Service Level

Agreement

Between

DARAKASI INTERNATIONAL LIMITED

And

[insert client details]

Agreement Date: [insert date]

 About the agreement
This Service-Level Agreement (this “Agreement” or this “Service Level Agreement”), effective as of
[ Effective date] (“Effective Date”) is made by and between [Client.Company], a company organized and
existing in [Client.State] with offices located at [Client.Address] (“Customer”) and Darakasi International
Limited, a company organized and existing in [ Supplier.State] with offices located at [Supplier.Address]
(“Supplier”).

WHEREAS, the Parties have entered into an agreement effective as of [ Effective date] (the “Contract”)
for the provision by Supplier of the Services (as defined therein) (the “Services”); and

WHEREAS, the Contract states that a service-level agreement is a condition precedent to any extended
term of the Contract; and

WHEREAS, the Customer is willing to continue with the Contract past the original end date solely upon
Supplier’s acceptance of the terms and conditions of this Agreement, and Supplier confidently accepts the
terms and conditions herein;

NOW, THEREFORE, in consideration of the foregoing, and of the terms and conditions and the Service
Levels, the Parties hereby agree as is outlined in the following sections:

i. Standards of Service:
In order to Meeting compliance requirements, Reducing the likelihood of a costly data breach, Meeting
security audit requirements, Building trust with existing customers and stakeholders, Making smarter,
more informed information security management decisions, Darakasi International Limited’s makes
sure their standard of service conforms to the Industry Standard of Information Technology which
includes the following:

 ISO 27001 Information Security Management Systems: ISO 27001 establishes concrete

information security standards for use by data centers and other organizations. Most recently
updated in 2013, the latest revisions reflect the increased importance of cloud computing and
software-as-a-service. One of the key components of ISO 27001 is the established controls and
control objectives — an essential part of any risk management plan. These controls include
everything from human resources policy to encryption standards. Cumulatively, they reflect a set
of best practices for information security management at the organizational level.

 ISO 27701 GDPR Compliance: ISO/IEC 27701:2019 is a data privacy extension to ISO 27001.
This newly published information security standard provides guidance for organizations looking
to put in place systems to support compliance with GDPR and other data privacy requirements.
ISO 27701, also abbreviated as PIMS (Privacy Information Management System) outlines a
framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage
data privacy.

 ISO IEC 20000-1 Information Technology Service Management:  ISO IEC 20000-1 is a set of
standards for IT service providers that outlines best practices for maintaining security, delivering
consistent service, and adopting new technologies as they become available. The standard sets out
system requirements, codes of practice, relationship, resolution and control processes, and more.
The most recent revision was published in 2011.
  CMMC (Cybersecurity Maturity Model Certification): The Cybersecurity Maturity Model
Certification is the latest verification method put in place by the Department of Defense. This
certification is the Department's first attempt to set clear requirements for contractors when it
comes to cybersecurity. The ultimate goal of the CMMC is to implement an appropriate level of
cybersecurity across the supply chain of the defense industrial base. 

ii. Delivery time scales:

Darakasi International Limited time schedule depends on the size of the project. Our Time Scale is
usually in agreement with the delivery period of the client specified on the customer sales agreement
detailing all of the steps needed to finish the project, from the kickoff all the way to the project delivery
process.

TIMESCALE FOR OUR SERVICES

S/NO SERVICES TIME CATEGORY
1 TRAINING AN EMPOWERMENT 1 WEEK CONSULTANCY
OF ICT STAFF
2 INSTALLATION AND SUPPLY OF 1 WEEK SUPPLY
ICT INFRASTRUCTURE
3. WEB DEVELOPMENT AND 1 MONTH CONSULTANCY
HOSTING
4. SOFTWARE DEVELOPMENT 3 MONTHS CONSULTANCY
5. CONFIGURATION, NETWORKING 3 WEEKS CONSULTANCY
AND CLOUD SOLUTIONS

iii. Responsibilities of each party;

[Client.Company] responsibilities:
 [ Client.Company] must provide all of the necessary information and assistance-related needs for
service performance that allows the Darakasi International Limited to meet the service level
standards as outlined in this agreement.
 [ Client.Company] shall inform Darakasi International Limited if there are any business changes
that may require a review, modification, or amendment of the service-level agreements.
Darakasi International Limited responsibilities:
 Darakasi International Limited acts as the primary provider of the services that are identified in
this agreement, except if outsourcing is done to a third-party vendor. In that case, the third party
assumes any support responsibilities that align with their services.
 Darakasi International Limited will communicate with [ Client.Company] if there are scheduled
or unscheduled service outages that happen because of maintenance, troubleshooting, disruptions,
or as otherwise necessary

