Menu

Data Center Customer Handbook

1. Work and organization rules

1.1 Use of data center space and facilities

  • Customer’s employees and their contractors are not allowed to enter Cirion facilities wearing shorts, sandals, slippers or any article that poses a risk of falling and entanglement as well as exposing body parts which could be subject to blows, cuts or scratches.
  • The entry of minors unrelated to the services being executed is prohibited.
  • It is forbidden to smoke inside the Data Center.
  • It is forbidden to eat or drink inside the Equipment Room. Food and drink consumption can only be done in the designated areas.
  • It is forbidden to access the facilities with weapons or explosives.
  • It is forbidden to take pictures or conduct recordings inside Cirion facilities without proper authorization.
  • It is forbidden to use music devices with or without headphones inside the Equipment Room.
  • The Customers Room is a working area set for operating your systems located in the Equipment Room; it is a common space to be shared with other Customers and Cirion staff.

For this reason:

  • It is forbidden to hold meetings and group discussions which could affect the work environment.
  • The room cannot be used as a testing lab; monitors, mouses and keyboards cannot be disconnected from their consoles to be connected to personal equipment.
  • The room’s furniture cannot be rearranged in any way.
  • A workstation cannot be used for more than four (4) consecutive hours.
  • Only two (2) people per Customer may work simultaneously on Customer’s equipment; all other cases shall be treated as exceptional requests upon authorization by the DOC.

The Equipment Room is the area which hosts IT and communications equipment for Cirion and different Customers; therefore, in order to maintain the safety standards, the following safety policies should be followed:

  • For cases in which the customer or contractor needs to transport, install, uninstall, or handle objects with dimensions that are not easily manageable or weighing 25 kg or more, such task must be performed together with someone else or using mechanical assistance. Additionally, for the transport or installation of equipment or materials weighing 5 kg or more, safety shoes must be used to prevent injuries caused if items are accidentally dropped.
  • When performing handling, installation, transportation, or removal of equipment or items with sharp edges, protective gloves must be used.
  • If using handheld tools to perform Activities, safety gloves and glasses must be used at all times.
  • If customer enters or approaches an environment where noise levels exceed permitted limits (85 dB), he/she must use hearing protectors such as earplugs or earmuffs.
  • Each customer is responsible for providing their own personal protective equipment when necessary.
  • Corridors must be free of elements that may hinder free transit.
  • The assigned private spaces (Mini Rack, Full Rack or Private Room) must always be kept clean and organized.
  • The customer must follow the guidelines from Operations personnel for the correct reception, transport, unpacking and installation / removal of their equipment. The personnel will indicate the appropriate site for the unpacking of the equipment. Boxes, containers, adhesive tapes, pieces of expanded polystyrene (styrene foam, pluvamit, anime), bags or any other type of packaging in which the equipment arrived, must be removed the same day of arrival of the equipment and they cannot enter the Equipment Room.
  • It is forbidden to keep cardboard boxes, plastic bags, wood or any other combustible material inside the Equipment Room.
  • If furniture, other than a rack, is needed in the Equipment Room, it must be metallic, fireproof and have the written approval of the Operations Management.
  • The Customer cannot install any equipment in their Housing area without the appropriate authorization from the DOC. The use of televisions, radios, game boxes or any other entertainment device is NOT permitted inside the Data Center.
  • Cirion does not offer the service of Internet browsing in the Data Center. If a Customer needs to consult or download information from the Internet related to the service being installed, a network point with Internet access can be provided to him for no longer that one (1) hour.
  • The Customer is not authorized to lift the floor tiles of the technical floor at the Data Center. He may not install any wires or equipment in the air trays. This can only be done by Cirion staff.
  • No clothing or accessory (purse, suitcase, umbrella, etc.) can be hanged in doors, bars, racks or equipment within the Data Center. When needed, you can contact an operator who will inform you of where you can leave clothing and accessories during your stay in the Data Center.
  • No machinery, such as grinders, drills, hammers, riveters, etc. can be connected in the Data Center facilities; also, no element for which electricity consumption exceeds the maximum electricity consumption threshold (such as engines, heaters, big resistances, etc.) can be connected.
  • All work requiring the use of the tools aforementioned, or other manual tools which generate dust or any other dirt (such as grinders, saws, etc.), are reserved for Cirion and are expressly NOT allowed to be carried out by Customers.
  • The Customer must bring his own work material to the Housing area, such as: notebook computers, software installation materials not provided by the service, tools (screwdrivers, pliers, etc.), anti-static handles, etc.
  • When Customer has telephone, lines contracted in their Housing area, they must provide their own telephone devices. Cirion does not lend this type of device, whether to test communications or for any other purpose.
  • All plugs provided by Cirion to the Customer under the technical floor, or in the racks, comply with standard safety guidelines; use of multi-outlet devices or PDUs, whether under the technical floor or inside the rack, is expressly forbidden.
  • It is expressly forbidden to have any kind of wire (patch cords, power supply wires, telephone wires, etc.) hanging “in the air.” In the Data Center, wires must run across their respective trays and in no other way.
  • Customers must avoid any kind of equipment installation representing a hazard to themselves or to others. Customers must especially avoid leaving rack doors open if no work is being done on the equipment inside the rack, and must prevent metallic rails from projecting outward during the installation of the equipment, etc.
  • Cirion’s staff can access customer´s racks without prior notice to perform inventory activities, verifications and / or validations.
  • The installation of any wireless router inside the equipment room is NOT permitted.
  • Only for Brazil: All customer’s personnel conducting loading and unloading of heavy equipment, rack or others, which requires at least 2 people to do so, must use the PPE (Personal Protective Equipment) related to the activity, according to Regulatory Standard 6 – NR-6. In the event that the minimum elements are not presented, the loading or unloading will not be allowed.
  • The minimum elements required to carry out activities within the Cirion facilities, and according to the NR6 standard are:
    • PPE for head protection
      • Helmet with jugular: the use of a safety helmet is mandatory to carry out activities where there is risk of falling objects and to protect against impacts of objects on the skull.
      • Eye protection: glasses with transparent lenses to protect the eyes from airborne particles.
    • Pe for protection of upper limbs
      • Safety gloves: The use of gloves is required for operations involving materials with high temperature, sharp points or edges; also, for the manipulation of handheld tools such as screwdrivers, knives and anything that can cause injuries, burns, dermatitis, etc.
    • PPE for protection of trunk
      • Protection of the trunk: Ergonomic belt for weight lifting and loading.
    • PPE for protection of lower limbs
      • Foot protection: Boots with steel or composite protectors for toes.

The manual transport of loads is not allowed when load’s weight is likely to compromise an individual’s health or safety (the maximum weight a person can carry individually is 53 kg; 20 kg for women working continuously and 25 kg when working occasionally). Decree-Law 5,452, May 1, 1943, Consolidation of Labor Laws – CLT, Art.198, Art.390; NR-17 Ergonomics 17.2.2.

If the customer does not comply with the use of the corresponding PPEs, transportation of equipment will not be authorized.

