Compliance Automation EULA
SHERLOCK COMPLIANCE AUTOMATION END USER LICENSE AGREEMENT
This Master Subscription Agreement and all Exhibits annexed hereto (the “Agreement”) is a legal agreement by and between Anitian Corporation (“Anitian”), and the party identified on the order form or similar document and entering into this Agreement for the use of the Service (“Subscriber”, “Subscriber”). In consideration of the mutual covenants and agreements set forth herein, and other good and valuable consideration, receipt of which is hereby acknowledged, the parties agree as follows:
THIS MASTER SUBSCRIPTION AGREEMENT (“AGREEMENT”) GOVERNS YOUR ACQUISITION AND USE OF ANY SERVICE MADE AVAILABLE BY ANITIAN CORPORATION (“ANITIAN”). IF YOU REGISTER FOR AN EVALUATION USE OF OUR SERVICES, THIS AGREEMENT WILL ALSO GOVERN THAT EVALUATION. BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING THIS AGREEMENT OR AN ORDER FORM THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A ANITIAN OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MAY NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.
Anitian has developed Software (defined below), which it provides as part of its Services (defined below). Subscriber wishes to utilize the Services, and Anitian desires to make the Services available to Subscriber, subject to the following terms and conditions.
Capitalized terms shall have the meanings set forth in this section, or in the section where they are first used.
2.1. “Access Protocols” means the passwords, access codes, technical specifications, connectivity standards or protocols, or other relevant procedures, as may be necessary to allow Subscriber or any Authorized Users to access the Services.
2.2. “Authorized User” means any individual who is an employee of Subscriber or such other person or entity as may be authorized by an Order Form, to access the one or more Services pursuant to Subscriber’s rights under this Agreement.
2.3. “Cloud Infrastructure Service” means the cloud provider (e.g. AWS) where the Subscriber will use the Software.
2.4. “Compliance Environment” means the cloud environment the Software creates which includes (but is not limited to) EC2 instances, VPCs, environment specific configurations, encrypted secrets, passwords, license keys, and user access controls.
2.5. “Documentation” means the technical materials provided by Anitian to Subscriber in hard copy or electronic form describing the use and operation of the Software.
2.6. “Error” means a reproducible failure of the Software to substantially conform to the Documentation.
2.7. “Error Corrections” means bug fixes or workarounds intended to correct Errors in the Software.
2.8. “Intellectual Property Rights” means any and all now known or hereafter existing (a) rights associated with works of authorship, including copyrights, mask work rights, and moral rights; (b) trademark or service mark rights; (c) trade secret rights; (d) patents, patent rights, and industrial property rights; (e) layout design rights, design rights, and other proprietary rights of every kind and nature other than trademarks, service marks, trade dress, and similar rights; and (f) all registrations, applications, renewals, extensions, or reissues of the foregoing, in each case in any jurisdiction throughout the world.
2.9. “Managed Services” means the on-going security monitoring and management services that can be included with the Software. Managed Services are delivered on an on-going basis, rather than a one-time engagement.
2.10. “Managed Services Term” the period of time where the Subscriber is Subscribed to the Managed Services.
2.11. “Order Form” means a document signed by both parties or online order specifying the Services to be made available by Anitian pursuant to this Agreement.
2.12. “Services” means the services ordered by Subscriber through an Order Form.
2.13. “Subscriber Content” means any content, including applications, data, or configurations, developed by or on behalf of Subscriber and used with the Software.
2.14. “Software” means the software programs described in Exhibit A (Software Services) and any associated user interfaces and related technology that Anitian makes available pursuant to this Agreement.
2.15. “Subscriber Data” means the information that Subscriber provides to Anitian in order to sign-up and pay for the Services, including name, address, email address, telephone number, and credit card and/or bank account information.
2.16. “Supported Environment” means the minimum hardware, software, and connectivity configuration specified from time to time by Anitian as required for use of the Services. The current requirements are described in Exhibit A (Software Services).
2.17. “Third Party Products” means software that is included as part of the Software, but does not belong to Anitian. Subscriber’s use of Third Party Products is governed under separate End User License Agreements (EULA) for each Third Party Product.
This Agreement was last updated on November 20, 2018. Anitian reserves the right to change, modify, add or remove portions of these terms. We will notify current account administrators of any material changes that will be posted as the amended terms on the Anitian website at Terms of Service.
Your continued use of the Software after this thirty (30) day period following the email notice of any changes to these Terms indicates your acceptance and agreement to any and all such changes.
3. PROVISION OF SERVICES
3.1. Access. Subject to Subscriber’s payment of the fees set forth in Exhibit A (Software Services), Anitian will provide Subscriber access to Software. On or as soon as reasonably practicable after the Effective Date Anitian shall provide to Subscriber the necessary passwords, security protocols and policies and network links or connections and Access Protocols to allow Subscriber and its Authorized Users to access the Software in accordance with the Access Protocols.
