Service Level Agreements and Support Services

Last Updated: March 24, 2022

For product documentation and usage guidelines, please visit here.

Zscaler provides the Service Level Agreements and Support Services set forth below, subject to the terms and conditions set forth herein.

  1. Definitions for Service Level Agreements.

    Any capitalized terms not defined herein shall have the meaning as set forth in the Agreement.

    1.1 “Data Packet” means a unit of data made into a single Internet Protocol (IP) package that travels along a given network path.

    1.2 “Device” means a subscription license for the SaaS for each physical or virtual machine running an operating system on which the agent is installed.

    1.3 “DNS Transaction” means a recursive DNS query sent from Customer through its use of the DNS-Based Guest WiFi Security.

    1.4 “Excluded Applications” means Customer application(s) that are unavailable due to (a) failure by Customer’s network to forward traffic to Zscaler; (b) failure by an intermediate ISP (other than Zscaler’s direct ISP(s)) to deliver traffic to Zscaler; (c) a Customer-implemented policy change; (d) Zscaler scheduled maintenance as posted on the Trust Portal; and/or (e) a ZPA Private Service Edge deployed in Customer’s network whereby Zscaler has no control of the operation and/or use of the ZPA Private Service Edge.

    1.5 “Excluded ZIA Transactions and Sessions” means Transactions and Sessions that are not processed due to (a) failure by Customer’s network to forward traffic to Zscaler; (b) failure by an intermediate ISP (other than Zscaler’s direct ISP(s)) to deliver traffic to Zscaler; (c) a Customer-implemented policy change that causes Transactions and Sessions to drop; (d) Zscaler scheduled maintenance as posted on the Trust Portal; (e) the internet traffic flowing through a ZIA Virtual Service Edge (also referred to as a “VZEN”) which is deployed in Customer’s network whereby Zscaler has no access to or control of the operation and/or use of the ZIA Virtual Service Edge; and/or (f) local regulations which prevent Zscaler from processing traffic for Authorized Users in certain regions.

    1.6 Known Virus” means a virus for which, at the time of receipt of content by Zscaler:  (i) a signature has already been made publicly available for a minimum of one (1) hour for configuration by Zscaler’s third party commercial scanner; and (ii) is included in the Wild List located at http://www.wildlist.org and identified as being “In the Wild” by a minimum of three (3) Wild List participants.

    1.7 “Location” means a subscription for a specific access point to the Internet in connection with the SaaS.

    1.8 “Qualified DNS Transactions” means the following: (i) the lookup is already cached by Zscaler’s recursive DNS server, or if it is not cached, the response time of the authoritative DNS server is not counted as part of the Latency Agreement; and (ii) a reasonable level of service consumption (based on the number of purchased DNS Transactions per Location).

    1.9 “Qualified Transactions and Data Packets” means the following: (i) less than 1 MB HTTP or HTTPS request and response; (ii) not related to streaming applications; (iii) not subject to bandwidth management rules (QoS enforcement); and (iv) a reasonable number of Transactions and Data Packets per Seat (based on Zscaler’s cloudwide average).

    1.10 “Seat” means a subscription license for the SaaS for an individual Authorized User.

    1.11 “Service Credits” means the credits incurred as a result of Zscaler not meeting the applicable Service Level Agreement, as further outlined below.

    1.12 “Session” means any non-HTTP or non-HTTPS request sent to or from Customer through its use of the SaaS.

    1.13 “Transaction” means an HTTP or HTTPS request sent to or from Customer through its use of the SaaS.

    1.14 “Trust Portal” means the Zscaler portal located at https://trust.zscaler.com where Zscaler posts cloudwide health and maintenance notices.

    1.15 “Workload” means a subscription license of the SaaS for a single cloud workload such as virtual machines, database services, cloud storage, and other similar infrastructure-as-a-service (Iaas) and/or Platform-as-a-Service (“PaaS”) resources that Customer utilizes in its public cloud environments.

  2. General Provisions for Service Level Agreements.

    2.1 In order for any of the Service Level Agreements to apply, (i) Customer must subscribe to the SaaS that provides the applicable Service Level Agreement, (ii) Customer’s network must be properly configured pursuant to the Documentation, including but not limited to being configured on a 24 X 7 X 365 basis in a manner that allows Customer to take advantage of Zscaler’s redundant global infrastructure; (iii) for ZPA, at least two (2) Zscaler App Connectors are required at each Customer site connecting to the SaaS; and (iv) for ZPA Private Service Edge, to the extent subscribed by Customer, at least two (2) ZPA Private Service Edge are required at each Customer site connecting to the SaaS. The Service Level Agreements do not apply to any errors or diminished performance that result from Customer’s abuse or misuse of the SaaS or other behaviors that violate the Agreement.

