1. Introduction Purpose of the SaaS SLC This Software-as-a-Service Service Level Commitment (SaaS SLC) outlines the commitment of ESS Engineering Software Steyr GmbH to providing a reliable, secure, and high-performance cloud-based simulation environment for users of alsim CLOUD. It defines the standards for service quality, availability, and support, ensuring that clients can rely on alsim CLOUD for their computational fluid dynamics (CFD), geometry, mesh pre-processing and related simulation needs. This SaaS SLC serves as a guide for both ESS and clients to understand the service expectations, limitations, and response procedures.
Scope of the SaaS SLC This SaaS SLC applies to all core services provided within the alsim CLOUD platform, including but not limited to compute resources, data storage, security provisions, and technical support. It covers both standard and premium service offerings and encompasses aspects such as performance, uptime, data protection, and incident response. This SaaS SLC is binding for all alsim CLOUD users as part of their service commitment and is subject to periodic review to maintain alignment with industry standards and client requirements. This SaaS SLC forms part of the contractual framework for alsim CLOUD together with the General Terms and Conditions (GTC). In case of contradiction, the GTC prevails, while this SaaS SLC governs operational service commitments.
Overview of alsim CLOUD alsim CLOUD is a cloud-based platform engineered by ESS Engineering Software Steyr GmbH, tailored specifically for high-performance simulation workloads in the automotive and manufacturing sectors. Designed to facilitate complex numerical modeling and simulation analysis, alsim CLOUD leverages cloud infrastructure—including AWS, IONOS, and on-premises resources—to provide scalable and secure access to powerful compute capabilities. With features such as robust data security, API access, multi-factor authentication, and compliance with industry standards like TISAX, alsim CLOUD empowers clients to conduct efficient, high-fidelity simulations with minimal downtime and optimal resource management.
2. Key Definitions To ensure clarity and mutual understanding, the following terms defined these Service Level Commitments (SaaS SLC):
2.1. Service Provider Refers to ESS Engineering Software Steyr GmbH, the organization responsible for the development, management, and support of alsim CLOUD.
2.2. Client/User The individual or organization with authorized access to alsim CLOUD services, who utilizes the platform for computational simulations and data analysis.
2.3. Service Availability The percentage of time alsim CLOUD services are accessible and operational within a specified period, as outlined in these SaaS SLC.
2.4. Incident An unplanned interruption to an alsim CLOUD service or a reduction in the quality of service that requires resolution.
2.5. Downtime The total accumulated time during which alsim CLOUD services are unavailable due to service disruptions, excluding scheduled maintenance periods.
2.6. Scheduled Maintenance Planned periods during which alsim CLOUD may be temporarily unavailable due to system updates, improvements, or security patches, with prior notice provided to users.
2.7. Response Time The time taken by the service provider to acknowledge and begin addressing a reported incident affecting alsim CLOUD functionality.
2.8. Resolution Time The period required to fully restore alsim CLOUD services to normal operational status following an incident.
2.9. Support Ticket A formal request for technical assistance, created by the client, to report issues or request support with alsim CLOUD services.
2.10. Service Level Objectives (SLOs) Specific performance targets related to alsim CLOUD availability, response times, and other metrics defined in this SaaS SLC. These key definitions establish a common understanding of terms referenced throughout this document, promoting transparency and setting clear expectations for both ESS and alsim CLOUD clients.
3. Cloud Solution Overview 3.1. Infrastructure Overview alsim CLOUD is built on a robust and flexible infrastructure, leveraging a combination of cloud-based and on-premises solutions to ensure optimal performance, security, and scalability. The primary components include: • • •
AWS (Amazon Web Services): AWS is utilized for its extensive range of cloud computing resources, scalability, and reliability, enabling alsim CLOUD to meet varying computational demands. IONOS: As a European-based cloud provider, IONOS offers alsim CLOUD a secure and compliant environment with specific regional data residency capabilities, catering to clients with data sovereignty requirements. On-Premises Solutions: For clients requiring a dedicated environment, on-premises solutions provide direct control over infrastructure resources, enhanced data security, and alignment with internal IT policies.
By distributing computational tasks across these environments, alsim CLOUD supports both high availability and adaptability for computational fluid dynamics (CFD) simulations, geometry and mesh pre-processing ensuring consistent performance under diverse operational conditions.
3.2. Key Principles: Security, Data Integrity, and Compliance alsim CLOUD’s infrastructure and operational policies are governed by the following key principles: •
Security: alsim CLOUD employs industry-standard security practices to protect user data and infrastructure. This includes network security measures, encryption, and access control protocols designed to safeguard data at all stages of processing and storage.
•
Data Integrity: Maintaining the accuracy and reliability of client data is central to alsim CLOUD operations. Data integrity measures, including regular audits and failover mechanisms, are in place to prevent data corruption or loss during computations. Compliance: alsim CLOUD aligns with international and industry-specific regulations, including TISAX compliance for automotive standards, ensuring that data protection, privacy, and security meet stringent compliance requirements. This commitment provides clients with assurance that alsim CLOUD operates within a framework of legal and regulatory standards.
These infrastructure choices and principles collectively enable alsim CLOUD to deliver a secure, reliable, and compliant platform for simulation and computational needs, tailored to the requirements of diverse industries and use cases.
3.3 Customer-Hosted Deployment Responsibilities In cases where alsim CLOUD (SaaS) is deployed on a Client’s own infrastructure (“Customer-Hosted Deployment”), ESS provides the software package, updates, and technical support limited to the alsim CLOUD software itself. The Client shall be solely responsible for managing and securing the hosting infrastructure, including uptime, backups, system availability, and compliance with its internal IT policies. ESS shall not be responsible for outages, performance issues, or security incidents arising from the Client’s infrastructure. For clarity, such deployments remain subject to the terms of the GTC and these SLC, except where infrastructure responsibilities are expressly shifted to the Client.