The responsibilities of Darakasi International Limited are determined by each project and include but it’s
not limited to the following:
A. THE RESPONSIBILITIES OF THE CONSULTANT
 Developing Methodologies, Approach and Work plan for the execution of the project.
 Determining the scope of projects via consultation and investigation.
 Analyzing the strengths, weaknesses, and risks of existing project plans, as well as
recommending improvements.
 Identifying project parameters and specifications.
  Performing cost calculations and coordinating budgets with financial departments.
 Allocating personnel and resources to project tasks.
 Collaborating across departments to set realistic project targets and timeframes.
 Providing guidance and monitoring the progress made with each project stage.
 Facilitating suitable interventions to prevent costly delays.
 Presenting project progress updates to senior executives.

B. THE RESPONSIBILITIES OF THE CLIENT

● Payment for all support costs at the agreed interval.
● Scheduling of meeting between both parties
● Supervision of the project in line with the requirement
● Verify that suitable welfare facilities are in place prior to project commencement

iv. Monitoring and Reporting of Services;

The Supplier shall implement all measurement and monitoring tools and procedures necessary to
measure, monitor, and report on the Supplier’s performance of the provision of the Services against the
applicable Service Levels at a level of detail sufficient to verify compliance with the Service Levels.

The Supplier shall immediately notify the Customer in writing if the level of performance of the Supplier
of any element of the provision by it of the Services during the term of the Contract is likely to or fails to
meet any Service Level Performance Measure.

GENERAL INFORMATION

Project Name Reporting Period

Start Date End Date
mm/dd/yy mm/dd/yy
Agency

Contact Phone Email Fax

Project Manager Phone Email Fax

Project Cost, Schedule, and Accomplishments

Project Item Report to Date

Initial
Estimated
Project Cost
 Last Reported Estimated Project Cost
Current
Estimated Project Cost
Explanation of Variance between Last Reported Don’t forget to complete the variance if you had
and Current Project Cost change requests. Also, is your variance 10% or
more of the Initial Est. Project Cost? May need
to re-submit business justification deliverables
and/or contract amendment form.
Project Cost to Date (Fiscal)

Project Cost to Date (Total)

Description of You should have a way to track both FTE costs
Cost Tracking Mechanism and capital expenditures.

v. Legal and regulatory compliance;

In enhancing compliance and reducing liabilities, Data Controllers and Data Processors shall:
a) Within twelve months of incorporation and then on an annual basis conduct a data protection
audit.;
b) ii. process data only on legally justifiable basis as provided in Article 2.2 of the NDPR;
c) iii. Prepare and publish a privacy policy on every medium of personal data collection within 3
months of commencement of business operations in line with Article 2.5 of the NDPR
d) Have a privacy policy on their site and send messages to inform data subjects of developments
requiring new or different consent. Publicity of the privacy policy may be fulfilled through any
one or combination of the following:
➢ Publication on the website;
➢ Publication in a digital media
➢ Posted at conspicuous parts of the Data Controller’s business premises;
➢ By reading or providing a copy to the Data Subject; or
➢ Publication in any public media.
Where the privacy policy is not given or read to the Data Subject, the request for consent should
explicitly refer the Data Subject to where the privacy policy can be accessed;
e) Design and maintain systems to be data protection compliant: Data Controllers must show that
their systems are built with data protection in mind, as provided in Article 2.6. Data Controllers
are, therefore, expected to ensure continuous improvement of their information security
architecture to prevent possible data breaches.
f) Undertake continuous capacity building for members of staff, contractors, vendors, and relevant
third parties; vii. develop and circulate an internal data protection strategy or policy to help
members of staff and vendors to understand the organisation’s direction in connection with the
collection and processing of Personal Data and outline the steps they are to take to ensure the
organisation’s direction is achieved and maintained;
g) Conduct a Data Protection Impact Assessment (‘DPIA’) in accordance with the provisions of the
NDPR (A DPIA is a process to identify, evaluate and minimise possible data protection risks in
an existing or new business or organisational activity. Where the organisation intends to embark
on a project that would involve the intense use of personal data, a DPIA should be conducted to
identify possible areas where breaches may occur and devise a means of addressing such risks.
Organisations are expected to conduct a DPIA on their processes, services and technology
periodically to ensure continuous compliance);
 h) Notify NITDA of Personal Data breaches within 72 (seventy-two) hours of becoming aware of
the breach; x. update agreements with third party processors to ensure compliance with the
NDPR:
i) Design system and processes to make data requests and access seamless for Data Subjects;
j) Design systems and processes to enable Data Subjects to easily correct or update their Personal
Data;
k) Design system and processes to enable Data Subjects to easily transfer data to another platform
or person (natural or artificial) at minimal costs;
l) Within the first 6 (six) months of incorporation and then on a biennial basis, train members of
senior management and employees that collect and/or process Personal Data in the course of
their duty, on Nigerian data protection laws and practices;
m) Clearly communicate to Data Subjects the process for objecting to the processing of their
Personal Data; and
n) Outline the procedure for informing Data Subject and for protecting their rights, where an
automated decision is being made on their Personal Data.

