Free Demo
  • Linkedin
  • Twitter
  • Youtube

Connect with a Daon solutions expert

Let us know how we can assist you

  • Product/Solution Information
  • Product Demonstration
  • Request for Proposal
  • Partnership Opportunities

See why many of the world’s strongest brands chose Daon to help them build lasting trust with their customers.

IdentityX Hosting Terms

Licensee wishes to engage Daon to manage the hosting, updating and availability of certain server software in a Daon Cloud Environment, said Daon Cloud Environment comprising of certain AWS VPC configurations in AWS datacentres as set out in the Specification below (the “Service”).

This Hosting Addendum defines each party’s rights and responsibilities regarding provision of the Service.

Service

Daon hereby grants to Licensee a non-exclusive, non-transferable right, without the right to grant sublicences, to permit the Authorised Users to access and use the Service during the Hosting Term, for Licensee’s internal business operations only.

In relation to Authorised Users, Licensee undertakes that:

  1. the maximum number of Authorised Users that it permits to access and use the Service shall not exceed the number of User Licenses it has purchased; and

  2. it will not allow any User License to be used by more than one individual Authorised User.

Licensee shall not access, store, distribute or transmit any viruses, or any material during the course of its use of the Service that is illegal or causes damage or injury to any person or property.

Licensee shall not:

  1. access all or any part of the Service in order to build a product or service which competes with the Services;

  2. use the Services to provide services to third parties; or

  3. commercially exploit, or otherwise make the Service available to any third party.

Licensee shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify Daon.

Licensee Data

“Licensee Data” means the data inputted by Licensee, Authorised Users, or Daon on Licensee’s behalf for the purpose of using the Service or facilitating Licensee’s use of the Service. Licensee shall own all right, title and interest in Licensee Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Licensee Data.

Daon shall carry out regular (nightly) back-ups of Licensee Data and store the content in an encrypted form outside of the hosted region for security purposes, as set out in the Specifications. Back-ups of Licensee Data will be retained for the period instructed by Licensee or a maximum period of one (1) calendar year.

In the event of any loss or damage to Licensee Data, Licensee’s sole and exclusive remedy against Daon shall be for Daon to use reasonable commercial endeavours to restore the lost or damaged Licensee Data from the latest back-up of such Licensee Data maintained by Daon as described above. Daon shall not be responsible for any loss, destruction, alteration or disclosure of Licensee Data caused by any third party (excluding its subcontractors for whom it shall remain fully liable).

On the written request of Licensee, Daon shall, at Licensee’s discretion, either erase, or return all Licensee Data to Licensee, together with all copies thereof.

Daon Obligations

Daon undertakes that the Service will be performed substantially in accordance with its Specifications and with reasonable skill and care.

The above undertaking shall not apply to the extent of any non-conformance which is caused by use of the Service contrary to Daon’s instructions, or modification or alteration of the Service by any party other than Daon or Daon’s authorised contractors or agents. If the Service does not conform with its Specifications, Daon will correct any such non-conformance in accordance with Service Support, or provide Licensee with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes Licensee’s sole and exclusive remedy for any breach of the above undertaking. Notwithstanding the foregoing, Daon:

  1. does not warrant that Licensee’s use of the Service will be uninterrupted or error-free; or that the Service, Documentation and/or the information obtained by Licensee through the Service will meet Licensee’s requirements; and

  2. is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and Licensee acknowledges that the Service and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.

    Daon undertakes to use commercial best practice and the latest anti-virus software to ensure that the Service is free from viruses, worms, trojan horses, spyware, adware and other malicious software programs.

    Licensee acknowledges and agrees that Daon may subcontract any portion of the Service. Daon shall remain liable to Licensee for the performance of any subcontracted obligations. AWS are acknowledged as an approved subcontractor for provision of the Service.

    Licensee’s Obligations

    Licensee shall:

    • provide Daon with (i) all necessary co-operation in relation to this agreement; and (ii) access to such information as may be required by Daon in order to provide the Services, including but not limited to Licensee Data, security access information, and configuration services;

    • without affecting its other obligations under this agreement, comply with all applicable laws and regulations with respect to its activities under this agreement;

    • carry out all other Licensee responsibilities set out in this agreement in a timely and efficient manner, including installation of the authentication SDKs in Licensee’s App(s). In the event of any delays in Licensee’s provision of such assistance as agreed by the parties, Daon may adjust any agreed timetable or delivery schedule as reasonably necessary;

    • ensure that the Authorised Users use the Services and the Documentation in accordance with the terms and conditions of this addendum and shall be responsible for any Authorised User’s breach of this addendum; and

    • ensure that its network and systems comply with the relevant specifications provided by Daon from time to time.

    Licensee is solely responsible for:

    • procuring, maintaining and securing its network connections and telecommunications links from its systems to Daon’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to Licensee’s network connections or telecommunications links or caused by the internet;

    • configuring the registration and authentication policies to require authentication from authenticators that Licensee has validated as being secure;

    • user and role management in the Service; and

    • maintaining secure access between Licensee networks and the Service in a commercially reasonable manner, ensuring that systems that connect to the Service are capable of

supporting latest security best practices regarding, for example, TLS protocol and cipher suite support.