4. Platform Performance and Availability 4.1. Simulation Execution Capabilities alsim CLOUD is designed to handle complex and large-scale simulation tasks, providing powerful computational resources tailored for simulation in Computational Fluid Dynamics (CFD) and similar applications. By leveraging highperformance computing (HPC) resources, alsim CLOUD ensures that simulations run efficiently, even under demanding workloads. The platform supports: • • •
High-Throughput Processing: Optimized infrastructure for running simultaneous or multi-step simulations. Scalability: Flexible resource allocation to adapt to varying simulation demands, ensuring consistent performance. GPU and CPU Utilization: For resource-intensive computations, alsim CLOUD utilizes both GPU and CPU resources to maximize simulation efficiency and reduce processing times.
4.2. Performance Metrics and Guaranteed Execution Speeds To meet client expectations, alsim CLOUD establishes and monitors performance benchmarks for simulation execution: • • •
Execution Speeds: alsim CLOUD guarantees execution speeds within defined limits for common simulation types, with performance optimized based on the complexity and specific parameters of each job. Latency Reduction: System architecture and resource allocation are structured to minimize latency, ensuring prompt data processing and result delivery. Resource Optimization: Dynamic resource scaling allows the platform to adapt to peak demands, maintaining execution times within guaranteed levels.
These performance commitments are continually monitored, with metrics collected on job completion times and processing efficiency. These metrics are regularly reviewed to enhance and optimize platform responsiveness.
4.3. Service Uptime and Availability Commitments alsim CLOUD is committed to delivering high service availability to support continuous client operations. Key availability commitments include: • •
Service Uptime: alsim CLOUD guarantees a minimum of 99.9% uptime, with redundancy and failover systems in place to ensure consistent access to services. Redundancy and Failover Mechanisms: In the event of hardware or network failures, alsim CLOUD’s architecture provides automatic failover to backup systems, minimizing disruptions.
•
Scheduled Maintenance: Maintenance windows are scheduled during low-usage periods, with advance notifications provided to clients. These periods are strategically managed to minimize service interruptions and are excluded from uptime calculations.
alsim CLOUD’s performance and availability guarantees aim to deliver a stable, high-performing simulation environment, empowering clients to rely on its capabilities for their critical computational needs.
5. Simulation Resource Management 5.1. Resource Allocation (Compute, Memory, Storage) alsim CLOUD employs a robust resource allocation system to ensure efficient use of computational, memory, and storage resources, tailored to meet the demands of complex simulation workloads. Resource allocation features include: • • •
Compute Resources: Flexible assignment of CPU and GPU resources based on simulation requirements, with the ability to scale up for intensive tasks. Memory Optimization: Dynamic memory allocation to ensure sufficient resources for simulations, avoiding overuse and minimizing potential bottlenecks. Storage Management: High-performance storage solutions are used to handle large datasets, enabling quick access to simulation inputs and outputs.
Resource allocation is monitored and adjusted in real time to optimize performance across active simulation jobs.
5.2. Job Queue Management and Prioritization To maximize simulation throughput, alsim CLOUD includes a job queue management system that efficiently organizes and prioritizes simulation tasks based on their urgency and resource demands. Key features of this system include: • • •
Task Prioritization: Jobs are prioritized according to client-specific criteria, project timelines, and computational needs, ensuring critical jobs are executed promptly. Queue Optimization: Idle resources are dynamically reassigned to queued jobs, minimizing waiting times and enhancing system responsiveness. Automated Scheduling: The system automatically schedules jobs based on availability and priority, reducing manual intervention and ensuring fair access to resources.
The job queue management system enables alsim CLOUD to maintain an efficient flow of simulation tasks, supporting clients in meeting project deadlines.
5.3. Load Balancing and Scaling Options alsim CLOUD employs load balancing and scaling techniques to maintain consistent performance, even under fluctuating workloads. These techniques include: • • •
Load Balancing: Traffic and task distribution are managed across multiple instances to prevent overloading any single node, enhancing system stability and responsiveness. Horizontal and Vertical Scaling: alsim CLOUD supports both horizontal scaling (adding more instances) and vertical scaling (enhancing resource capacity within instances) to accommodate varying demand levels. Auto-Scaling: To adjust to peak demand, alsim CLOUD automatically scales resources up or down based on current load, ensuring optimal resource use without compromising performance.
These resource management strategies enable alsim CLOUD to provide a stable and responsive simulation environment, adapting to client needs and supporting efficient project workflows.
6. Data Handling for Simulation Outputs 6.1. Simulation Data Storage and Retention Policies alsim CLOUD provides secure, scalable storage solutions for simulation output data, ensuring data integrity and accessibility. Key policies for data storage and retention include: • •
Secure Storage: Simulation outputs are stored in encrypted data repositories with controlled access to safeguard sensitive information. Data Retention: alsim CLOUD maintains a flexible data retention policy, allowing clients to define how long simulation outputs are stored based on project requirements and regulatory compliance.
Clients can set custom retention durations to align with organizational policies or project timelines.
6.2. Result Management and Access alsim CLOUD provides streamlined access to simulation results, with secure, user-friendly tools for managing and retrieving output data: • • •
Results Dashboard: Clients can view and organize simulation outputs in a dedicated results dashboard, providing quick access to project data. Role-Based Access: Access to simulation results is managed through role-based permissions, ensuring that only authorized users can view or modify sensitive data. Download and Integration: Simulation results can be downloaded and integrated into other platforms as needed.
