End User Licensing Agreement
This End User License Agreement (“EULA”) governs Subscriber’s license and use of certain Software and/or Products developed by Anitian, Inc. (“Anitian”). If Subscriber registers for an evaluation use of Anitian’s Software or Products, this EULA will also govern that evaluation. By accepting this EULA, Subscriber agrees to the terms of this EULA. If the person is entering into this EULA on behalf of another legal entity, you represent that you have the authority to bind such entity and its affiliates to these terms and conditions, in which case the terms “you” or “your” shall refer to such entity and its affiliates. If you do not have such authority, or if you do not agree with these terms and conditions, you must not accept this agreement and may not use the software or the platforms the software creates.
Capitalized terms shall have the meanings set forth in this section, or in the section where they are first used.
“Access Protocols” means the passwords, access codes, technical specifications, connectivity standards or protocols, or other relevant procedures, as may be necessary to allow Subscriber or any Authorized Users to access the Products.
“Authorized User” means any individual who is an employee of Subscriber or such other person or entity as may be authorized by a Proposal, to access the one or more Products pursuant to Subscriber’s rights under this Agreement.
“Documentation” means the technical materials provided by Anitian to Subscriber in hard copy or electronic form describing the use and operation of the Software.
“Error” means a reproducible failure of the Software to substantially conform to the Documentation.
“Error Corrections” means bug fixes or workarounds intended to correct Errors in the Software.
“Intellectual Property Rights” means any and all now known or hereafter existing (a) rights associated with works of authorship, including copyrights, mask work rights, and moral rights; (b) trademark or service mark rights; (c) trade secret rights; (d) patents, patent rights, and industrial property rights; (e) other layout design rights, design rights, and other proprietary rights of every kind and nature; and (f) all registrations, applications, renewals, extensions, or reissues of the foregoing, in each case in any jurisdiction throughout the world.
“Product(s)” means one or more software products Anitian has developed and are licensed to Subscriber as defined in one or more Proposals or on-line orders. Products Anitian provides include, but are not limited to: Anitian Compliance Automation, Anitian Cloud Security Platform, PCI Hardened AWS Amazon Machine Images, Anitian Cloud Security Information and Event Manager (SIEM), and Anitian Cloud Automation.
“Proposal” means a document signed by Subscriber or an online order specifying the Software and/or Services to be made available by Anitian pursuant to this Agreement.
“Subscriber Content” or “Data” are interchangeable and mean any Subscriber-specific content. This includes, but is not limited to, security logs, system logs, system configurations, custom scripts, Third-party software, and information the Subscriber input or uploaded to software components.
“Software” refers generically to any software, code, scripts, automations, configurations, or other intellectual property developed by Anitian and licensed to Subscriber under the terms of this EULA. Software may also be part of one or more of the Products provided to Subscriber as defined in one or more Proposals.
“Services” refers to professional or managed services provided in tandem with Software and defined in one (or more) Proposals or on-line orders.
“Supported Environment” means the minimum hardware, software, and connectivity configuration specified from time to time by Anitian as required for use of the Software.
“Platform” means the cloud environments Anitian’s Products create which includes (but is not limited to) system instances, containers, virtual private clouds (VPC), networks, access controls, environment specific configurations, encrypted secrets, passwords, license keys, and user accounts.
“Third Party Products” means software that is included as part of the Software, but does not belong to Anitian. Subscriber’s use of Third Party Products is governed under separate end user license agreements for each Third Party Product.
“Cloud Service Provider” means the cloud provider (e.g. AWS) where the Subscriber will use the Software.
“Managed Services” means the on-going security monitoring and management Services that can be included with the Software. Managed Services are delivered on an on-going basis, rather than a one-time engagement.
“Software Term” the period of time where the Subscriber is subscribed to Software, which may also include managed services.
