Shared Responsibility Schedule
Schedule B to the Master Services Agreement
Technology Continuity, Backup and Disaster Recovery Services
| Provider | Rockley Consulting Pty Ltd (trading as ROCKAXIOM) |
| ABN | 78 673 819 773 |
| Document Reference | Schedule B · Shared Responsibility Schedule |
| Governing Law | Tasmania, Australia |
| Effective Date | As at the date of acceptance through the ROCKAXIOM onboarding process |
This document is accepted electronically as part of the ROCKAXIOM onboarding process. By accepting this agreement through the onboarding portal, you confirm that you have read, understood, and agreed to the terms set out below.
1. Purpose and Application
This Shared Responsibility Schedule (Schedule B) defines the allocation of operational responsibilities between Rockley Consulting Pty Ltd (trading as ROCKAXIOM), the Customer, and applicable Third Party Providers in the delivery of technology continuity, backup, and disaster recovery services.
This Schedule forms part of the ROCKAXIOM Master Services Agreement (MSA) and is intended to be read in conjunction with the Service Level Agreement (SLA) and applicable Product Schedules. In the event of any inconsistency between this Schedule and the MSA, the order of precedence set out in Clause 1 of the MSA applies.
The purpose of this Schedule is to:
- Clearly define the boundaries of ROCKAXIOM's responsibilities versus Customer responsibilities
- Identify where Third Party Providers operate outside the direct control of either party
- Reduce ambiguity in the event of service interruption, backup failure, or recovery incidents
- Support fair and transparent dispute resolution by establishing agreed operational ownership at the time of contracting
Note: This Schedule does not create any additional warranty, guarantee, or liability beyond what is expressly stated in the MSA. ROCKAXIOM provides technology continuity services, not managed IT services. Customer responsibilities in this Schedule are not optional.
2. Responsibility Key
The following labels are used throughout this Schedule:
| Label | Party |
|---|---|
| ROCKAXIOM | Rockley Consulting |
| Customer | Customer / Venue |
| Third Party | Third Party Provider |
| Shared | Shared responsibility |
3. Infrastructure Responsibilities
ROCKAXIOM manages and maintains the backup infrastructure platform. The Customer is responsible for the environment being protected, including all venue-side hardware, networking, and power.
| Area | Responsibility |
|---|---|
| Backup infrastructure platform | ROCKAXIOM |
| Backup software management and configuration | ROCKAXIOM |
| Cloud storage platform | Third Party |
| Data centre infrastructure and uptime | Third Party |
| Venue internet connectivity | Customer |
| Venue network equipment (routers, switches, firewalls) | Customer |
| Server and workstation hardware | Customer |
| Server power availability and UPS | Customer |
| Physical security of venue equipment | Customer |
| Backup agent installation on new systems | Shared |
Note: ROCKAXIOM manages the backup platform and its agents, but cannot control or guarantee the availability, stability, or security of the Customer's on-site environment. Service delivery depends on the Customer maintaining a stable, connected, and accessible infrastructure at all times.
4. Backup Operations
ROCKAXIOM manages all aspects of backup job configuration, scheduling, and monitoring. Customer responsibility begins at the source data level.
| Area | Responsibility |
|---|---|
| Backup job configuration | ROCKAXIOM |
| Backup scheduling | ROCKAXIOM |
| Backup monitoring and alerting | ROCKAXIOM |
| Backup alert investigation and escalation | ROCKAXIOM |
| Backup storage retention management | ROCKAXIOM |
| Backup data encryption (in transit and at rest) | ROCKAXIOM |
| Backup data integrity (source data quality) | Customer |
| Ensuring systems are online and accessible for backup | Customer |
| Notification to ROCKAXIOM of backup scope changes (new servers, databases, systems) | Customer |
| Backup success where dependent on system availability | Shared |
| Periodic backup restoration testing (at ROCKAXIOM discretion or Customer request) | ROCKAXIOM |
| Validation of restored data following testing | Customer |
Note: If a system is offline, powered down, disconnected from the network, or experiencing errors at the time a scheduled backup runs, the backup may fail. ROCKAXIOM will alert on such failures but cannot guarantee backup success where system availability is outside its control.
Note: The Customer must notify ROCKAXIOM of any new servers, databases, or systems that require backup protection. Systems not included within the agreed backup scope are not covered by the Services.
Note: Backup restoration testing may be performed periodically at ROCKAXIOM's discretion or at the Customer's request. Validation of restored data and applications remains the Customer's responsibility.