This system ensures that users can easily access and work with simulation results while maintaining robust security controls.
6.3. Data Backup and Recovery for Simulation Data To safeguard simulation data against potential data loss, alsim CLOUD has implemented comprehensive backup and recovery measures: • • •
Automated Backups: Regular automated backups are performed on all simulation outputs, ensuring a recent copy of data is available in case of unexpected loss or corruption. Redundant Storage: Backup copies are stored across multiple secure locations, providing redundancy to enhance data availability and resilience. Rapid Recovery: alsim CLOUD offers rapid data recovery services, allowing clients to restore lost or corrupted simulation data promptly, minimizing any disruption to project timelines.
These measures provide clients with confidence that their simulation data is securely stored and readily recoverable if needed.
7. Encryption and Data Security 7.1. Object Storage Security alsim CLOUD employs strict security measures to protect all data stored within its object storage, ensuring that simulation data and other sensitive information are safeguarded against unauthorized access: •
•
Access Control: Role-based access controls (RBAC) are implemented to ensure that only authorized users can access specific data sets within object storage. Detailed permissions are configured to protect sensitive data and prevent unauthorized access. Data Encryption: All data stored in alsim CLOUD’s object storage is encrypted at rest using a robust encryption standard that provides high levels of security for stored information.
•
Audit Trails: Access to stored data is logged, with audit trails maintained to monitor access and modifications. These logs support compliance with data protection regulations and provide accountability.
These measures collectively ensure the confidentiality and integrity of data within alsim CLOUD’s storage environments.
7.2. Infrastructure-Level Encryption alsim CLOUD employs infrastructure-level encryption to protect data at every layer of its environment, enhancing security for data stored across various services and hardware components: • •
•
Encryption at Rest: All data, including simulation outputs and user information, is encrypted at rest. This prevents unauthorized access to data stored on physical devices within alsim CLOUD’s infrastructure. Key Management: Encryption keys are managed through a secure key management service (KMS), which allows for regular key rotation and strict access control. Only authorized personnel and services can access encryption keys, ensuring robust data security. Compliance with Standards: alsim CLOUD’s encryption practices comply with industry standards and regulations, including GDPR and TISAX, supporting clients with stringent data protection needs.
Infrastructure-level encryption protects data across all storage types and supports alsim CLOUD’s commitment to data security.
7.3. Secure Data Transmission To protect data in transit, alsim CLOUD uses strong encryption protocols to secure communication between clients, servers, and other networked resources: •
• •
SSL/TLS Encryption: All data transmitted within alsim CLOUD’s environment is secured using SSL/TLS encryption. This ensures that data moving between users and the platform is protected from interception and tampering. Protocol Standards: alsim CLOUD enforces modern TLS versions (TLS 1.2 and above) and disables outdated, vulnerable protocols. This mitigates the risk of attacks associated with older encryption standards. Data Integrity Checks: In addition to encryption, alsim CLOUD performs data integrity checks to ensure that transmitted data is accurate and unaltered. Hashing algorithms verify data integrity throughout its transmission path.
These data transmission security measures provide clients with confidence that their data remains protected, whether at rest or in transit within alsim CLOUD’s environment.
8. API Security and Management 8.1. Secure API Management alsim CLOUD enforces strict security protocols to safeguard all API interactions, ensuring that data exchange across the platform is secure and that unauthorized access is prevented: • •
•
Access Control: API access is controlled by implementing role-based access policies, ensuring that only authorized users and applications can interact with sensitive endpoints. API Gateway Protection: alsim CLOUD employs an API gateway to manage and secure API traffic. The gateway acts as a barrier, filtering incoming requests, applying rate limiting, and preventing abusive access patterns that could lead to a denial-of-service (DoS) attack. Input Validation: To protect against injection attacks, all API inputs are validated and sanitized before processing, ensuring that only properly formatted data is accepted.
These measures maintain the integrity and confidentiality of data exchanged via alsim CLOUD’s APIs.
8.2. Robust Authentication alsim CLOUD uses advanced authentication mechanisms to verify the identity of users and applications accessing its APIs, providing an additional layer of security for platform interactions:
•
•
•
JWT Tokens: alsim CLOUD uses JSON Web Tokens (JWT) to authenticate API requests. These tokens securely represent user credentials and grant controlled access based on specified permissions, ensuring that sensitive data is only accessible to authorized users. Session Management: API sessions are monitored and configured with expiration times to limit access duration. After session expiry, users must re-authenticate, reducing the risk of unauthorized access from abandoned or compromised sessions. Two-Factor Authentication (2FA): For high-privilege API interactions, alsim CLOUD enforces two-factor authentication, requiring users to provide a second form of verification in addition to their credentials.
Robust authentication measures protect alsim CLOUD’s APIs against unauthorized access, supporting a secure interaction model.
8.3. Continuous Monitoring Continuous monitoring of API activity enables alsim CLOUD to detect and respond to abnormal patterns, ensuring ongoing security and compliance with best practices: •
•
•
API Activity Logging: Every API request and response is logged in detail, capturing metadata such as user ID, IP address, request type, and response status. These logs support detailed audits and assist in tracing unauthorized or malicious activities. Anomaly Detection: alsim CLOUD utilizes automated monitoring tools to detect unusual access patterns, such as repeated failed login attempts or abnormal data access rates. Anomaly detection alerts the security team to potential threats in real-time, allowing for swift response. Alerting and Incident Response: When suspicious API activity is detected, automated alerts are notifying the security team. A defined incident response process is followed to assess the nature of the threat, contain it, and initiate appropriate remedial actions.
