MANAGED SECURITY SERVICES AGREEMENT
THIS MANAGED SECURITY SERVICES AGREEMENT (the “Agreement”) made effective as of the Date of Signing (“Effective Date”), is entered into by and between Trusted Internet LLC, 71 NH Rt 101A #11, Amherst, NH 03031 (“Security Provider”), and (“Customer”).
R E C I T A L
WHEREAS, Security Provider desires to perform, and Customer desires to have Security Provider perform, certain managed security services for Customer, subject to the terms and conditions set forth herein.
NOW, THEREFORE, in consideration of the premises and mutual agreements set forth in this Agreement, the parties agree as follows:
1. DEFINITIONS.
(a) “Authorized Employees” means the Security Provider’s employees who have a need to know or otherwise access Personal Information to enable the Security Provider to perform its obligations under this Agreement.
(b) “Authorized Persons” means (i) Authorized Employees and (ii) Security Provider’s contractors, agents, outsourcers, and auditors who have a need to know or otherwise access Personal Information to enable Security Provider to perform its obligations under this Agreement, and who are bound in writing by confidentiality obligations sufficient to protect Personal Information in accordance with the terms and conditions of this Agreement.
(c) “Highly-Sensitive Personal Information” means an (i) individual’s government-issued identification number (including social security number, driver’s license number or state-issued identified number); (ii) financial account number, credit card number, debit card number, credit report information, with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account; or (iii) biometric or health data.
(d) “Intellectual Property” means all ideas, reports, findings, studies, analyses, methods, designs, algorithms, mask works, discoveries, inventions, products, services, processes, computer programs, software, procedures, improvements, developments, drawings, notes, documents, information and materials made, conceived or developed by a party to this Agreement, whether alone or with others, expressed in any form or medium, and whether subject of legal registration or not.
(d) “Personal Information” means information provided to Security Provider by or at the direction of Customer, or to which access was provided to Security Provider by or at the direction of Customer, in the course of Security Provider’s performance under this Agreement that: (i) identifies or can be used to identify an individual (including, without limitation, names, signatures, addresses, telephone numbers, e-mail addresses and other unique identifiers); or (ii) can be used to authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, financial account numbers, credit report information, biometric or health data, answers to security questions and other personal identifiers), in case of both subclauses (i) and (ii), including, without limitation, all Highly-Sensitive Personal Information. Customer’s business contact information is not by itself deemed to be Personal Information.
(e) “Security Breach” means (i) any act or omission that materially compromises either the security, confidentiality or integrity of Personal Information or the physical, technical, administrative or organizational safeguards put in place by Security Provider that relate to the protection of the security, confidentiality or integrity of Personal Information (“Privacy Safeguards”), or (ii) a breach or alleged breach of this Agreement relating to Privacy Safeguards.
2. SERVICES; PERFORMANCE STANDARD.
(a) Services. Security Provider and Customer shall agree to the services to be provided for Customer by Security Provider (the “Services”), as specified on the Service Order attached hereto as Exhibit A (the “Service Order”). Subject to the limitation of liability provisions contained herein, Security Provider agrees to use commercially reasonable efforts to fully perform and complete the Services.
(b) Performance Standard. With respect to provision of the Services, Security Provider agrees and covenants that it shall: (i) keep and maintain all Personal Information in strict confidence, using such degree of care as is appropriate to avoid unauthorized access, use or disclosure; (ii) use and disclose Personal Information solely and exclusively for the purposes for which the Personal Information, or access to it, is provided pursuant to the terms and conditions of this Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Personal Information for Security Provider’s own purposes or for the benefit of anyone other than Customer; and (iii) not disclose Personal Information to any person other than its Authorized Persons, unless and to the extent required by government authorities or as otherwise, to the extent expressly required, by applicable law, in which case, Security Provider shall use commercially reasonable efforts to notify Customer before such disclosure or as soon thereafter as reasonably possible.
3. COMPENSATION.
(a) Compensation. In consideration for the performance of the Services by Security Provider, Customer agrees to pay to Security Provider the compensation set forth in the Service Order, and according to the terms and conditions contained on Service Order.