3.2. Responsibility for Software and Content Hosting. Subscriber shall, at its own expense, provide for the hosting of the Compliance Environment which is accessible as part of the Services. Unless otherwise set forth on an Order Form, Subscriber is responsible for providing and using credentials for all Software components. The Subscriber shall receive a separate bill for charges and fees imposed by the provider of Cloud Infrastructure Services or Third Party Products.
3.3. Subscriber Credentials. Subscriber may elect to provide Anitian access to keys, credentials, or passwords (“Credentials”) to access Subscriber’s applications and/or technology infrastructure. By providing Anitian any such Credentials, Subscriber authorizes Anitian to use those Credentials and to access Subscriber applications and infrastructure for the purpose of providing Services under this Agreement.
3.4. Security. Anitian represents and warrants that it follows industry-standard policies and provides software features and internal practices to protect the security and integrity of Subscriber Data in Anitian’s possession. Anitian will notify Subscriber as soon as possible via telephone, to be followed-up in writing, of any actual, suspected or threatened Security Incident (as defined below) involving such Subscriber Data. The notification provided to Subscriber shall include, if known to Anitian as of the time of notice: (i) the general circumstances and extent of any unauthorized access to Subscriber Data or intrusion into the computer systems or facilities on or in which Subscriber Data is maintained; (ii) which categories of Subscriber Data were involved; and (iii) steps taken to secure the data and preserve information for any necessary investigation. The notification required to be delivered to Subscriber under this Section shall be delivered promptly and in no event later than twenty-four (24) hours after Anitian learns of any such actual, suspected or threatened Security Incident.
3.4.1 “Security Incident” is when Anitian knows or has reason to know that: (A) Anitian has experienced an incident resulting in the unauthorized acquisition of unauthorized use of (i) unencrypted Subscriber Data, or (ii) encrypted Subscriber Data and the confidential process or key that is capable of compromising the security, confidentiality or integrity of Subscriber Data that creates a substantial risk of identity theft or fraud; or (B) Subscriber Data was acquired or used by an unauthorized person or used for an unauthorized purpose..
3.5. General Restrictions. Anitian shall only use Subscriber Data for the purpose of providing Services under this Agreement. Anitian shall not (and shall not allow any third party to) rent, lease, provide access to or sublicense Subscriber Data to a third party or use Subscriber Data to provide a service to a third-party (for example, by offering consulting services to third parties).
3.6. Third Party Products. The Software includes third-party software as part of the Compliance Environment. Third Party Products are licensed as part of the Software. License keys for Third Party Products will be provided to Subscriber within thirty days after the Effective Date of this Agreement.
End User License Agreements (EULA) for each Third Party Product is included with Software. Consult the Documentation for copies of each EULA.
If Subscriber does not consent to the terms of any or all of the Third Party Product EULAs, it must notify Anitian in writing within 30 days from the Effective Date of this Agreement. Subscriber must delete Third Party Products from the Compliance Environment immediately. Anitian is not obligated to assist Subscriber with deleting Third Party Products. Anitian will not provide refunds for any Third Party Products that Subscriber does not use.
Your continued use of the Third Party Products after 30 days from the Effective Data indicates your acceptance and agreement to all the terms in all Third Party Product EULAs.
4. INTELLECTUAL PROPERTY
4.1. License Grant. Subject to the terms and conditions of this Agreement, Anitian grants to Subscriber a non-exclusive, non-transferable license during the term, solely for Subscriber’s internal business purposes and in accordance with the limitations set forth in Exhibit A (Software Services), (a) to access, use, perform, and digitally display the Software as required for use of the Services and in accordance with the Documentation; and (b) to use and reproduce a reasonable number of copies of the Documentation solely to support Subscriber’s use of the Services. Anitian Corporation owns all right, title and interest, including without limitation all intellectual property and other rights, in and to the Service, Content (except for Subscriber Content, third-party content, Third Party Products, if any, therein), and Software.
Sherlock Compliance Automation is proprietary Software available on SaaS subscription basis. Use of the Service and Software for any purpose not set forth in this Agreement is prohibited. All Automation Templates generated by the service are the property of Anitian Corporation and/or its business partners, affiliates, assigns, licensors or other respective owners. Subscriber may not (i) except to the extent that applicable law requires Anitian to give the Subscriber permission to do so, directly or indirectly, reverse engineer, decompile or disassemble any software made available to Subscriber in connection with the Services; (ii) copy rent, lease, distribute, pledge, assign, or otherwise transfer or encumber rights to such software; or (iii) remove any proprietary notices from such software.After the expiration of evaluation period and upon the first payment, Anitian will grant to Subscriber a non-transferable, non-sublicensable, non-exclusive, paid-up right and license to use, copy, modify and prepare derivative works of the Automation Templates, for purposes of Subscriber’s internal business only. Such license will become perpetual once Anitian is paid in full.