- Provision of Products
Access. Subject to Subscriber’s payment of the fees in one or more Proposals, Anitian will provide Subscriber access to Products and/or Software. On or as soon as reasonably practicable after the Effective Date, Anitian shall provide to Subscriber the necessary passwords, security protocols and policies and network links or connections and Access Protocols to allow Subscriber and its Authorized Users to access the Products in accordance with the Access Protocols.
Responsibility for Products and Content Hosting. Subscriber shall, at its own expense, provide for the hosting of the Platform which is accessible as part of the Product. Unless otherwise set forth on a Proposal, Subscriber is responsible for providing and using credentials for all Product components. The Subscriber shall receive a separate bill for charges and fees imposed by the provider of Cloud Service Providers and/or Third Party Products.
Subscriber Credentials. Subscriber may elect to provide Anitian access to keys, credentials, or passwords (“Credentials”) to access Subscriber’s applications and/or technology infrastructure. By providing Anitian any such Credentials, Subscriber authorizes Anitian to use those Credentials and to access Subscriber applications and infrastructure for the purpose of providing Software under this Agreement.
Anitian represents and warrants that it follows industry-standard policies and provides Software features and internal practices to protect the security and integrity of Subscriber Data (including without limitation employee data). Anitian will notify Subscriber as soon as possible, to be followed-up in writing, of any actual Security Incident (as defined below) involving such Subscriber Data. The notification provided to Subscriber shall include, if known, and to Anitian’s knowledge as of the time of notice: (i) the general circumstances and extent of any unauthorized access to Subscriber Data or intrusion into the computer systems or facilities on or in which Subscriber Data is maintained; (ii) which categories of Subscriber Data were involved; (iii) the identities of all individuals whose Anitian personal information was affected; and (iv) steps taken to secure the data and preserve information for any necessary investigation. The notification required to be delivered to Subscriber under this Section shall be delivered promptly and in no event later than twenty-four (24) hours after Anitian learns of any such actualSecurity Incident. Anitian shall not delay its notification to Subscriber for any reason, including, without limitation, investigation purposes. Anitian shall cooperate fully with Subscriber in investigating and responding to each successful or attempted security breach including allowing immediate access to Anitian’ facility by Subscriber’s investigator, to investigate, and obtain copies of data as provided herein.
Security Incident occurs when Anitian knows or has reason to know that: (A) Anitian has experienced an incident resulting in the unauthorized acquisition of unauthorized use of unencrypted Subscriber Data, or encrypted Subscriber Data and the confidential process or key that is capable of compromising the security, confidentiality or integrity of Subscriber Data that creates a substantial risk of theft or fraud; or (B) Subscriber Data was acquired or used by an unauthorized person or used for an unauthorized purpose. In the event of any Security Incident, Anitian shall assist Subscriber to provide notification and take other reasonable actions that Subscriber, in Subscriber’s reasonable discretion, determines necessary to mitigate the effects of such Security Incident or in compliance with applicable law.
Subscriber’s Proprietary Information. Anitian shall (a) safeguard the Subscriber Data and, Subscriber’s Confidential Information, methods, systems, process, materials, business models, campaign configurations, trade secrets and any other information that are collected, stored or resident in the Products, or that can be derived or inferred from the Software or related deliverables (“Subscriber’s Proprietary Information”) and (b) ensure that Subscriber’s Proprietary Information is not combined, associated or kept with any information not authorized by Subscriber.
General Restrictions. Anitian shall only use Subscriber’s Proprietary Information or Subscriber’s Data as set forth in this Agreement, and except as set forth in this Agreement, shall not (and shall not allow any third party to): (a) sell, rent, lease, provide access to or sublicense the Subscriber’s Proprietary Information or Subscriber’s Data to a third party or use the Subscriber’s Proprietary Information or Subscriber’s Data to provide a Product to a third-party (for example, by offering consulting Products to third parties); (b) copy, reverse engineer, decompile, disassemble, modify or create any derivative product from the Subscriber’s Proprietary Information; (c) remove or obscure any product identification, proprietary, copyright or other notices contained in the Subscriber’s Proprietary Information; or (d) incorporate the Subscriber’s Proprietary Information into any other offering.
