CreditXpert Standards Repository

Updated: March 28, 2023

Capitalized terms not defined in this Standards Repository shall have the meaning provided in the agreement between CreditXpert and you.

You are responsible for (a) the security and use of Administrator and all other End User account credentials, and (b) all access to and use of Licensed Solutions, directly or indirectly, through the Administrator or other End User accounts or account credentials, with or without knowledge or consent of the Administrator or other End User.   

The types of End Users are defined below.  “End User” includes (a) Customer Users and (b) Consumers.  “Customer Users” include Administrators, Standard Users and Managers. 

End User Type

Definition

Access and Notes

 

Customer Users

Administrator

or “Admin

An employee of yours to whom you provide administrative access to one or more Licensed Solution and who is in the United States.

Admins manage the CreditXpert instance, such as managing users, permissions, and branches.

Standard User (Credit Specialist, Mortgage Advisor)

 

An employee or Broker of yours to whom you provide access to one or more Licensed Solution and who is located in the United States.

Able to view and edit assigned Consumer accounts and plans. The employee or Broker who is in direct contact, and has a relationship, with the Consumer.

Manager

 

An employee or third-party user of yours to whom you provide access to one or more Licensed Solution, who is located in the United States, and is able to perform Admin functions on a pre-determined sub-set of Standard Users and/or other Manager Users.

Manager Users can view plans and reporting for Mortgage Advisors under their branch.

 

Consumer

A prospective, pre-qualification mortgage applicant of the Customer to whom you have provided a written copy of your privacy policy, and who has provided you with express, written authorization to obtain applicable Bureau Files and other Customer Data, share them with CreditXpert, and analyze and evaluate the data in those Bureau Files and other Customer Data.

For Consumer’s own account, the Consumer is able to: (a) view plans and contact information; and (b) update steps in assigned plan process.

 

Onboarding Period and Production Date

Once a CreditXpert Could Platform Agreement is signed by both parties, CreditXpert and your onboarding team will meet via phone or video call to: (a) review minimum Technical Standards for the Customer System, and other various standards for the Licensed Solutions; and (b) agree on the Onboarding Period, in accordance with the Order Form.

Prior to the Production Date: (a) CreditXpert will make the Production Environment available to you; and (b) you will (i) meet the minimum configuration and other Technical Standards for the Customer System, (ii) provide CreditXpert with account setup information, and (iii) provide credentials, and other data fields as required by CreditXpert to connect and retrieve Bureau Files via API call from Credit Reporting Agency and provider (“CRA”)..

You will begin making the Licensed Solutions available to your End Users in the Production Environment no later than the Production Date.

End-User Training

Once a CreditXpert Cloud Platform Agreement is signed by both parties and CreditXpert is ready to make the Production Environment available to you, a single training session with CreditXpert will be scheduled on use of the Licensed Solution(s). This training may consist of a detailed walkthrough of the Production Environment, an introduction to End User accounts, End User management abilities, or procedures for closing Consumer and other End User accounts.

Any additional training must be coordinated through the Client Success team and may be considered on an hourly basis at the current price for the service and upon coordination of a mutually agreeable time between you and CreditXpert.

 

 

 

Minimum Technical Standards for use of the Customer System with Licensed Solutions, such as minimum required Internet speeds and supported browsers, can be found below.

 

CreditXpert Platform Preferred (Desktop)

Browsers

Google Chrome, Internet Explorer v11, Microsoft Edge

Operating System

Windows version 10+, Mac OS 12.0+

 

CreditXpert Platform Consumer Plan Application (Mobile)

Browsers

Google Chrome, Microsoft Edge

Operating System

iOS v15+, Android v11+ 

 

Password Controls and Standards.

A first-time End User may initiate an account using an initial password that is randomly generated by CreditXpert. Following initial login, an End User will be required to change the initial password. Passwords must be a minimum of 16 characters and composed of a minimum one character from each of the following four groups:

  1. Upper case letters (A-Z);
  2. Lower case letters (a-z);
  3. Arabic numerals (0-9);
  4. Non-alphanumeric special characters.

Passwords must not be composed of any personally identifiable information (e.g., names, birth dates, Social Security Numbers, account credentials). Passwords must be changed at least every 90 days, provided that a new password may not be identical to any of the previous twelve passwords used for that End User account. In addition, Customers and End Users must employ the following password security best practices:

  1. Passwords must not be recorded in readable form outside a computer or workstation. Passwords must not be displayed in clear text on the screen when the End User logs into an account.
  2. Passwords must not be recorded and stored in an easily accessible place near a workstation.
  3. Passwords must not be “remembered” or stored in any readable way on a computer or a device.
  4. An End User must promptly change their password if it is suspected that the password has been disclosed or compromised, or known to have been disclosed to or accessed by an unauthorized party. If the End User is not available to change the compromised password, Customer will disable the End User’s password until such time as the End User has changed the password. Passwords must be encrypted when stored or transmitted.

Each End User will be required to provide appropriate verification of identity before being issued an initial password and before a password is reset for an End User who has been locked out of an account.

System Availability Standards

After the Launch Date, CreditXpert will make commercially reasonable efforts to: (a) make Licensed Solutions available to you in accordance with the uptime objectives (the “Service Level Objective” or “SLO”) described below; (b) conduct Scheduled Maintenance only during the Scheduled Maintenance window; and (c) minimize any disruption to, or inaccessibility of, the Licensed Solutions in connection with either Scheduled Maintenance or Emergency Maintenance.