4.2. Limitations. The Service, together with all know-how, processes, methodologies, specifications, designs, inventions, functionality, graphics, user interfaces, techniques, methods, applications, libraries, documentation or other technology and materials of any kind, or any enhancement thereof, used or made available by Anitian to you or any Authorized User in connection with the Service and Support, constitute or otherwise involve valuable intellectual property rights of Anitian and all right, title and interest in and to the foregoing will, as between the Parties, be owned by Anitian. No title to or ownership of the Service, or any intellectual property rights associated therewith, is transferred under this Agreement and Anitian reserves all rights not otherwise expressly granted herein.
4.3. Subscriber References. Anitian may use your name and logo to identify you as a Subscriber on the Site, on publicly available Subscriber lists, and in media releases during the term of the Agreement.
4.4. Open Source Software. Certain items of software may be provided to Subscriber with the Software and are subject to “open source” or “free software” licenses (“Open Source Software”). Some of the Open Source Software is owned by third parties. The Open Source Software is not subject to the terms and conditions of the section titled Indemnification or the subsection titled License Grant. Instead, each item of Open Source Software is licensed under the terms of the end-user license that accompanies such Open Source Software. Nothing in this Agreement limits Subscriber’s rights under, or grants Subscriber rights that supersede, the terms and conditions of any applicable end user license for the Open Source Software. If required by any license for particular Open Source Software, Anitian makes such Open Source Software, and Anitian’s modifications to that Open Source Software, available by written request at the notice address specified below.
5. FEES AND EXPENSES; PAYMENTS
5.1. Fees. In consideration for the access rights granted to Subscriber and the services performed by Anitian under this Agreement, Subscriber will pay to Anitian the fees set forth in Exhibit B (Fees) and as otherwise required by a particular Order Form. In the event that Subscriber wishes to increase the number of Compliance Environments or Authorized Users beyond the maximum number of environments for which fees have been paid, Subscriber shall be required to pay additional fees prorated for the remainder of the term.
5.2. All fees for Services are due and payable to Anitian in advance. Anitian shall be entitled to withhold performance and discontinue service until all amounts due are paid in full. Except to the extent otherwise expressly stated therein, if an applicable Order Form or statement of work (“SOW”) provides for payment via credit card or electronic money transfer (e.g., ACH), Anitian is permitted to process such payment on the date of Anitian’s invoice. Subscriber will pay all fees specified in Order Forms. Except as otherwise specified herein or in an Order Form, (1) fees are based on Services subscriptions purchased and not actual usage, (2) payment obligations are noncancelable and fees paid are non-refundable, and (3) quantities purchased cannot be decreased during the relevant subscription term.
5.3. Invoicing and Payment. Subscriber will provide Anitian with valid and updated credit card information, or with a valid purchase order or alternative document reasonably acceptable to Anitian. If Subscriber provides credit card information, you authorize Anitian to charge such credit card for all Purchased Services listed in the Order Form for the initial subscription term and any renewal subscription term(s) as set forth in Section 1Subscription Term. Such charges shall be made in advance, either annually or in accordance with any different billing frequency stated in the applicable Order Form. If the Order Form specifies that payment will be by a method other than a credit card, Anitian will invoice Subscriber in advance and otherwise in accordance with the relevant Order Form.
Unless otherwise stated in the Order Form, invoiced charges are due net 30 days from the invoice date. Subscriber is responsible for providing complete and accurate billing and contact information to Anitian and notifying Anitian of any changes to such information.
5.4. Taxes. The fees are exclusive of all applicable sales, use, value-added and other taxes, and all applicable duties, tariffs, assessments, export and import fees, or other similar charges, and Subscriber will be responsible for payment of all such taxes (other than taxes based on Anitian’s income), fees, duties, and charges and any related penalties and interest, arising from the payment of the fees, the delivery of the Services, or the license of the Software to Subscriber. Subscriber will make all payments of fees to Anitian free and clear of, and without reduction for, any withholding taxes; any such taxes imposed on payments of fees to Anitian will be Subscriber’s sole responsibility, and Subscriber will provide Anitian with official receipts issued by the appropriate taxing authority, or such other evidence as the Anitian may reasonably request, to establish that such taxes have been paid. Subscriber shall indemnify and defend Anitian in connection with any proceedings brought by any taxing authorities in connection with this Agreement.
5.5. Expenses. Subscriber shall reimburse Anitian for all costs, including Anitian’s reasonable out-of-pocket (including travel and living) expenses incurred in performing its obligations hereunder. All costs and expenses incurred by Subscriber in connection herewith are the sole responsibility of Subscriber.
5.6. Interest. Any amounts not paid when due shall bear interest at the rate of one and one half percent (1.5%) per month, or the maximum legal rate if less. Subscriber will permit Anitian or its representatives to review Subscriber’s relevant records and inspect Subscriber’s facilities to ensure compliance with this Agreement.
5.7. Audit. Anitian will give Subscriber at least ten (10) days advance notice of any such inspection and will conduct the same during normal business hours in a manner that does not unreasonably interfere with Subscriber’s normal operations. If any such audit should disclose any underpayment of fees, Subscriber shall promptly pay Anitian such underpaid amount, together with interest thereon at the rate specified in this section. If the amount of such underpayment exceeds five percent (5%) of fees actually paid during the audited period, Subscriber shall also pay Anitian for Anitian’s expenses associated with such audit.