Continuous monitoring of API activity ensures that alsim CLOUD maintains a secure and reliable environment, enabling clients to trust the platform with sensitive data and operations.
9. Authentication and Access Control 9.1. Multi-Factor Authentication (MFA) alsim CLOUD enforces Multi-Factor Authentication (MFA) as a core security measure to enhance account protection and ensure that only verified users gain access to the platform. MFA requires users to provide two or more forms of verification, making unauthorized access significantly more difficult. •
•
•
Two-Step Verification Process: Users can authenticate using a combination of a password (something they know) and a one-time passcode (OTP) generated by an authenticator app. This process adds an extra layer of security beyond traditional username and password authentication. MFA Enforcement for Sensitive Operations: MFA is mandatory for accessing critical parts of the platform, including administrative and high-privilege areas. This ensures that sensitive operations are further protected against unauthorized access attempts. User Setup and Management: Users can enable MFA in their account settings and are periodically prompted to re-authenticate to maintain continuous security. alsim CLOUD also provides easy management options for users to reset or update their MFA settings as needed.
MFA significantly reduces the risk of unauthorized access and provides alsim CLOUD clients with enhanced security for their accounts and data.
9.2. Role-Based Access Control (RBAC) Role-Based Access Control (RBAC) is used across alsim CLOUD to manage user permissions, ensuring that each user has access only to the resources and functions relevant to their role. RBAC minimizes the risk of accidental or intentional misuse of system resources by restricting access based on role definitions.
•
•
•
•
Granular Access Levels: alsim CLOUD defines access levels according to user roles, such as administrators, analysts, and standard users. Each role has predefined permissions, limiting access to only those areas and functions necessary for the user's responsibilities. Least Privilege Principle: alsim CLOUD adheres to the Principle of Least Privilege, granting users only the minimum necessary permissions required to perform their tasks. This reduces the attack surface and minimizes the potential for privilege abuse or escalation. Customizable Role Assignments: For organizations with unique access requirements, alsim CLOUD allows administrators to create custom roles and assign specific permissions. This flexibility ensures that access control aligns closely with organizational needs. Audit Trails and Logging: All access attempts and permission changes are logged, creating an audit trail that supports security oversight and regulatory compliance. These logs are regularly reviewed to detect unusual access patterns or potential security incidents.
By implementing MFA and RBAC, alsim CLOUD establishes a secure authentication and access control framework, protecting user accounts and platform resources while maintaining a flexible, user-friendly environment.
10. Network Security and Intrusion Protection 10.1. Network Gateways and Security Controls alsim CLOUD employs multiple layers of network security to protect the platform from unauthorized access and potential threats, ensuring secure and efficient data flow within the infrastructure: •
•
•
•
Network Gateways: alsim CLOUD uses both self-managed and AWS API gateways to control the flow of traffic into and out of the network. These gateways filter incoming requests, applying access rules to prevent unauthorized access to internal resources. Gateway configurations are designed to protect sensitive endpoints while allowing legitimate traffic through. Firewalls: Firewalls are deployed at multiple levels to enforce access restrictions and prevent malicious activity. These firewalls monitor and control incoming and outgoing network traffic based on predefined security rules, blocking suspicious connections and allowing only trusted sources to communicate with the platform. Intrusion Detection and Prevention Systems (IDS/IPS): alsim CLOUD incorporates IDS/IPS systems to continuously monitor network activity, identifying and mitigating suspicious behavior. The IDS component detects potential threats, while the IPS actively blocks or isolates them to prevent security breaches. DDoS Protection: To safeguard the platform from Distributed Denial-of-Service (DDoS) attacks, alsim CLOUD includes DDoS protection mechanisms that detect and filter out large volumes of unwanted traffic, ensuring uninterrupted access to services during high-demand periods.
These network security controls are essential in maintaining alsim CLOUD’s secure environment, enabling smooth and safe data exchange across the platform.
10.2. Security Monitoring and Logging Continuous monitoring and logging are integral to alsim CLOUD’s security approach, allowing the platform to detect and respond to threats promptly: •
•
•
Comprehensive Logging: Every network interaction is logged in detail, capturing information on access attempts, data transfers, and modifications. These logs provide valuable data for security audits, enabling the identification of unusual access patterns and assisting with incident investigations. Real-Time Security Monitoring: alsim CLOUD uses advanced monitoring tools to track network activity in real time, identifying anomalies and suspicious behavior. Automated alerts notify the security team immediately upon detection of potential threats, enabling rapid response and containment. Anomaly Detection: Machine learning algorithms and heuristic-based detection methods are used to recognize deviations from normal network traffic patterns. This proactive approach to threat detection enhances alsim CLOUD’s ability to identify zero-day vulnerabilities and prevent potential breaches.
•
Audit Trails and Compliance: alsim CLOUD maintains detailed audit trails that document network and user activities, supporting regulatory compliance and providing a comprehensive record for forensic analysis in the event of a security incident.
By implementing robust network security controls and continuous monitoring, alsim CLOUD ensures a resilient and secure environment that protects against potential intrusions and safeguards user data.
