Cyber Security Works
Master Services and Subscription Agreement
Last Updated: June 30, 2020.
“Asset” means every physical and virtual object being registered, managed, and discovered by the Cyber Security Works Service as measured by overall instances used by Customer, as well as Customer’s subsidiaries and affiliates. Assets include objects on premise (including network devices, applications, databases), in the cloud, IoT, or mobile devices and is typically identified by a unique IP or MAC address, but also includes web application software and databases.
“Affiliate” means, with respect to a party, any entity which directly or indirectly Controls, is Controlled by, or is under common Control with such party.
“Confidential Information” has the meaning set forth in Section 11.
“Control” means ownership or control, directly or indirectly, of at least 50% of the voting interests of the subject entity.
“Customer Data” means all electronic data or information submitted by Customer or any of its Affiliates in the Cyber Security Works Service.
“Customer Equipment” means Customer’s and its Affiliates’ computer hardware, software and network infrastructure used to access the Cyber Security Works Service.
“Data Protection Laws and Regulations” means all EU/Swiss applicable legislation with respect to the processing of personal data.
“Documentation” means the published specifications of the Cyber Security Works Service, as may be updated, or amended from time to time, as determined by Cyber Security Works.
“Extension Term” means each renewal subscription period for which the subscription term applicable to an Order Form is extended pursuant to Section 13.
“Force Majeure Event” means a natural disaster, actions or decrees of governmental bodies or communications line failure which (i) hinders, delays or prevents a party from performing its obligations, and (ii) is beyond the reasonable control of, and without the fault or negligence of, such party, and (iii) by the exercise of reasonable diligence such party is unable to prevent or provide against.
“Initial Term” means the first subscription term period for the Cyber Security Works Service defined on an Order Form, or if no such term period is defined, twelve (12) months, commencing on the date Customer executes such Order Form.
“Order Form” means Cyber Security Works’ paper-based or online ordering document for the Cyber Security Works Service signed by Cyber Security Works and Customer.
“Professional Services” means the installation, implementation, training, or other professional services listed in Section 4 and further identified in an Order Form.
“Cyber Security Works Service” means the Cyber Security Works online cyber risk management platform.
“Subscription Fees” mean the fees paid by Customer for the right to access and use the Cyber Security Works Service during the Term.
“Taxes” means any direct or indirect local, state, federal or foreign value-added, sales, use or withholding taxes.
“Term” as it relates to an Order Form means the Initial Term and any Extension Term applicable to each Order Form, and as it relates to this Agreement, is as defined in Section 13.1 below.
“Users” means Customer’s and its Affiliates and their respective employees, agents, contractors, service providers or consultants who are authorized by Customer to use the Cyber Security Works Service and who have been supplied user identifications and passwords by Customer or by Cyber Security Works at Customer’s or its Affiliates’ request.
2. TERMS OF CYBER SECURITY WORKS SERVICE.
Cyber Security Works shall make the Cyber Security Works Service available to Customer and its Affiliates in accordance with this Agreement, and each Order Form mutually entered into and, to the extent not in conflict with this Agreement or an Order Form or the Documentation. Subject to the terms of this Agreement, Cyber Security Works grants Customer and its Affiliates a world-wide, fully-paid, royalty-free, limited term, non-sublicensable, non-transferable (except as otherwise provided herein), and non-exclusive license to access, and use the Cyber Security Works Service solely for its internal business purposes. The license granted hereunder is limited to the maximum number of Assets specified in each Order Form and is subject to any additional terms and conditions specified on an Order Form. Any third-party component embedded, included, or provided by Cyber Security Works for use with the Cyber Security Works Service may only be used in conjunction with the Cyber Security Works Service, and such use is subject to this Agreement.
3. CUSTOMER RESPONSIBILITIES RELATING TO USE OF THE CYBER SECURITY WORKS SERVICE.
3.1 Customer is responsible for the use of the Cyber Security Works Service by its Users and obtaining and maintaining any Customer Equipment and any ancillary services needed to connect to, access or otherwise use the Cyber Security Works Service and to comply with any corresponding requirements as set forth in the Documentation.
3.2 Customer agrees to use the Cyber Security Works Service in compliance with applicable law (including but not limited to anti-spam laws), and not: (a) resell, sublicense, lease, time-share or otherwise make the Cyber Security Works Service available to any third party other than as contemplated or allowed by this Agreement; or (b) use the Cyber Security Works Service to intentionally send or store infringing or unlawful material or material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs.
