This Platform and Support Agreement governs any Order entered into between the customer identified in such Order, on behalf of itself and any Affiliates (the “Customer”), and ReliaQuest, LLC, on behalf of itself and any Affiliates (collectively referred to as “ReliaQuest”).
YOU AGREE TO THIS AGREEMENT BY DOWNLOADING, ACCESSING, OR USING THE RELIAQUEST PLATFORM, BY CHECKING A BOX REFERENCING YOUR CONSENT TO ABIDE BY THIS AGREEMENT OR BY EXECUTING AN ORDER FOR GREYMATTER YOU: (1) ACCEPT THIS AGREEMENT; (2) ARE INDICATING THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT AND AGREE TO BE LEGALLY BOUND BY IT ON BEHALF OF YOURSELF AND THE COMPANY OR OTHER LEGAL ENTITY FOR WHICH YOU ARE ACTING; AND (3) REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO ACT ON BEHALF OF OR BIND CUSTOMER TO THIS AGREEMENT. THIS AGREEMENT IS BINDING AS OF THE EARLIEST OF THE DATE THAT YOU ACCEPT THIS AGREEMENT ON BEHALF OF CUSTOMER, THE DATE SET FORTH ON AN ORDER, OR THE DATE ON WHICH YOU OR CUSTOMER DOWNLOAD, INSTALL, ACTIVATE, ACCESS, OR USE THE RELIAQUEST PLATFORM (“EFFECTIVE DATE”).
1. The ReliaQuest Platform.
a. ReliaQuest Products.
i. License to ReliaQuest Products. Subject to this Agreement, ReliaQuest hereby grants to Customer, under ReliaQuest’s applicable Intellectual Property Rights, a non-exclusive, non-transferable (except as otherwise expressly provided in this Agreement), non-sublicensable (except as provided in Section 1(a)(ii)), subscription license during the Order Term to access and use the ReliaQuest Products specifically identified in such Order solely for Customer’s Internal Use and in accordance with any capacity, volume, or other metrics or restrictions contained in the Order.
ii. Customer Vendors. Customer may permit one or more Customer Vendors to use the ReliaQuest Products solely on Customer’s behalf and subject to this Agreement, so long as such Customer Vendors agree not to disclose, distribute, or provide access to the ReliaQuest Products to any other third party. Customer will be responsible for such Customer Vendors’ use of the ReliaQuest Products. If at any time Customer revokes authorization to access the ReliaQuest Products from a Customer Vendor, then Customer is responsible for taking the actions necessary to revoke such access and prevent continued usage of the ReliaQuest Products by such Customer Vendor. In the event Customer requires ReliaQuest’s assistance with such revocation of access, Customer must contact ReliaQuest with written notice of such revocation or limitation, and ReliaQuest will use commercially reasonable efforts to disable the Customer Vendor’s account access.
iii. Mobile Application. ReliaQuest may make available to Customer a mobile application to review and interact with information and alerts in and relating to other ReliaQuest Products (the “Mobile Application”). Usage of the Mobile Application by Customer (and its personnel or Customer Vendors) is done so voluntarily, and ReliaQuest places no obligation on Customer to access or use the Mobile Application. Additional terms may apply to a user’s access to and use of the Mobile Application. Customer acknowledges and agrees that ReliaQuest shall be entitled to access and use Customer Data in connection with the Mobile Application subject to the terms and conditions of this Agreement. Customer is responsible for choosing and controlling which of its personnel may access the Mobile Application and ensuring that such personnel comply with the usage terms of the Mobile Application.
b. Ongoing Enablement.
