to use Client Data in aggregated or depersonalized form for the provision, research and development of products and services of Fair Isaac and its affiliates, including, without limitation, for internal analytic, statistical, security, quality control and operations management purposes with respect to the SaaS Service. The license in the preceding sentence shall apply notwithstanding any other provision of the Agreement and shall survive the term of the Agreement. Subject to the limited license grants in this section, as between Client and Fair Isaac, Client is the sole and exclusive owner of all worldwide title, rights and interest in and to the Client Data.

6.2. Rights to Client Data. Client represents and warrants to Fair Isaac that Client (i) has sufficient rights in all Client Data to hold the Client Data and deliver it to Fair Isaac as required for the SaaS Service to be performed as contemplated in the Agreement; (ii) has obtained from all individuals and entities any required consents and authorizations, and has provided all required notices with respect to the collection, retention, disclosure and use of the Client Data as contemplated for the purposes of the Agreement that are required under applicable laws, rules and regulations, including but not limited to privacy rules and policies; and (iii) will only provide Client Data to Fair Isaac that (a) does not infringe or violate any Intellectual Property Rights, publicity, privacy, confidentiality, contractual or other rights, or any law, rule or regulation; and (b) is not defamatory, offensive, misleading, false, harmful to minors, or obscene.

6.3. Security and Data Protection. Fair Isaac has adopted and will maintain industry-standard administrative, physical and technical safeguards designed to protect the security, privacy and integrity of Client Data, as further described in the Information Security Agreement; and if the SaaS Service requires processing of Client Personal Data, then such SaaS Service is subject to and Client shall comply with the Information Security Agreement and the Data Processing Addendum. SaaS Services operate on servers controlled by Fair Isaac and are hosted on a single production platform within the Data Center. Subject to the parameters and design set forth by both Fair Isaac and the Data Center owner and controller: (i) all environments are provisioned in a multi-tenant configuration where there is logical separation on the shared infrastructure between Client Data compute and storage, and other Fair Isaac customers’ data, compute and storage; and (ii) the necessary steps for sufficient data segregation and security parameters are in place for Fair Isaac to perform its obligations.

6.4. Return or Deletion of Client Data. Subject to the Information Security Agreement and DPA, upon termination of the SaaS Service, Fair Isaac will provide Client an opportunity to download all Client Data at Client’s expense or Fair Isaac will return Client Data in a standard format that is currently used by Fair Isaac. If Client does not promptly notify Fair Isaac of its choice to download or request return of Client Data, then the Client Data will be destroyed as part of Fair Isaac’s normal data management process. Fair Isaac has no obligation under the Agreement to retain Client Data after termination of the SaaS Service. Client acknowledges that Client Data will be irretrievably deleted 30 days following expiration or termination of the SaaS Subscription, after which time Fair Isaac will have no obligation under the Agreement to provide or return any Client Data.

7. Client Responsibilities

7.1. Authorized Users. Client is responsible for (i) identifying and authenticating all Authorized Users; (ii) approving access by such Authorized Users to the SaaS Service; (iii) controlling against unauthorized access; and (iv) maintaining the confidentiality of all usernames, passwords and information contained within the SaaS Service. Client is responsible for all activities that occur under Client’s and all Authorized Users’ usernames and passwords, or as a result of any access to the SaaS Service. The Authorized User’s access and permission to use the SaaS Service on a named user basis (or user limit basis) cannot be shared or used by more than one individual person. If Client reassigns the authorization in its entirety to another Authorized User, the prior Authorized User’s access and permission to use the SaaS Service will automatically terminate. Client will change all passwords used to access the SaaS Service at regular intervals. If Client learns of an unauthorized third party having obtained knowledge of a password, Client will immediately inform Fair Isaac and promptly change the password.