Service Specification

Software to be hosted: IdentityX
Cloud Provider: Amazon Web Services, Inc. 410 Terry Ave. N.
Seattle, WA 98109-5210 United States (“AWS”)
VPC Deployment Type: Dedicated Hosting – Flexible hosting where dedicated resources are provisioned and managed for each customer in accordance with their security and operational requirements.
OR
Multi-tenant Hosting – Customers are cryptographically isolated from each other in tenants, but the underlying IdentityX instance is shared.
The type of deployment will be set forth in the Agreement.
Primary Data Centre: AWS US-EAST-1
Back-Up Data Centre: AWS US-WEST-1

Amazon Web Services

Licensee agrees that Daon may use AWS to host the Software. Daon and AWS have executed an AWS Licensee Agreement available at https://aws.amazon.com/agreement/, (as updated from time to time) and an AWS Data Processing Addendum thereto. The guarantees provided by AWS regarding the technical and organizational measures to ensure the processing meets its legal requirements are set out in the AWS Security Standards and AWS Processing Addendum. Daon will inform Licensee of any intended changes concerning the addition or replacement of AWS, giving Licensee the opportunity to reasonably object to such changes.

For the purpose of the Service, Daon is responsible for hosting, third party licenses, incident management, availability, patches/updates and all aspects of operations and business continuity. Licensee is responsible for specifying the policies that determine what data is collected and processed in the Service. Licensee will be given account access to the IdentityX backend platform to administer and configure the Service, including a web service interface for user administration, storing cryptographic keys, managing and executing onboarding and authentication policies, storing audit records and potential application to application integrations.

High Availability Hosting IdentityX Deployment

In each region, the IdentityX service is deployed in a full High Availability (HA) configuration with support for deploying computing and storage resources in all availability zones.

The service is designed to eliminate any single point of failure at each tier and to provide continuous availability during system updates.

All nodes are active / active, with the exception of the database system, which runs in active / passive mode with automated failover to a hot standby instance in a different availability zone

Daon’s service level commitments for Production and Non-Production Services are set out in Licensee Support & Maintenance Services Attachment. The parties acknowledge and agree that the applicable Service Credit shall be the exclusive remedy for any failure by Daon to meets its service level commitments.

Hosted Service

Daon shall provide either provide a dedicated solution or a shared multi-tenant solution hosted in AWS. The hosting characteristics for each option is as follows:

Dedicated Solution

  • High availability, customer specific primary (Production) AWS VPC hosted in US for supporting the production environment.

  • Single region with Multiple AZs as HA strategy

  • High availability, customer specific supporting (Non-Production) environment AWS VPC hosted in US for supporting Non-Production uses (e.g., development, functional testing) as different tenants, as required.

Shared Multi-Tenant Solution

  • High availability, customer specific primary (Production) tenant in a shared AWS VPC hosted in US for supporting the production environment

  • Single region with Multiple AZs as HA strategy

Service Delivery Model

Global Development Operations (DevOps) Team

Daon's global DevOps team has many years of experience in delivering successful on-premises and hosted solutions. Leveraged by the wider Daon organization, the DevOps team also supports and manages hundreds of existing Daon development and test / reference systems.

Using a multi-level model, DevOps resources are available in multiple locations to provide skilled support around the world and around the clock (24 x 7 x 365). For more information regarding Licensee support, please refer to Licensee Support & Maintenance Attachment.

Automated Monitoring

Daon monitors all critical hosted systems using a variety of internal and external monitoring tools such as AWS CloudWatch, Synthetic Application Tests, Pingdom and Datadog. In the event of impaired availability or elevated error rates, these tools are configured to automatically initiate a support incident, demanding immediate attention from our engineers in DevOps and Licensee Support.

Notification and Escalation

When a support request or incident places one or more SLAs at risk, our notification and escalation platform is used to automatically initiate action to remediate the situation. This action follows a number of overlapping steps and escalation paths, aligned with configurable Licensee notification preferences (For example, SMS, Push Notification, Email, Phone call etc.) .

Contact Points for Operational Matters

Daon Project Manager: Dave Maddox – [email protected]

Business Continuity

In normal operations, all processing is performed in the primary AWS region for each VPC. In the event of a total loss of the primary region, DNS records can be updated to redirect traffic to a hot standby replica of the VPC in an alternate region.

Failback upon restoration of the primary region will require a maintenance outage to ensure that no data is lost, but operations can proceed from the alternate region indefinitely if required. Licensee must ensure it uses and deploys the Service in compliance with relevant privacy and data management laws.

Defence in Depth

Recognizing that any one mechanism is insufficient to entirely secure a system and that Daon is not in full control of the overall security architecture implemented by Licensee, Daon recommends a multi- layered security strategy in which biometrics plays a strategic, but not an exclusive role. This “defense- in-depth” approach encompasses the incorporation of a combination of the following key elements and best practices:

  1. Strong Identity Proofing – a registration process that validates the accuracy and uniqueness of each asserted identity prior to accepting enrollment. Ensures one person cannot enroll with multiple identities in the system.

  2. Biometrics – the incorporation of a choice of biometrics – face or voice, for example – to enhance the user experience while ensuring the user is who he/she says she is. To mitigate against the possibility of spoofing, “liveness” techniques, such as eye blinking, should also be employed.