- Third Party Products
The Software may include third-party software as part of the Product(s). Third Party Products are licensed as part of the Software. License keys for Third Party Products will be provided to Subscriber within thirty (30) days after the Effective Date of this Agreement.
End user license agreements for each Third Party Product is included with each Third Party Software product. Anitian can also provide copies of all Third Party EULA’s upon request.
If Subscriber does not consent to the terms of any of the Third Party Product end user licensing agreements, it must notify Anitian in writing within 30 days from the Effective Date of this Agreement. Subscriber must delete Third Party Products from the Platform immediately. Anitian is not obligated to assist Subscriber with deleting Third Party Products. Since some Third Party Products are embedded into Anitian’s Products, Anitian cannot guarantee Subscriber will receive a refund for pre-purchased Third Party Products. Anitian will issue a refund or stop any usage billing where possible and applicable.
Your continued use of the Third Party Products after 30 days from the Effective Data indicates your acceptance and agreement to all the terms in all Third Party Product end user license agreements.
- Intellectual Property
License Grant. Subject to the terms and conditions of this Agreement, Anitian grants to Subscriber a non-exclusive, non-transferable license during the term, solely for Subscriber’s internal business purposes, (a) to access, use, perform, and digitally display the Product(s) in accordance with the Documentation; and (b) to use and reproduce a reasonable number of copies of the Documentation solely to support Subscriber’s use of the Products. Anitian Corporation owns all right, title and interest, including without limitation all intellectual property and other rights, in and to the Product(s), Content (except for Subscriber Content, third-party content, Third Party Products, if any, therein).
Anitian Product(s) are proprietary Software available on SaaS subscription basis. Use of Software for any purpose not set forth in this Agreement is prohibited. All templates, scripts, code, and other content are the property of Anitian and/or its business partners, affiliates, assigns, licensors or other respective owners. Subscriber shall not decompile, disassemble, or reverse engineer the Software or any elements of the Software, or otherwise derive source or object code from the Software or any elements thereof. After the expiration of evaluation period and upon the first monthly or yearly payment, Anitian will grant to Subscriber a perpetual, non-transferable, non-sublicensable, non-exclusive, paid-up right and license to use, copy, modify and prepare derivative works of the Platform, for purposes of Subscriber’s internal business only.
Limitations. The Software, together with all know-how, processes, methodologies, specifications, designs, inventions, functionality, graphics, user interfaces, techniques, methods, applications, libraries, documentation or other technology and materials of any kind, or any enhancement thereof, used or made available by Anitian to you or any Authorized User in connection with the Software and Support, constitute or otherwise involve valuable intellectual property rights of Anitian and all right, title and interest in and to the foregoing will, as between the Parties, be owned by Anitian. No title to or ownership of the Software, or any intellectual property rights associated therewith, is transferred under this Agreement and Anitian reserves all rights not otherwise expressly granted herein.
Open Source Software. Certain items of software may be provided to Subscriber with the Software and are subject to “open source” or “free software” licenses (“Open Source Software”). Some of the Open Source Software is owned by third parties. The Open Source Software is not subject to the terms and conditions of the section titled Indemnification or the subsection titled License Grant. Instead, each item of Open Source Software is licensed under the terms of the end-user license that accompanies such Open Source Software. Nothing in this Agreement limits Subscriber’s rights under, or grants Subscriber rights that supersede, the terms and conditions of any applicable end user license for the Open Source Software. If required by any license for particular Open Source Software, Anitian makes such Open Source Software, and Anitian’s modifications to that Open Source Software, available by written request at the notice address specified below.
- Fees, Expenses, and Payments
Fees. Subscriber will pay to Anitian the fees set forth in the Proposal or on-line order.
