CDT Hosted Service Level Agreement

The California Department of Technology (CDT) Service Level Agreement (SLA) provides standards, roles, responsibilities, and expectations for all services.  There may be specific aspects of some services in which elements of this SLA are not applicable.  Deviations are noted on the specific service pages under the SLA tabs.

CDT Hosted Services are provided and managed by CDT staff.




Responsibilities include, but are not limited to:

  • Ensure all hardware/software, within its control, is maintained at a level that is supported by the manufacturer, if applicable
  • Ensure all hardware/software complies with CDT and statewide security standards
  • Provide advanced notification to customers on any significant changes (e.g., infrastructure, service features, costs, or service support expectations) to a service
  • Provide advanced notification to customers for all scheduled and emergency maintenance


Responsibilities include, but are not limited to:

  • Pay for all service costs at the agreed interval, as published in the CDT rate schedules
  • Ensure availability of customer representative(s) when attempting to resolve a service-related incident or request
  • Provide maintenance, support, and security of all application code and customer supplied software
  • Facilitate notification to CDT of any significant application change that may impact a CDT service or the availability of the application
  • Ensure all customer-provided hardware/software is maintained at a level that is supported by the manufacturer, if applicable

Joint Administration

When a service is jointly administered by  CDT and the customer, the following additional support responsibilities include:

  • The Customer will triage any disruption of service until resolved
  • The Customer can request assistance from CDT to triage any disruption of service until resolved
  • CDT will restore service using the last known good backup if requested by the customer.  CDT will not be held responsible for any data lost from the restore process.
  • CDT and the customer will share responsibility for any service disruptions

Service Management

Effective support of the service is a result of maintaining consistent service levels.  The details on service availability, service response expectations, and related components are specific for each service.

Incident Response

CDT commits to provide quick, effective, and professional technical support for customers subscribing to CDT services. Technical staff will respond to incidents 24 x 7, in accordance with the timeframes specified in the table below.

Service Desk

CDT operates a Service Desk twenty-four (24) hours a day, seven (7) days a week.  The Service Desk serves as the single point of contact for customers to request assistance, including the reporting of incidents.   If the Service Desk is not able to resolve an incident, they will refer the incident to CDT’s second-level support staff.  The CDT second-level support teams are staffed during normal business hours.  If an incident occurs outside of normal business hours, the Service Desk will contact second-level support staff for resolution.

The CDT Service Desk can be reached at (916) 464-4311 or at

Note: Do not use email for incident notification or for matters that require immediate attention; please contact the Service Desk via phone or an ITSM ”Report an Incident” ticket.

Response During and After Normal Business Hours

Since second-level support staff work during normal business hours, response time to incidents during normal business hours is typically much faster than after normal business hours and varies depending on the designated priority level.  The table below describes the standard target response times for incidents. These response times only apply to incidents reported to the CDT Service Desk.

Incident Priority Level and Description
Target Response Time
Normal Business Hours
Target Response Time
Outside Business Hours

Outage affecting major systems, network, multiple sites or multiple organizations.
15 minutes
2 hours

A single site or organization down or significantly degraded.
30 minutes
4 hours

A single user is down, or services degraded, but operational.
2 hours
Next business day

Minimal impact to services,
a customer question or request.
4 hours
Next business day

If customers require a quicker incident response time during non-business hours, customers may request CDT’s Standby Consulting service as found in the CDT Service Catalog.

Security Incidents Meeting SIMM 5340-A Reporting Criteria

If a customer experiences an incident that meets the SIMM 5340-A reporting criteria, CDT will provide the required information (CDT staff time and CDT costs) related to CDT’s involvement in responding to the incident.  The customer can use this information to satisfy their reporting requirements, as documented in SIMM 5340-A.

Service Maintenance

Planned maintenance that may have an impact on customer services will be scheduled during the planned maintenance windows.  Planned maintenance follows the CDT Change Management and notification process.  Services may not be available during the planned maintenance window.

In some instances, CDT may need to perform emergency maintenance to address a security risk or hardware or software failure.  CDT will attempt to notify customers of the emergency maintenance as soon as possible.

Service Monitoring

CDT will monitor all supporting infrastructure for availability and performance issues that could impact customers.  Customer-owned components and application performance are not monitored.

Root Cause Analysis (RCA) Report

This report will be produced for each incident caused by CDT that has a significant impact to a customer.  The report will contain the incident and problem number, time of the occurrence, scope of impact, and cause of the incident. In addition, the RCA will document the resolution, follow-up action items, and impacted customers.

Target Service Availability

The CDT Target Service Availability is:

  • Infrastructure – 99.9%
  • Platform Services – 99.7%
  • Software Services – 99.5%


Defined as any period of time when a customer application is scheduled to be available but is unavailable.  Downtime does not include the exclusions listed below.

Scheduled Downtime

Defined as those times where CDT notifies customers of periods of downtime or it falls within predefined CDT maintenance windows.


CDT strives to ensure the availability, stability, and integrity of all services to satisfy customer expectations.  However, there are instances where factors outside CDT’s control may result in the degradation or disruption of a service.  These factors include, but are not limited to, the following:

  1. Any factors outside CDT’s reasonable control;
  2. Incidents caused by a customer’s or third party application code, hardware, software, or network;
  3. CDT’s inability to update to a vendor-supported version of hardware or software as the result of a customer not taking the necessary steps to update their application or software to be compatible with the vendor-supported version;
  4. Incidents caused by actions or inactions of the customer, their agents, or third parties;
  5. Incidents caused by customer inaction after being advised to alter its use of a service; or
  6. During scheduled downtime and maintenance.