4. INFORMATION SECURITY; SECURITY BREACH PROCEDURES.
(a) General. Security Provider represents and warrants that its collection, access, use, storage, disposal and disclosure of Personal Information does and will comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations and directives.
(b) Safeguards. Security Provider’s safeguards for the protection of Personal Information shall include: (i) limiting access of Personal Information to Authorized Persons; (ii) securing business facilities, data centers, paper files, servers, back-up systems and computing equipment, including, but not limited to, all mobile devices and other equipment with information storage capability; (iii) implementing network, device application, database and platform security; (iv) securing information transmission, storage and disposal; (v) implementing authentication and access controls within media, applications, operating systems and equipment; (vi) encrypting Highly-Sensitive Personal Information stored on any mobile media; (vii) encrypting Highly-Sensitive Personal Information transmitted over public or wireless networks; (viii) strictly segregating Personal Information from information of Security Provider or its other customers so that Personal Information is not commingled with any other types of information; (ix) implementing appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks consistent with applicable law; and (x) providing appropriate privacy and information security training to Security Provider’s employees.
(c) Security Breach Procedures.
(i) Security Provider shall: (1) provide Customer with the name and contact information for an employee of Security Provider who shall serve as Customer’s primary security contact and shall be available to assist Customer twenty-four (24) hours per day, seven (7) days per week as a contact in resolving obligations associated with a Security Breach; (2) notify Customer of a Security Breach as soon as practicable, but no later than twenty-four (24) hours after Security Provider becomes aware of it; and (3) notify Customer of any Security Breaches by at the following email account: support@trustedinternet.io and with a copy by e-mail to Security Provider’s primary business contact within Customer.
(ii) Immediately following Security Provider’s notification to Customer of a Security Breach, the parties shall coordinate with each other to investigate the Security Breach. Security Provider agrees to reasonably cooperate with Customer in Customer’s handling of the matter, including, without limitation: (1) assisting with any investigation; (2) providing Customer with physical access to the facilities and operations affected; (3) facilitating interviews with Security Provider’s employees and others involved in the matter; and (4) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards or as otherwise reasonably required by Customer.
(iii) Security Provider shall take reasonable steps to promptly remedy any Security Breach and prevent any further Security Breach in accordance with applicable privacy rights, laws, regulations and standards.
(iv) Security Provider agrees that it shall not inform any third party of any Security Breach without first obtaining Customer’s prior written consent, other than to inform a complainant that the matter has been forwarded to Customer’s legal counsel. Further, Security Provider agrees that Customer shall have the sole right to determine: (1) whether notice of the Security Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by law or regulation, or otherwise in Customer’s discretion; and (2) the contents of such notice, whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation.
(v) Security Provider agrees to reasonably cooperate with Customer in any litigation or other formal action deemed reasonably necessary by Customer to protect its rights relating to the use, disclosure, protection and maintenance of Personal Information.
(d) Return of Personal Information. At any time during the term of this Agreement at the Customer’s written request or upon the termination or expiration of this Agreement pursuant to Section 7 of this Agreement, Security Provider shall, and shall instruct all Authorized Persons to, promptly return to the Customer all copies, whether in written, electronic or other form or media, of Personal Information in its possession or the possession of such Authorized Persons, or securely dispose of all such copies, and certify in writing to the Customer that such Personal Information has been returned to Customer or disposed of securely. Security Provider shall comply with all reasonable directions provided by Customer with respect to the return or disposal of Personal Information.
5. INTELLECTUAL PROPERTY LIMITED LICENSE.
(a) Ownership. The parties agree that with respect to their respective Intellectual Property, each party grants the other a limited, royalty-free, nonexclusive, nontransferable license to their Intellectual Property solely for the purposes of effectuating the essential purposes of this Agreement. Said licenses shall terminate upon the termination or expiration of this Agreement.