7.2. Data Obligations. Unless the SaaS Service requires Client Personal Data, Client represents and warrants that all Client Data is and shall remain at all times De-Identified Data. Further, Client acknowledges and agrees that Fair Isaac has advised Client that Client must, to better ensure that protection of third-party privacy rights are observed, remove from all Client Data any data that personally identifies the consumer, person or entity (for example but not limited to, credit card numbers, names, addresses or social security numbers). In the event Client provides Client Personal Data to Fair Isaac where it is not required or permitted for the SaaS Service, Client (i) will promptly notify Fair Isaac in writing that such Client Personal Data has been transferred, and (ii) hereby authorizes Fair Isaac at Fair Isaac’s discretion to (a) de-identify the Client Personal Data, at Client’s expense, so that Fair Isaac may perform the SaaS Service or (b) immediately destroy or return to Client all such Client Personal Data. Fair Isaac is not obliged to modify or add to the Client Data, and Client has sole responsibility and liability for the accuracy, quality, integrity and legality of all Client Data. Client will not upload, input or provide any data that Client has not backed up, copied, archived or securely stored elsewhere. Fair Isaac is not liable or responsible for any lost data, including data that may be generated through use of the SaaS Service, such as models, reports, or resulting data obtained through analysis of Client Data.

7.3. Client Vendor Offerings. Client is and remains solely responsible for contracting for Client Vendor Offerings that may be used with the SaaS Service if permitted in accordance with its Documentation. Client agrees and acknowledges that Fair Isaac is not responsible and has no obligation for (i) procuring, providing or maintaining any Client Vendor Offering or contracting with any third party vendor, licensor or supplier; (ii) the unavailability, discontinuation, delivery or modification of any Client Vendor Offering; and (iii) the accuracy, completeness or compatibility of any Client Vendor Offering with the SaaS Service. Any exchange of data or other interaction between Client and the third party provider for such Client Vendor Offering is solely between Client and such third party provider. Data transmitted to Fair Isaac via a Client Vendor Offering is considered Client Data for the purposes of the SaaS Service offered under the SaaS Policy.

7.4. Consents and Compliance. Client certifies that it has and will (i) maintain all required and necessary contracts, licenses, rights, consents and permissions for all systems it utilizes with the SaaS Service, including Client Vendor Offerings; and (ii) use the SaaS Service and Client Vendor Offerings in compliance with all applicable laws, rules and regulations.

7.5. Use of Results and Indemnification. Client is solely responsible for results obtained from use of the SaaS Service and for conclusions drawn therefrom, and Client acknowledges that it is solely responsible for the selection of the SaaS Service to achieve Client’s intended results. Notwithstanding any limitation or restriction herein to the contrary, (i) Fair Isaac shall have no liability to Client, or to any other individual or entity, arising from or related to the output of the SaaS Service or Client’s use thereof, and (ii) Client shall defend, indemnify and hold harmless Fair Isaac and its affiliates, and their directors, officers, employees and agents, from and against any and all third party claims, demands and actions, and all losses, damages, liabilities, costs and expenses (including, without limitation, attorney fees and expenses), arising from or related to: (a) Client’s use of the SaaS Service, whether such use is authorized or unauthorized or in compliance with or violation of applicable laws; (b) Client Data or its use with the SaaS Service; or (c) any allegation that any information or materials the Client provides to Fair Isaac (“Client Materials”), or the use of Client Materials with the SaaS Service, infringes or misappropriates any third party’s Intellectual Property Rights. The foregoing Client indemnification shall not be subject to any limitation of liability or exclusion of damages provision set forth in the Agreement.

8. Suspension of SaaS Service. Client’s access to the SaaS Service is subject to payment of all applicable fees. If Client’s account is 30 days or more overdue, in addition to any of its other rights or remedies, Fair Isaac reserves the right to suspend the SaaS Service without liability to Client until such amounts are paid in full. If Client fails to comply with the license terms, conditions and/or restrictions herein, or, in Fair Isaac’s sole determination, the Client uses the SaaS Service in a manner that threatens the security, integrity or availability of the SaaS Service, Fair Isaac may immediately suspend the Client’s access to the SaaS Service until such failure, threat or breach has been cured. Any such suspension described in this section does not relieve Client of its payment obligations.