6. SUBSCRIBER CONTENT AND RESPONSIBILITY
6.1. License; Ownership. Subscriber grants Anitian a nonexclusive, worldwide, royalty-free and fully paid license (a) to use the Subscriber Content as necessary for purposes of providing the Services and (b) to use the Subscriber trademarks, service marks, and logos as required to provide the Services. The Subscriber Content is the exclusive property of Subscriber. All rights in and to the Subscriber Content not expressly granted to Anitian in this Agreement are reserved by Subscriber.
6.2. Authorized Users Access to Services. Subscriber may permit any Authorized Users to access and use the features and functions of the Services as contemplated by this Agreement. User IDs cannot be shared or used by more than one Authorized User at a time. If a Subscriber wishes to add additional User IDs, Subscriber may order such additional User IDs at any time by executing a new Order Form detailing the number of additional User IDs. Upon written acceptance by Anitian of the Order Form, Anitian shall make the Service(s) available to the additional Authorized Users. Subscriber shall use commercially reasonable efforts to prevent unauthorized access to, or use of, the Services, and notify Anitian promptly of any such unauthorized use known to Subscriber.
6.3. Subscriber Warranty. Subscriber represents and warrants that any Subscriber Content related to or utilized by the Services shall not (a) infringe any copyright, trademark, or patent; (b) misappropriate any trade secret; (c) be deceptive, defamatory, obscene, pornographic or unlawful; (d) contain any viruses, worms or other malicious computer programming codes intended to damage Anitian’s or any third party’s system or data; or (e) otherwise violate the rights of a third party. Anitian is not obligated to back up any Subscriber Content; the Subscriber is solely responsible for creating backup copies of any Subscriber Content at Subscriber’s sole cost and expense. Subscriber agrees that any use of the Services contrary to or in violation of the representations and warranties of Subscriber in this section constitutes unauthorized and improper use of the Services.
6.4. Subscriber Responsibility for Data and Security. Subscriber and its Authorized Uses shall have access to and shall be responsible for all changes to the security of all passwords and other Access Protocols required in order the access the Services.
6.5. Copyright Policy. Anitian reserves the right to terminate its agreement with any Subscriber who infringes third party copyright rights.
7. WARRANTIES AND DISCLAIMERS
7.1. Limited Warranty. Anitian warrants to Subscriber that the Software will setup the Compliance Environment if used properly. Provided that Subscriber notifies Anitian in writing of any breach of the foregoing warranty during the term hereof, Anitian shall, as Subscriber’s sole and exclusive remedy, provide the support set forth in Exhibit A (Software Services) to this Agreement. This warranty gives Subscriber specific legal rights, and Subscriber may also have other rights which vary from jurisdiction to jurisdiction.
7.2. DISCLAIMER. EXCEPT AS SPECIFICALLY SET FORTH HEREIN, THE SERVICES PROVIDED BY ANITIAN ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WTHOUT WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF TITLE, NONINFRINGEMENT OR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NO ADVICE GIVEN BY ANITIAN, ITS AFFILIATES OR ITS CONTRACTORS OR THEIR RESPECTIVE EMPLOYEES SHALL CREATE A WARRANTY OF ANY TYPE OR NATURE.
7.3. Third Party Disclaimer. THE CLOUD INFRASTRUCTURE SERVICE AND THIRD PARTY PRODUCTS ARE NOT ANITIAN PRODUCTS. ANITIAN IS NOT RESPONSIBLE FOR THE CLOUD INFRASTRUCTURE SERVICE OR THIRD PARTY PRODUCTS, OR FOR ANY ACTS OR OMISSIONS OF THE THIRD-PARTY PROVIDER OF THE CLOUD INFRASTRUCTURE SERVICE OR THIRD PARTY PRODUCTS. SUBSCRIBER ACKNOWLEDGES THAT THE PROVIDER OF THE CLOUD INFRASTRUCTURE SERVICE MAY IMPLEMENT PROCEDURES THAT WOULD MAKE IT DIFFICULT OR IMPOSSIBLE TO ACCESS SUBSCRIBER’S DATA OR THE RESOURCES MADE AVAILABLE VIA THE CLOUD INFRASTRUCTURE SERVICE IN CERTAIN CIRCUMSTANCES (E.G., IN THE CASE OF A VIRUS, DENIAL-OF-SERVICE, OR SIMILAR ATTACK; TRANSMISSION OR STORAGE OF INFRINGING OR ILLEGAL CONTENT; USE FOR BULK EMAIL; USE THAT COULD OR DOES HARM THE THIRD PARTY’S NETWORKS OR SERVERS OR COMPROMISE SECURITY).