1.2 Evacuation rules

The main goal of the Physical Safety Policy adopted by Cirion is to ensure the physical integrity of the staff and equipment hosted at the Data Centers. The main aspects to be taken into account before an evacuation event are listed below.

  • Before initiating activities, please identify evacuation routes and site evacuation alarms (sirens, lights). Ask the site staff if you have any questions.
  • When the building alarm system activates, everyone must evacuate the areas in an orderly manner and without running.
  • Evacuation must not be delayed by individuals organizing their workstation or personal articles.
  • Safety staff instructions must be followed by all individuals.
  • Individuals must use the closest emergency exit, which is clearly marked. Every floor has an evacuation plan.
  • Elevators must not be used.
  • The safety staff will indicate a secure area outside the building.

1.3 Commercial visits or Data Tour to the Data Centers

Commercial visits or Data Tour will be coordinated with the Account Manager (AM), who will be responsible for the group and must comply with the rules described in 1.1 and 1.2 of this document.

If the commercial visit is carried out by a Cirion customer, the authorized contact will be responsible for their group and must comply with the rules described in 1.1 and 1.2 of this document.

2. Management of authorized contacts

Customer’s authorized contacts are Customer’s employees, or third parties authorized to interact with Data Center teams via telephone, e-mail or customer portal to place requests and report incidents about contracted services, according to permission levels.

2.1 Designation of Technical Responsible

When a contract is signed, different instances are activated so that both the Delivery of the contracted solution and the expected service levels are carried forth appropriately.

To meet this objective, the Customer should designate at least one Technical Responsible, who will have the role of “Administrator” and Level 1 – Admin for Data Center in the Customer Portal. Only the individuals assigned to the Customer Portal in the roles of “Administrator” or “Users Manager” will be authorized to perform the Registration, Removal and/or Modification (RRM) of the authorized contacts through the Customer Portal.

The Technical Responsible can designate people to replace him, who will also be identified with the role “Administrator” and Level 1 – Admin for Data Center in the Customer Portal.

The accounts executive or the project manager must ask the Customer to send, via reliable documentation, the necessary data to register the Technical Responsible:

  • First and last names.
  • Company.
  • Title.
  • Phone #:
  • E-mail.
  • Authorization Level (must be assigned as “Administrator” and Level 1 – Admin for Data Center in the Customer Portal).

After receiving the Technical Responsible’s full information, Cirion will upload these to the management tools and, once the Customer is operational, the person responsible will be able to use the hired service and include other authorized contact in the Customer Portal. 

If the customer doesn’t define a Technical Responsible or doesn’t use the Customer Portal, he may authorize his Service Client Manager and/or Customer Success Manager at Cirion to update the customer’s authorized contacts in the Customer Portal, otherwise it will be considered that this role is carried out by the signatory of the contract. In these cases, the customer understands and undertakes the responsibility and/or any risk involved when managing their services.

2.2 Registration, removal and modification of Authorized Contacts

Registration, Removal and/or Modification (RRM) of the authorized contacts shall be made by contacts registered as “Technical Responsible” (role “Administrator” and Level 1 – Admin for Data Center in the Customer Portal) through the Customer Portal. 

Contacts who need more than one level or will manage more than one account or service, can be registered in the Customer Portal.

The minimum information necessary for the registration of authorized contacts in the Customer Portal are:

  1. User Information
  • First and last names.
  • E-mail
  • Phone #
  • Emergency phone #
  • Country of citizenship
  • Level of authorization (as specified in item 2.2.1: Definition of permission levels for Authorized Data Center Contacts, below)
  • Title
  • Authorization date
  • Identification document (type and number)
  1. Role attribution in Portal: this should be selected among the options and descriptions in the Customer Portal and in the Customer Portal User’s Manual.
  1. Select customer: confirm which customer will be linked as the authorized contact.

  2. Account attribution: if this includes several companies belonging to the same group, the contact can be attributed to one or more accounts, in this field.

  3. Selection of account services: select services which the contact will have access to (according to the levels defined in the previous steps).

All of these fields must be filled out.

2.2.1 Definition of permission levels for Data Centers Authorized Contacts

Details of authorization levels

Level 1 – Admin

Housing/Colocation:

 

  • Applies only to Technical Responsible(s) and will be the contact receiving communications from Data Center in the case of emergencies.
  • 24/7 access to Customers’ room (with connectivity to the equipment) and/or equipment room.
  • Authorizes access of staff to a Customer and/or equipment room on a determined date.
  • Opens the hired racks or cages.
  • Admits or removes equipment according to SLA and instructions in item 4.1 and 4.2 of this document.
  • Authorizes admission or removal of equipment.
  • Opens requests according to assigned services.
  • Reports incidents according to assigned services.
  • Approve the changes planned.

Other Data Center Services

  • Applies only to Technical Responsible(s) and will be the contact receiving communications from Data Center in the case of emergencies.
  • Opens requests according to assigned services.
  • Reports incidents according to assigned services.
  • Approve the changes planned.

Level 2 – Service Manager

Housing/Colocation

 

  • 24/7 access (until Technical Responsible – Level 1 concludes it) to Customer room (includes equipment connectivity) and/or equipment room.
  • Authorizes access of another company’s staff to a Customer and/or equipment room on a determined date.
  • Opens the hired racks or cages.
  • Includes or removes equipment previously authorized by the Level 1 contact, via ticket registration and according to SLA and instructions in item 4.1 and 4.2 of this document.
  • Opens requests according to assigned services.
  • Reports incidents according to assigned services.

Other Data Center Services

  • Opens requests according to assigned services.
  • Reports incidents according to assigned services.

Level 3 – Physical Access to Data Center

Housing/Colocation

Customer contacts authorized by Level 1 or Level 2 to:

  • Access to Customer room (includes equipment connectivity) and/or equipment room, during a certain period.
  • Open hired rack(s) or cages during a certain period.

Customer contacts authorized by Level 1 via ticket registration:

Include or remove equipment for a certain period, according to SLA and instructions in items 4.1 and 4.2 of this document.

Level 4 – Office space

Office Space

  • Access to Office Space room and areas established in the service agreement.

Level 5 – Change approval

All Data Center Services

  • Customer contacts authorized to approve the changes planned.

Every authorization is valid for a maximum of 30 consecutive days. For a new visit to the Data Center, the Customer must repeat the procedure.

In the occasion of a serious failure requiring immediate intervention on the Customer’s equipment located at the Data Center, the request can be sent at any time prior to the visit. This situation does not exempt the Customer from presenting the required documentation mentioned above and to have the updated necessary legal documentation mentioned in this document.

Note: for this reason, it is recommended to have an updated authorized contact list in customer portal and insurance certificates for the countries in which this is needed, since in many countries this insurance coverage expires in 30 days.

