Common use of Logging Clause in Contracts

Logging. Iris AI uses IIS Logs for searching and archiving logs. All HTTP requests, SQL queries taking longer than expected and executed worker tasks are logged. The logged data for HTTP requests may include: ● user IP address ● time when the request was made ● execution duration ● size of the request content in bytes ● URL of the requested page ● HTTP status code of the response For all HTTP POST requests an additional log entry is created that may contain: ● all POST data excluding passwords and other sensitive information Each database query taking longer than expected is logged with the following information: ● query execution duration ● time when the error occurred ● HTTP request details ● IP address where the HTTP request originated from The logs are archived for 1 year. Windows Events error logging service does correlation analysis on logged error messages. It groups similar errors together and prioritizes the errors based on their occurrence. All user activity which affects database is also stored in separate database version history. The version history can be used for checking which user was responsible for a certain change. Log inspection and alerts Iris AI has several alerts set up for our logs for certain unwanted scenarios. In some cases, these alerts also execute mitigating actions (for example, if a user has too many failed login attempts, the system will temporarily block succeeding attempts). Availability DDos attacks The following quotation from Iris AI Security documentation describeshow to mitigate DDoS attacks: Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth. We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed. In addition, Slowloris based DDoS attacks are mitigated with strict timeouts to keepconnections open no longer than necessary and to reduce resource usage. Disaster recovery plan (DRP) Our platform automatically restores customer applications and Medusa SQL databases in the case of an outage. The Iris AI platform is designed to dynamically deploy applications within the Iris AI cloud, monitor for failures, andrecover failed platform components including customer applications and databases. Backups Automatic backups of the SQL databases used in Medusa are taken daily, weekly, and monthly. Daily backups are archived for one week, whereas weekly and monthly backups are archived for one month. Database backups will always be taken before deploying a new major version of the cloud service. In addition to database backups, the cloud service keeps a version history for all successful database transactions. Business continuity Data centre failures From Iris AI security documentation: The Iris AI platform is designed for stability, scaling, and inherently mitigates common issuesthat lead to outages while maintaining recovery capabilities. Our platform maintains redundancy to prevent single points of failure, is able to replace failed components, and utilizes multiple data centers designed for resiliency. In the case of anoutage, the platform is deployed across multiple data centers using current system images and data is restored from backups. Iris AI reviews platform issues to understand the root cause, impact to customers, and improve the platform and processes.

Logging. Iris AI uses IIS Logs for searching and archiving logs. All HTTP requests, SQL queries taking longer than expected and executed worker tasks are logged. The logged data for HTTP requests may include: ● user IP address ● time when the request was made ● execution duration ● size of the request content in bytes ● URL of the requested page ● HTTP status code of the response For all HTTP POST requests an additional log entry is created that may contain: ● user ID (if user is logged in) ● all POST data excluding passwords and other sensitive information Each database query taking longer than expected is logged with the following information: ● time when the query was executed ● query execution duration ● SQL statement All errors are logged using Windows Event Logging. Each logged error contains the following information: ● time when the error occurred ● full error stack trace ● HTTP request details ● user who made the request (if any) ● IP address where the HTTP request originated from The logs are archived for 1 year. Windows Events error logging service does correlation analysis on logged error messages. It groups similar errors together and prioritizes the errors based on their occurrence. All user activity which affects database is also stored in separate database version history. The version history can be used for checking which user was responsible for a certain change. Log inspection and alerts Iris AI has several alerts set up for our logs for certain unwanted scenarios. In some cases, these alerts also execute mitigating actions (for example, if a user has too many failed login attempts, the system will temporarily block succeeding attempts). Availability DDos attacks The following quotation from Iris AI Security documentation describeshow describes how to mitigate DDoS attacks: Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier car- rier supplied bandwidth. We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed. In addition, Slowloris based DDoS attacks are mitigated with strict timeouts to keepconnections keep connections open no longer than necessary and to reduce resource usage. Disaster recovery plan (DRP) Our platform automatically restores customer applications and Medusa SQL databases in the case of an outage. The Iris AI platform is designed to dynamically deploy applications within the Iris AI cloud, monitor for failures, andrecover and recover failed platform components including customer applications and databases. Backups Automatic backups of the SQL databases used in Medusa are taken daily, weekly, and monthly. Daily backups are archived for one week, whereas weekly and monthly backups are archived for one month. Database backups will always be taken before be- fore deploying a new major version of the cloud service. In addition to database backups, the cloud service keeps a version history for all successful database transactions. Business continuity Data centre failures From Iris AI security documentation: The Iris AI platform is designed for stability, scaling, and inherently mitigates common issuesthat issues that lead to outages while maintaining recovery capabilities. Our platform maintains redundancy to prevent single points of failure, is able to replace re- place failed components, and utilizes multiple data centers designed for resiliency. In the case of anoutagean outage, the platform plat- form is deployed across multiple data centers using current system images and data is restored from backups. Iris AI reviews platform issues to understand the root cause, impact to customers, and improve the platform and processes.