- Subscriber Data and Responsibility
License; Ownership. Subscriber grants Anitian a nonexclusive, worldwide, royalty-free and fully paid license (a) to use the Subscriber Data as necessary for purposes of providing the Products and (b) to use the Subscriber trademarks, Product marks, and logos as required to provide the Products. The Subscriber Data hosted by Anitian as part of the Products, and all worldwide Intellectual Property Rights in it, is the exclusive property of Subscriber. All rights in and to the Subscriber Data not expressly granted to Anitian in this Agreement are reserved by Subscriber.
Authorized Users Access to Products. Subscriber may permit any Authorized Users to access and use the features and functions of the Products as contemplated by this Agreement. User IDs cannot be shared or used by more than one Authorized User at a time. If a Subscriber wishes to add additional User IDs, Subscriber may order such additional User IDs at any time by executing a new Proposal detailing the number of additional User IDs. Upon written acceptance by Anitian of the Proposal, Anitian shall make the Software(s) available to the additional Authorized Users. Subscriber shall use commercially reasonable efforts to prevent unauthorized access to, or use of, the Products, and notify Anitian promptly of any such unauthorized use known to Subscriber.
Subscriber Warranty. Subscriber represents and warrants that any Subscriber Content hosted by Anitian as part of the Products shall not (a) infringe any copyright, trademark, or patent; (b) misappropriate any trade secret; (c) be deceptive, defamatory, obscene, pornographic or unlawful; (d) contain any viruses, worms or other malicious computer programming codes intended to damage Anitian’s system or data; or (e) otherwise violate the rights of a third party. Anitian is not obligated to back up any Subscriber Content; the Subscriber is solely responsible for creating backup copies of any Subscriber Content at Subscriber’s sole cost and expense. Subscriber agrees that any use of the Products contrary to or in violation of the representations and warranties of Subscriber in this section constitutes unauthorized and improper use of the Products.
Subscriber Responsibility for Data and Security. Subscriber and its Authorized Uses shall have access to the Subscriber Data and shall be responsible for all changes to and/or deletions of Subscriber Data and the security of all passwords and other Access Protocols required in order the access the Products. Subscriber shall have the ability, both during the term and following termination, at no cost to Subscriber, to export Subscriber Data out of the Products and is encouraged to make its own back-ups of the Subscriber Data. Subscriber shall have the sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Subscriber Data.
- Warranties and Disclaimers
Limited Warranty. Anitian warrants to Subscriber that the Software will setup the Platform(s) properly. Provided that Subscriber notifies Anitian in writing of any breach of the foregoing warranty during the term hereof, Anitian shall, as Subscriber’s sole and exclusive remedy, provide the support set forth in Addendum B Software Support to this Agreement. This warranty gives Subscriber specific legal rights, and Subscriber may also have other rights which vary from jurisdiction to jurisdiction.
Disclaimer. THE CLOUD SERVICE PROVIDER AND THIRD PARTY PRODUCTS ARE NOT ANITIAN PRODUCTS. ANITIAN IS NOT RESPONSIBLE FOR THE CLOUD SERVICE PROVIDER OR THIRD PARTY PRODUCTS, OR FOR ANY ACTS OR OMISSIONS OF THE THIRD-PARTY PROVIDER OF THE CLOUD SERVICE PROVIDER OR THIRD PARTY PRODUCTS. SUBSCRIBER ACKNOWLEDGES THAT THE PROVIDER OF THE CLOUD SERVICE PROVIDER MAY IMPLEMENT PROCEDURES THAT WOULD MAKE IT DIFFICULT OR IMPOSSIBLE TO ACCESS SUBSCRIBER’S DATA OR THE RESOURCES MADE AVAILABLE VIA THE CLOUD SERVICE PROVIDER IN CERTAIN CIRCUMSTANCES (E.G., IN THE CASE OF A VIRUS, DENIAL-OF-SERVICE, OR SIMILAR ATTACK; TRANSMISSION OR STORAGE OF INFRINGING OR ILLEGAL CONTENT; USE FOR BULK EMAIL; USE THAT COULD OR DOES HARM THE THIRD PARTY’S NETWORKS OR SERVERS OR COMPROMISE SECURITY).