    2.2 The SaaS will scan as much of the traffic downloaded as technically possible; however, it may not be possible to scan items that (i) are encrypted, encapsulated, tunneled, compressed, modified from their original form for distribution, (ii) have product license protection, or (iii) are protected by the sender in ways that Zscaler cannot inspect (e.g., password protected).  The foregoing items (i) through (iii) are excluded from the Service Level Agreements.

    2.3 The Service Credits set forth in the Service Level Agreements shall be Customer’s sole and exclusive remedy for any failure by Zscaler to meet the applicable Service Level Agreement.  To be eligible for a Service Credit, (i) Zscaler must have received all owed Fees for Customer; and (ii) Customer or Partner must request a Service Credit via a support ticket within ten (10) days from the date of the incident giving rise to a Service Credit.  Zscaler will research the incident(s) to determine if a Service Level Agreement was not met and provide a response to the Customer no later than ten (10) days after the end of the month in which the incident occurred.  For example, if the incident occurred on November 15th, and a support ticket was raised by Customer or Partner on or before November 25th, Zscaler would respond to Customer with the Service Level Agreement calculation by December 10th.  Failure to comply with (i) and/or (ii) will forfeit Customer’s right to receive a Service Credit.

    2.4 The dollar value of the Service Credit to be applied to the next invoice will be calculated by converting the Service Credit (i.e., the number of days) into the appropriate dollar number.  For purposes of example only, for a 12-month contract term with a total annual Fee of $500,000, and a Service Credit that was determined to be “3 days,” then Zscaler would provide a credit to Customer or Partner equaling $4,109.59 (3 days / 365 days * $500,000) on Customer’s next invoice.

    2.5 The aggregate maximum Service Credit that Zscaler will issue for failing to meet any Service Level Agreements in a single calendar month will not exceed thirty (30) calendar days’ worth of paid SaaS.

    2.6 Service Credits shall not entitle the Customer to any refund or other payment from Zscaler. Service Credits can only be applied against future Fees for the applicable SaaS. For avoidance of doubt, Service Credits do not apply to any SaaS that is provided free-of-charge either (i) for evaluative or proof-of-concept purposes, or (ii) as a part of a bundled SKU (e.g., the free standard ZDX included in certain ZIA and ZPA SKUs).

Service Level Agreements for ZIA

  1. ZIA Service Availability Agreement

    The SaaS will be available to accept Customer’s Transactions and Sessions 100% of the total hours during every month Customer uses the SaaS (the “ZIA Service Availability Agreement”).  Service Availability is computed as a ratio of the number of Transactions and Sessions processed by Zscaler in any affected calendar month on behalf of Customer, to the number of Transactions and Sessions that should have been processed.  Excluded ZIA Transactions and Sessions are not factored into this Service Availability computation.

    Failure to meet this ZIA Service Availability Agreement results in a Service Credit as follows:

    Percentage of Transactions and Sessions Processed During a Month

    Service Credit

    >= 99.999%

    N/A

    < 99.999% but >= 99.99%

    3 days

    < 99.99% but >= 99.00%

    7 days

    < 99.00% but >= 98.00%

    15 days

    < 98.00%

    30 days

  2. ZIA Latency Agreement

    Zscaler will process Customer’s Transactions and Data Packets with an average latency over a calendar month of 100 milliseconds or less for the 95th percentile of traffic (the “ZIA Latency Agreement”).  The ZIA Latency Agreement is only applicable to Qualified Transactions and Data Packets.  The processing of Transactions and Data Packets is measured from when the Zscaler proxy receives the Transactions and Data Packets to the point when the Zscaler proxy attempts to transmit the Transactions and Data Packets.

    Failure to meet this ZIA Latency Agreement results in a Service Credit as follows:

    Percentage of Qualified Transactions and Data Packets With Average Latency of 100 Milliseconds or Less

    Service Credit

    >= 95.00%

    N/A

    < 95.00% but >= 94.00%

    7 days

    < 94.00% but >= 90.00%

    15 days

    < 90.00%

    30 days

  3. ZIA Virus Capture Rate Agreement

    Zscaler will capture 100% of all Known Viruses transmitted through the Transactions (the “ZIA Virus Capture Rate Agreement”).  Virus Capture Rate is calculated by dividing the Transactions with Known Viruses blocked by the total Transactions with Known Viruses received by Zscaler on behalf of Customer.

    For the ZIA Virus Capture Rate Agreement to apply, Customer must utilize the SaaS in accordance with the recommended anti-virus settings on Customer’s user interface.  Customer’s systems are deemed to be infected if a Known Virus contained in a Transaction received through the SaaS has been activated within Customer’s systems, either automatically or with manual intervention.  In the event that Zscaler detects but does not stop a Known Virus, Customer agrees to cooperate with Zscaler in order to identify and delete the item.