7.4. Compliance Responsibility. Use of Software shall not in any way constitute a guarantee from Anitian that Subscriber will be compliant with any regulations or standards including the compliance standard(s) applicable to the Software. The Sherlock Compliance Automation Software is intended to assist Subscriber in building and maintain a computing environment that is compliant. Subscriber is solely responsible for obtaining necessary certifications or accreditations to meet compliance requirements. Software does not include any automatic or default certifications for any compliance standard or regulation.
8. LIMITATION OF LIABILITY
8.1. IN NO EVENT SHALL SUBSCRIBER SEEK RECOURSE AGAINST THE ANITIAN’S INDIVIDUAL PARTNERS, DIRECTORS, OFFICERS, MEMBERS, INVESTORS OR SHALREHOLDERS OR ANY OF THEIR PERSONAL ASSETS FOR SATISFACTION OF ANY LIABILITY THAT MAY ARISE WITH REGARDS TO THIS AGREEMENT OR ANY SERVICE ORDER. OTHER THAN ACTS OR OMMISSION OF GROSS NEGLIGENCE, INTENTIONAL MISCONDUCT OR FRAUD, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL ANITIAN, ITS AFFILIATES, SUBSIDIARIES, EMPLOYEES, OFFICERS, DIRECTORS, INVESTORS, SHAREHOLDERS, CONTRACTORS, AGENTS AND OTHER REPRSENTATIVES BE LIABLE TO SUBSCRIBER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES OR LOST OR IMPUTED PROFITS OR ROYALTIES, LOST DATA, LOST EQUIPMENT OR COST OF PROCURMENT OF SUBSTITUTIVE SERVICES ARISING FROM OR RELATED TO THE SERVIES OR PERFORMANCE OF ITS OBLIGATIONS WITH REGARDS TO THIS AGREEEMENT OR ANY ORDER, WHETHER FOR, AMONG OTHER THINGS, BREACH OF WARRANTY OR ANY OBLIGATION ARISING THEREFROM, AND WHETHER LIABILITY IS ASSERTED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE AND STRICT PRODUCT LIABILITY) IRRESPECTIVE OF WHETHER EITHER PARTY HAS ADVISED OR HAS BEEN ADVISED OF THE POSSIBILITY OF ANY SUCH LOSS OR DAMAGE. OTHER THAN ACTS OR OMMISSION OF GROSS NEGLIGENCE, INTENTIONAL MISCONDICT OR FRAUD OR A COVERED CLAIM UNDER SECTION 8 HEREIN, ANITIAN’S LIABILITY HEREUNDER SHALL IN NO EVENT EXCEED AN AMOUNT EQUAL TO THE FEES PAID BY SUBSCRIBER TO ANITIAN DURING THE SIX (6) MONTHS PRECEDING THE ACT, OMISSION OR OCCURRENCE GIVING RISE TO SUCH LIABILITY FOR THE PARTICULAR SERVICE, OR SERVICE ORDER TO WHICH THE CLAIM PERTAINS. SUBSCRIBER HEREBY WAIVES ANY CLAIM THAT THESE EXCLUSIONS DEPRIVE THEM OF AN ADEQUATE REMEDY OR CAUSE THIS AGREEMENT TO FAIL OF ITS ESSENTIAL PURPOSE. .
8.2. BASIS OF THE BARGAIN. The parties agree that the limitations of liability set forth in this section shall survive and continue in full force and effect despite any failure of consideration or of an exclusive remedy. The parties acknowledge that the prices have been set and the Agreement entered into in reliance upon these limitations of liability and that all such limitations form an essential basis of the bargain between the parties.
9.1. Confidential Information. During the term of this Agreement, each party (the “Disclosing Party”) may provide the other party (the “Receiving Party”) with certain information regarding the Disclosing Party’s business, technology, products, or services or other confidential or proprietary information (collectively, “Confidential Information”). The Receiving Party agrees: (i) not to divulge to any third person any such Confidential Information, (i) to give access to such Confidential information solely to those employees with a need to have access thereto for purposes of this Agreement, and (iii) to take the same security precautions to protect against disclosure or unauthorized use of such Confidential information that the party takes with its own confidential information, but in no event will a party apply less than reasonable precautions to protect such Confidential Information. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing the Proprietary Information pursuant to any judicial or governmental order, provided that the Receiving Party gives the Disclosing Party reasonable prior notice of such disclosure to contest such order. Regardless of whether so marked or identified, the Software, Documentation, and all enhancements and improvements thereto will be considered Confidential Information of Anitian.
9.2. Exceptions. Subscriber acknowledges that Anitian does not wish to receive any Confidential Information from Subscriber that is not necessary for Anitian to perform its obligations under this Agreement, and, unless the parties specifically agree otherwise, Anitian may reasonably presume that any unrelated information received from Subscriber is not Confidential Information.
9.3. Disclosure. Both Parties will have the right to disclose the existence but not the terms and conditions of this Agreement, unless such disclosure is approved in writing by both Parties prior to such disclosure, or is included in a filing required to be made by a Party with a governmental authority (provided such party will use reasonable efforts to obtain confidential treatment or a protective order) or is made on a confidential basis as reasonably necessary to potential investors or acquirers.