6. BUSINESS INFORMATION CONFIDENTIALITY.
(a) Business Confidential Information. The parties acknowledge that each party will have access to information and materials of the opposite party (in whatever form) and will acquire knowledge about the business and technology of the other party, including without limitation, information relating to inventions, discoveries, developments, improvements, disclosures, processes, systems, methods, devices, patents, patent applications, trademarks, intellectual properties, know-how, trade secrets, instruments, databases, materials, products, services, techniques, designs, research or development activities and plans, data or results, specifications, computer programs, costs of production, prices or other financial data, volume of sales, promotional methods, marketing plans or strategies, clinical plans, business opportunities, forecasts, vendors, customer lists, employee information, facilities, or financial statements. The parties agree that all such information, materials and knowledge, and the existence, terms and conditions of this Agreement, are and will be trade secrets and confidential and proprietary information of the disclosing party exclusively and shall be referred to herein collectively as “Business Confidential Information.” Business Confidential Information shall not include, however, any information which is or becomes part of the public domain through no fault of the party receiving the opposite party’s Business Confidential Information or that of a party hereto that Customer it regularly gives to third parties without restriction on use or disclosure.
(b) Obligations of Confidentiality. The parties agree to hold all Business Confidential Information of the opposite party in strict confidence, not to disclose it to others or use it in any way, commercially or otherwise, except as reasonably needed to complete the essential obligations of this Agreement. Upon termination of this Agreement, the parties shall promptly return to one another all materials containing or embodying the Business Confidential Information disclosed by one party to the opposite party.
7. TERMINATION AND EXPIRATION.
(a) Termination. Either party may terminate this Agreement upon the breach of a material obligation of the other party which in not remedied within thirty (30) days of receipt of a written notice from the party alleging the breach, specifying in reasonable detail the nature of the breach.
(b) Expiration. Unless terminated earlier in accordance with Section 7(a), this Agreement will expire on a date three (3) years following the Effective Date.
(c) Effect of Expiration of Termination. Upon the expiration or termination of this Agreement, and except as provided in Section 10(h) (“Survival”), each party will be released from all obligations to the other arising after the date of expiration or termination.
8. INDEMNIFICATIONS.
The parties shall indemnify and defend each other and their respective affiliated entities, and all of each party’s officers, directors, employees, and agents and shall hold them harmless from and against any and all claims, losses, liabilities, damages, expenses and costs (including attorneys' fees and court costs) which result from or are related to the negligent or willful acts or omissions of a party, its employees, agents, or subcontractors in the performance of its material obligations under this Agreement (a "Claim"), provided that the aggrieved party gives the opposite party written notice of any such Claim and the aggrieved party has the right to participate in the defense of any such claim at its own expense.
9. LIMITATION OF LIABILITY.
(a) No Liability. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY EXEMPLARY, SPECIAL, INDIRECT, OR CONSEQUENTIAL LOSS OR DAMAGES ARISING UNDER THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, LOSS OF BUSINESS, PROFIT, REVENUES AND/OR DATA, WHETHER ARISING UNDER TORT, BREACH OF CONTRACT OR OTHERWISE, EVEN IF THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF SUCH DAMAGES ARE FORESEEABLE.
(b) Maximum Liability; Direct Damages. EACH PARTY’S TOTAL LIABILITY ARISING OUT OF THIS AGREEMENT, WHETHER UNDER TORT, CONTRACT, WARRANTY OR OTHERWISE, SHALL BE LIMITED TO DIRECT DAMAGES; AND SHALL NOT EXCEED THE CASH VALUE OF THE FEES PAID BY CUSTOMER TO SECURITY PROVIDER AT THE TIME OF THE OCCURRENCE OF THE EVENT ALLEGED TO HAVE CAUSED THE SUBJECT DIRECT DAMAGES. NO ACTION ARISING OUT OF THIS AGREEMENT MAY BE BROUGHT BY EITHER PARTY MORE THAN ONE (1) YEAR AFTER THE CAUSE OF ACTION HAS ACCRUED, EXCEPT THAT AN ACTION FOR NON-PAYMENT BY CUSTOMER MAY BE BROUGHT WITHIN ONE (1) YEAR AFTER THE DATE OF LAST PAYMENT TO THE SECURITY PROVIDER BY CUSTOMER.