11. Vulnerability Management and Secure Development 11.1. Continuous Security Assessments alsim CLOUD prioritizes proactive vulnerability management through continuous security assessments conducted throughout the software development lifecycle (SDLC). These assessments help identify and mitigate security risks before they impact the platform or client data. •
•
•
Automated Vulnerability Scanning: Regular automated scans are performed on the codebase, infrastructure, and dependencies to identify potential vulnerabilities. This includes scanning for outdated libraries, misconfigurations, and known security flaws in third-party components. Threat Modeling: During the design and development phases, threat modeling is used to anticipate potential security risks and define mitigations. This process helps developers understand the security implications of architectural choices, enhancing overall system resilience. Security Metrics and Reporting: Key security metrics are continuously monitored and reported to track the effectiveness of vulnerability management practices. Regular reports provide insight into security status and guide continuous improvements in alsim CLOUD's security posture.
By implementing continuous security assessments, alsim CLOUD ensures that its platform is proactively protected against emerging threats.
11.2. Security Code Reviews alsim CLOUD enforces strict security code review practices to prevent vulnerabilities from being introduced during development. Both manual and automated reviews are conducted to verify that secure coding standards are followed across the entire codebase. •
•
•
•
Manual Code Reviews: Experienced security engineers conduct manual reviews of critical code, focusing on common vulnerabilities such as SQL injection, cross-site scripting (XSS), and buffer overflows. These reviews also ensure that security controls are consistently implemented and that any deviations from best practices are addressed. Automated Static Analysis: alsim CLOUD utilizes automated static analysis tools to scan code for security flaws, coding errors, and policy violations. These tools provide a comprehensive and efficient way to identify vulnerabilities early in the development process, reducing the risk of security issues making it to production. Secure Coding Standards: Developers adhere to a defined set of secure coding guidelines, which emphasize practices that minimize risk, prevent data leakage, and mitigate common vulnerabilities. These standards are based on industry best practices and are regularly updated to address new security threats. Integration with Continuous Integration (CI) Pipeline: Security checks are integrated into alsim CLOUD's CI pipeline to enforce security standards during each build. Automated security tests, dependency checks, and policy enforcement are triggered with every code commit, ensuring that security is continuously maintained.
By adopting rigorous security code reviews, alsim CLOUD establishes a strong foundation for secure software development, minimizing the potential for vulnerabilities and supporting a secure platform for its clients.
12. Data Privacy Compliance 12.1. GDPR and Relevant Data Protection Regulations alsim CLOUD is committed to protecting user data in full compliance with data protection regulations, including the General Data Protection Regulation (GDPR) and other relevant standards. These regulatory measures guide alsim CLOUD’s data handling practices to ensure transparency, confidentiality, and integrity of client information. •
•
•
GDPR Compliance: alsim CLOUD follows GDPR principles for data collection, processing, and storage, ensuring that personal data is handled lawfully, fairly, and transparently. This includes obtaining explicit consent for data processing, providing users with rights to access, rectify, or delete their data, and maintaining robust security measures to prevent unauthorized access. Data Processing Agreements: alsim CLOUD enters into Data Processing Agreements (DPAs) with clients, outlining specific roles and responsibilities regarding data protection. This establishes a clear framework for handling personal data in accordance with applicable regulations. Cross-Border Data Transfers: For international clients, alsim CLOUD ensures that any cross-border data transfers are compliant with GDPR requirements, utilizing mechanisms such as Standard Contractual Clauses (SCCs) to protect data transferred outside the European Economic Area (EEA).
12.2. Data Anonymization and User Privacy Measures To further protect user privacy, alsim CLOUD employs data anonymization and other privacy-enhancing techniques, minimizing the risk of unauthorized exposure of personal information. •
•
•
•
Data Anonymization: Personal data used for analysis, testing, or training purposes is anonymized to ensure that individuals cannot be identified from the data alone. This includes techniques such as removing or masking personally identifiable information (PII) to protect user identities. Pseudonymization for Enhanced Privacy: In cases where anonymization is not possible, alsim CLOUD uses pseudonymization, where data is processed in a way that it cannot be attributed to a specific individual without additional information. This provides a layer of security by keeping personal data separate from identifiers. User Consent and Data Control: alsim CLOUD empowers users to manage their data preferences, including opting in or out of certain types of data processing. Clients can access, modify, or delete their personal data upon request, supporting user autonomy and compliance with privacy regulations. Data Minimization and Retention: alsim CLOUD follows data minimization principles, collecting only the data necessary to provide services and retaining it only for as long as required. Data retention policies align with regulatory standards and ensure that data is securely deleted when no longer needed.
These privacy and data protection measures demonstrate alsim CLOUD’s commitment to user privacy, regulatory compliance, and responsible data handling, providing clients with a secure and transparent environment for their simulation and data management needs.
13. User Support and Incident Management 13.1. Support Availability and Response Times alsim CLOUD provides dedicated user support to ensure that clients have the assistance they need to use the platform effectively and address any issues that arise: • •
Support Channels: alsim CLOUD support is currently available via email (contact@alsimcloud.com), with clients also provided options to reach support personnel directly. Response Times: alsim CLOUD is committed to timely support responses. Standard response times are defined by issue severity: o Critical Issues (e.g., service outages) – Initial response within 1 hour o High Priority Issues (e.g., major feature disruption) – Initial response within 4 hours o Medium Priority Issues (e.g., minor feature issues) – Initial response within 8 hours
o
Low Priority Issues (e.g., general inquiries) – Initial response within 24 hours
Clients are encouraged to submit tickets with detailed information to facilitate faster resolutions, and priority is given to high-severity issues impacting business continuity.