9. SaaS Policy Changes. The SaaS Policy is subject to change by Fair Isaac at any time by posting a revised version on the https://www.fico.com/en/legal website (“FICO Website”) or by otherwise providing written notice of such changes to Client. Any changes to the SaaS Policy, including changes to the SLA, Information Security Agreement and/or DPA will be in effect as of the “Last Updated” date referenced on the FICO Website or in the written notice, as applicable. Client has reviewed and assents to the SaaS Policy, and Client’s continued use of the SaaS Service after the “Last Updated” date shall constitute Client’s acceptance of and agreement to all such changes.

Attachment 1

Fair Isaac Service Level Agreement

Last Updated: February 18, 2025

This Fair Isaac Service Level Agreement (“SLA”) is a policy governing the SaaS Service purchased by Client under a SaaS Subscription, and this SLA may be updated by Fair Isaac from time to time. In the event of a conflict between the terms of this SLA and the terms of the agreements between Fair Isaac and Client governing use of the SaaS Service (collectively, “Agreement”), the terms and conditions of this SLA apply, but only to the extent of such conflict. Unless defined in this SLA, capitalized terms will have the same meanings stated in the SaaS Policy.

1. Definitions

“Available” or “Availability” means the SaaS Service is provisioned and available to be accessed.

“Business Day” means a day, a calendar day Monday through Friday, excluding holidays observed by Fair Isaac.

“Business Hours” means 8:00 am – 5:00 pm local time on a Business Day.

“Completed Restoration Time” means the time the SaaS Service is Available after a Disaster Declaration.

“Cooperation” means Client’s timely provision of assistance and access to necessary personnel and suitably configured Client systems, Client’s timely submission of complete and accurate data in an agreed-upon format, and Client’s timely furnishing of complete and accurate information and responses to Fair Isaac requests.

“Critical Patch” means an emergency security or operational patch or fix that Fair Isaac makes available to Client, which requires Client to immediately validate and deploy.

“Data Center” means any Fair Isaac data center, managed infrastructure at a Fair Isaac contracted third party service provider’s data center or other facility, where servers host the Fair Isaac Product for Client’s use of the SaaS Service.

“Disaster Declaration” means a written statement from Fair Isaac informing the Client that a disaster has been declared affecting the Availability of the SaaS Service.

“Disaster Recovery Plan” means the Fair Isaac plan to recover the SaaS Service in an alternate Data Center.

“Errors” means verified, reproducible, material malfunctions of the SaaS Service or any related Fair Isaac-supplied software that prevent the SaaS Service from performing pursuant to the applicable Documentation in any material respect.

“Force Majeure Event” means, in addition to the description of force majeure events described in the Agreement, any delay, error, failure, or interruption of performance due to any act of God, nature, terrorism, war, insurrection, riot, hostility, sabotage, boycott, strike or other labor or civil disturbance, interruption of power service, interruption of communications services, problems with the Internet, epidemic, pandemic, government restrictions (including the denial or cancellation of any export or other license), act of any other person not under the control or direction of Fair Isaac, or other similar cause.

“Non-Production Environment” means, depending on the SaaS Service licensed under the SaaS Subscription, the (i) lower platform, hardware and infrastructure environment provided by Fair Isaac for the SaaS Service, where such lower environment is used by Client solely for design, development and testing purposes; or (ii) stages within the provisioned single production platform provided to Client solely for purposes of designing, developing and testing of such SaaS Service. Non-Production Environment excludes all Production Environments and Production Use.

“Non-Production Use” means Client’s use of the SaaS Service in a Non-Production Environment.

“Notice of Production” means the written notification provided by Fair Isaac that states the SaaS Service is approved by Fair Isaac for Production Use in accordance with its Documentation.

“Outside Factors” means circumstances beyond Fair Isaac’s control, including without limitation: Client modifications, combinations with unauthorized software or hardware, misuse, any Force Majeure Event, general internet outages, failure of Client’s infrastructure or connectivity, computer and telecommunications failures and delays not within Fair Isaac’s control, delays or unavailability due to credit bureaus or other third parties, Client’s suppliers’ products and services, third party data providers or internet service providers, all Client Vendor Offerings, and network intrusions or denial-of-service attacks.