2.2.2 Required Personnel Insurance Documentation

To comply with local legislation, the following documents must be published before entering the Data Center:

Mandatory documents for Argentina

For dependent relationship personnel:

  • ART certificate that includes the names of the people who need to enter:Publish this document only on the first entry of the employee and then each time the ART policy is renewed.
    • You will need to publish the document again in the event of a change in ART and notify Cirion immediately if any employee ceases to provide services for your company. It will not be required to publish this document on a monthly basis.
  • ART payment certificate: publish ART payment certificate. The validity of the document will be 3 months. That is, if someone needs to enter the Data Center in the month of December, they should publish the proof of payment for the month of September; If they need to enter the Data Center in the month of January, it will be sufficient to publish the proof of payment for the month of January.
  • ART Certificate of coverage with non-repetition clause against Cirion: Present this document only each time the ART certificate is about to expire. Also, any modification to the policy should be immediately reported to Cirion. It will not be required to present this document on a monthly basis.

For autonomous personnel: 

  • Personal accident policy: Publish this document only on the first entry of the employee.
    • Value: $ 2.000.000 pesos with clauses of N⁰ repetition in favor of Cirion Technologies Argentina S.A. CUIT 30626747171.
    • For medical and pharmaceutical expenses: $ 100,000 pesos.   
    • Limit per event: without limit. 
  • Payment certificate of the policy: the frequency depends on the type of the certificate (monthly, quarterly, etc.)
  • Proof of registration to AFIP as an autonomous: only on the employee’s first entry.

These changes in the process of submitting documents to access the Data Center applies to jobs or activities in racks: Example; installation/uninstallation or configuration of routers, switches, among others.  

Activities that involve transportation of equipment in private vehicles or movement of cargo in trucks or forklift vehicles will continue to pass the already known documentation filters, such as: (1) Vehicle coverage policy, (2) Updated vehicle technical verification, (3) Driver’s license and DNI of the driver, (4) ART certificate or personal accident insurance. (5) heavy vehicle operator training certificates, and others that the Cirion EH&S area may require depending on the activity to be carried out in Cirion.

All documentation required for the entry of Personnel must be uploaded to the self-managed platform of EHS LATAM https://contratistas.ehslatam.com/login.php to be validated by the Environment, Safety & Health at Work (EH&S) area. ; the area is the one that controls whether the documentation is current and in order.

It will be the Client’s responsibility to validate that the documentation uploaded on the self-managed platform is approved for entry. If it is rejected, the client will receive a notification from the Environment, Safety & Health at Work (EH&S) area, explaining why the documentation is not in order.

For clients who use the self-managed platform of EHS LATAM for the first time, they must first attend to what is indicated in point 2.2.to receive the username and password that will allow them to enter the platform and upload the respective information. If, once the username and password have been received, the client has concerns or problems, they can download the Instructions that are available on the platform or they can contact the email account: datacenter.cirion@ar.ehslatam.com

Mandatory documents for Peru

1) Certificate of SCTR (Complementary Risk Work Insurance) that includes the names of the people who need to enter: Submit this document only on the first entry of the employee and then each time the SCTR policy is renewed. It will be necessary to present the document again in case of a change of SCTR and notify Cirion immediately in the event that any employee stops providing services for your company.

2) Proof of payment of SCTR: Submit the proof of payment of ART with a frequency of 3 months. This will mean that if you send the proof dated 09/15/2021, in our control system it will be valid until 12/15/2021.

For Colombia, Ecuador and Venezuela: 

All documentation related to personal Insurance must first be sent for validation by the Department of Health and Safety; see item 8.4. This is the area responsible for controlling whether the documentation is accurate and up to date.

Once the documentation is validated, the Health and Safety department should notify the customer and send it to the areas of security and building access control, as well as Data Center operations, accordingly. In case it is reproved, the Health and Safety department should let the sender know why it doesn’t meet the rules, copying all areas mentioned above. 

We remind you that the personal insurance documentation relative to customer personnel and/or contractors and/or providers, should be sent by the customer. The delivery of provider documentation directly to Cirion does not authorize entry of personnel in all customers’ areas. For this reason, providers and contractors should send the documentation beforehand to the customer and the customer is the one who should authorize each and every one of their providers and contractors. 

No associate of the client and/or contracted personnel and/or contractor and/or supplier may enter the Data Center to work if the last certificate/insurance presented to Cirion is not valid (does not apply to Brazil and Colombia).

Here is a summary of the points to keep in mind:

Employees’ Insurance Policies and Contracts should include: 

  • Amount of insurance
  • Scope
  • List of insured individuals
  • Payment receipt

Foreign employees’ Insurance Policies and Contracts: 

  • Subcontractors from the USA and Canada should present their certificate for Insurance against Accidents.
  • Subcontractors from Chile should present their certificate for Medical Assistance.
  • Subcontractors from Brazil should present their certificate for Work in the State.
  • For all cases the validation of the original policy for personal accidents, with the coverage certificate for the country of origin, accordingly. 

These certificates should include:

  • Name(s) of individual(s) covered. 
  • The coverage should be extended to the work being done in the corresponding country.
  • Cirion as co-insured.

Insurance Policies for Personal Accidents for contractors or third parties:

They should have a personal accident policy containing at least the minimum values insured according to the local regulations in effect.

Civil Liability Insurance for Injuries and Damages to third parties:

Policies and payment receipts for Civil Liability Insurance covering lesions and/or damages to third parties caused by the subcontractor while conducting his tasks should be presented, including coverage of material damage or risks caused by materials in their property and/or under their guard or control.

USA and Canada subcontractors must present the “General Liability” certificate for Global Liability in other countries, as appropriate, which should include:

  • Coverage of tasks being conducted
  • Coverage should be extended to work being conducted in the corresponding country.
  • Cirion as an additional co-insured.

Observation 1: Considering the labor laws in effect, nobody can access the Data Center without the above information.

Observation 2: If the Technical Responsible is one of the individuals accessing the Data Center, he too should include his information.

Observation 3: Individuals entering the Data Center, whether through specific or permanent access, should follow the security policies defined in Item 1 in this document.

3. Entering and exiting the Data Center

The procedure for entry and exit to the Data Center is described below, however, specificities of the legislation of each country are applied, detailed in item 2.2.2

Hosting Customers have no access to the Equipment Room; their mobility is limited to the Customer’s Room in the Data Centers that have one. If physical operation is needed (ex: loading of CDs or tapes) on the equipment supporting their services, this should be requested to and performed by the DOC.

IMPORTANT:

  • Access to the Data Center will not be permitted to anyone who, according to the security or DOC’s personnel assessment, is under the influence of alcohol, drugs or demonstrates inappropriate behavior. This type of entry will be registered by Cirion, which reserves its right to expose it due to eventual claims by customer. The Technical Responsible will be formally notified about such events.
  • No person is allowed access to the Data Center without the authorization of the Environment, Safety & Health at Work (EH&S) area for the applicable countries. 3.1 First visit to the Data Center.

3.1 First visit to the data center

It is recommended that the Authorized Contacts their first visit between 9 am and 7 pm, Mondays through Fridays, in order to manage the corresponding registrations in the Data Center’s security systems. 

  • Once inside the Data Center, the DOC must configure the Key-Card, biometric sensor, or any other digital locking system to access the Equipment Room and the racks.
  • After this initial configuration, the Customer’s Authorized Contact should be able to have future access.