5. System Maintenance
ROCKAXIOM is not a managed IT service provider. The Customer is wholly responsible for system maintenance, patching, and security hygiene within the Customer Environment.
| Area | Responsibility |
|---|---|
| Operating system updates and patching | Customer |
| Application updates (including POS software) | Customer |
| Database maintenance and integrity | Customer |
| Antivirus and anti-malware protection | Customer |
| Patch management policy and compliance | Customer |
| User account security and access controls | Customer |
| Network firewall management and rule maintenance | Customer |
| Supported operating systems and platforms | Customer |
| Notification to ROCKAXIOM of major system changes | Customer |
Note: ROCKAXIOM's ability to protect and restore systems is directly dependent on the Customer maintaining supported, patched, and stable operating environments. Failure to maintain systems may result in backup failures or incomplete restoration outcomes.
6. Monitoring Responsibilities
ROCKAXIOM monitors backup infrastructure and job outcomes. System performance, hardware health, and network stability within the Customer Environment are the Customer's responsibility.
| Area | Responsibility |
|---|---|
| Backup job success monitoring | ROCKAXIOM |
| Backup failure alerting | ROCKAXIOM |
| Disaster recovery readiness monitoring | ROCKAXIOM |
| Backup platform health and availability | ROCKAXIOM |
| System performance monitoring (CPU, disk, RAM) | Customer |
| Hardware health monitoring (SMART, RAID) | Customer |
| Network performance and connectivity monitoring | Customer |
| UPS and power monitoring | Customer |
| POS application monitoring and uptime | Customer |
7. Disaster Recovery
ROCKAXIOM provides restoration assistance and recovery guidance. Business continuity planning, infrastructure rebuild, and operational decisions during a recovery event remain the Customer's responsibility.
| Area | Responsibility |
|---|---|
| Backup restoration assistance | ROCKAXIOM |
| Database restore assistance (where in scope) | ROCKAXIOM |
| Recovery process guidance and coordination | ROCKAXIOM |
| Identifying available clean recovery points | ROCKAXIOM |
| Disaster recovery decision making | Customer |
| Infrastructure rebuild and configuration | Customer |
| Replacement hardware procurement | Customer |
| Business continuity planning and testing | Customer |
| Validation of restored data and applications | Shared |
| Communication with staff and stakeholders during incident | Customer |
| Recovery time and recovery point objectives | Shared |
Note: ROCKAXIOM assists in the recovery process using commercially reasonable efforts. ROCKAXIOM does not guarantee all data will be recoverable or that systems can be restored to a specific point in time. Recovery outcomes depend on backup data availability, infrastructure condition, and Customer-controlled systems.
Note: Recovery time may be affected by hardware performance, storage speed, system capacity, and network bandwidth within the Customer Environment. These factors are outside ROCKAXIOM's control.
8. Security Responsibilities
ROCKAXIOM secures the backup platform and all backup data. Endpoint security, user access management, and cyber security practices within the Customer Environment are the Customer's responsibility.
| Area | Responsibility |
|---|---|
| Backup platform security | ROCKAXIOM |
| Encryption of backup data (transit and at rest) | ROCKAXIOM |
| Secure storage of backup data in cloud infrastructure | ROCKAXIOM |
| Platform access controls and authentication | ROCKAXIOM |
| Endpoint security (antivirus, EDR) | Customer |
| User password management and MFA | Customer |
| Malware and ransomware prevention | Customer |
| Cyber security policies and staff training | Customer |
| Email security and phishing prevention | Customer |
| Network perimeter security | Customer |
| Incident response for Customer Environment breaches | Customer |
| Maintaining appropriate cyber and business interruption insurance | Customer |
Note: ROCKAXIOM cannot prevent ransomware, malware, or security incidents that originate within the Customer Environment. The backup platform is a protective measure and does not substitute for appropriate endpoint security, cyber insurance, or a Customer incident response plan.
Note: Customers are strongly encouraged to maintain appropriate cyber security and business interruption insurance. ROCKAXIOM services do not replace insurance coverage.
9. Data Responsibilities
The Customer retains full ownership of all Customer Data. ROCKAXIOM holds a backup copy for the purpose of restoration services only.
| Area | Responsibility |
|---|---|
| Ownership of Customer Data | Customer |
| Data integrity at source | Customer |
| Backup copy of Customer Data | ROCKAXIOM |
| Data restoration services | ROCKAXIOM |
| Data validation and testing after restore | Shared |
| Data export prior to termination | Customer |
| Compliance with applicable data privacy laws | Shared |
| Notifiable data breach management | Shared |
Note: Restored data must be validated by the Customer before returning systems to production use. ROCKAXIOM provides restoration assistance but does not guarantee the completeness or accuracy of restored data where source data was already corrupted or incomplete at the time of backup.