Compliance Responsibility. Use of Software shall not in any way constitute a guarantee that Subscriber will be compliant with any regulations or standards including the compliance standard(s) applicable to the Software. Anitian’s Products and the Platforms they build are intended to assist Subscriber in building and maintain a computing environment that meets compliance and security requirements. Subscriber is solely responsible for obtaining necessary certifications or accreditations to meet any compliance or security certifications. Software does not include any automatic or default certifications for any compliance standard or regulation.
- LIMITATION OF LIABILITY
TYPES OF DAMAGES. TO THE EXTENT LEGALLY PERMITTED UNDER APPLICABLE LAW, ANITIAN OR ITS SUPPLIERS SHALL NOT BE LIABLE TO SUBSCRIBER FOR ANY SPECIAL, INDIRECT, EXEMPLARY, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY NATURE INCLUDING, BUT NOT LIMITED TO DAMAGES OR COSTS DUE TO LOSS OF PROFITS, DATA, REVENUE, GOODWILL, PRODUCTION OR USE, BUSINESS INTERRUPTION, PROCUREMENT OF SUBSTITUTE GOODS OR PRODUCTS, OR PERSONAL OR PROPERTY DAMAGE ARISING OUT OF OR IN CONNECTION WITH ANITIAN’S PERFORMANCE HEREUNDER OR THE USE, MISUSE, OR INABILITY TO USE THE SOFTWARE, DOCUMENTATION, PRODUCTS OR OTHER PRODUCTS OR PRODUCTS HEREUNDER, REGARDLESS OF THE CAUSE OF ACTION OR THE THEORY OF LIABILITY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, EVEN IF ANITIAN HAS BEEN NOTIFIED OF THE LIKELIHOOD OF SUCH DAMAGES.
AMOUNT OF DAMAGES. THE MAXIMUM LIABILITY OF ANITIAN ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT SHALL NOT EXCEED THE FEES PAID BY SUBSCRIBER TO ANITIAN DURING THE SIX (6) MONTHS PRECEDING THE ACT, OMISSION OR OCCURRENCE GIVING RISE TO SUCH LIABILITY. NOTHING IN THIS AGREEMENT SHALL LIMIT OR EXCLUDE ANITIAN’S LIABILITY FOR GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT OF ANITIAN OR ITS EMPLOYEES OR AGENTS OR FOR DEATH OR PERSONAL INJURY. SOME STATES AND JURISDICTIONS DO NOT ALLOW FOR THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO SUBSCRIBER.
BASIS OF THE BARGAIN. The parties agree that the limitations of liability set forth in this section shall survive and continue in full force and effect despite any failure of consideration or of an exclusive remedy. The parties acknowledge that the prices have been set and the Agreement entered into in reliance upon these limitations of liability and that all such limitations form an essential basis of the bargain between the parties.
- TERM AND TERMINATION
Subscription Term. Unless otherwise specified in a Proposal, the term of this Agreement shall be twelve (12) months. This Agreement shall automatically renew on a month-to-month basis unless either party provides written notice to the other of its intention not to renew at least thirty (30) days prior to the expiration of the then-current term.
This Agreement may be terminated by either Party for any reason upon forty-five (45) calendar days’ advance written notice. In addition, this Agreement may be terminated by a Party immediately upon notice to the other Party if such other party materially breaches this Agreement, and such breach remains uncured more than thirty (30) days after receipt of written notice of such breach.
In the event of a termination for convenience by Subscriber or a termination by Anitian due to an uncured material breach by Subscriber, (a) Subscriber will pay Anitian all amounts accrued for Products or Services provided prior to the effective date of termination; (b) to the extent not already prepaid, Subscriber will pay Anitian for the balance owed on all Products and Services subscribed to by Subscriber in the Proposal; and (c) Subscriber will not be entitled to any prepaid, but unused subscription amounts.
