Duck Creek OnDemand Services Manual

This document was revised on November 19, 2021.

Included Services

The following high-level operational capabilities are included in the Services.

  1. Infrastructure Management: Provisioning, supporting, and maintaining the infrastructure and tools used by Duck Creek to provide the Services.
  2. Environment Management: Provisioning, supporting, and maintaining the production and non-production application environments described in Duck Creek OnDemand Services Environments.
  3. Incident Management: Ticketing, triaging, and supporting production and non-production infrastructure incidents and production application incidents.
  4. Database Management: Monitoring, patching, updating, and performance tuning SQL databases Duck Creek maintains as part of the Services.
  5. Disaster Recovery and Backup Management: Failover services to a secondary data center at least 250 miles from the primary data center.
  6. Performance Management: Infrastructure monitoring, alerting, and reporting for the Services, and application performance monitoring, alerting, and reporting for the Tier One Services (as defined in the Duck Creek OnDemand Service Levels).
  7. Integration Management: Provisioning, supporting, and maintaining integrations to Duck Creek Anywhere Managed Integrations that Customer has selected.
  8. Updates: Triaging, fixing, and implementing Updates and critical patches. Duck Creek shall provide and make Updates available to Customer that Duck Creek makes generally available to its customers.
  9. Commercial Template Updates: If Duck Creek Commercial Lines Templates OnDemand are selected by Customer in the Service Order, then Duck Creek shall provide Customer with Duck Creek Commercial Lines Templates for the selected lines of business (monthly, bi-monthly, or quarterly at Customer’s discretion) aligned with the most recent changes from ISO, NCCI, AAIS, and/or state bureau(s). Duck Creek shall be responsible for updating the carrier-layer Duck Creek Commercial Lines Templates ManuScripts with the updates and carrying forward Customer-specific deviations that are maintained by Customer.
  10. Custom Logic Hosting: Some Duck Creek applications support an extension mechanism to make an API call to an external logic service for customized data processing. If selected by Customer in the Service Order Template, then Duck Creek shall provide the infrastructure necessary to run Customer’s custom-developed stateless API logic services which are to be used in conjunction with the Services.
  11. OnDemand Control Hub: The OnDemand Control Hub is a web portal that provides customers with tools and dashboards for operating and gaining visibility into their Duck Creek OnDemand applications

Excluded Services

The scope of the Services excludes those services not listed above, including:

  • Onsite support at Customer locations;
  • Support in languages other than English;
  • Training, other than specifically included in a services agreement with Duck Creek;
  • Execution of Customer-specific test scripts;
  • Support calls or emails from individuals other than the Customer Support Coordinators (as defined in Section 5.8 of the Agreement);
  • Problem resolution for problems relating to Customer Content; and
  • Any other services requested by Customer, including i) Systems Integration roles such as designing, building, and/or maintaining Customer Content, ii) designing and/or building deviations from bureau-based circulars, iii) conversion support, and iv) designing, building, and/or maintaining Customer-specific configuration(s) of AMIs.

Deprecation of Functionality

Duck Creek reserves the right to evolve, alter or remove functionality as may be reasonably necessary to improve service offerings and comply with regulatory requirements; provided Duck Creek shall not remove functionality unless it is unused by most Duck Creek customers, is being replaced by similar functionality, or there is a regulatory reason to remove the functionality. In the case of removed functionality, Duck Creek shall activate removal over the course of multiple releases unless otherwise compelled by a legal or regulatory authority.

Personal Information Use

Duck Creek may only replicate and remove Personal Information from the Production environment for resiliency or redundancy purposes (e.g., disaster recovery, backups, etc.).

Customer Responsibilities

  1. Duck Creek Updates: Customer shall allow Duck Creek to implement Updates to the Services in the contracted OnDemand Environments as they become generally available to customers. Prior to moving to a PaaS-supported release of Duck Creek, Customer shall be responsible for the following:
    • Applying Duck Creek Updates before the first production go-live for that Duck Creek Service, and remaining no more than six (6) monthsbehind the latest Update release at the time of production go-live; and
    • After production go-live, if Customer refuses to provide the cooperation needed to receive an Update such that Customer becomes more than nine (9) months behind the latest Update release, then Customer shall pay for the delayed Update installation on a time and materials basis.

After moving to a PaaS-supported release of Duck Creek, Updates will be provided automatically to Customer.

In no event shall Duck Creek provide fixes to versions of Duck Creek Services that are more than one release prior to the then-current release.

Customer shall select and make available one of the contracted OnDemand Environments to be used for the Update implementation and testing.

  1. Updating Guidelines: Customer shall adhere to the Duck Creek updating guidelines (as provided below, hereinafter “Updating Guidelines”) to minimize potential conflicts during Updates. Customer acknowledges and agrees that if it does not adhere to the Duck Creek Updating Guidelines, it shall be responsible for resolving any conflicts to align to the Duck Creek Updating Guidelines during the then-current Update cycle. In such case where conflicts arise, Customer may opt to hire Duck Creek or any other party of Customer’s choosing to assist Customer in resolving said conflicts, but any such efforts shall be outside the scope of the applicable Duck Creek OnDemand Service Order. The Duck Creek Updating Guidelines are as follows:

Customer shall not overwrite, update, or delete any Duck Creek Base artifacts (where “Base” means out-of-the-box code from Duck Creek), including, but not limited to the following:

  • ManuScripts,
  • Stored procedures,
  • CSS files,
  • Activities or Functions,
  • Request Maps,
  • JavaScript,
  • XSLT, and
  • Customer shall not alter Duck Creek base databases and shall not perform CRUD (create, read, update, delete) actions directly against Duck Creek base databases.