3.2 Access to the Data Center

3.2.1 Authorized /Contacts

When an Authorized Contact needs to access the Data Center, they must address the building’s security personnel and identify themselves. Security personnel must:

  • Verify Customer’s identification.
  • Allow access to the building.
  • Provide an ID card to access the Data Center area according to the assigned level of permission.
  • Request that the person declare any work tools such as laptops, hard drives, etc., these shall be registered on a form to be signed by the Customer.

If contact’s permission level allows them to enter the equipment room, the security guard, or DOC staff should provide the keys for their cage or rack, or the access badges to their private rooms, as appropriate.

3.2.2 Unauthorized Contacts

When an unauthorized contact must enter the Data Center, a level 1 or 2 Authorized Contact must require specific access for employees or third parties of the Client who are not part of the list of authorized contacts. The request must be made through a formal request to the DOC via Customer Portal or email (item 8.2) with the following information:

  • Access date;
  • Access start and end times;
  • Activity to be performed;
  • Location of the Data Center to be accessed (city and country);
  • Data Center room to be accessed;
  • Rack(s) to be accessed;
  • First and last names of the individual requesting access;
  • Company of individual requesting access;
  • ID card or citizenship ID of individual requesting access.

To make it easier for all the information necessary for the entry authorization to be sent correctly, the customer can request the DOC for the specific format for this.

The deadline for authorization is up to 48 hours after registration of the request with all the visit data previously informed and the documents required in the item “Personal Insurance Required Documentation”.

The customer is responsible for their unauthorized contacts within the Data Center, in order to ensure that the work and organization standards described in item 1 of this document are respected and followed.

3.3 Access to Data Center’s parking lot

Parking within the premises is free of charge for Authorized Contacts, although it is subject to the availability of space y. Despite authorizations, Cirion reserves the right to deny access to any vehicle due to security circumstances.

Parking requests must be sent 48 hours in advance, only by the Technical Responsible. Necessary information is:

  • License Plate Number
  • Make
  • Model
  • Color
  • Insurance policy (for vehicles used for transporting equipment to and from the Data Center).

Within 24 hours of receiving the request, the DOC will respond to request by email. Customer should attach and send the aforementioned information as indicated in the section Contact Details.

3.4 Exiting the Data Center

The Authorized Contact must return keys and access badges to the employee who has provided them.

When leaving the building, the security guard will verify equipment and work material being taken, as detailed in the following section. If material hasn’t been declared, it may only leave after proper authorization by the individual responsible for Data Center Operations.

4. Entry and removal of equipment and work material

4.1 Permanent entry of equipment in data center

The following rules apply to Technological Material entering the Data Center on a permanent basis.

The Authorized contact must inform their intention of entering their Housing space with Technological Material by filling out the appropriate equipment entry and exit form, informing the desired entry date, considering that Cirion’s analysis deadline is of 3 business days during business hours, and that the request may be rejected.

The request will be analyzed by Cirion’s technical teams and, once authorized, the entry of equipment may be conducted during all days and hours of the week. Scheduling will effectively occur only after approval. In case the analysis is denied, the request will be cancelled.

This authorization is valid for one week for entry or scheduling of entry; in case this doesn’t occur within this deadline, the ticket will be closed and customer will need to enter another request in case there is any type of installation still to be concluded.

The DOC registers the request through a ticket. To authorize this request, equipment’s power consumption must be verified in order not to exceed hired consumption rate, and documentation must follow the rules below. Once request is analyzed, the DOC must respond by email informing whether equipment entry has been approved or denied.

For Brazil, the customer must have the following information:  

  • Invoice – ICMS tax-payers (Tax on Circulation of Merchandise and Services), must issue an invoice with recipient’s and Cirion’s address, thus avoiding a monthly replacement of invoices. The invoice for all third party equipment entering the Data Center will be sent to the Tax Department for registration. av.
  • CFOP: 5.554 – Nature of operation: Shipment of immobilized property to be used outside offices.
  • CFOP: 949 – Nature of operation: Other type of issued goods or unspecified service delivery.
  • CFOP: 6.554 – Nature of operation: Shipment of immobilized property to be used outside offices.
  • CFOP: 949 – Nature of operation: Other type of issued goods or unspecified service delivery.
  • ICMS – Use the exception term adopted by each State’s legislation.
  • Invoices and declarations should be issued directly by Cirion customers to Cirion and must be sent in PDF format. The entry of equipment will not be allowed with invoices issued by other manufacturers or providers.

 Tax information for Brazil’s Data Centers: 

Legal Name: Cirion Technologies do Brasil Ltda.

Av. Eid Mansur, 666 – Pq. São George – Cotia – SP, Cep: 06708-070

CNPJ: 72.843.212/0001-41 or 72.843.212/0006-56

Inscrição Municipal: 018712-7

Inscrição Estadual: 278.130.837.119

Legal Name: Cirion Technologies do Brasil Ltda.

Av. Pedro II, 329 – São Cristovão – Rio de Janeiro – RJ, Cep: 20941-070

CNPJ: 72.843.212/0002-22

Inscrição Municipal: 0255414-3

Inscrição Estadual: 86.062.895

Legal Name: Cirion Technologies do Brasil Ltda.

Rua Semeador, 350 Cidade Industrial – Curitiba – PR, Cep: 81270-050

CNPJ: 72.843.212/0005-75

Inscrição Municipal: 386.361-9

Inscrição Estadual: 90170568-21

STATEMENT- Declarations of taxpayers who have not issued detached Tax Invoices in the Tax Office will not be accepted. Non-taxpayers shall issue a statement with the address of the recipient and Cirion, detailing the amount, description and value. Such statement shall be signed by the legal representative of the company and enables Cirion to issue an entry invoice so as to regularize our office equipment. The statement shall record that materials belong to the Issuing Company and are being transported for their use outside their offices.

Customer should attach and send the information afore mentioned as indicated in the Contact Details Section.

  • All equipment, including accessories and removable components not belonging to Cirion shall be clearly identified by a label or equivalent, exhibiting the Owner’s name (or the code provided by Cirion).
  • Equipment shall only be connected or disconnected from the electrical and/or data network with the DOC’s written authorization.
  • Customer shall be responsible for managing (receipt, transport, moving, etc.) of equipment (complete or parts thereof), parcels, mail, etc., belonging to them.