Logging. Iris AI uses IIS Logs for searching and archiving logs. All HTTP requests, SQL queries taking longer than expected and executed worker tasks are logged. The logged data for HTTP requests may include: ● user IP address ● time when the request was made ● execution duration ● size of the request content in bytes ● URL of the requested page ● HTTP status code of the response For all HTTP POST requests an additional log entry is created that may contain: ● user ID (if user is logged in) ● all POST data excluding passwords and other sensitive information Each database query taking longer than expected is logged with the following information: ● time when the query was executed ● query execution duration ● SQL statement All errors are logged using Windows Event Logging. Each logged error contains the following information: ● time when the error occurred ● full error stack trace ● HTTP request details ● user who made the request (if any) ● IP address where the HTTP request originated from The logs are archived for 1 year. Windows Events error logging service does correlation analysis on logged error messages. It groups similar errors together and prioritizes the errors based on their occurrence. All user activity which affects database is also stored in separate database version history. The version ver- sion history can be used for checking which user was responsible for a certain change. Log inspection and alerts Iris AI has several alerts set up for our logs for certain unwanted scenarios. In some cases, these alerts also execute mitigating actions (for example, if a user has too many failed login attempts, the system will temporarily block succeeding attempts). Availability DDos attacks The following quotation from Iris AI Security documentation describeshow describes how to mitigate DDoS attacks: Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity ca- pacity that exceeds the Internet carrier supplied bandwidth. We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed. In addition, Slowloris based DDoS attacks are mitigated with strict timeouts to keepconnections keep connections open no longer than necessary and to reduce resource usage. Disaster recovery plan (DRP) Our platform automatically restores customer applications and Medusa SQL databases in the case of an outage. The Iris AI platform is designed to dynamically deploy applications within the Iris AI cloud, monitor for failures, andrecover and recover failed platform components including customer applications and databases. Backups Automatic backups of the SQL databases used in Medusa are taken daily, weekly, and monthly. Daily backups are archived for one week, whereas weekly and monthly backups are archived for one month. Database backups will always be taken before deploying a new major version of the cloud service. In addition to database backups, the cloud service keeps a version history for all successful database transactions. Business continuity Data centre failures From Iris AI security documentation: The Iris AI platform is designed for stability, scaling, and inherently mitigates common issuesthat issues that lead to outages while maintaining recovery capabilities. Our platform maintains redundancy to prevent single sin- gle points of failure, is able to replace failed components, and utilizes multiple data centers designed for resiliency. In the case of anoutagean outage, the platform is deployed across multiple data centers using current system images and data is restored from backups. Iris AI reviews platform issues to understand the root cause, impact to customers, and improve the platform and processes.

Logging. Iris AI uses IIS Logs for searching and archiving logs. All HTTP requests, SQL queries taking longer than expected and executed worker tasks are logged. The logged data for HTTP requests may include: ● user IP address ● time when the request was made ● execution duration ● size of the request content in bytes ● URL of the requested page ● HTTP status code of the response For all HTTP POST requests an additional log entry is created that may contain: ● user ID (if user is logged in) ● all POST data excluding passwords and other sensitive information Each database query taking longer than expected is logged with the following information: ● time when the query was executed ● query execution duration ● SQL statement All errors are logged using Windows Event Logging. Each logged error contains the following information: ● time when the error occurred ● full error stack trace ● HTTP request details ● user who made the request (if any) ● IP address where the HTTP request originated from The logs are archived for 1 year. Windows Events error logging service does correlation analysis on logged error messages. It groups similar errors together and prioritizes the errors based on their occurrence. All user activity which affects database is also stored in separate database version history. The version history can be used for checking which user was responsible for a certain change. Log inspection and alerts Iris AI has several alerts set up for our logs for certain unwanted scenarios. In some cases, these alerts also execute mitigating actions (for example, if a user has too many failed login attempts, the system will temporarily block succeeding attempts). Availability DDos attacks The following quotation from Iris AI Security documentation describeshow describes how to mitigate DDoS attacks: Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth. We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed. In addition, Slowloris based DDoS attacks are mitigated with strict timeouts to keepconnections keep connections open no longer than necessary nec- xxxxxx and to reduce resource usage. Disaster recovery plan (DRP) Our platform automatically restores customer applications and Medusa SQL databases in the case of an outage. The Iris AI platform is designed to dynamically deploy applications within the Iris AI cloud, monitor for failures, andrecover and recover failed platform components including customer applications and databases. Backups Automatic backups of the SQL databases used in Medusa are taken daily, weekly, and monthly. Daily backups are archived for one week, whereas weekly and monthly backups are archived for one month. Database backups will always be taken before deploying deploy- ing a new major version of the cloud service. In addition to database backups, the cloud service keeps a version history for all successful database transactions. Business continuity Data centre failures From Iris AI security documentation: The Iris AI platform is designed for stability, scaling, and inherently mitigates common issuesthat issues that lead to outages while maintaining recovery capabilities. Our platform maintains redundancy to prevent single points of failure, is able to replace failed components, and utilizes multiple data centers designed for resiliency. In the case of anoutagean outage, the platform is deployed across multiple data centers using current system images and data is restored from backups. Iris AI reviews platform issues to understand the root cause, impact to customers, and improve the platform and processes.