10.1. Indemnity. Subscriber agrees and covenants to defend, indemnify and hold harmless Anitian, its directors, officers, managers, members of the Anitian company, employees, affiliates (collectively with Anitian, the “Covered Entities”) from and against any and all costs, expenses, damages, losses and/or liabilities (including reasonable attorney fees) (collectively, “Costs”) arising from or related to Claims made by or against any of the Covered Entities alleging: (i) infringement of any copyrights or misappropriation of any trade secrets related to the Subscriber’s use of the Services; (ii) damage caused by or related to Subscriber’s operations; (iii) damages arising from any breach of this Agreement by Subscriber; or (iv) any warranties provided by or through Subscriber to any third parties regarding the Services (collectively, the “Covered Claims”).
10.2. Procedure. Subscriber’s obligations as set forth above are expressly conditioned upon each of the foregoing: (a) Anitian shall promptly notify the Subscriber in writing of any threatened or actual claim or suit; and (b) Anitian shall cooperate with Subscriberto facilitate the settlement or defense of any claim or suit.
11. TERM AND TERMINATION
11.1. Subscription Term. Unless otherwise specified in a formal executed Order Form, the initial term of this agreement shall be twelve (12) months. This Agreement shall be automatically renewed for consecutive twelve (12) month terms unless either party provides written notice to the other of its intention not to renew at least thirty (30) days prior to the expiration of the then-current term.
11.2. Termination. Either party may terminate this Agreement immediately upon notice to the other party if the other party materially breaches this Agreement, and such breach (except for failure to pay when due) remains uncured more than thirty (30) days after receipt of written notice of such breach. Anitian pay terminate this Agreement with five (5) days notice if Subscriber fails to make a payment when due.
11.3. Effect of Termination. Upon termination or expiration of this Agreement for any reason: (a) all rights and obligations of both parties, including all licenses granted hereunder, shall immediately terminate; (b) within ten (10) days after the effective date of termination, each party shall comply with the obligations to return all Confidential Information of the other party, as set forth in the section titled Confidentiality; and (c) within ten (10) days after the effective date of termination, Anitian shall discontinue all use of Subscriber Content and destroy all copies of Subscriber Content in its possession (d) Subscriber will remove all Software code, content, Third Party Products and configurations from their Cloud Infrastructure Provider. The sections and subsections titled Definitions, Limitations, Warranties and Disclaimers, Limitation of Liability, Confidentiality, Indemnification, Effect of Termination, and Miscellaneous will survive expiration or termination of this Agreement for any reason.
11.4. Effect of Early Termination on Managed Services. Cancelling any Managed Services portion of this Agreement will result in the following: (a) Anitian will cease all managed services and threat hunting within 10 days of notification, (b) Anitian will transfer control of managed technologies to Subscriber within 30 days; (c) Anitian will not provide any support or consulting on the technologies following the date of transfer (e) upon notice of cancellation, Subscriber will incur the following additional charges:
CANCEL MONTH SUBSCRIBER WILL BE CHARGED
1-6 Four (4) additional months of service
7-12 Three (3) additional months of service
13-24 Two (2) additional months of service
25-36 One (1) additional month of service
12.1. Governing Law and Venue. This Agreement and any action related thereto will be governed and interpreted by and under the laws of the State of Oregon, without giving effect to any conflicts of laws principles that require the application of the law of a different jurisdiction. Subscriber hereby expressly consents to the personal jurisdiction and venue in the state and federal courts for the county in which Anitian’s principal place of business is located for any lawsuit filed there against Subscriber by Anitian arising from or related to this Agreement. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement. The laws of the jurisdiction where Subscriber is located may be different from Oregon law. Subscriber shall always comply with all international and domestic laws, ordinances, regulations, and statutes that are applicable to its purchase and use of the Software, Documentation, or Services hereunder.
12.2. Export. Subscriber agrees not to export, reexport, or transfer, directly or indirectly, any U.S. technical data acquired from Anitian, or any products utilizing such data, in violation of the United States export laws or regulations. Subscriber shall not permit Authorized Users to access or use any Services in a U.S. embargoed country (currently Cuba, Iran, North Korea, Sudan, Syria or Crimea) or in violation of any U.S. export law or regulation.
12.3. Severability. If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. Without limiting the generality of the foregoing, Subscriber agrees that the section titled Limitation of Liability will remain in effect notwithstanding the unenforceability of any provision in the subsection titled Limited Warranty.
12.4. Waiver. No waiver by either party of any breach of this Agreement constitutes a waiver of any other breach of the same or other provisions of the Agreement. Waivers must be made in writing and signed by an officer of the party.
