This FAQ is informational only and does not form part of the contract. The signed Engagement Letter and incorporated legal terms control.
How does a Customer accept the online terms?
The Customer signs an ACTServ GRC Subscription Engagement Letter and Order Form that expressly incorporates the online MSA, SLA, Support Policy, Data Processing Agreement, Subprocessor Schedule and applicable DORA Terms. The signed Engagement Letter is the acceptance document. An invoice confirms billing under that agreement but is not intended to be the only evidence of acceptance.
Is monthly billing a monthly subscription?
No. The committed Subscription Term is defined in the signed ACTServ GRC Subscription Engagement Letter and Order Form; where the Order Form does not state a term, the default is 36 months. Monthly billing is only the frequency of prepayment and does not create a right to cancel monthly.
Can Fees change at renewal?
Fees are fixed for the committed Subscription Term. ACTServ may adjust Fees with effect from a renewal period by giving at least 60 days’ written notice before the renewal date, so the Customer can decide before the non-renewal notice deadline.
Why is liability capped?
The liability cap allocates risk in proportion to the subscription Fees. The General Liability Cap is the affected Fees paid during the previous 12 months. A higher cap of twice that amount applies to breaches of the MSA’s Confidentiality and Security sections and the Data Processing Agreement. Indemnification obligations sit outside the caps for both Parties.
Are service credits automatic?
No. The 99.6% availability target is a service objective. Service credits apply only where an Order Form expressly includes them.
Who is responsible for exporting data?
The Customer uses the Platform’s standard export functionality during the subscription and for 30 days after termination. Additional migration, transformation or assisted export work is chargeable.
Does ACTServ guarantee compliance with any framework or regulation?
No. The Platform supports compliance workflows, evidence and oversight for the frameworks and regulations configured by the Customer — current or future, such as DORA, ISO/IEC 27001, NIS2 or any other standard. Use of the Platform does not constitute legal or regulatory advice and does not guarantee compliance, certification or regulatory approval under any framework. The Customer remains responsible for regulatory decisions, implementation, classifications and reliance on reports.
Where is Platform data hosted?
The production backend, database and evidence storage are hosted in the European Union (Ireland). Frontend delivery and application execution run from European Union regions (France and Germany). The providers, exact regions and data categories are maintained in the Subprocessor Schedule.
Does ACTServ read Customer mailboxes?
No. The Platform offers an optional Microsoft 365 integration that the Customer chooses whether to enable. When enabled, the Platform sends notifications through a designated mailbox controlled by the Customer — it can send, not read. When not enabled, notifications are not sent by email and remain available in the Platform as alerts.
What access does ACTServ have?
Authorised ACTServ personnel may access a Customer tenant on a need-to-know basis for support, administration, security or agreed advisory work. Advisor access is designed to be role-based, time-limited and auditable. Restricted super-administrator access is logged.
Is ACTServ ISO 27001 certified?
ACTServ maintains an Information Security Management System certified to ISO/IEC 27001:2022. The certification relates to ACTServ’s ISMS and certified scope; it is not a separate product certification.