    Failure to meet the ZIA Virus Capture Rate Agreement results in a Service Credit as follows:

    Virus Capture Rate

    Service Credit

    >= 99.00%

    7 days

    < 99.00% but >= 98.00%

    15 days

    < 98.00%

    30 days

Service Level Agreement for ZPA

ZPA Service Availability Agreement

The SaaS will be available 100% of the total hours during every month Customer uses the SaaS (the “ZPA Service Availability Agreement”).  Excluded Applications are not factored into the Service Availability computation.

Failure to meet this ZPA Service Availability Agreement results in a Service Credit as follows:

Availability Percentage

Service Credit

>= 99.999%

N/A

< 99.999% but >= 99.99%

3 days

< 99.99% but >= 99.00%

7 days

< 99.00% but >= 98.00%

15 days

< 98.00%

30 days

Service Level Agreements for ZDX

ZDX Service Availability Agreement

The SaaS will be available 99.999% of the total hours during every month Customer uses the SaaS (the “ZDX Service Availability Agreement”).  Excluded ZDX Maintenance Window (as defined below) are not factored into this Service Availability computation.

Failure to meet this ZDX Service Availability Agreement results in a Service Credit as follows:

Availability Percentage

Service Credit

>= 99.999%

N/A

< 99.999% but >= 99.99%

3 days

< 99.99% but >= 99.00%

7 days

< 99.00% but >= 98.00%

15 days

< 98.00%

30 days

“Excluded ZDX Maintenance Window” means those scheduled time windows during which ZDX, including its administrative screens and reporting dashboards, are not available to be viewed or configured as posted on the Trust Portal.

Service Level Agreement for Zscaler Deception

Zscaler Deception Service Availability Agreement

The SaaS will be available 99.9% of the total hours during every month Customer uses the SaaS (the “Zscaler Deception Service Availability Agreement”).
Failure to meet this Zscaler Deception Service Availability Agreement results in a Service Credit as follows:

Availability Percentage

Service Credit

>= 99.9%

N/A

< 99.9% but >= 99.00%

3 days

< 99.00% but >= 98.00%

7 days

< 98.00% but >= 95.00%

15 days

< 95.00%

30 days

Service Level Agreement for CIEM

CIEM Service Availability Agreement

The SaaS will be available 99.9% of the total hours during every month Customer uses the SaaS (the “CIEM Service Availability Agreement”).  Excluded CIEM Workloads (as defined below) are not factored into this Service Availability computation.

Failure to meet this CIEM Service Availability Agreement results in a Service Credit as follows:

Availability Percentage

Service Credit

>= 99.9%

N/A

< 99.9% but >= 99.00%

3 days

< 99.00% but >= 98.00%

7 days

< 98.00% but >= 95.00%

15 days

< 95.00%

30 days

Excluded CIEM Workloads” means Workloads that are not processed because: (a) CIEM is unavailable for an hour or less, and the Customer fails to report the unavailability to Zscaler within five (5) days thereafter; (b) CIEM is incorrectly configured by Customer or if Customer provides incorrect or inaccurate network or change information to Zscaler; (c) scheduled or routine maintenance of CIEM where such maintenance had been notified in advance to Customer; (d) software, hardware, network, or other third-party failures that are outside the reasonable control of Zscaler.

Service Level Agreement for CSPM

CSPM Service Availability Agreement

The SaaS will be available 99.9% of the total hours during every month Customer uses the SaaS (the “CSPM Service Availability Agreement”).

Failure to meet this CSPM Service Availability Agreement results in a Service Credit as follows:

Availability Percentage

Service Credit

>= 99.9%

N/A

< 99.9% but >= 99.00%

3 days

< 99.00% but >= 98.00%

7 days

< 98.00% but >= 95.00%

15 days

< 95.00%

30 days

Service Level Agreement for Zscaler Workload Segmentation

  1. Zscaler Workload Segmentation Service Availability Agreement

    The SaaS will be available to Customer to login and view/change policies 99.9% of the total hours during every month Customer uses the SaaS (the “Zscaler Workload Segmentation Service Availability Agreement”).  Excluded ZWS Transactions and Sessions (as defined below) are not factored into this Service Availability computation.

    Failure to meet this Zscaler Workload Segmentation Service Availability Agreement results in a Service Credit as follows:

    Availability Percentage

    Service Credit

    >= 99.9%

    N/A

    < 99.9% but >= 99.00%

    3 days

    < 99.00% but >= 98.00%

    7 days

    < 98.00% but >= 95.00%

    15 days

    < 95.00%

    30 days

    “Excluded ZWS Transactions and Sessions” means Transactions and Sessions that are not processed due to (a) failure by Customer’s network to forward traffic to Zscaler; (b) failure by an intermediate ISP (other than Zscaler’s direct ISP(s)) to deliver traffic to Zscaler; (c) a Customer-implemented policy change that causes Transactions and Sessions to drop; (d) Zscaler scheduled maintenance requiring at least twenty-four (24) hour notification to Customer; and/or (e) local regulations which prevent Zscaler from processing traffic for Authorized Users in certain regions.