In the event of a termination for convenience by Anitian or a termination by Subscriber due to an uncured material breach by Anitian, (a) Subscriber will pay Anitian all amounts accrued for Products or Services provided prior to the effective date of termination; (b) Anitian will refund any amounts for Products and Services that were prepaid for period after the effective date of termination; and (c) Subscriber will have no obligation to pay for any Products or Services ordered or subscribed to but not yet received pursuant to a Proposal.
Within 10 days of a notice of Termination, Anitian shall submit to the Subscriber an itemized invoice for any fees, damages, or expenses that are applicable. Upon payment of the final invoice, the Subscriber shall thereafter have no further liability or obligation to Anitian for any further fees, expenses, or other payment under this Agreement.
Effect of Termination. Upon termination or expiration of this Agreement for any reason: (a) all rights and obligations of both parties, including all licenses granted hereunder, shall immediately terminate; (b) within ten (10) days after the effective date of termination, each party shall comply with the obligations to return all Confidential Information of the other party, as set forth in the section titled Confidentiality; and (c) within ten (10) days after the effective date of termination, Anitian shall discontinue all use of Subscriber Content, allow Subscriber, without cost, to export all Subscriber Content and destroy all copies of Subscriber Content in its possession (d) Subscriber will remove all Software code, content, Third Party Products and configurations from their Cloud Service Provider. The sections and subsections titled Definitions, Limitations, Warranties and Disclaimers, Limitation of Liability, Confidentiality, Indemnification, Effect of Termination, and Miscellaneous will survive expiration or termination of this EULA for any reason.
Export. Subscriber agrees not to export, reexport, or transfer, directly or indirectly, any U.S. technical data acquired from Anitian, or any products utilizing such data, in violation of the United States export laws or regulations. Subscriber shall not permit Authorized Users to access or use any Products in a U.S. embargoed country (currently Cuba, Iran, North Korea, Sudan, Syria or Crimea) or in violation of any U.S. export law or regulation.
Severability. If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. Without limiting the generality of the foregoing, Subscriber agrees that the section titled Limitation of Liability will remain in effect notwithstanding the unenforceability of any provision in the subsection titled Limited Warranty.
Waiver. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.
ADDENDUM A: SOFTWARE SUPPORT
During the Term, support provided to Subscriber shall comprise the following:
- Standard Support. Anitian shall provide email-based support for use by Authorized Users Monday through Friday, 6 am to 6 pm PST, US holidays excluded, for problem resolution assistance. This Support is only available to Authorized Users. This support is exclusively for problems with Software and does not include guidance on compliance or assisting Subscriber’s auditors.
- Error Corrections. Anitian will use commercially reasonable efforts to correct all Errors in the Software reported by Subscriber in writing to Anitian. Anitian will utilize remote diagnostic procedures whenever possible for Error diagnosis and Error Correction. Anitian may not issue Error Corrections for all Errors.
- During the Term, Anitian may, in its sole discretion, provide Subscriber with updates, upgrades, enhancements, and any other improvements that Anitian then generally offers to other subscribers to the Product.
- Subscriber’s Responsibilities
It shall be Subscriber’s sole responsibility to perform those specific Products that are necessary to establish Subscriber’s or Authorized Users’ use of the Software, Documentation, and Products. This includes, but is not limited to: (a) providing employee lists to set up Authorized User accounts and (b) designating Authorized Users to participate in training.
- Other Products
Anitian’s Products outside the scope of this Agreement, if any, shall be provided pursuant to Anitian’s then-current applicable Products policies and procedures, including, at a minimum, execution of Anitian’s then-current consulting/professional Products agreement and payment of Anitian’s then-current fees for such Products, plus Anitian’s reasonable costs and expenses incurred in providing such Products. Anitian will obtain Subscriber’s prior written consent prior to performing any work Product that falls outside the scope of this Agreement.
ADDENDUM B: SECURITY OPERATION SERVICES
This section defines special terms and conditions applicable to Anitian’s Security Operations Services (“SecOps”). The terms and service level agreements in this section only apply if Subscriber has an active subscription to Anitian’s SecOps services.