vi. Payment terms;

In consideration for the services to be performed by Contractor, Client agrees to pay Contractor at the
following rates: ____________________________.
Contractor shall be paid within a reasonable time after Contractor submits an invoice to Client. The
invoice should include the following: an invoice number, the dates covered by the invoice, and a
summary of the work performed.
The projected will be executed in phases and the payment terms depend on the nature of the project.

 The price is payable on demand but in any case must not be paid later than 30 days from date of
invoice.
 The company reserves the right to suspend deliveries where payment is not received in
accordance with paragraph (a) of this clause or in accordance with any alternative items of
payment agreed in writing.
 Where payment is not made in accordance with the terms of paragraph 5(a) hereof the customer
shall pay interest on any unpaid amounts calculated at 3% above Nigerian’s base rate for the time
being in force calculated on a daily basis.
 No cash or other discount is allowed unless agreed in writing.
 If the company is able to deliver some items comprising the goods the subject of an agreement
but unable to deliver all such items due to cause beyond its control (including but not limited to
the examples referred to in Condition 3 hereof) the customer shall pay for such items as are
delivered.

vii. Dispute resolution;

Resolving Disputes
If a dispute arises under this Agreement, any party may take the matter to any state High court in the FCT
or the state where the contract is being executed.
OR
If a dispute arises under this Agreement, the parties agree to first try to resolve the dispute with the help
of a mutually agreed-upon mediator. Any costs and fees other than attorney fees associated with the
mediation shall be shared equally by the parties. If it proves impossible to arrive at a mutually satisfactory
solution through mediation, the parties agree to submit the dispute to a mutually agreed-upon arbitrator in
Nigeria. Judgment upon the award rendered by the arbitrator may be entered in any court having
jurisdiction to do so. Costs of arbitration, including attorney fees, will be allocated by the arbitrator.
viii. Confidentiality and non-disclosure provisions;
Contractor acknowledges that it will be necessary for Client to disclose certain confidential and
proprietary information to Contractor in order for Contractor to perform duties under this Agreement.
Contractor acknowledges that disclosure to a third party or misuse of this proprietary or confidential
information would irreparably harm Client. Accordingly, Contractor will not disclose or use, either during
or after the term of this Agreement, any proprietary or confidential information of Client without Client's
prior written permission except to the extent necessary to perform services on Client's behalf.
Proprietary or confidential information includes:
• the written, printed, graphic, or electronically recorded materials furnished by Client for
Contractor to use
• any written or tangible information stamped “confidential,” “proprietary,” or with a similar
legend, or any information that Client makes reasonable efforts to maintain the secrecy of
• business or marketing plans or strategies, customer lists, operating procedures, trade secrets,
design formulas, know-how and processes, computer programs and inventories, discoveries, and
improvements of any kind, sales projections, and pricing information
• information belonging to customers and suppliers of Client about whom Contractor gained
knowledge as a result of Contractor's services to Client, and
• other: _____________________.
Upon termination of Contractor's services to Client, or at Client's request, Contractor shall deliver to
Client all materials in Contractor's possession relating to Client's business.
Contractor acknowledges that any breach or threatened breach of Clause 18 of this Agreement will result
in irreparable harm to Client for which damages would be an inadequate remedy. Therefore, Client shall
be entitled to equitable relief, including an injunction, in the event of such breach or threatened breach of
Clause 18 of this Agreement. Such equitable relief shall be in addition to Client's rights and remedies
otherwise available at law.

ix. Termination of the agreement; and

With reasonable cause, either Client or Contractor may terminate this Agreement, effective immediately
upon giving written notice.
Reasonable cause includes:
• a material violation of this Agreement, or
• any act exposing the other party to liability to others for personal injury or property damage.
OR
Either party may terminate this Agreement at any time by giving ____ days' written notice to the other
party of the intent to terminate.

x. Any other relevant information

Acceptance
IN WITNESS whereof the parties have signed this Agreement the day and year first before written

SIGNED: _______________________

For an on behalf of the Client

NAME __________________________

(Please print)

SIGNED: _________________________

For and on behalf of the Consultant Darakasi International Limited

NAME __________________________

(Please print)