10. GENERAL.
(a) Assignment; Binding Effect. Neither party may not assign its rights or delegate it’s duties under this Agreement either in whole or in part without the prior written consent of the opposite party. Any attempted assignment or delegation without such consent will be void. This Agreement shall be binding upon and shall inure to the benefit of the successors, assigns, executors, administrators and heirs of the parties.
(b) Equitable Remedies. Because the Services are personal and unique and because Security Provider will have access to the Personal Confidential Information of Customer, Customer will have the right to enforce this Agreement and any of its provisions by injunction, specific performance or other equitable relief (without posting a bond) without prejudice to any other rights and remedies that Customer may have for a breach of this Agreement. Security Provider hereby submits himself to the jurisdiction and venue of the courts of the State of New York for purposes of any such action. Security Provider further agrees that service upon it in any such action or proceeding may be made by first class mail, certified or registered, to its address set forth in the opening paragraph of this Agreement.
(c) Attorneys’ Fees. If any action is necessary to enforce the terms of this Agreement, the prevailing party shall be entitled to reasonable attorneys’ fees, costs and expenses in addition to any other relief to which such prevailing party may be entitled.
(d) Governing Law; Venue. This Agreement is governed by the laws of the State of New York without reference to any conflict of laws principles that would require the application of the laws of any other jurisdiction. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement. Customer irrevocably consents to the personal jurisdiction of the state and federal courts located in the City and State of New York for any suit or action arising from or related to this Agreement and waives any right Customer may have to object to the venue of such courts. Customer further agrees that these courts will have exclusive jurisdiction over any such suit or action initiated by Customer against Service Provider. Customer also irrevocably waives any right Customer may have to a jury trial.
(e) Notices. Any notices under this Agreement shall be sent by certified or registered mail, return receipt requested, or by courier service, to the address specified above or such other address as the party specifies in writing. Such notice will be effective upon receipt.
(f) Entire Agreement. This Agreement, together with any Exhibits hereto, constitutes the entire agreement of the parties pertaining to the subject matter hereof and supersedes all prior and contemporaneous agreements, representations, and understandings of the parties, written or oral. This Agreement or any Exhibit hereto may be amended or modified only in a writing signed by both parties.
(g) Waiver; Severability. The waiver by a party of any breach of any provision of this Agreement shall not operate or be construed as a waiver of any subsequent breach of the same or any provision hereof. In the event any term or provision of this Agreement shall be determined by a court of competent jurisdiction to be void or unenforceable, such provision shall be enforced to the extent possible consistent with the stated intention of the parties, or, if incapable of such enforcement, shall be deemed severed and deleted from this Agreement while the remaining terms and provisions of this Agreement shall remain in full force and effect.
(h) Survival of Terms. The provisions of this Agreement in Sections 1, 3 (for any amounts unpaid for Services actually rendered), 4(c)(ii), 4(c)(iv), 4(c)(v), 4(d), and 6 through 10 shall survive termination or expiration of this Agreement.
CUSTOMER PAYMENT TERMS:
A) THIS AGREEMENT ENDS 36 MONTHS FROM DATE OF INSTALLATION AND WILL AUTO-RENEW WITH A 3.3% ANNUAL UPLIFT UNLESS OTHERWISE NOTIFIED IN WRITING.
B) PAYMENT FOR EACH MONTH OF SERVICE SHALL BE PREPAID BY CUSTOMER BY PAYMENT BY THE 1ST OF MONTH OF SERVICE
C) NOTWITHSTANDING ANY PROVISION TO THE CONTRARY IN THE AGREEMENT, THE FAILURE OF CUSTOMER TO PAY ANY FEE DUE TO SECURITY PROVIDER ON A TIMELY BASIS SHALL BE GROUNDS FOR SECURITY PROVIDER TO IMMEDIATELY TERMINATE THIS AGREEMENT