“Response” is considered any communication from Anitian referencing the issue with Subscriber through email, telephone, or any other mutually agreed upon communication method. Response does not, necessarily, mean the issue will be resolved, but rather that Anitian has acknowledged an issue and is working on it.
“Incident” is an identified threat or issue present in Subscriber’s environment. Incidents are classified as:
- L1: Positive Blocked Threat – A control or analyst has positively identified and blocked a threat. Anitian investigates and correlates the extent of the threat.
- L2: Positive Discovered Threat or In-Scope Environment Down (Anitian Impacting): A control or analyst has discovered but unsuccessfully contained a threat or a portion of the In-Scope Environment is down without immediate subscriber production impact. Anitian triages the event and remediates or escalates as appropriate.
- L3: Positive Active Threat or In-Scope Environment Down (Subscriber Impacting): A control or analyst has discovered an in-progress, uncontained threat or a portion of the In-Scope Environment is down and impacting subscriber production. Anitian SecOps triages the event and remediates or escalates as appropriate.
“Incident Response” is when Anitian must respond in a timely manner to a credible, validated threat to Subscriber’s security or compliance state.
“Outage” is when device or application that has become non-responsive.
“Emergency Change” is a high-priority change to the Platform or environment that must be performed to ensure the security, stability, or proper operation of Subscriber’s environment, applications, or network. This can include patches to security components.
“Regular Change” is change that does not meet the criteria of an emergency.
“In-Scope Environment” Subscriber’s computing environment where Anitian’s performs SecOps services. The systems, hosts, instances, networks, and technologies within the In-Scope Environment are defined in one or more Proposals.
“Significant Scope Change” is triggered when (a) the In-Scope Environment increases or decreases in size by 20%; (b) the Subscriber alters, changes, or replaces a key technology, host, or configuration within the environment, which causes Anitian to incur more than 30 hours of additional time in any rolling 30 day period to reconfigure SecOps services to accommodate the change.
- Description of Service
Anitian Security Operations Services (“SecOps”). Provides security monitoring and management. Unless otherwise defined in one or more Proposals, SecOps Services include the following:
- Attack Detection: Anitian monitors Subscriber’s environment for signs of attack, compromise, data breach, malware, abuse, theft, or infiltration from an unauthorized source.
- Threat Hunting: Anitian will actively review Subscriber’s data for evidence of threat actors and/or compromise within Subscriber’s environment using Anitian’s exclusive Anitian threat hunting techniques.
- Threat Assessment: Anitian will assess the severity threats poses to Subscriber’s data, security, operations, and availability.
- Compliance Monitoring: If appliable, Anitian will monitor the in-scope environment for alignment with relevant compliance requirements.
- Security Change Management: Anitian will maintain the security components of the In-Scope Environment which includes, signature updates, patches, and software updates. Anitian will assist Subscriber with changes to the application hosts and components of the In-Scope Environment.
- Extended Guardrails: Anitian will monitor the environment for alignment with compliance requirements and report any potentially non-compliant configurations to the Subscriber.
Incident Response: Anitian will respond to events using one or more of the following means:
- Alert: Anitian will send an alert to the Subscriber to advise them of the incident and severity.
- Automated Response: Anitian will implement automatic responses on security controls to block or quarantine malicious behavior.
- Manual Response: If Anitian’s analysts determines a threat is both severe and automated defenses may not stop it, Anitian will manually configure security controls to block the attacker(s) and protect Subscriber’s data. Anitian will contact Subscriber prior to implementing any changes.
- Extended Incident Response: In the rare event of a serious breach that was not blocked, Anitian can provide, for an additional cost, digital forensics Products to analyze the attack techniques and assist the Subscriber in restoring their environment to a secure state.
During the Term of the SecOps Services, support provided to Subscriber shall comprise the following:
- Technical Support: Anitian shall provide email and telephone support for use by Authorized Users 24 hours a day, 365 days a year, for problem resolution or security incident troubleshooting. This Support is only available to Authorized Users.