4.2 Installation of equipment in Data Center

Some basic concepts and premises that must be considered when installing equipment in the racks located in Cirion’s equipment rooms are specified and clarified below:

  • It should be considered that the occupation of the rack space must be done from the bottom up, considering that the equipment with the highest power consumption or the equipment that dissipates the greatest amount of heat (BTU). If the standard cooling conditions of the room is not downflow but up flow, the occupation of the racks must be done from the top down.
  • The installation orientation of the equipment must be well established, ensuring that the cooling air flow is from the cold aisle to the hot aisle. To verify this, the equipment specifications should be revised, by making the correct verification of the corresponding installation.
  • It is very important to know that the front of the equipment (cold air intake) must be aligned with the front of the rack, and it cannot be moved to the rear of the rack, as this means greater effort from the fans to remove cold air and causing inefficiency.
  • To guarantee the electrical support of each equipment, it is necessary to connect each of the two sources of the equipment to a different electrical bus, for this the rack has two power strips arranged, each one powered by an independent circuit, so each source must be connected to a different bus, given the above we recommend that all the equipment to be installed have a double source, in order to ensure its operation during programmed maneuvers that require the shutdown of one of the rack’s power supplies, if not, then installation will be necessary of an Automatic Electric Transfer Switch (ATS) or Static Transfer Switch (STS) that supports the required power and is Cirion approved.
  • Equipment with power supplies must be installed according to the voltage of the contracted service, as the installation of transformers is prohibited.
  • In no case will it be allowed to leave UTP or Fiber reserves of more than 2 meters inside the rack, these reserves must be perfectly rolled up and fixed on the sides of the rack at the rear to allow handling after installation and other equipment, without any packaging.
  • The inlet and output wiring must be perfectly organized at the rear of the rack facing the sides, in this way the hot air is guaranteed without causing recirculation.
  • In racks equipped with 208 volts or 400 volts, it is not allowed to connect equipment between one of the phases and the ground, if a non-standard connector is found or that allows this connection, it will be removed from the rack and installation will not be allowed equipment, this type of non-standard accessories or spliced cables for connecting equipment are not allowed.
  • In the case of requiring direct current power -48V. If the consumption is less than 20A DC, a PDU must be installed to distribute the circuits within the rack itself. If the consumption exceeds 20A, power must be requested directly from the Cirion BDFB. A + B line must be installed symmetrically distributed between the sources. It should be noted that Cirion has its Rectifier System with the positive pole grounded. And the negative pole is the circuit breaker (fuse / switch). If the distribution PDU is owned by the customer, it must be previously technically validated by Cirion to authorize its installation.
  • Once the equipment is installed, it is necessary to cover the uncovered spaces on the front of the rack with blanking panels, since their absence causes a return of hot air to the front of the equipment and therefore failures due to temperature increase and prevents air by-pass confining hot and cold aisles.
  • To authorize the start-up of the equipment, it is necessary that the equipment be installed, all the wiring organized, and the blanking panels installed. If it is found that something must be corrected, concerning the installation of the equipment, this must be done so that it can be permanently switched on.
  • The storage of tools, bags or any type of flammable material is not allowed inside the equipment racks.
  • In case of requiring the installation of a proprietary rack, it must be allowed to anchor it, install a cool lock and verify the connection of equipment, in case the rack connector does not comply with the room standard, it must be allowed to change from this to the standard, of course, ensuring that the proper electrical connection conditions are maintained.
  • Both the equipment and any other element that is used within the space assigned for this operation cannot protrude from that space and invade the space assigned to another client or the common vertical spaces or corridors.
  • The rack must be closed after the installation or removal of any equipment. The equipment cannot prevent you from closing or removing the door from the rack.
  • The use of multi-outlet strips or PDUs within the rack itself is prohibited.

Compliance with what is stated in the previous points is the power to guarantee the correct operation and support of each of its equipment.

Failure to comply with any of the above items may impact the quality of the services without any detriment to Cirion and the client assumes all the risks that merit the omission of the requirements indicated in this item.

If advice for the installation of any equipment is considered necessary by the installer, this must be requested from the Data Center area.

4.3 Permanent removal of equipment from Data Center

The following rules apply to Technological Material entering the Data Center on a permanent basis.

The Authorized contact must inform their intention of removing Technological Material from their Housing space by filling out the appropriate equipment entry and exit form, informing the desired removal date, considering that Cirion’s analysis deadline is of 3 business days during business hours, and that the request may be rejected.

The request will be analyzed by Cirion’s technical teams and, once authorized, the removal of equipment may be conducted during all days and hours of the week. Scheduling will effectively occur only after approval. In case the analysis is denied, the request will be cancelled.

This authorization is valid for one week for removal or scheduling removal; in case this does not occur within this deadline, the ticket will be closed, and customer will need to enter another request in case there is any type of removal still to be concluded.

The DOC registers the request through a ticket. To authorize this request, equipment’s power consumption must be verified in order not to exceed hired consumption rate, and documentation must follow the rules below. Once request is analyzed, the DOC must respond by email informing whether equipment removal has been approved or denied.

Customer must attach and send the abovementioned information as indicated in the section Contact Data.

For Brazil:

  • Removal of equipment will only be authorized upon the issuance of the exit invoice, in compliance with the local legislation.
  • There will be no invoices issued during the fiscal closing period (the first and last working days of each month) and in the year-end balance sheet (forecast for the last week of December and the first week in January) and may have variations that will be previously Communicated.

IMPORTANT:

  • Equipment can only be disconnected from the electrical and/or data network with the DOC’s written authorization.
  • In case the Customer of the Housing service requests to withdraw all equipment in the Data Center, he must have their Account Executive’s authorization.

DECLARATION – Cirion does not issue a Declaration of Exit of Equipment for customers and does not accept the exit of equipment without an Exit Invoice.

4.4 Entry and removal of work material (such as laptops and tools) to/from Data Center

The security guard will review and register work material brought by Customer and verify them when Customer leaves the building.

4.5 RMA

Return Merchandise Authorization (RMA) is a transaction in which the owner of a product sends defective material to the supplier to obtain repair or replacement of the product.

For Brazil: For entry and exit related RMA, Cirion will receive the new equipment to normalize the customer’s environment, however, the damaged equipment will only be released for removal after the normalization of the process in question (Receipt of Customer’s invoice assigned to Cirion) so that an equipment exit invoice can be issued. This process will consider the time of receipt of the Invoice by the customer for relevant tax adjustments. During this period, defective equipment remains installed or inside Cirion premises.

4.6 Internal Equipment Movement in the Data Center

If an internal movement of equipment already installed in their Data Center Housing space is required, the Authorized Contact must inform the DOC of his intention by sending the request with the equipment data and the date on which he wishes move it, and this request may be rejected.

The DOC open the request through a ticket. The request will be analyzed by Cirion’s technical teams, and the equipment’s power consumption to be moved will also be verified in order not to exceed the available rack consumption and, once the request is analyzed, the DOC must respond by e-mail informing whether equipment movement has been approved or denied.

If authorized, the equipment may be moved during all days and hours of the week. Scheduling will effectively take place after Cirion has approved the review. In case the analysis is denied, the request will be closed with its details.

The authorization is valid for one week for the movement or scheduling of the movement; in case this doesn’t occur within this deadline, the ticket will be closed and customer will need to open another request in case there is any type of movement still to be concluded.

IMPORTANT: Customer shall be responsible for managing (receipt, transport, moving, etc.) of equipment (complete or parts thereof), parcels, mail, etc., belonging to them.

After the contracting of the services by the Customer, the order reaches the Delivery team in charge of the implementation and transition of the service.

Service implementation and transition

After the contracting of the services by the Customer, the order reaches the Delivery team in charge of the implementation and transition of the service.

The implementation is coordinated according to the complexity of the contracted services. Those of medium and high complexity comply with all phases of project management and those of low complexity meet only what is necessary to guarantee the delivery of the contracted service within the term.

5. Project management

The implementation of the services contracted by the Customer is done by adopting the project management methodology, based on PMBOK, which is adapted to an IT services environment and led by a Project Manager. These phases and the offered scope are briefly described below.