“Possible Available Uptime” means possible hours of SaaS Service Availability in the calendar month based on Standard Service Availability Hours minus all (i) Scheduled Maintenance and (ii) downtime related to Outside Factors for that month.

“Production Environment” means, depending on the SaaS Service licensed under the SaaS Subscription, the (i) platform, hardware and infrastructure environment or (ii) stage within the provisioned single production platform after design, development and testing stages are complete; that is made Available for Client’s primary business environment for “live” production use of the SaaS Service.

“Production Use” means Client’s use of the SaaS Service in a Production Environment.

“Scheduled Maintenance” collectively, means (i) every Sunday between 2:00 a.m. and 6:00 a.m. Central Time (or local time of the Amazon Web Services region) reserved for SaaS Service maintenance, updating and repair without notice to Client; (ii) additional times scheduled by Fair Isaac as reasonably necessary for SaaS Service security Updates, Upgrades, Critical Patches, maintenance, updating or repair, provided that Fair Isaac will use commercially reasonable efforts to minimize the effects of these times to its customers regular business operations; and (iii) all other times designated by Fair Isaac in advance when the SaaS Service will be unavailable.

“Standard Service Availability Hours” means time when the SaaS Service can be expected to be Available in the Production Environment, which is currently 24 hours per day, 7 days per week and excluding all Scheduled Maintenance.

“Support Hours” are the hours designated by Fair Isaac during which Fair Isaac’s support teams will be available to provide routine support pursuant to Section 3 of this SLA.

“Unscheduled Downtime” means any time during Standard Service Availability Hours when the SaaS Service is not Available for reasons other than Scheduled Maintenance or Outside Factors.

“Update” means a change to the SaaS Service (due to an update in the underlying Fair Isaac Product or other component of the SaaS Service) that is typically represented by a ‘right-of-dot’ change in the SaaS Service version identifier (e.g., from version 6.2 to version 6.3).

“Upgrade” means a significant change to the SaaS Service (due to an upgrade in the underlying Fair Isaac Product or other major component of the SaaS Service) that is typically represented by a ‘left-of-dot’ change in the SaaS Service version identifier (e.g., from version 6.3 to version 7.0).

“Uptime” means the time when the SaaS Service is operational in accordance with this SLA and its Documentation.

2. Environment

2.1. General. Client agrees and acknowledges that Fair Isaac is not responsible for delays or other problems caused by (i) Client’s failure to meet its obligations under the SaaS Subscription or the SaaS Policy (including but not limited to applicable license restrictions, data storage and processing limitations); or (ii) any Outside Factor. Prior to the Notice of Production, the Production Environment is not Available and accordingly no Service Level Credit applies. In addition, this SLA does not apply to any SaaS Service during any evaluation period, proof of concept or other testing engagement. Client agrees that the SaaS Services are not restricted by Client’s specific restrictions placed on data centers, service providers of Fair Isaac, technical architecture or any product roadmap.

2.2. Client Platform. Client will maintain a high-speed Internet connection, hardware, software (including Internet browser software), environment and systems that are compatible with the SaaS Service (“Client Platform”) and any other requirements stated in the SaaS Subscription and/or Documentation. Fair Isaac is not responsible for the operation or support of the Client Platform, in whole or in part.

2.3. Updates and Upgrades to the FICO Platform Environment. This section applies if the Client has purchased SaaS Services under the FICO Platform Solution SaaS Subscription or the SaaS Services otherwise require the FICO Platform environment. Client agrees and acknowledges that (i) Fair Isaac regularly maintains and makes Upgrades and Updates to the FICO Platform environment and the Fair Isaac Product underlying the SaaS Service pursuant to this SLA; (ii) the SaaS Service is continually evolving, and some changes will occur automatically (e.g., FICO Platform updates); and (iii) while Fair Isaac strives to minimize the impact of changes on its SaaS Service customers, certain changes may require Client to update the Client Platform in order to make effective use of the FICO Platform environment and the related SaaS Service (e.g., use a more current version of a compatible Internet browser).

3. Standard Support

3.1. Support Requests. Fair Isaac will provide Client with general support and access to knowledgeable personnel. Questions and issues related to the SaaS Service will be addressed during Support Hours, which may differ from Standard Service Availability Hours. Fair Isaac uses a follow-the-sun support model. Client will contact Fair Isaac Service Operations Support at the contact information provided by Fair Isaac (“Support Request”) and Fair Isaac will log Client’s Support Request to begin support pursuant to this SLA. Client must submit the Support Request no later than 30 days after becoming aware of an issue with the SaaS Service.

3.2. Errors. Fair Isaac will use commercially reasonable efforts to resolve Errors in a manner consistent with the requirements of this SLA. If Fair Isaac determines that the Support Request is not the result of an Error, Fair Isaac will promptly report that determination to Client. Resolution of issues caused by Outside Factors or which are not the result of Errors, are not covered under this SLA and Fair Isaac reserves the right to charge for any services performed to diagnose or repair these types of issues.

3.3. Severity Levels and Response Times. Upon receipt of the Support Request, Fair Isaac will acknowledge the request by issuing a confirmation to Client by phone or email and then assigning a severity level and target an estimated response time as follows:

3.4. Reports. The initial post incident review report (“PIR Report”) will be published within approximately 3 Business Days after the closing of any Severity 1 or 2 issue. This PIR Report includes details of the known facts of what occurred, the begin time, reported time, resolved time, end time, and actions being taken to prevent further occurrences. On an exception basis, the PIR Report will be updated when new information is forthcoming through the use of an interim PIR Report. An initial root cause analysis report (“RCA Report”) will be published for Severity 1 incidents after Fair Isaac identifies the root cause and establishes the remediation requirements. Timing and availability of all reports are dependent on Client’s input and Cooperation and subsequent investigations being completed by Fair Isaac.

4. Requirements

4.1. Client’s Obligations Relating to Support Requests. Fair Isaac’s ability to address and resolve Errors in accordance with Section 3.3 is conditioned on Client providing all information and general Cooperation and which Fair Isaac deems necessary to respond to the Support Request, including but not limited to Client (i) designating the primary and secondary liaisons who each have been trained on the SaaS Service; (ii) providing all necessary after-hours contact information for these individual liaisons; (iii) causing all Support Requests to be centralized through the primary and secondary liaisons; (iv) submitting all support requests pursuant to Section 3.1; (v) using reasonable efforts to diagnose and resolve problems in the operation of Client’s interface to the SaaS Service before contacting Fair Isaac for support; (vi) confirming that the reported issues are due to a malfunction of the SaaS Service; (vii) consulting with the Documentation before contacting Fair Isaac for support; and (viii) complying with the requirements in Section 3.1 and Section 4.2.

4.2. Upgrades and Updates to the SaaS Service. Fair Isaac will make available under this SLA Updates and Upgrades (or other changes) to the SaaS Service that it makes generally available to all customers that subscribe to the same SaaS Service. Certain SaaS Service feature, enhancement or new functionality may be delivered through a new Update, Upgrade or other change that is not included in the foregoing and shall only be effective if and when Client and Fair Isaac execute a written amendment to the SaaS Subscription providing for such feature, enhancement or new functionality for an additional fee. Fair Isaac will only support the current version and the immediate prior released Update of the SaaS Service. If Client fails to install, implement or adhere to Fair Isaac’s Upgrade, Update, or other change schedule, then Client agrees and acknowledges that the SaaS Service and support will not meet the terms under this SLA.  Client is solely responsible for (i) maintenance of the Client workstations and Client Platform to both be compatible with the SaaS Service Upgrade, Update or other change; (ii) validation of all Client customizations to utilize the SaaS Service licensed to Client (e.g., changes to UI, web services integration, workflow or orchestration) unless Client has provided full automation testing of such changes to Fair Isaac and Fair Isaac has approved of such in writing; and (iii) completing all validation and propagation within 30 days (or shorter time if related to security or other time set forth in Fair Isaac’s advance notification) following Fair Isaac’s notification of the availability of the Upgrade, Update or other change. Subject to the provisions in this section, Fair Isaac shall provide a SaaS Service environment for purposes of validating and propagating the Upgrade, Update or other change.