i. Dependencies. Customer acknowledges that ReliaQuest’s ability to deliver or to provide the ReliaQuest Platform is dependent upon Customer’s full and timely cooperation with ReliaQuest, including compliance with the assumptions or Customer responsibilities contained in an Order or the associated Ongoing Enablement description, as well as the accuracy and completeness of any information, data or access required for ReliaQuest to deliver or to provide the ReliaQuest Platform. To the extent Customer fails to provide the required information, data or access required for ReliaQuest to deliver or to provide the ReliaQuest Platform, or Customer fails to meet or comply with the assumptions or Customer responsibilities contained in the Order and associated Ongoing Enablement description (collectively a “Failure”): (i) ReliaQuest’s delivery or provision of the ReliaQuest Platform may be reasonably rescheduled, delayed, or postponed; and (ii) ReliaQuest shall not be held in breach of any impacted provision of this Agreement, Order, or any associated Ongoing Enablement obligations due to such Failure. For the avoidance of doubt, ReliaQuest shall not be penalized to the extent a Failure prevents its compliance with the terms of this Agreement or an Order, provided however that ReliaQuest will make reasonable efforts in good faith to continue to perform its obligations under this Agreement and any applicable Order when such a Failure exists.
ii. Employee Screening. In accordance with applicable law, and to the extent allowed by applicable law, ReliaQuest shall have performed background checks and screening as described in the Background Screening Requirements attached hereto as Exhibit B on each ReliaQuest employee performing Ongoing Enablement activities.
c. ReliaQuest as a Reseller of Third-Party Software Products. In addition to the ReliaQuest Platform, Customer may elect to purchase certain Third-Party Software Product(s) from ReliaQuest through an Order, and if any Third-Party Software Products are included in an Order, the additional terms included in Exhibit C apply to ReliaQuest’s resale, and Customer’s access to, and use of, such Third-Party Software Products.
2. Access to Customer’s Systems and Data.
Customer has the authority to grant, and hereby grants, ReliaQuest access to Customer’s systems, software, Customer Operational Data, and other materials or resources (including access via site-to-site VPN and/or Internet access) necessary for ReliaQuest to perform its obligations under an Order.
a. Ownership of ReliaQuest Platform. ReliaQuest retains exclusive ownership to the ReliaQuest Platform, its components and outputs (including Service Metrics), and all elements, methodologies, techniques, mechanisms, and visualizations used to create, generate, and display all Reporting, and all Intellectual Property Rights therein or related thereto, including in any ideas, concepts, know how, documentation, or techniques developed or learned by ReliaQuest during its provision of the ReliaQuest Platform and any associated Reporting under an Order. All rights not expressly granted to Customer are reserved by ReliaQuest, and there are no implied licenses herein. The ReliaQuest Products and its components are licensed for Customer’s Internal Use, consistent with the Acceptable Use terms in Section 4 of this Agreement, and they are not sold to Customer. Customer acknowledges and agrees that, upon termination or expiration of an Order, Customer shall lose access to the ReliaQuest Products provided under that Order, including any Reporting functionality or capabilities contained in the ReliaQuest Products.
b. Ownership of Customer Confidential Information. All Customer Confidential Information, including any Log Data, shall remain the property of Customer.
c. Feedback. Feedback, if any, provided by Customer is done so voluntarily, and ReliaQuest places no obligation on Customer to provide Feedback. ReliaQuest acknowledges and agrees that all Feedback is provided ‘As-Is’ with no representations or warranties. To the extent the Customer chooses to provide Feedback to ReliaQuest, ReliaQuest may freely use such Feedback (including Intellectual Property Rights therein) without restriction.
4. Acceptable Use Policy.
Unless otherwise expressly permitted by ReliaQuest in this Agreement, Customer shall not: (i) copy any portion of the ReliaQuest Products; (ii) alter, publicly display, translate, modify, adapt, or create any derivative works of the ReliaQuest Products; (iii) rent, lease, loan, resell, transfer, sublicense, distribute, or otherwise provide access to the ReliaQuest Platform to any third party in violation of this Agreement; (iv) disassemble, decompile, or reverse-engineer any part of the ReliaQuest Products, or attempt to gain access to any source code, algorithms, methods, or techniques embodied in the ReliaQuest Products, except to the extent expressly permitted by applicable law notwithstanding a contractual prohibition to the contrary; (v) access or use any Disabled Functionality in the ReliaQuest Products or transmit any Excluded Data to ReliaQuest; (vi) conduct any penetration testing or vulnerability assessments on any part of the ReliaQuest Products; (vii) attempt to disable or circumvent any technological mechanisms intended to prevent, limit, or control use, copying of, or access to, any part of the ReliaQuest Products or any Disabled Functionality; (viii) remove or alter any notice of proprietary right appearing on the ReliaQuest Products; (ix) separately use any of the applicable features and functionalities of the ReliaQuest Products with external applications or code not furnished by ReliaQuest, except as otherwise specifically permitted by ReliaQuest in writing; (x) use the ReliaQuest Platform for any illegal, harmful, or fraudulent purposes; or (xi) encourage or assist any third party to do any of the foregoing. Customer shall notify ReliaQuest immediately if Customer learns of any unauthorized access or use of its user accounts or passwords for the ReliaQuest Platform. Customer agrees to use the ReliaQuest Platform in accordance with laws, rules, and regulations directly applicable to Customer and acknowledges that Customer is solely responsible for determining whether a particular use of the ReliaQuest Platform is compliant with such laws.