13.2. Incident Response for Simulation Interruptions alsim CLOUD has a structured incident response protocol to address and resolve interruptions in simulation services swiftly: •
• •
•
Monitoring and Detection: Continuous monitoring systems detect disruptions in simulation execution, alerting the support team to potential issues in real-time. This enables rapid identification and assessment of any interruptions. Incident Assessment and Triage: Once an incident is detected, alsim CLOUD support personnel assess its impact on clients’ simulations and prioritize incident resolution based on severity and scope. Resolution and Recovery: alsim CLOUD’s technical team works promptly to resolve simulation interruptions, restoring services with minimal impact on client workflows. Recovery times are optimized through predefined escalation paths and resource allocation. Post-Incident Analysis: Following a significant incident, alsim CLOUD conducts a post-incident analysis to understand root causes and prevent recurrence. Findings and corrective actions are documented and reviewed with the goal of continually improving service reliability.
This incident response process ensures that alsim CLOUD can promptly address simulation interruptions, minimizing impact on client projects.
13.3. Communication Protocols During Service Disruptions Clear and timely communication is essential during service disruptions. alsim CLOUD follows established protocols to keep clients informed and provide transparency throughout the incident lifecycle: • •
•
•
Initial Notifications: When a disruption is detected, alsim CLOUD promptly notifies affected clients through email, detailing the nature of the issue, affected services, and estimated time for resolution (if known). Regular Updates: For prolonged incidents, alsim CLOUD provides regular status updates, including any new information on the issue’s resolution progress. Updates are communicated at intervals defined by the incident’s severity and anticipated resolution timeline. Resolution Notice: Upon resolution, a final notification is sent to confirm that services have been restored. Clients are informed of any follow-up actions, such as adjustments to service schedules or preventative measures taken. Post-Incident Reports: In cases of critical incidents, alsim CLOUD may provide a post-incident report summarizing the event, root cause, and any corrective actions taken. This report is available to clients upon request and supports transparency in incident management.
These communication protocols ensure that clients are consistently informed and can plan accordingly during any service disruptions, fostering trust and reliability in alsim CLOUD’s support and incident management approach.
14. Usage Reporting and Billing 14.1. Resource Usage Reports alsim CLOUD provides detailed resource usage reports to help clients monitor their simulation activities and manage their computational resources effectively: • •
Real-Time Reporting: alsim CLOUD offers real-time reporting dashboards where clients can view their current usage and historical data, helping them identify trends in resource consumption and plan for future needs. Customizable Reporting: Reports can be tailored to meet client-specific requirements, allowing users to filter and export data based on time periods, project IDs, or resource types. This flexibility supports efficient resource management and aligns with clients' internal reporting needs.
•
Monthly and On-Demand Reports: alsim CLOUD could generate monthly usage summaries, which are available upon request via the client portal. Clients may also request custom reports at any time for more detailed insights into their resource consumption.
These resource usage reports provide transparency and control, enabling clients to manage their resource utilization within budget and operational constraints.
14.2. Billing Transparency alsim CLOUD is committed to transparent billing practices, ensuring that clients have a clear understanding of their charges and how costs are calculated: •
•
•
•
•
Detailed Invoices: Clients may request itemized invoices that break down charges by resource type (e.g., compute, storage), usage period, and specific simulations or projects. Each invoice provides a comprehensive view of costs, ensuring clarity on billing. Predictable Pricing Models: alsim CLOUD offers predictable pricing based on selected service plans and resource usage. Clients are informed of rate changes in advance, ensuring they can budget effectively without unexpected cost fluctuations. Billing Dashboard: alsim CLOUD’s billing dashboard allows clients to view current and past invoices, track outstanding balances, and view upcoming charges. This dashboard provides real-time insights into costs, enabling proactive budget management. Cost Estimation Tools: To help clients estimate and manage expenses, alsim CLOUD offers cost calculators and budgeting tools that allow users to project costs based on planned resource usage. This feature supports financial planning for long-term projects. Customer Support for Billing Inquiries: alsim CLOUD’s billing support team is available to answer client inquiries about specific charges, provide explanations on invoice items, or address billing disputes. This support ensures that clients have access to clear and accurate billing information.
By providing detailed usage reports and maintaining transparent billing practices, alsim CLOUD empowers clients to effectively monitor and control their simulation costs, supporting financial predictability and operational planning.
15. Performance Optimization and Tuning 15.1. Resource Optimization for Simulation Performance alsim CLOUD is designed to deliver optimal performance for simulation workloads by providing tools and configurations that help clients maximize resource efficiency: •
•
•
Dynamic Resource Allocation: alsim CLOUD’s infrastructure dynamically allocates resources (CPU, GPU, memory) based on the specific requirements of each simulation job. This ensures that simulations run efficiently without overusing resources, minimizing computational costs. Adaptive Workload Distribution: The platform intelligently distributes workloads across available computational nodes, balancing demand to prevent bottlenecks and ensure steady processing times. This load balancing enhances the efficiency of resource use and minimizes idle time. Job Prioritization Settings: alsim CLOUD allows clients to prioritize specific jobs within their project queue. By prioritizing critical simulations, clients can ensure that essential tasks receive resource allocation and processing priority, supporting time-sensitive projects.
These optimization features help clients achieve faster simulation times, reduce resource waste, and support costeffective operations.
15.2. Simulation Software and Hardware Compatibility alsim CLOUD is engineered to be compatible with a variety of simulation software and hardware configurations, allowing clients to tailor their simulation environment to meet specific performance needs: •
Multi-Platform Software Support: alsim CLOUD supports a wide range of simulation software commonly used in computational fluid dynamics (CFD), structural analysis, and other engineering disciplines. This includes
•
•
compatibility with major simulation software suites, enabling clients to utilize familiar tools without needing extensive reconfiguration. Hardware Flexibility: alsim CLOUD offers configurations to meet diverse hardware requirements, from highmemory nodes for large data sets to high-throughput options for rapid computation. This flexibility ensures that clients can select the optimal hardware settings to achieve desired performance outcomes. Optimization Assistance: alsim CLOUD provides clients with guidelines and best practices for configuring their simulation environment. This includes recommendations for software settings, resource allocations, and hardware options based on specific simulation types.