10. Third Party Provider Dependencies
ROCKAXIOM engages Third Party Providers to deliver components of the service. These providers operate independently and their availability is outside the direct control of either ROCKAXIOM or the Customer.
| Third Party Service | Responsibility |
|---|---|
| Cloud infrastructure provider (storage and compute) | Third Party |
| Backup platform vendor (software and licensing) | Third Party |
| Internet service provider (venue connectivity) | Third Party |
| Power and utilities provider | Third Party |
| POS software vendor (H&L, BePoz, SwiftPOS, other) | Third Party |
| Microsoft SQL Server and database platforms | Third Party |
| Operating system vendors (Microsoft, etc.) | Third Party |
| Hardware manufacturers and warranty providers | Third Party |
Note: ROCKAXIOM is not responsible for service outages, failures, or limitations caused by Third Party Providers. Where Third Party Provider failures impact backup or recovery operations, ROCKAXIOM will use reasonable efforts to communicate the impact and assist where possible within its control.
11. Disaster Scenario Responsibility Reference
The following table provides a practical reference for common disaster and incident scenarios relevant to hospitality and technology continuity environments.
| Scenario | Description | Primary Responsibility |
|---|---|---|
| Server hard drive failure | Physical failure of venue server storage | Shared |
| Power outage at venue | Loss of mains power at the Customer site | Customer |
| Internet outage at venue | Loss of venue network connectivity | Third Party |
| Cloud infrastructure outage | Provider-side platform availability failure | Third Party |
| Database corruption (pre-backup) | Data corrupted before backup process runs | Customer |
| Ransomware infection | Malware encrypts Customer Environment data | Customer |
| Backup job failure (system offline) | Scheduled backup fails due to offline system | Customer |
| Backup job failure (platform issue) | Scheduled backup fails due to platform fault | ROCKAXIOM |
| Corrupted data backed up successfully | Clean backup unavailable due to pre-existing corruption | Shared |
| Backup restoration | Executing restoration from available backup data | ROCKAXIOM |
| Replacement hardware required | Customer must source new hardware for rebuild | Customer |
| POS software reinstallation | Vendor application must be reinstalled post-restore | Customer |
| Restored data validation | Confirming restored systems operate correctly | Shared |
| Business interruption during recovery | Operational downtime during recovery period | Customer |
| Staff notifications during incident | Internal communications during continuity event | Customer |
Note: This scenario table is a practical reference guide and does not override any provision of the MSA or SLA. Where a scenario is marked as Shared, refer to the relevant section of this Schedule and the applicable Product Schedule for further detail on the allocation of specific tasks.
12. Scope of Service Clarification
ROCKAXIOM provides technology continuity and backup services only. The Services do not include full IT management, infrastructure support, network administration, or cyber security management unless expressly stated in a Product Schedule.
| Service Area | Included in ROCKAXIOM Services |
|---|---|
| Backup job management and monitoring | ROCKAXIOM |
| Restoration assistance from backup data | ROCKAXIOM |
| Backup platform security and encryption | ROCKAXIOM |
| Full IT management and helpdesk support | Customer / Third Party |
| Network administration and configuration | Customer / Third Party |
| Cyber security management and SOC services | Customer / Third Party |
| Hardware procurement and replacement | Customer / Third Party |
| POS software support and administration | Customer / Third Party |
| Business continuity planning and testing | Customer / Third Party |
Note: Where a Customer requires services beyond the ROCKAXIOM backup and continuity scope, those services must be sourced separately and defined in an applicable Product Schedule or separate agreement. ROCKAXIOM accepts no responsibility for gaps in coverage arising from services not expressly included in the agreed scope.
13. Partner-Led Engagements
Where ROCKAXIOM services are introduced or managed through a third-party partner (including IT resellers, consultants, or integrators), the following responsibility allocation applies.
| Area | Responsibility |
|---|---|
| ROCKAXIOM platform and service delivery | ROCKAXIOM |
| Partner relationship management with Customer | Third Party |
| Partner-provided scoping and recommendations | Third Party |
| Customer acceptance of ROCKAXIOM terms | Customer |
| ROCKAXIOM MSA and Schedule obligations | ROCKAXIOM |
| Partner advice not covered under ROCKAXIOM agreement | Third Party |
Note: In partner-led engagements, ROCKAXIOM's obligations extend to the Customer as defined in the MSA. ROCKAXIOM is not responsible for representations, advice, or commitments made by partners that fall outside the scope of the ROCKAXIOM service agreements.
14. Acknowledgement and Acceptance
By accepting the ROCKAXIOM Master Services Agreement through the onboarding process, both parties confirm they have read, understood, and agreed to the responsibilities set out in this Shared Responsibility Schedule.
ROCKAXIOM is a trading name of Rockley Consulting Pty Ltd | ABN 78 673 819 773 | Tasmania, Australia | rockaxiom.au
Document version: v2 2026.03.04