5. Fees and Taxes.
a. Fees. Customer will pay the fees and amounts stated on each Order. Except as otherwise expressly provided in this Agreement or in an Order, all fees and other amounts are non-cancellable and non-refundable. Fees and expenses due from Customer under this Agreement may not be withheld or offset by Customer against other amounts for any reason.
b. Taxes. Fees are exclusive of any applicable sales, use, value added, withholding, and other taxes, however designated. Customer shall pay all such taxes levied or imposed by reason of Customer’s purchase of the licenses or services hereunder, as applicable, except for taxes based on ReliaQuest’s income or with respect to ReliaQuest’s employment of its employees. If Customer is exempt from the collection or remittance of such taxes, Customer may provide ReliaQuest with a copy of Customer’s valid tax-exemption certificate to avoid imposition of such taxes as contemplated by this Section 5.b.
6. Data Terms
a. Access Limitations. Customer shall limit the access provided to ReliaQuest solely to the access necessary for ReliaQuest to perform its obligations under this Agreement and shall not provide access to any other data on Customer’s systems that are not required for ReliaQuest to perform its obligations under an Order. Unless as otherwise expressly agreed in an Order, Customer will not provide access to or transmit to ReliaQuest (via Customer Data or otherwise) any personally identifiable information, personal data, or other personal information that is subject to data privacy or security laws or regulations (“PII”). In the event Customer inadvertently discloses any such PII to ReliaQuest, (i) the parties shall work together in good faith to prevent, limit, or mitigate further disclosure of such information to ReliaQuest, and (ii) Customer represents and warrants that it (1) has complied with any applicable laws relating to its possession of such PII; and (2) possesses all consents, authorizations, rights, and authority to hold and disclose such PII to ReliaQuest, and provides all notices to individual data subjects, as are or may be required or reasonably expected to enable the transfer of any such information to ReliaQuest. To the extent Customer uses the ReliaQuest Products to process any PII, ReliaQuest and Customer will adhere to the terms of the Data Processing Addendum, subject to the terms of this Agreement (including Sections 4 and 11).
b. Customer Obligations. Customer is responsible for (i) the accuracy, quality, integrity, legality, reliability, and appropriateness of any and all Customer Data used or transferred in connection with this Agreement; (ii) selecting from the security configurations and making other relevant security related decisions in connection with implementation and its usage of the ReliaQuest Platform; (iii) taking or implementing any additional measures outside the ReliaQuest Platform in Customer’s environment to the extent the ReliaQuest Platform does not provide the controls required or desired by Customer; (iv) implementing appropriate technical and organizational measures outside of what is provided by the ReliaQuest Platform to ensure the security of Customer Data on Customer’s systems and networks; and (v) providing for the routine archiving, storage, and back-up of all Customer Data. The ReliaQuest Platform does not include any data back-up services, and ReliaQuest will not be responsible for loss or alteration of any Customer Data.
