ArmorPoint DataView Service Scope
ARMORPOINT PLATFORM AND USER ACCESS
DataView Access
ArmorPoint DataView provides Users with the ability to search and analyze historical security events and response actions across the different event types (alerts, incidents, tickets, and vulnerability data – if applicable) that was generated during the Client’s previously Managed SOC service term (“DataView Access”). ArmorPoint DataView may be used by the Client to support their organization's specific data retention requirements, whether for compliance mandates (e.g., PCI DSS, HIPAA, SOX) or internal policies.
ArmorPoint Platform and User Permissions for the ArmorPoint DataView service is:
- DataView Access:
- DataView version of the web-based ArmorPoint Platform with a focused/limited view
Historical Data Access
HISTORICAL DATA ACCESS
Historical Data
Historical Data is defined as data that was collected and retained by ArmorPoint during the Client’s previously Managed SOC service contract term.
Types of Historical Data include:
- Alerts and their related log data
- Incidents and their related log data
- Tickets
- Vulnerabilities (if applicable)
- Raw Data
- Raw Data is defined as collected logs that may or may not be related to Alerts, Incidents, Vulnerabilities, or Tickets. This could include, but not limited to Windows Event logs, Network Device logs, and/or Agent Performance logs.
Historical Data Retention
Historical Data with an age exceeding that of the retention period defined in the Client’s previously Managed SOC service contract is not retained by ArmorPoint, and therefore not able to be retrieved or restored.
For example, the standard retention policy for Managed SOC services includes 365 days of data retention that begins on the date the data was collected by ArmorPoint. Additional data retention time was available for purchase during the Managed SOC service at an additional cost.
Historical Data Retrieval and Restoration
Historical Data retrieval and restoration is facilitated through the web-based ArmorPoint Platform. Users can retrieve different types of Historical Data differently, depending on the Data Type:
- Alert, Incident, Ticket, or Vulnerability (if applicable) events are immediately accessible in the ArmorPoint Platform for self-service query by the Client and does not require the Client to submit a Retrieval Request ticket.
- Raw Data is securely located in cold storage. Retrieving Raw Data from cold storage and subsequently restoring it to the ArmorPoint Platform for self-service query by the Client will require the Client to submit a Data Retrieval Request Ticket via the ArmorPoint Platform. Once the Data Retrieval Request Ticket is received, ArmorPoint will work to restore the data in alignment with the Service Level Targets defined in this Service Agreement.
- Each Data Retrieval Request Ticket is limited to a 30-day window of Historical Data. Multiple Data Retrieval Request Tickets can be submitted to cover a longer time frame.
Service Level Targets (SLT)
ArmorPoint will respond to a received Data Retrieval Request Ticket via support ticket communication with a 24-hour service level target that begins upon ticket receipt.
| Data Type | Storage Details | Data Retrieval and Restoration Details | Retrieval Request Service Level Target |
|---|---|---|---|
| Alerts | Online and searchable in Platform | Self-Service Retrieval | N/A; Immediately available in Platform |
| Incidents | Online and searchable in Platform | Self-Service Retrieval | N/A; Immediately available in Platform |
| Tickets | Online and searchable in Platform | Self-Service Retrieval | N/A; Immediately available in Platform |
| Vulnerabilities (if applicable) | Online and searchable in Platform | Self-Service Retrieval | N/A; Immediately available in Platform |
| Raw Data | Retained in secure cold storage | Requires Data Retrieval Ticket to Restore | Data restored within 24 hours of ticket submission* |
*The 24-hour SLT for Data Retrieval Requests is a Service Level Target (SLT) rather than a Service Level Agreement (SLA). This is because the time required to restore large volumes of data can vary. While we strive to restore Historical Data within the 24-hour target for all requests, events outside ArmorPoint’s control could impact service delivery. Clients with exceptionally large data sets may experience longer retrieval and restoration times. ArmorPoint will provide daily status updates of your data request via ticket communication.
Contractual Changes
This Service Agreement may change and ArmorPoint may update this Service Agreement from time to time. It is your responsibility to check this Service Agreement periodically for changes.
The following Governance structure defines the Contract Change Process:
| Change To | Vehicle | Process |
|---|---|---|
| Service scope | Change of scope presented with justification and supporting data. Changes that cause a change to the monthly cost to Client of more than $1,000 will require further Executive Approval through a Contract Change process. | Order Form |
| New project or effort | Each proposed effort or initiative will be presented to executive leadership and/or board with supporting charter, solution outline and estimates. | Order Form |
| Change to the overall service requirements and performances | Each change will be presented to the Executive and be processed with further Executive Approval | Contract CCR or Addendum |
| Change to the scope, terms and conditions of the current | Each change will be presented to the Executive and be processed with further Executive Approval | Contract Addendum |
Exclusions
The following exclusions apply to the scope of the work stated above and have been incorporated into the pricing stated below:
- Ingestion of any new log data or activity into the ArmorPoint Platform
- Monitoring or alerting by the ArmorPoint Platform or ArmorPoint SOC
- Custom data analysis, reporting or investigation services
- Data exports exceeding the 30-day range per request, or bulk exports of all historical data
- Implementation of technology, including software agents, is not included within the Service Agreement
- Any work or services not expressly provided for herein
- Any application development or integration efforts not expressly provided for herein
- Any actual hardware purchases for on-premises needs
- Any migration or upgrade of Client infrastructure (servers, network, etc.)
- Any actual implementation of the recommendations made by ArmorPoint unless specified in this document
- Any data recovery and forensics work due to purposeful or malicious Client or application errors
- Any software license or physical hardware expenses
- Any software license that’s not explicitly mentioned, and not covered by ArmorPoint
- All Travel and lodging costs
- Any fees related to shipping, handling, customs, duties and/or taxes
- Any additional work requested beyond the scope of this Agreement will be expressly set forth by subsequent agreement, including, but not limited to, a Contract Change Request (“CCR”)
Revision History
| Document Version | Published Date | Description or Notes |
|---|---|---|
| 1.0 | 06.27.2025 | Initial Publication Date |