Service Level Agreements for DNS-Based Guest WiFi Security

  1. DNS-Based Guest WiFi Security Service Availability Agreement

    The SaaS will be available to accept Customer’s outbound DNS Transactions 100% of the total hours during every month Customer uses the SaaS (the “DNS-Based Guest WiFi Security Service Availability Agreement”).

    Failure to meet this DNS-Based Guest WiFi Security Service Availability Agreement results in a Service Credit as follows:

    Percentage of DNS Transactions Processed During a Month

    Service Credit

    >= 99.99%

    N/A

    < 99.99% but >= 99.9%

    15 days

    < 99.9%

    30 days

  2. DNS-Based Guest WiFi Security Latency Agreement

    Zscaler will process the content of Customer’s DNS Transactions with an average latency over a calendar month of two (2) milliseconds or less for the 95th percentile of traffic (the “DNS-Based Guest WiFi Security Latency Agreement”).  The DNS-Based Guest WiFi Security Latency Agreement is only applicable to Qualified DNS Transactions.

    Failure to meet this DNS-Based Guest WiFi Security Latency Agreement results in a Service Credit as follows:

    Percentage of Qualified DNS Transactions with an Average Latency of 2 Milliseconds or Less

    Service Credit

    >= 95%

    N/A

    < 95% but >= 94%

    7 days

    < 94% but >= 90%

    15 days

    < 90%

    30 days

Support Services

 

Phone Support

Americas

USA Toll Free:    +1-844-971-0010

Global Direct:    +1-408-752-5885

U.S. Federal Government Support:   +1-866-439-1163

EMEA

UK:   +44-20-3319-5076

France:   +33-1-7627-6919

Germany:   +49-8-91-4377-7444

Netherlands:   +31-20-299-3638

Asia/Pacific

Australia:   +61-2-8074-3996

India:   000-8000-502-150

Support Options:

Support Services are available through Zscaler’s online portal and Admin UI. Standard support provides Zscaler helpdesk access only during business hours 8x5 based on your geography. Premium Support, Premium Support Plus, Premium Support Plus 16 & Premium Plus Support 24 provide Zscaler helpdesk access 24 X 7 X 365.  Upon reporting the incident (via phone, web form, or Customer’s administrative user interface (UI)), the incident will be assigned a unique Support ID number and such number must be used in all future correspondence until the incident is resolved.  Standard Support is included in the Fees for the Products; Premium Support, Premium Plus Support packages may be purchased by Customer for an additional Fee.  If Zscaler’s helpdesk is not able to immediately help, the request for service will be logged and Zscaler will respond to the Customer according to the severity and Support levels below:

Zscaler SupportStandardPremiumPremium Plus

Premium Plus 16

Premium Plus 24

Business Hours Access 8x5

Access 24 x 7 x 365

X

Phone / Web Portal / Admin UI

Online Training and User Guides

Support Experience Level

Technical Support Engineer

(Pool)

Technical Support Engineer

(Pool)

Sr. Technical Support Engineer (Pool) and Technical Account Manager (TAM)

Shared TAM supports customer’s business hours 8x5

Sr. Technical Support Engineer (Pool) and Technical Account Manager (TAM)

Shared TAM supports customer 16x5

Sr. Technical Support Engineer (Pool) and Technical Account Manager (TAM)

Shared TAM supports customer 24x5

TAM Engagement

(Weekly, Monthly, Quarterly)

XX

TAM

XX

8x5

16x5

24x5

Severity Levels     

P1 Response – An issue that prevents operation of critical documented functions with high frequency or duration.

2 hrs30 min15 min

15 min

15 min

P2 Response – An issue that consistently prevents operation of non-critical documented functions or occasionally impacts critical documented functions or a critical issue for which a temporary work around has been provided.

4 hrs1 hr30 min

30 min

30 min

P3 Response – An issue that has some impact on administration, non-critical operation or other secondary functions or a major issue for which a temporary work around has been provided.

12 hrs3 hrs2 hrs2 hrs2 hrs

P4 Response – The SaaS is unaffected; Customer requests product related technical advice or general information and feature questions related to the Products.

48 hrs4 hrs4 hrs4 hrs4 hrs

* In order for Zscaler to best support Customer during the Subscription Term, Customer also agrees to attend and support regularly scheduled quarterly business reviews with Zscaler.

Support Best Practices Guide:

There are several best practices to follow when contacting and working with Zscaler Support. To learn more about them, download the Support Best Practices Guide.

Login to See Support Tickets: