Assignment 1
Risk assessment
Component selected
Annex 2: Service Levels
Perspective
Custumer-friendly (procurement perspective)
Customer: Oriano Systems B.V.
Risk scoring methodology
Score Meaning
5: critical/ high risk High operational or financial risk. Must be renegotiated
4: high Significant commercial/ legal exposure
3: medium Manageable risk, but improvement recommended
2: low Limited risk
1: acceptable No material risk
Summary
The Service Level Agreement contains several provisions that materially weaken the
Customer’s operational protection despite a seemingly robust uptime commitment. In
particular, the limited scope of included support, the absence of 24/7 coverage for critical
incidents, and the misalignment between uptime commitments and remedies expose the
Customer to service disruption, cost uncertainty, and ineffective enforcement
mechanisms. These issues should be addressed as priority negotiation points.
Clause-by-clause risk assessment
Support
Reference Annex 2
Articles 2.1 and 2.2 (basic support and extended support)
Relevance and risk Basic Support is limited to installation, configuration, and initial
access. All meaningful operational support may be classified as
Additional Services subject to separate fees.
This creates:
- Cost unpredictability after go-live
- Incentives for the provider to reclassify incidents as billable
work
- A disconnect with market expectations for enterprise SaaS
Alternative clause Nexura shall provide standard support for the Nexura Platform
throughout the Term, including:
1. Intake, analysis, and remediation of Defects;
2. Support for functional issues materially affecting normal
use of the Services; and
3. Reasonable assistance with standard configurations as
described in the Documentation.
Only bespoke development, non-standard integrations, and
consulting services outside the ordinary operation of the platform
shall qualify as Additional Services and require a separate written
agreement.
Risk score 5: critical/ high risk
Response and resolution targets
Reference Annex 2
Articles 4.1 (service window)
Relevance and risk All response and resolution obligations apply only during Business
Days (09:00–17:00 CET). A Priority 1 outage occurring outside
these hours does not trigger immediate response obligations.