12.5. Remedies. Except as provided in Sections 8 and 10, the parties’ rights and remedies under this Agreement are cumulative. Subscriber acknowledges that the Services, Software, and Documentation contain valuable trade secrets and proprietary information of Anitian, that any actual or threatened breach of Sections 4 or 9 or any other breach by Subscriber of its obligations with respect to Intellectual Property Rights of Anitian will constitute immediate, irreparable harm to Anitian for which monetary damages would be an inadequate remedy. In such case, Anitian will be entitled to immediate injunctive relief without the requirement of posting bond, including an order that any Software, Documentation, or any portions thereof, that Subscriber attempts to import into any country or territory be seized, impounded and destroyed by customs officials. If any legal action is brought to enforce this Agreement, the prevailing party will be entitled to receive its attorneys’ fees, court costs, and other collection expenses, in addition to any other relief it may receive.
12.6. No Assignment. Neither party shall assign, subcontract, delegate, or otherwise transfer this Agreement, or its rights and obligations herein, without obtaining the prior written consent of the other party, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void; provided, however, that either party may assign this Agreement in connection with a merger, acquisition, reorganization or sale of all or substantially all of its assets, or other operation of law, without any consent of the other party. The terms of this Agreement shall be binding upon the parties and their respective successors and permitted assigns.
12.7. Force Majeure. Any delay in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay is caused by a labor dispute, shortage of materials, fire, earthquake, flood, or any other event beyond the control of such party, provided that such party uses reasonable efforts, under the circumstances, to notify the other party of the cause of such delay and to resume performance as soon as possible.
12.8. Independent Contractors. The relationship of the parties hereunder is always and will only be that of independent contractors. No provisions of this Agreement should be construed to create a joint venture, agency, partnership or any similar relationship between the parties. Neither party has the right or authority to create an obligation or responsibility on behalf of the other.
12.9. Notices. Each party must deliver all notices or other communications required or permitted under this Agreement in writing to the other party at the address listed on the first page of the Agreement by courier, by certified or registered mail (postage prepaid and return receipt requested), or by a nationally-recognized express mail service. Notice will be effective upon receipt or refusal of delivery. If delivered by certified or registered mail, any such notice will be considered to have been given five (5) business days after it was mailed, as evidenced by the postmark. If delivered by courier or express mail service, any such notice shall be considered to have been given on the delivery date reflected by the courier or express mail service receipt. Each party may change its address for receipt of notice by giving notice of such change to the other party.
12.10. Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be deemed an original and all of which shall be taken together and deemed to be one instrument.
12.11. Entire Agreement. This Agreement, the Order Forms, any attachments and all Exhibits is the final, complete and exclusive agreement of the parties with respect to the subject matters hereof and supersedes and merges all prior discussions between the parties with respect to such subject matters. No modification of or amendment to this Agreement, or any waiver of any rights under this Agreement, will be effective unless in writing and signed by an authorized signatory of Subscriber and the Anitian.
EXHIBIT A: SOFTWARE SERVICES
Subject to the terms and conditions of the Agreement, Anitian will provide to Subscriber the following:
A1. DESCRIPTION OF SOFTWARE.
A1.1. Sherlock Compliance Automation. Providing software to setup and configure a cloud environment to meet compliance requirements. Software includes many components, some of which are Third Party Products.
A1.2. Hardened Machine Images. Providing pre-configured computer systems that are configured to meet compliance requirements.
A2.1. The Services and Documentation will be made available to Subscriber at sherlockcloud.io.
A2.1.1. At Subscriber’s request and at no charge to Subscriber, Anitian will provide an initial 1 hour telephone session to instruct Authorized Users regarding the basic access and use of the Software.
A2.1.2. Subscription period length is 12 months, 24 months, or 36 months as specified in the Order Form.
A2.1.3. The maximum number of Compliance Environments is specified in the Order Form. Anitian and/or its suppliers may audit applicable records in order to verify Subscriber’s compliance with the Compliance Environments parameters.
A3.1. During the Term, support provided to Subscriber shall comprise the following:
A3.1.1. Standard Support. Anitian shall provide email based support for use by Authorized Users Monday through Friday, 8 am to 5 pm EST, US holidays excluded, for problem resolution assistance. This Support is only available to Authorized Users. This support is exclusively for problems with Software and does not include guidance on compliance or assisting Subscriber’s auditors.
A3.1.2. Error Corrections. Anitian will use commercially reasonable efforts to correct all Errors in the Software reported by Subscriber in writing to Anitian. Anitian will utilize remote diagnostic procedures whenever possible for Error diagnosis and Error Correction. Anitian may not issue Error Corrections for all Errors.
A3.1.3. Improvements. During the Term, Anitian may, in its sole discretion, provide Subscriber with updates, upgrades, enhancements, and any other improvements that Anitian then generally offers to other subscribers to the Service.
A4. SUBSCRIBER RESPONSIBILITIES.
A4.1. It shall be Subscriber’s sole responsibility to perform those specific services that are necessary to establish Subscriber’s or Authorized Users’ use of the Software, Documentation, and Services. This includes, but is not limited to: (a) providing employee lists to set up Authorized User accounts and (b) designating Authorized Users to participate in training.