With a focus on performance optimization and compatibility, alsim CLOUD enables clients to achieve efficient simulation outcomes tailored to their unique project needs.
16. Data Retention and Deletion Policies alsim CLOUD is committed to responsible data management, ensuring that client data is retained and deleted in accordance with best practices, client preferences, and regulatory requirements.
16.1. Data Retention Policies alsim CLOUD follows structured data retention policies to meet both operational needs and compliance requirements, allowing clients to control how long their simulation data is stored: •
•
Standard Retention Period: Simulation data is retained by default for a specified period, typically aligned with project requirements or contractual agreements. Clients can review and customize their data retention settings based on their operational needs. Extended Retention Options: Clients with long-term storage needs may choose extended retention options, ensuring data is securely stored beyond the standard retention period. Extended retention can be arranged for compliance with industry-specific regulations or project-based archiving needs. At present, extended retention is available only via contacting support.
These retention policies provide clients with flexibility in managing their data lifecycle on alsim CLOUD.
16.2. Data Deletion Policies To protect client privacy and comply with data protection regulations, alsim CLOUD enforces stringent data deletion policies that ensure data is securely removed when no longer needed: •
•
•
Client-Initiated Deletion: Clients can request deletion of specific simulation data at any time through the alsim CLOUD interface. Once initiated, the deletion process permanently removes the data from active storage and backups, following a secure deletion protocol. Automatic Deletion After Retention Period: At the end of the specified retention period, data is automatically deleted unless the client has requested extended retention. This automated deletion process ensures that data is not stored longer than necessary, reducing storage costs and minimizing security risks. Secure Deletion Protocols: Data deletion follows industry-standard protocols to ensure that all traces of the data are removed from storage devices. This includes overwriting and sanitization methods that meet regulatory standards for secure data disposal.
Compliance with Data Protection Laws: alsim CLOUD’s data deletion processes comply with relevant data protection regulations, such as GDPR, ensuring that personal and sensitive information is handled according to legal requirements.
16.3. Data Deletion Confirmation and Audit Trails alsim CLOUD provides clients with transparency regarding data retention and deletion activities: •
Deletion Confirmation: After a deletion request or automated deletion, clients receive a confirmation notification. This serves as an official record of the deletion for client records and compliance needs.
•
Audit Logs: All data retention and deletion actions are logged, creating an audit trail that supports regulatory compliance and internal oversight. Audit logs document when data was retained, archived, or deleted, providing accountability and transparency for data management practices.
Through structured retention and deletion policies, alsim CLOUD helps clients manage data effectively, ensuring compliance with privacy standards and offering control over their data lifecycle.
16.4. User Account Lifecycle Policies (a) Unactivated user accounts (i.e., accounts created but not confirmed via email verification) will be automatically deleted after one (1) month. (b) User accounts with no recorded activity for a continuous period of two (2) years will be deleted in accordance with data protection and retention policies. (c) Deletions under this clause are conducted in compliance with the GTC and applicable data protection regulations.
17. Security Incident Notification alsim CLOUD is dedicated to maintaining a secure environment for client data and simulation activities. In the event of a security incident that may compromise data confidentiality, integrity, or availability, alsim CLOUD follows a structured notification process to promptly inform affected clients and support coordinated response efforts.
17.1. Incident Detection and Assessment alsim CLOUD employs continuous monitoring systems to detect potential security incidents in real-time: •
•
Automated Alerts: alsim CLOUD’s security infrastructure is equipped with automated alert systems to detect unusual activity, unauthorized access attempts, or system vulnerabilities. These alerts enable rapid identification and assessment of potential threats. Risk Assessment: Upon detecting a potential incident, the security team immediately assesses the risk level to determine the severity and potential impact on client data and services. Incidents are classified by priority to guide response efforts based on urgency and potential client impact.
17.2. Client Notification Process When a security incident that affects or may affect client data or services is identified, alsim CLOUD promptly initiates a client notification process: •
• •
Notification Timeline: alsim CLOUD is committed to notifying affected clients within 72 hours of identifying a security incident with significant impact. This aligns with regulatory standards and provides clients with timely information to take any necessary precautionary actions. Notification Method: Clients are informed through secure communication channels, including email or direct messages within the alsim CLOUD platform. Notifications include relevant details to keep clients fully informed. Incident Details: Notifications provide a summary of the incident, including the nature of the event, systems affected, data potentially impacted, and any known cause. alsim CLOUD also outlines initial steps taken to contain the incident and prevent further impact.
17.3. Support for Client Response Actions alsim CLOUD collaborates with affected clients to support their response to a security incident and minimize disruption: •
•
Remediation Guidance: alsim CLOUD provides guidance on actions that clients can take to secure their accounts, such as updating passwords or reviewing access logs. This support helps clients quickly address any vulnerabilities that may result from the incident. Ongoing Updates: For incidents that require extended resolution, alsim CLOUD provides regular updates to keep clients informed of progress. These updates are issued as new information becomes available and continue until the incident is fully resolved.
•
Post-Incident Review: Following the resolution of a significant incident, alsim CLOUD conducts a post-incident review and shares a summary report with affected clients upon request. This report includes details on root causes, remedial actions taken, and improvements to prevent recurrence.