5. Exclusions

If Client requests services that are not stated above in Sections 2-4, then such service is outside the scope of this SLA. Subject to availability of Fair Isaac resources and upon execution of a written agreement between the parties, Fair Isaac may provide and Client will pay for additional services on a time-and-expenses basis at Fair Isaac’s then-current rates. The following are examples of services outside the scope of Fair Isaac’s obligations under this SLA:

(a) Requests for support outside of Support Hours for reasons other than Severity 1 or Severity 2 issues.

(b) Support that becomes necessary due to failure of computer hardware, equipment, networks (including but not limited to the Internet) or programs not provided by Fair Isaac; negligence or breach of contract by Client or any third party; error by Client in operation of the SaaS Service; improper modification or use of hardware or software by Client; changes to Client Platform; or any problem not solely attributable to the SaaS Service.

(c) Maintenance and support of hardware, software programs or data connections owned, operated, or developed by Client or a third party that interface with the SaaS Service.

(d) Development, customization, installation, integration, consulting, training and other types of services.

(e) Deliverables, work product, derivatives, customizations, features, enhancements or any other materials resulting from professional services.

(f) Other types of services such as software support and maintenance services.

6. Service Level Standards; Credits

6.1. Expectations. Service level obligations under this SLA are subject to the scope and quantity limits, data requirements, exclusions, and other restrictions set forth in the applicable SaaS Subscription and SaaS Policy (“License Parameters”). Fair Isaac is not responsible for failure to meet service levels under this SLA if such failure results from any cause other than an Error in the SaaS Service, including any Outside Factor, any exclusion set forth in Section 5 of this SLA or in Section 4.2 of the Fair Isaac SaaS Services Policy, any non-permissioned or excessive use of the SaaS Service, any incorrect formatted data, or any non-compliance with any License Parameters.

6.2. Third Party Providers. Fair Isaac shall maintain connections to the Internet and any third party providers that are necessary to the SaaS Service. Client understands that Fair Isaac’s access to the third party providers and its service level obligations under this SLA are subject to such third party’s operating hours, network availability and performance.

6.3. Service Availability. Unless expressly set forth otherwise in a SaaS Subscription, Sections 6.3 and 6.4 of this SLA only apply to SaaS Services that are (i) decisioning components that process transactions only in real time (excludes all authoring, design, provisioning and reporting functionalities and services) and (ii) in Production Use. Fair Isaac shall endeavor to provide an Uptime SLA Percentage (excludes all Scheduled Maintenance periods and downtimes related to Outside Factors) measured on a calendar monthly basis of at least 99.9%. For purposes of determining Uptime SLA Percentage, the following formula is used:

6.4. Service Level Credit. This section only applies after a Notice of Production has been issued by Fair Isaac and Client’s payment of the fees due under the SaaS Subscription.

(a) The credit described in this section (“Service Level Credit”) is available if (i) the Uptime SLA Percentage falls within the % Availability described in the table below (“Qualifying SLA Percentage”), (ii) the SaaS Service is in the Production Environment and (iii) Notice of Production has occurred. No Service Level Credit shall apply if (i) the SaaS Service is submitted or processed in the Non-Production Environment (or other environment), (ii) the SaaS Service is provided under a proof of concept, evaluation, beta or other trial agreement, (iii) the Qualifying SLA Percentage did not occur when calculated across the entire calendar month, or (iv) the SaaS Subscription is expired or terminated when the Service Level Credit is due. Subject to this SLA, the SaaS Policy and Client’s payment of fees, Client may receive the Service Level Credit after sending written notification within 30 days after the Qualifying SLA Percentage occurs, which notification must include sufficient details to determine calculation of the Service Level Credit as follows:

(b) The Service Level Credit will be applied towards the transaction fees due for the next calendar month. If Client pays an annual fee, then the Service Level Credit will be based on 1/12th of the annual fee which will then be applied to the next annual fee due in the following year. The Service Level Credit is Client’s sole and exclusive remedy, and Fair Isaac’s sole obligation and liability, with respect to Availability and Uptime of the SaaS Service.