System Standard

Objective

SLO or Service Level Objective

Make Licensed Solutions available to you 99% of the time (measured on a calendar quarter basis in the aggregate, based on the number of End Users affected by each downtime incident), excluding U.S. federal holidays as observed, Scheduled Maintenance, Emergency Maintenance, and instances outside of CreditXpert’s reasonable control

Scheduled Maintenance Window

Between 11:00 pm ET and 7:00 am ET. .CreditXpert will use this time to complete all maintenance and upgrade requirements. Notice will be provided in advance.

Emergency Maintenance

Announce any unplanned downtime for emergency issues involving loss of service via email within 12 hours of loss of service.

 

Support Tickets

All Support requests must be submitted by your users via CreditXpert’s then-current customer service portal. Ordinarily, support items do not require the use of NPI or any other personal information concerning a Consumer; for that reason, when submitting and discussing requests you agree: (a) only to provide the unique numerical number assigned to the relevant Bureau Files by the CRA; and (b) not to include NPI or any other personal information concerning a Consumer. In the rare case when NPI or some other form of personal information is required in order to resolve a Support request, you will ensure that the information: (a) includes only that information required to address the request; and (b) either encrypt in transit or anonymize the information consistent with then-current CreditXpert standards.

Support Standards

  • After receiving a Support request from your users concerning an issue, CreditXpert will promptly use commercially reasonable efforts to respond to that request in accordance with the chart below to cause the Licensed Solution to perform in accordance with its Specifications, including through the use of experienced human analytics, quality assurance tools, machine learning software, Feedback and other information provided by CreditXpert’s ecosystem of customers and other partners.
  • To the extent that a support issue or other problem is attributable to one of your employees (e.g., lost user name and/or password credentials) or a Customer System (e.g., problems with Single Sign-On (SSO), you will promptly use commercially reasonable efforts in accordance with the chart below to correct the same, such as by causing the Customer System to perform in accordance with its specifications.
  • The time that CreditXpert is in need of further information from you to solve an issue will not be counted towards the outlined resolution requirements below. SLA response time does not include the time it takes for you to provide CreditXpert with requisite data for ticket solution.


 

Time in Business Hours or Days

Severity Level

Acknowledge Support Ticket

Validate Support Request Severity Level

Provide Support Resolution Plan

Aim to Resolve Support Request

1

 

 

Automated

 

 

6 Hours

24 Hours

36 Hours

2

48 Hours

72 Hours

3

5 Days

15 Days

4

For consideration in

CreditXpert’s roadmap
  • “Severity Level 1 (Urgent),” means problems which cause a Licensed Solution or the Customer System to be unavailable or non-responsive in a Production Environment to all End Users, and no known procedural work-around exists. Examples of SL1 with a Licensed Solution include: (a) data not returning on CreditXpert web pages; and (b) CreditXpert website errors, such as “404 not found.”
  • “Severity Level 2 (High)” means a Licensed Solution or Customer System is available and functioning, but problems reduce your ability to use the Licensed Solution or Customer System in a Production Environment, with a high impact on you and no known procedural work-around exists. Examples of SL2 with a Licensed Solution include data not displaying properly on CreditXpert web pages.
  • “Severity Level 3 (Medium)” means a Licensed Solution or Customer System is available and functioning, but minor problems partially reduce your ability to use the same in a Production Environment, with a non-critical impact on you. Examples of SL3 with a Licensed Solution include: (a) the embedded link for a document which is cross-referenced in the CreditXpert Solutions Agreement (e.g., the Technical Standards) does not work; and (b) CreditXpert web pages taking an unreasonably long time to load. Severity Level 1 and Severity Level 2 issues will be downgraded to Severity Level 3 when a workaround which does not materially slow or otherwise adversely affect operations is provided and a permanent solution is not yet available.
  • “Severity Level 4 (Low)” means feedback and suggestions concerning a Licensed Solution or Customer System that are more forward-thinking than actual business needs, or cosmetic. Examples include any special request that requires the scheduling of resources for modifications or enhancements. You will address concerns of this nature with respect to the Customer System in your discretion, and CreditXpert will likewise address concerns of this nature with respect to a Licensed Solution in its discretion.
  • Severity Level designations concerning a Customer System are made by you; Severity Level designations concerning a Licensed Solution are made by CreditXpert.

Accepted Payment Methods. CreditXpert invoices are payable through ACH. Accommodation could be discussed on a client-by-client basis if ACH is not possible.

 

All CreditXpert logos and branding cannot be removed from any portion of the Licensed Solution.

CreditXpert has designed certain Customer User features of the CreditXpert platform to incorporate both your company logo and key contact information. The guidelines below are designed to help you understand those features, and to provide you with general guiding principles and helpful specifications.

Web Application Personalization.

Your company logo (or other icon of your choice) will be displayed in a designated place within the header of every page of each Customer User dashboard. Many customers choose to use the same logo / icon that they use on their social media profiles.

 

 

What are the logo requirements? The logo / icon to be used on Customer User dashboard pages must fit in a 44 x 44 pixel frame. CreditXpert accepts .svg formats only.  


Communication Tools Personalization

Email Invitation.

When you use the CreditXpert platform to invite a Consumer to view their plan via the CreditXpert platform, the Consumer will receive an email sent by CreditXpert on your behalf. The body of that email will include your company logo and the contact information for the Customer User who created the plan.

What are the logo requirements? The logo / icon to be used on communications to Consumers must fit in a 27 x 27 pixel frame . CreditXpert accepts .svg formats only.  

PDF Plan

When you use the CreditXpert platform to print, email or save a PDF action plan as a file at any stage of the process, the plan will include your company logo and the contact information for the Customer User who created the plan.

The plan will also have a cover page that will provide a location for you to include your required disclosures.

What are the logo requirements? The logo / icon to be used on PDF action plans must fit in a 27 x 27 pixel frame. CreditXpert accepts .svg formats only.