If Customer does not adhere to these Updating Guidelines, then Customer’s changes will be overwritten when the next Update is applied, and it will then be Customer’s responsibility to recreate its customizations such that they will then comply with the Updating Guidelines.

  1. Customer Updates: Customer shall be responsible for designing, implementing, testing, performance testing, maintaining, and updating all Customer-specific configuration, customization, and integration. Customer shall be responsible for the performance of its Customer-specific configuration, customization, and integration.
  2. Commercial Lines Templates Updates: Customer shall be responsible for the following activities relating to Duck Creek Commercial Lines Templates (e.g., based on ISO, NCCI, AAIS, and/or state-bureau circulars) provided by Duck Creek:
    • Applying Duck Creek Updates for Commercial Lines Templates before the first production go-live for those Commercial Lines Templates, and
    • remaining no more than three (3) months behind the latest Update release at the time of production go-live;
    • Designing, implementing, testing, and performance testing all Customer-specific deviations from the Duck Creek Commercial Lines
    • Templates (and such deviations shall include any changes ISO, NCCI, AAIS, and/or state bureaus which were previously rejected by
    • Customer and which Customer now elects to accept);
    • Determining which changes from ISO, NCCI, AAIS, and/or state-bureaus to accept, reject, or deviate;
    • Testing and performance testing all changes to ensure alignment with Customer’s requirements, after Duck Creek updates the carrier-layer
    • Duck Creek ManuScripts with the Commercial Lines Templates updates and carries forward the Customer-specific deviations; and
    • Remaining within three (3) months of the latest release of the Duck Creek Commercial Lines Templates.

Customer shall be responsible (and Duck Creek shall not be responsible) for implementing Duck Creek Commercial Lines Templates Updates until Customer migrates to a version of the Duck Creek Commercial Lines Templates that have been released by Duck Creek for three (3) months or less. Once Duck Creek starts maintaining Duck Creek Commercial Lines Templates Updates, Duck Creek will provide those updates monthly, unless otherwise directed by Customer to provide those updates bi-monthly or quarterly. If Customer directs Duck Creek to delay Duck Creek Commercial Lines Templates delivery longer than three months from the then-released version of the Duck Creek Commercial Lines Templates, then Customer shall be responsible for migrating the relevant Duck Creek Commercial Lines Templates again to a version of the Duck Creek Commercial Lines Templates that has been released by Duck Creek for three (3) months or less before Duck Creek shall again maintain the Duck Creek Commercial Lines Templates Updates for Customer.

Customer shall provide written notice to Duck Creek at least 60 days in advance of Customer turning over Updates of each Commercial Lines Template to Duck Creek.

  1. Authentication and Identity Management: Customer shall be responsible for authentication and identity management for all Environments, including the following:
    • Providing a security token to be used for identity and access control via Customer’s single-sign-on (“SSO”);
    • Automatically or manually provisioning users and loading the customer’s identity structure for authorization;
    • Maintaining appropriate role-based access groups as required by Customer security policies including segregation of duty requirements;
    • Periodic auditing of accounts as required by customer policies and standards;
    • Ensuring that all Customer relevant account and password policies and standards are implemented and enforced; and
    • Storing and maintaining all relevant access logs related to Customer compliance and data retention requirements.

For security reasons, this identity and access control must be established before Duck Creek can provide each Environment to Customer or it’s designates. Network connections supporting Customer SSO must be over secured channels. VPN is preferred for all network traffic between the Customer and Duck Creek. Unencrypted network traffic and unfiltered Internet connections will not be permitted except for very specific business scenarios such as providing anonymous insurance quotes, which cannot be otherwise achieved.

  1. DevOps: Duck Creek may periodically refresh non-Production environments. Customer shall be responsible for reapplying Customer configurations, customizations, and data changes after each refresh. If Customer automates their changes, then the automated scripts can be automatically applied during the refresh.
  2. Deployments: For every Customer deployment to a Production or Pre-Production environment, Customer shall be responsible for ensuring that the code and configuration being deployed by Customer has been reasonably quality-tested, security-scanned, performance-tested, and included in an automated deployment package.
  3. Segregation of Duties: Duck Creek OnDemand includes access to the Duck Creek OnDemand Control Hub. The OnDemand Control Hub is an online portal that enables Customer with the ability to initiate certain operational controls (e.g., deploying custom releases, running SQL scripts against the Production environment). By using the OnDemand Control Hub, Customer accepts responsibility for ensuring segregation of duties, specifically the “requester” and “approver” duties, regarding each change initiated by Customer via the OnDemand Control Hub.
  4. Authenticated System User: Customer shall provide Duck Creek with an authenticated “system user” to be used by Duck Creek for execution of synthetic transactions.
  5. Go-Live Date: Customer and Duck Creek shall mutually agree on a Go-Live date to be confirmed through a reservation system which Duck Creek shall make available to Customer. If the Go-Live Date needs to change, then Customer and Duck Creek shall mutually agree on a new Go-Live date, based on availability within the same reservation system.