c. Service Metrics. ReliaQuest shall be entitled to collect, compile, analyze, and otherwise use statistical data related to Customer and/or aggregate data related to Customer (“Service Metrics”), provided that such Service Metrics: (i) are anonymized so that the identity of Customer is not ascertainable when used by ReliaQuest; (ii) do not identify any particular natural person; (iii) do not identify, by network Internet Protocol address, raw hardware serial number, or raw MAC address, a particular device or computer associated with or used by a particular natural person; and (iv) are not reasonably linkable to a particular natural person. ReliaQuest collects Service Metrics for a variety of reasons, such as to provide enhanced reporting to other customers, to identify, understand, and anticipate performance issues and factors that affect them, to provide updates and personalized experiences to customers, and to improve the ReliaQuest Platform. No compensation will be paid by ReliaQuest with respect to its use of the Service Metrics, and ReliaQuest’s use of the Service Metrics in accordance with the terms of this Agreement shall not be a violation of its obligations under Section 8 of this Agreement.
d. Data Security. ReliaQuest and Customer will adhere to the Data Security Schedule attached as Exhibit A with respect to any Customer Operational Data processed by the ReliaQuest Platform.
If Customer exceeds the scope shown in an Order during the applicable Order Term, then ReliaQuest may notify Customer in writing of such overage, and within thirty (30) days after such notice, the parties shall meet in good faith to address such excess usage and agree on mutually acceptable terms going forward to account for any increased scope during the remainder of the then-current Order Term.
a. Nondisclosure Obligation. If ReliaQuest or Customer receives Confidential Information (“Recipient”) from the other party (“Discloser”), then Recipient will protect such Confidential Information from disclosure by exercising at least the same degree of care it uses to protect its own similar information, and in any event not less than reasonable care. Recipient will not use such Confidential Information for any purpose except to perform its obligations or to exercise its rights under this Agreement. For all intentional disclosures within an organization, Recipient will limit disclosure of Confidential Information to its employees, Affiliates, contractors, and advisors with a need to know and who are bound by confidentiality obligations that are more stringent or substantially similar to the obligations set forth in this Agreement.
b. Exceptions. The foregoing obligations will not apply to any Confidential Information that (i) is or becomes available to the public, other than by breach of a duty of confidentiality under this Agreement by Recipient; (ii) is in the possession of or published by an unrelated third party (whether or not authorized by Customer) and discovered by ReliaQuest in the performance of an Order; (iii) is in the rightful possession of the Recipient prior to disclosure by the Discloser without an obligation of confidentiality; (iv) is disclosed to or obtained by the Recipient from a third party who is not acting at the direction of or on behalf of Discloser (whether or not such third party was rightfully in possession of such information); (v) is disclosed by Recipient with the written consent of Discloser; or (vi) is independently developed by Recipient without use of or reference to Confidential Information of Discloser.
c. Required Disclosures. Confidential Information may be disclosed by Recipient as required by a court or governmental authority of competent jurisdiction, provided that prior to any such disclosure Recipient provides Discloser with prompt written notice (to the extent consistent with applicable law) so that Discloser may seek an appropriate protective order.
d. Return or Destruction of Confidential Information. Upon termination of this Agreement and after Discloser’s written request, Recipient will, promptly return or destroy all tangible items and embodiments containing or consisting of Confidential Information and provide written certification of this destruction or return by an authorized person. ReliaQuest shall have the right to delete or remove all Customer Operational Data from ReliaQuest’s systems upon termination of or expiration of an Order and retain copies of the Agreement, any Orders and associated purchase orders and invoices, and any Customer Records for archival purposes after termination or expiration of an Order.
e. Injunctive Relief. Recipient agrees that, due to the unique nature of the Confidential Information, the unauthorized disclosure or use of the Confidential Information may cause irreparable harm and significant injury to Discloser, the extent of which may be difficult to ascertain and for which there may be no adequate remedy at law. Accordingly, Recipient agrees that Discloser, in addition to any other available remedies, will have the right to seek an immediate injunction and other equitable relief enjoining any breach or threatened breach of this Section 8, without the necessity of posting any bond or other security. Recipient will notify Discloser in writing immediately upon Recipient’s becoming aware of any breach or threatened breach of this Section 8.