17.4. Compliance with Regulatory Requirements alsim CLOUD’s incident notification process is designed to comply with regulatory requirements, including GDPR and industry standards, for timely and transparent communication: • •
Data Protection Compliance: alsim CLOUD adheres to applicable data protection laws regarding incident notification, ensuring that clients are informed in a timely and compliant manner. Audit and Documentation: All incident notifications and related actions are logged and documented to create an audit trail. This documentation supports compliance and allows for thorough review during internal and external audits.
By following a structured and transparent incident notification process, alsim CLOUD ensures that clients are kept informed, supported, and empowered to take appropriate action in the event of a security incident.
18. Compliance and Regulatory Alignment alsim CLOUD is committed to maintaining the highest standards of security and compliance, aligning its operations with relevant industry regulations and standards to protect client data and ensure operational integrity. This includes adhering to automotive industry-specific standards and conducting thorough risk assessments of third-party suppliers.
18.1. TISAX Alignment alsim CLOUD follows TISAX (Trusted Information Security Assessment Exchange) standards, meeting stringent security and privacy requirements specific to the automotive industry: •
•
•
TISAX Level 3 Certification: alsim CLOUD is developed and maintained by ESS Engineering Software Steyr GmbH, which has achieved TISAX Level 3 certification. This certification demonstrates ESS's commitment to secure information processing and data protection, providing assurance to automotive clients that alsim CLOUD, as a product of ESS, meets the highest industry security standards. Automotive-Specific Security Measures: Compliance with TISAX involves implementing security measures tailored to the specific needs of automotive clients, including robust data protection, strict access control, and comprehensive information security management practices. Regular Assessments and Audits: alsim CLOUD is subject to periodic internal audits aligned with TISAX requirements. These audits evaluate the platform’s security controls, data protection protocols, and adherence to automotive industry standards, ensuring continuous compliance and security enhancements.
Through alignment with TISAX standards, alsim CLOUD provides automotive clients with assurance that their data is managed within a secure and industry-compliant framework.
18.2. Supplier Risk Assessment alsim CLOUD recognizes the importance of evaluating and managing security risks associated with third-party suppliers who play a role in the platform's operations: •
•
•
Comprehensive Supplier Evaluations: alsim CLOUD conducts rigorous security assessments of third-party suppliers before integrating them into the platform. Evaluations cover data protection practices, compliance with relevant regulations, and the overall security posture of each supplier. Ongoing Monitoring and Review: alsim CLOUD continuously monitors the performance and compliance status of its suppliers to identify any emerging risks or changes in their security practices. Regular reviews ensure that suppliers maintain the security standards expected by alsim CLOUD. Risk Mitigation Measures: Based on risk assessment findings, alsim CLOUD implements appropriate controls to mitigate any identified risks. This includes limiting supplier access to sensitive data, enforcing contractual data protection requirements, and monitoring supplier activities as needed.
•
Compliance with Regulatory Requirements: alsim CLOUD’s supplier risk management aligns with regulatory expectations, ensuring that third-party vendors do not introduce vulnerabilities or compromise the platform’s overall security.
By adhering to TISAX standards and conducting thorough supplier risk assessments, alsim CLOUD upholds a high level of compliance and security, ensuring a trusted and secure environment for its clients’ simulation needs.
19. SaaS SLC Review and Updates alsim CLOUD is dedicated to continuously improving its services, including this SaaS Service Level Commitment (SaaS SLC), to reflect evolving industry standards, client needs, and regulatory requirements. The SaaS SLC is reviewed regularly to ensure it remains current, relevant, and aligned with best practices.
19.1. Periodic Review •
•
Annual Review: This SaaS SLC undergoes a formal review at least once per year to assess its alignment with alsim CLOUD’s operational practices, technological advancements, and client requirements. The review process involves evaluating all terms, performance metrics, and compliance measures to ensure they meet the latest industry standards. Trigger for Additional Review: Additional reviews may be triggered by significant changes in regulatory requirements, security standards, or any other substantial developments that impact alsim CLOUD’s operations. These changes may include updates to industry certifications, new compliance obligations, or modifications to core platform services.
19.2. Update Process •
•
•
Stakeholder Involvement: During the review process, alsim CLOUD seeks input from relevant stakeholders, including ESS Engineering Software Steyr GmbH’s legal, compliance, security, and operational teams, to ensure the SaaS SLC reflects comprehensive insights from all key areas of expertise. Client Notification: Clients are notified of any updates to the SaaS SLC at least 30 days in advance of the effective date. Notifications are provided through official communication channels, including email and the client portal, to ensure clients have time to review and understand any changes and such updates do not amend the GTC unless expressly agreed by the parties. Document Versioning: Each version of the SaaS SLC is documented with a unique version number and effective date. Clients can access previous versions of the SaaS SLC for reference, supporting transparency and clear communication about service expectations over time.
19.3. Client Acknowledgment •
•
Acceptance of Updates: By continuing to use alsim CLOUD services after an updated SaaS SLC has taken effect, clients acknowledge and accept the terms outlined in the revised SaaS SLC. Clients are encouraged to review updates carefully to understand any changes in service commitments or policies. Option to Discuss Changes: If clients have questions or concerns regarding updates to the SaaS SLC, they are invited to contact alsim CLOUD’s support team. alsim CLOUD is committed to providing clarity and addressing any concerns about new terms or adjustments.
Through regular reviews and transparent updates to the SaaS SLC, alsim CLOUD ensures that its service commitments remain clear, up-to-date, and aligned with client expectations and industry requirements.