3.3 Customer agrees to not (a) modify, copy or create derivative works of the Cyber Security Works Service; (b) reverse engineer the Cyber Security Works Service; (c) access the Cyber Security Works Service or the purpose of building a competitive product or service; (d) do any “mirroring” or “framing” of any part of the Service, or create Internet links to the Cyber Security Works Service which include log-in information, user names, passwords, and/or secure cookies; (e) use the Cyber Security Works Service, for purposes of product evaluation, benchmarking or other comparative analysis intended for publication without Cyber Security Works’ prior written consent; or (f) provide access to the Cyber Security Works Service by a known direct competitor of Cyber Security Works.
3.4 IF CUSTOMER FAILS TO COMPLY WITH THE OBLIGATIONS SET FORTH IN THIS SECTION 3 CYBER SECURITY WORKS SHALL INFORM CUSTOMER THEREOF IN WRITING AND RESERVES THE RIGHT TO SUSPEND THE CYBER SECURITY WORKS SERVICE IF THE FAILURE IS NOT REMEDIED WITHIN FIVE (5) BUSINESS DAYS.
4. PROFESSIONAL SERVICES.
Cyber Security Works will provide Professional Services identified and described under and at the rates set forth in an Order Form. Professional Services may also be as stated in a mutually agreed upon statement of work that specifically incorporates this Agreement by reference (“SOW”).
5.1 As between the parties and except as otherwise defined as “Owned by Customer” in a SOW, Cyber Security Works shall retain all ownership rights in the Cyber Security Works Service, the technology, software, hardware, products, processes, algorithms, user interfaces and know-how related to the Cyber Security Works Service and all work developed or created by Cyber Security Works during the course of providing the Cyber Security Works Service, Support, and Professional Services to Customer in each to the extent not constituting Customer Information (as defined below). Customer shall have or retain all ownership rights in the Customer Data and all data, text, files, data, output, programs, files, information, or other information material that Customer or its Affiliates provides in conjunction with the Cyber Security Works Service (collectively, “Customer Information’). As applicable, Cyber Security Works hereby assigns and will assign all Customer Information to Customer. Customer and its Affiliates may export its Customer Data from the Cyber Security Works Service at any time during its subscription Term. No license, right or interest in any Cyber Security Works or Customer trademark, copyright, trade name or service mark is granted hereunder.
5.2 Cyber Security Works shall own any suggestions, enhancement requests, recommendations or other feedback provided by Customer or its Users relating to the operation of the Cyber Security Works Service.
6.1 Unless otherwise specified on an Order Form, the Fees shall be as stated in each Order and shall be payable in advance. In the event Customer issues purchase orders in its normal course of business, Customer shall provide Cyber Security Works with a purchase order within five (5) days of the Effective Date, or if Customer does not provide Cyber Security Works with such purchase order, Customer authorizes Cyber Security Works to accept this Agreement in lieu of a purchase order.
6.2 Unless otherwise provided, Cyber Security Works’ fees do not include any Taxes, and Customer is responsible for paying all Taxes arising from its purchases hereunder, excluding Taxes based on Cyber Security Works’ net income, employees, or property. If Cyber Security Works has the legal obligation to pay or collect Taxes for which Customer is responsible, the appropriate amount of such Taxes shall be invoiced to and paid by Customer, unless Customer provides a valid tax exemption certificate authorized by the appropriate taxing authority.
6.3 Customer shall reimburse Cyber Security Works for all reasonable, pre-approved and appropriately documented, out-of-pocket travel and related expenses incurred by Cyber Security Works in performing any Professional Services at Customer’s location.
6.4 If Customer’s use of the Cyber Security Works Service is greater than that contracted for then Cyber Security Works will provide written notice (which may be via email) to Customer. Following confirmation of Customer’s receipt of such notice, and provided that Customer does not contest Cyber Security Works’ assertion, then Customer will be invoiced for the additional Asset license Subscription Fees (at the rates specified in the applicable Order Form) for the period commencing on the date of use of such additional Subscription Fees through the remainder of the then current subscription term, and the unpaid Subscription Fees shall be payable in accordance with this Agreement.
Cyber Security Works shall provide its standard support as set forth in the Cyber Security Works Support Policy found at https://Cyber Security Works LLC.com/customer-agreements/ under the “Service Level Agreement” tab.
8. REPRESENTATIONS AND WARRANTIES.
8.1 Each party represents and warrants that (i) it has all necessary right, title and authority to enter into and perform under this Agreement; and (ii) it shall comply with all other applicable laws in its performance hereunder. Customer warrants that it has the rights to provide and use any and all Customer Data in accordance with the terms of the Agreement and the foregoing does not violate the rights of any third-parties.
8.2 Cyber Security Works warrants that the Cyber Security Works Service will substantially conform in all material respects to the Documentation. Customer will provide prompt written notice of any non-conformity. As Customer’s sole and exclusive remedy and Cyber Security Works’ entire liability for any breach of the foregoing warranty, Cyber Security Works will fix, provide a work around, or otherwise repair or replace the nonconforming portion of the Cyber Security Works Service, or, if Cyber Security Works is unable to do so, terminate the license for the Cloud Service and return the Cyber Security Works Service Fees paid to Cyber Security Works for the period beginning with Customer’s notice of Cyber Security Works through the remainder of the Initial Term or then-current Extension Term, as applicable.
8.3 Cyber Security Works shall provide its service level agreement as set forth in the Cyber Security Works SLA found at https://www.Cyber Security Works.com/service-level agreement.
8.4 EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY NOR ITS LICENSORS OR SUPPLIERS MAKES ANY WARRANTIES OF ANY KIND, WHETHER IMPLIED, STATUTORY OR OTHERWISE, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. Cyber Security Works DOES NOT WARRANT THE OPERATION OF THE Cyber Security Works SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE.
9. INTELLECTUAL PROPERTY INFRINGEMENT INDEMNITY.
9.1 Cyber Security Works shall defend, indemnify and hold Customer and its Affiliates (collectively, “Customer Group”) harmless against any loss, damage or costs (including reasonable attorneys’ fees) incurred in connection with claims, demands, suits, or proceedings (“Claims”) made or brought against any member of Customer Group by a third party (a) alleging that use of the Cyber Security Works Service and the results of the Professional Services as contemplated hereunder infringes the U.S. patent, copyright or other intellectual property right of a third party. Customer agrees to (a) promptly give written notice of the Claim to Cyber Security Works (provided that the obligations under this Section 9.1 shall not be reduced by the failure to give such notice except to the extent Cyber Security Works is materially prejudiced by such failure); (b) give Cyber Security Works sole control of the defence and settlement of the Claim (provided that Cyber Security Works may not settle any Claim unless it unconditionally releases Customer of all liability and obligation); and (c) provide to Cyber Security Works, at Cyber Security Works’ cost, all reasonable assistance.
9.2 Cyber Security Works will, at its sole option and expense: (i) procure for Customer the right to continue using the Cyber Security Works Service and the results of the Professional Services under the terms of this Agreement; (ii) replace or modify the Cyber Security Works Service and the results of the Professional Services to be non-infringing without material decrease in functionality; or (iii) if the foregoing options are not reasonably practicable, terminate the license for the infringing Cyber Security Works Service and the results of the Professional Services and provide a pro-rata refund of the Cyber Security Works Service and the results of the Professional Services fees paid by Customer in the then-current Term.
9.3 Cyber Security Works shall have no liability for any Claim to the extent the Claim is based upon (i) the use of the Cyber Security Works Service or the results of the Professional Services in combination with any other product, service or device not furnished, recommended or approved by Cyber Security Works in writing, if such Claim would have been avoided by the use of the Cyber Security Works Service or the results of the Professional Services, without such product, service or device; or (ii) Customer’s use of the Cyber Security Works Service and the results of the Professional Services other than in accordance with this Agreement.
9.4 THE PROVISIONS OF THIS SECTION 9 SET FORTH CYBER SECURITY WORKS’S SOLE AND EXCLUSIVE OBLIGATIONS, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, WITH RESPECT TO INFRINGEMENT OR MISAPPROPRIATION OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS OF ANY KIND.
10. INDEMNIFICATION BY CUSTOMER.
Customer shall defend, indemnify and hold Cyber Security Works and its Affiliates (collectively, “Cyber Security Works Group”) harmless against any loss, damage or costs (including reasonable attorneys’ fees) incurred in connection with Claims made or brought against Cyber Security Works any member of Cyber Security Works Group, by a third party alleging that the Customer Data created and stored by Customer in the Cyber Security Works Service or otherwise provided to Cyber Security Works in connection with the Agreement (i) violates any applicable law or regulation; or (ii) infringes any U.S. patent, copyright or other intellectual property right of a third party. Cyber Security Works agrees to (a) promptly give written notice of the Claim to Customer (provided that the obligations under this Section 10 shall not be reduced by the failure to give such notice except to the extent Customer is materially prejudiced by such failure); (b) give Customer sole control of the defence and settlement of the Claim (provided that Customer may not settle any Claim unless it unconditionally releases Cyber Security Works of all liability and obligation); and (c) provide to Customer, at Customer’s cost, all reasonable assistance.
11.1 As used herein, “Confidential Information” means all confidential and proprietary information of a party (“Disclosing Party”) disclosed to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including the terms and conditions of this Agreement, Customer Data, business and marketing plans, technology and technical information, product designs, and business processes. Confidential Information shall not include any information that: (i) is or becomes generally known to the public without breach of any obligation owed to Disclosing Party; (ii) was known to Receiving Party prior to its disclosure by Disclosing Party without breach of any confidentiality obligation owed to Disclosing Party; (iii) was independently developed by Receiving Party without breach of any confidentiality obligation owed to Disclosing Party or access to or reliance on Disclosing Party’s Confidential Information; or (iv) is received from a third party without breach of any confidentiality obligation owed to Disclosing Party.
11.2 Receiving Party shall not disclose any Confidential Information of Disclosing Party for any purpose outside the scope of this Agreement, except as allowed by the terms of this Agreement or with Disclosing Party’s prior written consent. Receiving Party shall protect the confidentiality of Disclosing Party’s Confidential Information in the same manner that it protects the confidentiality of its own Confidential Information of like kind (but in no event using less than reasonable care). Cyber Security Works represents and warrants that it will maintain the confidentiality of Customer Data in accordance with all applicable laws and, except as required by applicable law, will not disclose Customer Data to any third party for any purpose other than to provide the Cyber Security Works Service Customer and to otherwise improve the Cyber Security Works Service, provided, however, that Cyber Security Works may compile aggregate data related to Customer’ s usage of the Cyber Security Works Service and may use and/or disclose such aggregate data to third parties, to the extent that Customer is not identified as the source of such data and as long as the data does not reveal the identity, whether directly or indirectly, of any individual, or specific data entered by or relating to any individual. Such uses include notifying Customer and other customers about cyber risk and other network and system threats and vulnerabilities. Receiving Party shall promptly notify Disclosing Party if it becomes aware of any actual or reasonably suspected breach of confidentiality of Disclosing Party’s Confidential Information.
11.3 If Receiving Party is compelled by law to disclose Confidential Information of Disclosing Party, it shall provide Disclosing Party with (a) prior written notice of such compelled disclosure (to the extent legally permitted) and (b) reasonable assistance in contesting the disclosure, at Disclosing Party’s option and cost. Any actual disclosure shall be limited to the minimum amount of information necessary to comply with the disclosure demand as advised by legal counsel.
11.4 If Receiving Party discloses (or threatens to disclose) any Confidential Information of Disclosing Party in breach of confidentiality protections hereunder, Disclosing Party shall have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being acknowledged by the parties that any other available remedies are inadequate.
11.5 Upon any termination of this Agreement, the Receiving Party shall continue to maintain the confidentiality of the Disclosing Party’s Confidential Information and, upon request and to the extent practicable, return to the Disclosing Party or destroy (at the Disclosing Party’s election) all materials containing such Confidential Information.
11.6 Cyber Security Works shall comply with all Data Protection Laws and Regulations in the provision of the Cyber Security Works Service.
12. LIMITATION OF LIABILITY.
12.1 EXCEPT (i) FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS; AND (ii) EITHER PARTY’S MATERIAL BREACH OF SECTION 11, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, EXCEED THE FEES PAID OR PAYABLE TO CYBER SECURITY WORKS DURING THE (12) TWELVE MONTHS PRIOR TO WHEN THE CLAIM ACCRUED.
12.2 TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY OR ITS LICENSORS OR SUPPLIERS HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS OR FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES HOWEVER CAUSED AND, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
13. TERM AND TERMINATION.
13.1 This Agreement commences on the date the first Order Form is executed (“Effective Date”) and continues until all Order Forms entered into under this Agreement have expired or been terminated unless terminated as otherwise provided herein. The Initial Term applicable to each Order Form commences upon Customer’s execution of such Order Form and upon expiration of the Initial Term, the Cyber Security Works Service subscription term applicable to such Order Form shall continue to renew for Extension Terms equal to twelve (12) months, unless either party gives notice to the other party of its desire to not renew at least thirty (30) days prior to the end of the then-current Term.
13.2 A party may terminate this Agreement for cause: (i) upon 30 days written notice to the other party of a material breach of this Agreement if such breach remains uncured at the expiration of such period; (ii) immediately upon written notice if the other party becomes the subject of a bankruptcy, insolvency, receivership, liquidation, assignment for the benefit of creditors or similar proceeding; or (iii) as otherwise provided herein.
13.3 The parties’ rights and obligations under Sections 5, 6, 8.3, 9-12, 13.3, and 14 shall survive termination of this Agreement.
13.4 Upon the Effective Date of termination of this Agreement Customer’s license to use the Cyber Security Works Service will cease. Upon request by Customer, provided that such request is made within 30 days of the Effective Date of termination, Cyber Security Works will make available to Customer for download a file of Customer Data in comma separated value (.csv) format. After such 30 day period Cyber Security Works will have no obligation to maintain any Customer Data and will not retain copies or records of Customer Data in its system or otherwise.
14.1 The parties are independent contractors, and no partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties is created hereby. There are no third-party beneficiaries to this Agreement.
14.2 Notices shall be in writing and delivered by nationally recognized overnight delivery service or certified or registered U.S. Mail to Cyber Security Works at the address first listed above and to Customer, at the address on file with Cyber Security Works, and are effective upon receipt.
14.3 No amendment or waiver of any provision of this Agreement shall be effective unless in writing and signed by Customer and Cyber Security Works. To the extent of any conflict between this Agreement, the Order Form, and any other document referenced herein, this Agreement shall prevail unless expressly stated otherwise. Notwithstanding any language to the contrary therein, no terms stated in a purchase order or similar ordering document (other than a Statement of Work or other mutually executed order document expressly incorporated herein) shall be incorporated into this Agreement, and all such terms shall be void. This Agreement represents the entire agreement of the parties, and supersedes all prior or contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter.
14.4 Either party may include the other’s name or logo in customer or vendor lists in accordance with the other’s standard guidelines. In addition, Cyber Security Works may refer to Customer’s intended use of the Cyber Security Works Service in discussions with Cyber Security Works customers, prospective customers, and other third-parties.
14.5 No failure or delay in exercising any right hereunder shall constitute a waiver of such right. Except as otherwise provided, remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, such provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions shall remain in effect.
Neither party shall be liable to the other for any delay or failure to perform hereunder (excluding payment obligations) due to a natural disaster, actions or decrees of governmental bodies or communications failure which (i) hinders, delays or prevents a party in performing any of its obligations, (ii) is beyond the control of, and without the fault or negligence of, such party, or (iii) by the exercise of reasonable diligence such party is unable to prevent or provide against (“Force Majeure Event).
14.6 Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other (not to be unreasonably withheld). Notwithstanding the foregoing, (i) either party may assign this Agreement in its entirety (including all Order Forms hereunder), upon written notice to the other party, to an Affiliate or, to its successor in interest resulting from a merger, reorganization, or sale of all or substantially all assets or equity, and (ii) Cyber Security Works may use subcontractors in the ordinary course of business. Any attempted assignment in breach of this section shall be void. This Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.
14.7 Each party agrees to comply with all applicable regulations of the United States Department of Commerce and with the United States Export Administration Act, as amended from time to time, and with all applicable laws and regulations of other jurisdictions with respect to the provision and use of the Cyber Security Works Service.
14.8 This Agreement shall be governed exclusively by the internal laws of the State of New Mexico, without regard to its conflicts of laws rules. Any dispute arising hereunder shall be brought exclusively in the courts located in Albuquerque. The United Nations Convention on Contracts for the International Sale of Goods shall not apply.