5.1 Initiation

During this phase, the inputs of the analysis and survey of the requirements of the Customer are taken into account. The Time, Costs and Scope constraints will be evaluated to develop the corresponding Project Management Plan.

5.2 Planning

During this phase, the project management plan is developed, consisting of:

  • Cirion equipment
  • Participants of the proposed solution
  • Objective of the project
  • Statement of scope
  • Topology of the solution
  • Premises of the project
  • Project restrictions
  • Items out of scope
  • WBS
  • Milestones
  • External dependencies
  • Stakeholders
  • Project team
  • Organization chart
  • Matrix of responsibilities
  • Project risk analysis
  • Communication plan
  • Project quality indicators
  • Project Control
  • Change management
  • Comments and observations

Risk analysis

Cirion will present the risk analysis in the migration of the data center and will establish control measures to deal with the identified risks.

The risk analysis will contain:

  • Description of Risk;
  • Impact of risk (high, medium or low);
  • Probability of risk occurrence (high, medium or low);
  • Type of response (accept, transfer, mitigate or eliminate);

All risk analysis inherent to the project will be aligned, presented and documented during the meetings between Cirion and Customer.

5.3 Execution

In this phase, the execution of tasks is directed and managed according to the schedule built by the Project Manager, in order to implement the solution as it was framed in the project management plan.

5.4 Control

Measurement and monitoring with the objective of guaranteeing compliance with the activities in accordance with the plans of the Project Management Plan, allowing the Project Manager to take corrective actions when necessary.

5.5 Close and Delivery to Operations

Once all the planned activities have been completed, the relevant tests and validations have been carried out, the project can be finalized, and the delivery is made to the operations team. At this moment, the Project Manager executes the transfer of knowledge of the environment to the team in charge of the management of the services. In this phase, the acceptance of the services by the Customer is also coordinated.

Communication with the customer

Cirion provides a Single Point of Contact in each country (see items 8.2 and 8.3) so that its customers can communicate via telephone, email or portal, according to the country where the customer has contracted services.

6. Service Management

Currently, organizations depend greatly on their information solutions to meet their goals and business needs. This implies that IT services need to operate in line with the agreed levels of service.

The management team for the Information Technology Services carefully studies the appropriate assignment of the available resources so as to manage them integrally, minimizing drawbacks. The Data Center area provides contact points with 24 x 7 coverage to respond to your concerns and requests.

To support the management of services Cirion uses an IT Service Management System (ITSM) based on ITIL. The ticket is the record that Cirion and the Customer have as a joint means to recognizing the beginning, follow-up and end of the event.

This record has an alphanumeric non-sequential and auto-generated identification that shall be given to the Customer upon registering the occurrence. This number shall be used by the Customer as a unique reference for each subsequent contact related to the registered call or email request.

6.1 Incident Management

Incident Management is responsible for restoring the normal operation of the services as quickly as possible and minimizing the adverse impact to the critical operations of its Customers, thus ensuring that the best possible level of quality of service and availability is maintained.

The process of incident management is composed of the following subprocesses:

  • Identification of the incident
    This subprocess identifies the incidents of any origin, either through the monitoring tools or by the communication of the technical team or the Customer’s team, through telephone, email or portal.
  • Incident registration
    In this subprocess the initial information required to identify and classify the incidents is recorded. This subprocess will appear throughout the entire incident lifecycle because it is necessary to keep all the progress records, in addition to the closing records in the service management tool.
  • Categorization of the incident
    In this sub-process, the categorization of the incident is initially carried out according to the catalog. This subprocess is very important because in addition to describing the symptom and relating the impacted CI, it will also define which group will act in the incident.
  • Prioritization of the incident
    In this subprocess, prioritization is carried out according to the classification of the impact and the urgency of the incident. This subprocess is very important also because it determines how the incident is going to be treated by the management tool and by the support levels.
  • Initial support
    In this subprocess, the initial diagnosis of the incident is made. The symptoms of the incident are consulted on the Known Errors Database to locate an alternative solution or solution. If a solution is not identified, the first level will start the escalation procedure.
  • Research and diagnosis
    This subprocess is where the investigation is carried out and the subsequent diagnosis to determine possible solutions or scale until finding a solution or solution of contour to solve the incident. If necessary, a problem log will be created to investigate the root cause, if unknown.
  • Resolution and recovery
    In this subprocess the actions of incident solution and recovery of the affected service are applied, and the effectiveness is validated. If required, RFCs are issued to request approval for required emergency changes.
  • Analysis for problem registration
    In this subprocess, an analysis is made of the need to register the problem, considering certain relevant information so that it is not registered incorrectly.
  • Closure of the incident
    This sub-process contains the confirmation actions of the initial categorization and recategorize it if necessary. Confirm with the Customer about the solution applied and subsequent closure, or reopen the case if the Customer did not validate the solution.

If Customer faces problems with any of the services, they may contact Cirion by phone, e-mail or portal as detailed at items 8.2. and 8.3

6.1.1 Incidents record

To adequately register, evaluate and track incidents, Cirion will request the following data from the Customer:

  • Service affected (name of server, rack number, etc.)
  • Moment in which the failure was noticed.
  • Specification whether failure persists or was solved.
  • Specify whether it was the first time this failure occurs. If the answer is no, indicate the frequency.
  • Specifications whether any changes were made to the equipment, site or application before the failure occurred.
  • Description of failure.

Incidents may be reported by the corresponding Authorized Contacts. Cirion will validate their identity.

Cirion’s representatives give the Customer a ticket number and initiate technical diagnostics tasks, thus ending the contact by phone if the incident was reported in this manner. If, as a result of the diagnosis, Cirion needs to communicate with the Customer to complete the activity, the person who requested the ticket shall be contacted.

Tickets in the services management system are entered both when the Customer communicates to report a failure, and when the situation is detected by Cirion.

Incidents will be given priority in accordance to their urgency and level of impact on Customer’s services.

An incident is defined as “Major” when it causes total, partial, or degrades a service provided by Cirion, that impacts one or more customer’s critical business operations. In this case, Cirion and the customer evaluate the impact of this incident and determine its criticality.

In case there is a proactive detection of failures, during the monitoring process of the service, Cirion personnel will open a ticket. If necessary, the Technical Responsible will be contacted for more information.

6.1.2 Incidents start and end time

Start time for the failure registered in the ticket is the moment in which Cirion and customer establish that the service has stopped functioning according to the previously established conditions.

Cirion determines, in conjunction with customer, when the service conditions have returned to the ones previously agreed and this information will be registered in the ticket as solved, thus defining the incident’s resolution time.

The total duration of failure (TDF) is calculated as follows:

TDF = Time of resolution – Start time

The ticket will be considered closed only when there are no more pending issues between Cirion and the customer and when both parties agree on the resolution of the incident. In some cases, a solved ticket may remain open until its monitoring is finalized.

6.1.3 Closure of incidents

Once the incident has been solved, confirmation regarding the appropriate functioning of service is requested from customer and the ticket is closed. If confirmation is not received after 72 hours, the ticket will be automatically closed.