A5. OTHER SERVICES
A5.1. Anitian’s services outside the scope of this Agreement, if any, shall be provided pursuant to Anitian’s then-current applicable services policies and procedures, including, at a minimum, execution of Anitian’s then-current consulting/professional services agreement and payment of Anitian’s then-current fees for such services, plus Anitian’s reasonable costs and expenses incurred in providing such services.
EXHIBIT B: MANAGED SECURITY
B1. DESCRIPTION OF SERVICE
B1.1. Sherlock Managed Detection and Response. Provides security monitoring and management for the Sherlock Compliance Automation environment(s). This Service includes the following:
B1.1.1. Attack Detection: Anitian will monitor Subscriber’s environment for signs of attack, compromise, data breach, malware, abuse, theft, or infiltration from an unauthorized source.
B1.1.2. Threat Hunting: Anitian will actively review Subscriber’s security information and events for evidence of threat actors and/or compromise within Subscriber’s environment using Anitian’s exclusive Sherlock threat hunting techniques.
B1.1.3. Threat Assessment: Anitian will assess the severity threats poses to Subscriber’s data, security, operations, and availability.
B1.1.4. Incident Response: Anitian will respond to events using one or more of the following means:
• Alert: Anitian will send an alert to the Subscriber to advise them of the incident and severity.
• Automated Response: Anitian will implement automatic responses on security controls to block or quarantine malicious behavior.
• Manual Response: If Anitian’s analysts determines a threat is both severe and automated defenses may not stop it, Anitian will manually configure security controls to attempt to block the attacker(s) and protect Subscriber’s data. Anitian will contact Subscriber prior to implementing any changes.
• Extended Incident Response: In the rare event of a serious breach that was not blocked, Anitian can provide, for an additional cost, digital forensics services to analyze the attack techniques and assist the Subscriber in restoring their environment to a secure state.
B2.1. At Subscriber’s request and at no charge to Subscriber, Anitian will provide weekly reports to Subscriber on security issues. This report will be delivered via email or a web portal.
B3. SUBSCRIPTION LENGTH
B3.1. Subscription period length is 12 months, 24 months, or 36 months as specified in the Order Form.
B4.1. During the Term, support provided to Subscriber shall comprise the following:
B4.1.1. Support. Anitian shall provide email and telephone support for use by Authorized Users 24 hours a day, for problem resolution or security incident troubleshooting. This Support is only available to Authorized Users.
B4.1.2. Extended Guardrails. Anitian will monitor the environment for alignment with compliance requirements and report any potentially non-compliant configurations to the Subscriber.
B4.1.3. Improvements. During the Term, Anitian may, in its sole discretion, provide Subscriber with updates, upgrades, enhancements, and any other improvements that Anitian then generally offers to other subscribers to the Service.
B5. SUBSCRIBER RESPONSIBILITIES
B5.1. It shall be Subscriber’s sole responsibility to perform those specific services that are necessary to establish Subscriber’s or Authorized Users’ use of the Software, Documentation, and Services. This includes, but is not limited to: (a) providing employee lists to set up Authorized User accounts and (b) designating Authorized Users to participate in training.
B6. SERVICE LEVEL AGREEMENTS
B6.1. Definitions for this Section:
B6.1.1. Incident is a credible, validated threat to Subscriber’s security.
B6.1.2. Emergency Change is when a change that must be made to Subscriber’s environment quickly due to an immediate threat to the stability or security of the Subscriber’s environment. Subscriber’s are entitled to two Emergency Changes in any 30 day period. Additional requires may incur additional costs.
B6.1.3. Regular Changes are policy or configuration changes that do not meet the criteria of an Emergency as defined above.
B6.2. Anitian agrees to uphold the following Service Level Agreements for this Service.
B6.2.1. Incident Response: 6 hours
B6.2.2. Regular Changes: 72 hours
B6.2.3. Emergency Changes: 1 hour
B7. REMEDY PROCESS
B7.1. This section defines the process for Subscriber’s to make a claim for any Service Level Agreement that was not met. Subscriber agrees that this is the sole and exclusive remedy for a Service Level Agreement violation.
B7.2. To receive a credit, Subscriber must submit a claim via email to email@example.com within 7 business days from the date when the Service Level Agreement was violated. The claim submission must include the following information:
B7.2.1. The email subject line must contain the words “SLA Credit Request”
B7.2.2. The email body must contain 1) Subscriber’s name, b) Subscriber’s contact name c) Subscriber’s phone number; d) a description of the violation; and e) the date(s) and time(s) of the violation.
B7.3. Anitian will make all credit determinations in its reasonable discretion and will notify the designated contact(s) in writing (which may be in the form of an email) of its decision. If any request is rejected, Anitian will explain the reason for this rejection.
B7.4. For every hour Anitian violates the Service Level Agreement, Subscriber will be issued a credit of $200 up to a maximum of $5000. The credit will be applied to the Subscriber’s next monthly charge.
B7.5. Cancellation. Subscribers who have cancelled their Service Agreement are not entitled to Service Level Agreement claims.