9. Warranties & Disclaimer.
a. ReliaQuest Products Warranty. ReliaQuest warrants that, during the Order Term, the ReliaQuest Products shall materially conform to the Specifications, and, at the time of Delivery, there is no malicious code, harmful viruses, or malware (“Malicious Code”) contained in the GreyMatter source code.
b. Ongoing Enablement Warranty. ReliaQuest warrants that its Ongoing Enablement activities will be performed by ReliaQuest in a professional and workmanlike manner and in accordance with the reasonable applicable industry standards for performance of such services. ReliaQuest is being engaged to help Customer identify, detect, and respond to third-party security breaches, problems, vulnerabilities, or other threats to Customer’s network or systems. However, Customer acknowledges and agrees that ReliaQuest makes no guarantee that ReliaQuest will identify or detect such third-party threats or that it will prevent a third-party security breach or compromise from occurring on Customer’s network or systems. In the event any such issues described in this Section 9.b. occur, Customer acknowledges and agrees that ReliaQuest shall not be responsible (unless directly caused by ReliaQuest).
c. Exclusive Remedies. If there is a breach of any of the warranties set forth above, and Customer notifies ReliaQuest in writing within thirty (30) days of first identification of such breach (identifying the failure to conform and breach of warranty with specificity), then ReliaQuest will: (1) correct such non-conformance so that the applicable component of the ReliaQuest Platform conforms to the warranty, or (2) if ReliaQuest is unable to correct the non-conformance, terminate Customer’s right to access or use the non-conforming ReliaQuest Platform component and refund the applicable fees paid by Customer for the non-conforming ReliaQuest Platform component. Customer will assist and cooperate as reasonably requested by ReliaQuest to permit ReliaQuest to make required corrections.
d. Exclusions. ReliaQuest will not be responsible for any breach of warranty under this Section 9, or any defects, problems or failures with respect to the ReliaQuest Platform that is caused by or arising from: (i) any unauthorized changes Customer makes to its infrastructure, network or systems that cause the ReliaQuest Platform to cease working or function improperly; (ii) misuse or modification, except by ReliaQuest; (iii) Customer’s failure to promptly implement new releases of the ReliaQuest Platform made available by ReliaQuest or to follow ReliaQuest instructions in the implementation of the ReliaQuest Platform; (iv) any Malicious Code or “backdoor” not introduced by ReliaQuest; (v) any changes to or errors in third party software or hardware with which the ReliaQuest Platform operates or interfaces with, or on which the ReliaQuest Platform otherwise relies; (vi) incidents or circumstances caused by the negligence or misconduct of Customer, or from ReliaQuest following the instructions of Customer; or (vii) Customer’s use of or reliance upon any Security Tool Content following the termination or expiration of the Agreement.
e. DISCLAIMER. EXCEPT AS OTHERWISE EXPRESSLY PROVIDED IN THIS AGREEMENT, TO THE MAXIMUM EXTENT ALLOWED BY LAW, RELIAQUEST AND ITS THIRD-PARTY SUPPLIERS DISCLAIM ALL IMPLIED WARRANTIES OR CONDITIONS INCLUDING ANY IMPLIED WARRANTIES OF MERCHANT-ABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE OR SUITABLE QUALITY, INTEGRATION, TITLE, AND NON-INFRINGEMENT. NO OTHER WARRANTY, WRITTEN OR ORAL, IS EXPRESSED OR IMPLIED BY RELIAQUEST OR ITS THIRD-PARTY SUPPLIERS OR MAY BE INFERRED FROM A COURSE OF DEALING OR USAGE OF TRADE. THE REPRESENTATIONS AND WARRANTIES AND ANY ASSOCIATED REMEDIES REFERENCED IN THIS AGREEMENT ARE SOLE AND EXCLUSIVE, AND RELIAQUEST SHALL HAVE NO FURTHER LIABILITY TO CUSTOMER OUTSIDE OF THE STATED REMEDY. ANY EXPRESS WARRANTIES AND ANY WARRANTIES IMPLIED OR REQUIRED BY LAW THAT ARE NOT DISCLAIMED OR EXCLUDED ARE LIMITED TO THE REMEDIES SPECIFIED IN THIS AGREEMENT. CUSTOMER ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT RELIAQUEST DOES NOT GUARANTEE OR WARRANT THAT IT, OR THE RELIAQUEST PLATFORM (OR ITS COMPONENTS), WILL FIND, LOCATE, OR DISCOVER ANY OR ALL OF CUSTOMER’S OR ITS AFFILIATES’ SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS CODE, AND CUSTOMER AND ITS AFFILIATES WILL NOT HOLD RELIAQUEST RESPONSIBLE FOR FAILURE TO DETECT SUCH ITEMS PROVIDED RELIAQUEST SUBSTANTIALLY COMPLIES WITH ITS MATERIAL OBLIGATIONS HEREUNDER. NO WARRANTY IS MADE THAT THE RELIAQUEST PLATFORM WILL MEET CUSTOMER’S NEEDS OR BE ERROR FREE OR UNINTERRUPTED. RELIAQUEST MAKES NO WARRANTIES REGARDING THE ACCURACY OF THE RELIAQUEST PLATFORM OR THE APPROPRIATENESS OF ANY SUCH ITEMS FOR ANY PARTICULAR SYSTEM.