- During the Term, Anitian may, in its sole discretion, provide Subscriber with updates, upgrades, enhancements, and any other improvements that Anitian then generally offers to other subscribers to the Product.
- Scope of Service
SecOps Services will only apply to the Subscriber’s In-Scope Environment defined in one or more Proposals.
Subscriber agrees to notify Anitian within 72 hours of any Significant Scope Changes to the In-Scope Environment.
Anitian is not obligated to provide monitoring services, incident response, or security advisory services to hosts, instances, networks, or technologies not included in the In-Scope Environment. However, Subscriber can request an expansion of the scope at any time. Such requests must be made in writing to Anitian. Expansion of the In-Scope Environment may incur additional monitoring fees, license costs, and other expenses. Anitian will itemize all additional costs prior to performing expanded services.
Unless sated otherwise in a Proposal, Subscription length is 12 months.
Subscriber agrees to provide Anitian access to the In-Scope Environment to perform aforementioned SecOps services. If Subscriber terminates, blocks, or restricts Anitian’s access to the In-Scope Environment, Anitian will not be able to perform the SecOps services. Anitian will notify Subscriber of blocked access within 24 hours. If Anitian’s access is not restored within 72 hours within notifying Subscriber, Anitian will treat this as a Cancellation of the SecOps services and will have no further responsibilities to perform SecOps services.
- Early Termination
Subscriber may terminate SecOps services defined in one or more Proposals at any time. Notice must be in writing, via Certified Mail to Anitian Inc, 8625 SW Cascade Ave, #500 Beaverton, OR 97008. Email or verbal cancellations are not valid.
Cancelling the SecOps Subscription does not cancel this EULA. Cancelling SecOps Subscription does not cancel other financial commitments to Anitian. Upon cancellation, Subscriber agrees to the following:
- Subscriber must pay any fees associated to transferring Third-Party licenses to Subscriber’s ownership.
- Any discounts provided to Subscriber are rescinded.
- Anitian will cease all SecOps services within 10 days of notification, and transfer control of In-Scope environment security components to Subscriber within 30 days.
- Subscriber will remove, or permit Anitian to remove SecOps service components, which include, but are not limited to threat intelligence feeds, automated threat hunts, and SOC alerts.
- Subscriber agrees to pay Anitian an additional 3 months of SecOps service costs as an Early Termination Fee.
- Subscriber’s Responsibilities
It shall be Subscriber’s responsibility to:
- Provide Anitian adequate access to the In-Scope environment to perform SecOps services.
- Provide feedback and response on incidents
- Collaborate with Anitian on change management, incident handling, and other operational tasks
- Designate a primary point of contact where Anitian can address questions
- Service Level Agreements
Anitian agrees to uphold the following Service Level Agreements for SecOps.
- Incident Response: 1 hour
- Change Management Response: 1 hour
- Emergency / Critical Response: 1 hour
- Environment Data Restoration Request Response: 1 hour
- Non-Critical Environment Patches: 14 days from vendor release
- All other non-critical requests: 4 hours
- Service Level Remedy Process
This section defines the process for Subscriber’s to make a claim for any Service Level Agreement that was not met.
To receive a credit, Subscriber must submit a claim via email to [email protected] within seven (7) business days from the date when the Service Level Agreement in Section 8 was violated. The claim submission must include the following information:
- The email subject line must contain the words “SLA Credit Request”
- The email body must contain:
- Subscriber’s name,
- Subscriber’s contact name
- Subscriber’s phone number;
- A description of the violation; and
- The date(s) and time(s) of the violation.
Anitian will make all credit determinations in its reasonable discretion and will notify the designated contact(s) in writing (which may be in the form of an email) of its decision. If any request is rejected, Anitian will explain the reason for this rejection.
For every hour Anitian violates the Service Level Agreement, Subscriber will be issued a credit of $200. In any given month, the credit applied shall not exceed US$5,000.00.
Subscribers who have cancelled their Product Agreement are not entitled to Service Level Agreement claims.