(c) To file a claim under this SLA, Client must send an email to Fair Isaac with the following details: (i) billing information, including company name, billing address, billing contact and billing contact phone number, (ii) downtime information with dates and time periods for each instance of downtime during the relevant period, and (iii) an explanation of the claim made under this SLA, including any relevant calculations. Claims may only be made on a calendar monthly basis and must be submitted within 30 days after the end of the relevant month, except for periods at the end of a SaaS Subscription that do not coincide with a calendar month, in which case Client must make any claim within 30 days after the end of the Subscription Term. All claims will be verified against applicable system records. Fair Isaac will only provide records of system availability in response to good faith Client claims.

7. Disaster Recovery

7.1. General. Fair Isaac shall maintain a Disaster Recovery Plan in the event of a catastrophe or other Force Majeure Event that prevents the Availability of the SaaS Service. Fair Isaac will use commercially reasonable efforts to have the SaaS Service restored to operation as soon as practicable. The Disaster Recovery Plan shall include geographic diversity of Data Center locations with target service levels as follows:

(a) SaaS Services on the FICO Platform Environment:

1. Recovery Point Objective (“RPO”) of less than 30 minutes. “Recovery Point Objective” or “RPO” shall mean the maximum amount of data that may be lost when the SaaS Service is restored after an interruption. Recovery Point Objective is expressed as a length of time before the failure. In the event an entire region and/or both primary and secondary Data Centers are offline or if the data is corrupted, then the RPO shall be 24 hours.

2. Recovery Time Objective (“RTO”) no more than 2 hours. “Recovery Time Objective” or “RTO” shall mean the maximum time allowed for recovery of the SaaS Service following an interruption. Recovery Time Objective is expressed as the length of time between a Disaster Declaration and the Completed Restoration Time to the SaaS Service. In the event an entire region and/or both primary and secondary Data Centers are offline or if the data is corrupted, then the RTO shall be 48 hours.

3. SaaS Services in Non-Production Environments used for design or development purposes, and SaaS Services that utilize an in-memory or NoSQL database, may have RPO and RTO times longer than the target service levels set forth above.

(b) Other SaaS Services. All other SaaS Services not covered under Section 7.1(a):

1. Recovery Point Objective (“RPO”) of less than 24 hours. “Recovery Point Objective” or “RPO” shall mean the maximum amount of data that may be lost when the SaaS Service is restored after an interruption. Recovery Point Objective is expressed as a length of time before the failure.

2. Recovery Time Objective (“RTO”) no more than 48 hours. “Recovery Time Objective” or “RTO” shall mean the maximum time allowed for recovery of the SaaS Service following an interruption. Recovery Time Objective is expressed as the length of time between a Disaster Declaration and the Completed Restoration Time to the SaaS Service.

7.2. Data Backup and Retention. Fair Isaac shall back up subject to the RPO provisions above in Section 7.1 and backups will be executed automatically using a predefined schedule, the foregoing subject to the particular SaaS Service.

7.3. Multi-tenant Configuration. All environments may be provisioned, at the inception of the SaaS Service or in a subsequent Upgrade or Update, in a multi-tenant configuration on shared infrastructure with other Fair Isaac customers. Fair Isaac will implement appropriate controls to provide security and privacy using logical separation of Client Data, compute and storage. Additionally, Fair Isaac will endeavor to provide the following where a multi-tenant configuration environment exists for a SaaS Service: (i) control failover in response to incidents impacting one or more customers; (ii) distribution of solution services (e.g. batch jobs executing Extract, Transform, Load (ETL) activities) using scheduling services to perform pursuant to this SLA; (iii) right-sizing of compute resources based on Client usage and autoscaling configuration under the SaaS Policy, subject to resource and other limitations set forth in the Agreement, (iv) determination of weekly maintenance windows for pre-scheduled events and emergency maintenance windows for high or critical maintenance in response to incidents or security events; and (iv) establishment of a coordinated schedule, at Fair Isaac's discretion, for execution of all Upgrades, Updates and other changes.