a. ReliaQuest’s Obligation. ReliaQuest shall at its cost and expense: (i) defend and/or settle any claim brought against Customer by an unaffiliated third party alleging the ReliaQuest Products infringe or violate a third party’s Intellectual Property Rights (excluding moral rights) and (ii) pay any settlement of such claim or any damages finally awarded to such third party by a court of competent jurisdiction as a result of such claim; provided, that Customer: (1) gives ReliaQuest prompt written notice of such claim; (2) permits ReliaQuest to solely control and direct the defense or settlement of such claim (however, ReliaQuest will not settle any claim in a manner that requires Customer to admit liability without Customer’s prior written consent, not to be unreasonably withheld or delayed); and (3) if requested, provides ReliaQuest all reasonable assistance in connection with the defense or settlement of such claim, at ReliaQuest’s cost and expense. Customer may, at Customer’s own expense, participate in the defense of any claim.
b. Remedies. If a claim covered under Section 10.a occurs or in ReliaQuest’s opinion is reasonably likely to occur, ReliaQuest may at its expense and sole discretion: (i) procure the right to allow Customer to continue using the ReliaQuest Products, as applicable; (ii) modify or replace the infringing portion of the ReliaQuest Products, as applicable, to become non-infringing; or (iii) if neither (i) nor (ii) is commercially practicable, terminate Customer’s license or access to the affected portion of the ReliaQuest Products, as applicable, and refund a pro-rata portion of the pre-paid, unused fees paid by Customer corresponding to the unexpired period of the Order Term, if any.
c. Exclusions. ReliaQuest shall have no obligation to Customer under this Section 10 if the claim is based upon or arising out of: (i) any modification to the ReliaQuest Products, that is not made by ReliaQuest; (ii) any combination or use of the ReliaQuest Products, with or in any third party software, hardware, process, firmware, or data, to the extent that such claim is based on such combination or use with such third party items; (iii) Customer’s continued use of the allegedly infringing elements of the ReliaQuest Products, after being notified of the infringement claim or after being provided a modified version of the ReliaQuest Products by ReliaQuest at no additional cost that is intended to address such alleged infringement; (iv) Customer’s failure to use the ReliaQuest Products, in accordance with this Agreement or any instructions from ReliaQuest; or (v) Customer’s use of the ReliaQuest Products outside the scope of the rights granted under this Agreement or the applicable Order.
d. Exclusive Remedy. THE REMEDIES SPECIFIED IN THIS SECTION 10 CONSTITUTE CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, AND RELIAQUEST’S ENTIRE LIABILITY, WITH RESPECT TO ANY INFRINGEMENT OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.