6.2 Service Request Management

The Service Request Management is responsible for managing the life cycle of the Customer’s requests. They are standardized activities necessary for the administration of services. It is usually handled by the first level, because it is a request that does not cause impact or is low risk.

The following definition has been established for a low risk request / order that:

  • Has a predefined procedure
  • Does not imply installation, reinstallation or uninstallation of software or hardware
  • We can include and treat as a request an order that implies a configuration change whenever:
    • A request that results in a direct execution action through a command or modification of a configuration file.
    • It does not require discussing risks, impacts, creating plans or approvals by the Customer.


The process of Service Request Management is composed of the following subprocesses:

  • Reception of the request
    In this subprocess, customer requests are received by the Operation team via telephone, email or web portal.
  • Registration and validation of the request
    In this sub-process the requests are registered in the IT service management tool and the Operation team verifies if the applicant is part of the list of authorized contacts and if the request is within the scope of the service contracted by the Customer.
  • Categorization of the request
    In this subprocess the requests are classified according to the catalog.
  • Prioritization of the request
    In this subprocess the requests are prioritized according to the Service Level Agreements (in this case, response times) defined in the catalog.
  • Scheduled Request
    In this subprocess, the operation team performs the alignment of the programmed request with the equipment and communicates it to the Customer.
  • Execution of the request
    In this subprocess the requests are executed according to the specifications.
  • Review of the request
    In this subprocess it is verified if the request has been attended in the agreed time and if it fulfils with the requested.
  • Request closure
    This subprocess contains the confirmation actions with the Customer that opened the request regarding the applied care, its subsequent closure and resubmission for the service area if the Customer does not validate the conclusion.

6.3 Problem Management

Problem Management seeks to identify the root cause of incidents, document and report known errors and initiate actions to improve or correct the situation. Problem management has reactive and proactive aspects.

The reactive aspect is related to the solution of problems in response to one or more incidents that have occurred, this means that an unplanned interruption of a service or a reduction in the quality of a service is categorized as an incident that may be the entry to a reactive problem record.

The proactive aspect is related to the identification and solution of known problems and errors before the incidents occur. This can be done through trend analysis based on compilations of event data, history of problems or incidents without relevance.

The problem management process consists of the following subprocesses:

  • Problem Detection
    In this subprocess the problems are detected whatever their origin, either reactive or proactive.
  • Problem registration
    In this subprocess, the required information is registered in order to identify and classify the problems. If an incident is the input to the problem it is necessary to refer it, including its relevant details, diagnosis, actions and recovery details.
  • Problem Classification
    In this subprocess, the categorization of the problem is initially carried out according to the input information. This subprocess is very important because in addition to describing the symptom and relating the impacted CI, it will also define which group will act on the problem.
  • Problem Prioritization
    In this subprocess, prioritization is carried out according to the classification of the impact and the urgency of the problem. This subprocess is very important also because it determines how the problem is going to be treated by the management tool and by the support levels.
  • Research and diagnosis
    In this subprocess is where the research is done to try to diagnose the root cause of the problem. It is possible to use techniques to help diagnose and solve problems. The Configuration Management System (CMS) should be consulted to help identify and diagnose the point of failure. The Known Errors Database (KED) should also be consulted. The solution or the contour solution found must be evaluated by all involved in the problem process, including the Customer.
  • Action plan
    In this subprocess it was already possible to identify the root cause of the problem and define an action plan for a definitive solution or an alternative solution. This plan is sent to the Customer through the Cirion service management tool for approval.
  • Problem solution implementation
    In this subprocess the actions of resolution of the problem and recovery of the service are applied, and the effectiveness is validated. In some cases, the creation of RFC is necessary, the approval flow can be normal or emergency depending on the urgency of the solution.
    The solution is recorded in the problem ticket, it is added to the Known Errors Database and the confirmation of the Customer is expected to start the approval flow and publication in the Known Errors Database (KED).
  • Customer Consultation
    In this subprocess the Customer is consulted and informed of the progress of research and diagnosis of the problem. In some cases, this consultation is necessary to inform that the problem ticket was canceled, because it was recorded improperly or to know if it is justifiable to continue with the investigation of the root cause of the problem, since this can happen if there is no more how to proceed with the investigations or that the application of the solution is not viable.
  • Closure or cancellation of the problem
    In this subprocess the problem ticket is closed considering two possibilities: the normal closing following the complete flow of the process or the cancellation of the ticket that can interrupt the flow after consulting the Customer.

This subprocess also contains the actions of verifying if the record contains the complete description and all the details and actions, confirming with the Customer about the applied solutions and subsequent closure of it, or the reopening of the case if the Customer does not validate the solution. If the solution was effective, it is added to the Known Errors Database.

6.4 Change Enablement

Maintenance duties and other tasks are performed in accordance to a Change Enablement practice.

Customers will be informed about programmed events which, based on a risk evaluation, may imply on impacts to their services. In such cases, within reason, a window of time shall be agreed upon to perform the maintenance tasks.

Change Enablement controls the life cycle of all modifications, allowing the realization of beneficial alterations and with the minimum of interruption of the Customer’s services. Changes must be evaluated, prioritized, planned, authorized, implemented, tested and documented, guaranteeing a controlled environment and minimizing negative impacts in productive environments.

The Change Enablement process is composed of the following subprocesses:

  1. Identification of the need
    This sub-process identifies the needs of the Customer or of the operational areas, which may be the output of another process, of modifying the productive environment by changing the configuration items.
  2. Change record
    In this sub-process, the change request is recorded in the service management tool.
  3. Assignment of change
    In this subprocess, the change is assigned to a coordinator and implementers.
  4. Change planning
    In this subprocess the coordinator meets with the teams involved in the change so that they can define the implementation, test and rollback plans. The change planning is carried out with the participation of the Customer, agreeing date, time, contacts for escalation, e-mail for receiving notification of start and end of the change and technical information
  5. Change authorization
    In this subprocess the CAB evaluates the RFC and decides to authorize it or not.
  6. Change Implementation
    In this subprocess, implementers execute the implementation plan following the dates and times defined.
  7. Post-implementation review
    In this subprocess, the implementers inform the CAB of what has gone wrong in implementing the RFC and identify a new implementation opportunity.
  8. Implementation of the rollback plan
    In this subprocess the implementers execute the rollback plan by means of the negative result presented in the executed test plan.
  9. Change closure
    In this subprocess, the coordinator closes the ∫change request, according to the final result obtained.

 CAB meetings

Cirion carry out CAB meetings every Tuesday and Thursday at 4:30 p.m. Brazil time.

After the change approval in the CAB, the specialist sends an e-mail to the Customer requesting its formal approval. This approval by the Customer must be made by e-mail up to one hour before the start of the change to enable the release in the service management tool.

Cirion manages infrastructure services (servers, software or service components), applying a change management process and using a tool to support it.

The types of changes applied can be:

Type

Features

Normal Change

Requires planning, impact and risk analysis, CAB and Customer approval.

Standard Change

Typified, modeled, low risk and pre-approved by CAB and requires Customer approval.

Emergency Change

Service interrupted or about to interrupt, change of normal type, but of immediate execution, late prepare documentation, could be done without previous tests, ECAB and Customer approves.

