BETWEEN: Doftwerks West Africa Limited ("The Provider")
AND: The Taxpayer ("The Client" or "Taxpayer")
Services Covered
System Integration (SI) Services
- Integration of business systems with the FIRS MBS e-invoicing platform.
- Onboarding support, API management, and compliance setup to ensure the secure generation and transmission of e-invoices.
Access Point Provider (AP) Services
- Secure transmission of e-invoices between businesses and the FIRS platform.
- Real-time invoice validation, security checks, and tracking services.
1. Scope of Agreement
This Service Level Agreement (SLA) outlines the terms and conditions under which Doftwerks West Africa Limited provides System Integration (SI) and/or Access Point Provider (APP) services to ensure compliance with Nigeria's Federal Inland Revenue Service (FIRS) e-invoicing solution (Merchant Buyer Solution - MBS).
By using our services, you agree to the terms laid out in this SLA. Please review this document carefully before proceeding.
2. Service Availability and Reliability
The Provider commits to ensuring the continuous, reliable operation of the E-Invoicing Platform, critical for timely tax compliance.
2.1. Scheduled Availability (Uptime)
Note: Excludes scheduled maintenance
2.2. Maximum Planned Maintenance Window
Executed outside peak hours (2:00 AM - 6:00 AM local time)
Note: Clients will be given a minimum of 7 days' notice
3. Service Performance
The Provider guarantees efficient and timely processing of e-invoices through its API and user interface.
3.1. API Response Time (Invoice Submission/Retrieval)
95th percentile response time
Definition: Time from the Client's API call completion to the Provider's first successful byte response.
3.2. Invoice Processing Confirmation
Average processing time
Definition: Time taken to validate, stamp (if applicable), and return final status/confirmation to the Client.
3.3. Data Synchronization Latency
Definition: Confirmation of successful delivery to the Tax Authority/MBS system within 60 seconds of successful processing.
4. Support and Issue Resolution
The Provider shall classify issues based on severity and commit to the following Maximum Time To Resolution (MTTR) targets after the initial acknowledgement.
4.1. Response and Resolution Times
5. Data Security and Privacy
The Provider shall implement robust security measures to protect the integrity, confidentiality, and availability of all Client data, compliant with MBS standards and relevant data protection laws.
5.1. Data Protection Measures
Encryption
All data (in transit and at rest) are secured using industry-standard encryption protocols (TLS 1.3 in transit; AES-256 at rest).
Access Control
Access to production environments and sensitive data is restricted via the principle of least privilege, requiring multi-factor authentication (MFA) for all administrative personnel.
Auditing
Comprehensive logs of all data access, modifications, and system events shall be maintained for a minimum of 12 months for regulatory review.
Data Segregation
Client data will be logically segregated from other clients' data to prevent cross-contamination or unauthorized access.
5.2. Security Incident Management
In the event of a confirmed security breach impacting Client data, the Provider commits to:
Initial Notification
Notify the Client within 2 hours of a security breach confirmation, providing details on the nature and scope of the breach.
Root Cause Analysis
Deliver a detailed RCA report, outlining corrective actions and preventative measures, within 5 business days of incident resolution.
6. Changes to this Agreement
We may update this SLA from time to time to reflect changes in our services or operational practices. When we do, we will revise the "Last Updated" date at the top of the policy. You will be notified of any material changes via email or through our platform.