6.5 Risk Management

The objective is to establish the process to manage risk effectively and aligned with the strategic objectives of the business, to take advantage of potential opportunities and reduce exposure to adverse effects.

It is applied to the risks associated with the business objectives within the scope of the Integrated Management System (SIG). Project risk management is excluded since it is contemplated in its procedure and the risks that affect business continuity at the macro level that will be addressed in BCM management.

Scope plans:

  • at least one annual execution of the evaluation and treatment process at the local and regional level,
  • the start of the process occurs when any event that could start the process (generate new risks or change identified risks),
  • Monitoring and periodic review of risks between each execution of the process, with the corresponding report.

Risk assessment involves:

  • Risk identification: The objective of this stage of the process is to generate a comprehensive list of risks. Completeness is essential, as a risk not identified at this stage will not be included in further analysis. It is important to also consider the risks associated with not seeking an opportunity.
  • Risk analysis: The objective is to determine the probability and impact that the materialization of the scenario would represent in the current situation.
  • Risk assessment: The objective is to size and order the risks order to identify priorities for their treatment.

Risk treatment involves:

  • Selection of risk treatment options: To select viable actions, which must consider legal, technical, institutional, financial and economic viability.
  • Implementation of risk treatment: To ensure the approved and agreed risk treatment.

Communication and consultation:

  • Through communication, awareness and understanding of risk should be promoted. Through consultation, feedback and information must be obtained for process improvement.
  • Risks are recorded in a risk matrix, all this information being internal and confidential.

Record and report:

  • For decision making and improving risk management activities.
  • Risks are recorded in a risk matrix, all this information being internal and confidential.

Monitoring and review:

  • With the aim of improving the quality, effectiveness, and results of risk management. Each new risk assessment and treatment exercise involves a re-evaluation of the existing risks.

6.6 Escalations

Below is the escalation matrix for Data Center services to be used in the event of incidents.

Please note the following table with the recommended escalation rules based on the criticality of the incident and remember that the process starts with the registration of a ticket according to point 6.1 Incident Management of this document.

Cirion has a policy of not rejecting an escalation request in critical situations.

Escalation Level

Elapsed Time

Level 1

Critical Cases: 30 minutes after ticket has been opened.

NOT Critical Cases: 1 hour after ticket has been opened.

Level 2

Critical Cases: May be contacted 1 hour after service has not been reestablished.

NOT Critical Cases: May be contacted 3 hours after service has not been reestablished (up to 4 hours in the case of Venezuela)

Level 3

Critical Cases: May be contacted 4 hours after service has not been reestablished.

NOT Critical Cases: May be contacted 12 hours after service has not been reestablished.

Level 4

May be contacted when minimum required SLA is exceeded or in extremely critical cases.

6.6.1 Matrix by country

Exclusive information for Clients, available on the Cirion Client Portal.

7. Access to on-line reports for data center services

According to the services hired, it is possible to access the corresponding reports online.

To access these reports, the Customer receives a username and password. The Customer should contact their Service Manager if there are issues accessing the Portal.

Online reports for Data Center services are found in the following site:

https:// portal.ciriontechnologies.com/ as shown below:

On the menu select Tools > Reports > Data Center Reports

If you still do not have a username and/or password to access the portal, or are not familiar with its navigation, please contact your Service Manager or send an email to:

8. Contact details

8.1 Location of Data Centers

Country

DATA CENTERS

ARGENTINA

Buenos Aires (BUE1)

ARTIGAS

Av. del Campo 1301, CP C1427APA

Córdoba (COR1)

Av. Velez Sarfield 4445, CP X5016GCF

Mendoza (MEN1)

Carril Rodriguez Peña 2331, CP M5501ETK

Rosario (ROS1)

Av. Circunvalación 25 de Mayo 1545 Bis, CP S2000

BRASIL

Rio de Janeiro (RIO1)

Av. Pedro II, 329, Quinta da boa Visita, CEP 20941-070

São Paulo (SAO1)

Av. Eid Mansur, 666, Parque Sao George, Rodovia Raposo Tavares, KM 25, CEP 06708-070

Curitiba (CUR1)

Rua do Semeador, 350 – CEP 81270-050

CHILE

Santiago (SAN1)

Sta. Marta de Huechuraba, 6951, Huechuraba

COLOMBIA

Bogotá (BOG1)

SUBA
Calle 127 – 87-51, Bogotá

Bogotá (BOG2)

COL XV
Carrera 68 169A-73, Bogotá

Cali (CAL1)

CALI

Avenida 6B # 25AN-19, Cali

ECUADOR

Quito (QUI2)

Data Center Quito

Calle Alonso López s/n y Calle Juan Barrezueta, Quito

Quito (QUI1)

Telepuerto Quito

Calle Juan Diaz, 37-111, – Urbanización Iñaquito Alto, Quito

Guayaquil (GUA1)

Parque Tecnológico ESPOL

La Prosperina. Guayaquil

MEXICO

Ciudad de México (MEX1)

Calle Lago Zurich 96A, Granada, CDMX

PERU

Lima (LIM1)

Av. Manuel Olguín #395, Surco, Lima CP Lima33

VENEZUELA

Caracas (CAR1)

Calle 7 – La Urbina – Caracas 1070

8.2 Customer Portal Information

URL

Description

Country

https://portal.ciriontechnologies.com/

Applies to the creation of requests and / or communication of incidents for all hired services, generation of reports when appropriate and other functionalities for the management of services.

Applies for all countries

https://cloud.level3dc.net/

Applies for self-management of DEC 3 service.

Applies for all countries

8.3 Contact with Environment, Safety & Health at Work (EH&S) (in applicable countries)

Country

Portal/E-Mail

ARGENTINA

https://contratistas.ehslatam.com/login.php

datacenter.cirion@ar.ehslatam.com

COLOMBIA

gestion.hse@ciriontechnologies.com

ECUADOR

gestion.hse@ciriontechnologies.com

VENEZUELA

gestion.hse@ciriontechnologies.com

8.4 Inquiries on Physical Security – Facility Access Group LATAM

Region

E-Mail

CARIBE & LATAM

DL-Physical-LatAm@ciriontechnologies.com

Other information

9. Available certifications and conformities

The current certifications of ISO 9001, 14001, BS OHSAS 18001, 20000-1 and 27001 are available on the following page www.certipedia.com.

Click on the Certified Management Systems and Services of Companies option, complete with “Cirion” to perform the search.

Our Data Centers are PCI-DSS compliant and AICPA SOC 1, SOC 2 and SOC 3 standards.

Cirion is focused on offering a robust and resilient infrastructure certified by the Uptime Institute, which are available on the following page: https://uptimeinstitute.com/tier-certification/tier-certification-list

Cirion is committed to a sustainable business model, aligned with corporate values and business integrity standards. In our Sustainability Report, you will find all the information about our sustainable practices and our progress on environmental, social and governance (ESG), which can be found on Cirion’s website.

10. Glossary

Equipment Room: safe area with a controlled environment to host IT and communications equipment which are part of the service.

DOC: Data Center Operations Center.