11. Limitation of Liability.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER CUSTOMER NOR RELIAQUEST (INCLUDING ITS THIRD PARTY SUPPLIERS) SHALL BE LIABLE TO THE OTHER PARTY IN CONNECTION WITH THIS AGREEMENT OR THE SUBJECT MATTER HEREOF FOR ANY LOST PROFITS, REVENUE, OR SAVINGS, LOST BUSINESS OPPORTUNITIES, LOST DATA, OR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING ANY DAMAGES ARISING FROM LOSS OF USE, LOSS OF DATA, LOST PROFITS, LOST REVENUE, BUSINESS INTERRUPTION, OR COST OF PROCURING SUBSTITUTE SOFTWARE OR ONGOING ENABLEMENT, BASED ON ANY THEORY OF LIABILITY, INCLUDING CONTRACT, INDEMNIFICATION, WARRANTY, TORT (INCLUDING NEGLIGENCE), OR STRICT LIABILITY, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES OR SUCH DAMAGES OR LOSSES WERE REASONABLY FORESEEABLE. EACH PARTY’S (AND THEIR RESPECTIVE THIRD PARTY SUPPLIERS’) TOTAL LIABILITY FOR ANY CLAIMS ARISING UNDER THIS AGREEMENT IN THE AGGREGATE SHALL NOT EXCEED: (A) FOR THIRD-PARTY SOFTWARE PRODUCTS (IF ANY), THE AMOUNT PAID TO RELIAQUEST FOR THE SPECIFIC THIRD-PARTY SOFTWARE PRODUCT ITSELF GIVING RISE TO SUCH CLAIM UNDER AN APPLICABLE ORDER DURING THE PRIOR TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE OF THE CLAIM (OR EARLIEST CLAIM IN THE EVENT OF MULTIPLE CLAIMS SUBJECT TO THIS LIMITATION); OR (B) FOR ANY OTHER CLAIM ARISING UNDER THIS AGREEMENT, THE TOTAL AMOUNT OF FEES PAID TO RELIAQUEST SOLELY FOR THE RELIAQUEST PLATFORM UNDER AN APPLICABLE ORDER DURING THE PRIOR TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE OF THE CLAIM (OR EARLIEST CLAIM IN THE EVENT OF MULTIPLE CLAIMS SUBJECT TO THIS LIMITATION). THE FOREGOING LIMITATIONS WILL NOT APPLY IN THE CASE OF FRAUD, WILLFUL MISCONDUCT, OR ONE PARTY’S INFRINGEMENT OR MISAPPROPRIATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS. THE LIMITATIONS IN THIS SECTION 11 WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY SPECIFIED IN THIS AGREEMENT. MULTIPLE CLAIMS SHALL NOT EXPAND THE LIMITATIONS SPECIFIED IN THIS SECTION 11. RELIAQUEST SHALL HAVE NO OBLIGATION FOR ANY CLAIMS, DAMAGES, LIABILITIES, COSTS, OR BREACH OF THIS AGREEMENT TO THE EXTENT CUSTOMER FAILS TO: (1) EXERCISE REASONABLE CARE; (2) COMPLY WITH ITS OBLIGATIONS UNDER THIS AGREEMENT; OR (3) FOLLOW THE INSTRUCTIONS OR RECOMMENDATIONS OF RELIAQUEST, IN CONNECTION WITH SUCH CLAIM. THIS AGREEMENT EXPRESSLY EXCLUDES LIABILITY TO CUSTOMER’S AFFILIATES, SERVICE PROVIDERS, CUSTOMERS, AND OTHER THIRD PARTIES RELATED OR CONNECTED TO CUSTOMER. CUSTOMER WILL NOT BRING A LEGAL ACTION AGAINST RELIAQUEST MORE THAN TWELVE (12) MONTHS AFTER THE CAUSE OF ACTION AROSE UNLESS APPLICABLE LAW PROHIBITS THIS CONTRACTUAL LIMITATION.
12. Compliance with Laws.
Each party agrees to comply with all applicable U.S. federal, state, local, and non-U.S. laws directly applicable to such party in the performance of this Agreement, including applicable export and import, anti-corruption, and employment laws. Customer acknowledges and agrees the ReliaQuest Platform shall not be used, transferred, or otherwise exported or re-exported to jurisdictions against which the United States and/or the European Union maintains an embargo or comprehensive sanctions (each, an “Embargoed Country”), or to or by a national or resident thereof, or any person or entity subject to individual prohibitions (e.g., persons or entities listed on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders) (each, a “Designated National”), without first obtaining all required authorizations from the U.S. government and any other applicable government. Customer represents and warrants that Customer is not located in, or is under the control of, or a national or resident of, an Embargoed Country or Designated National. ReliaQuest represents and warrants that ReliaQuest is not located in, or is under the control of, or a national or resident of, an Embargoed Country or Designated National.
13. Term and Termination.
a. Term. This Agreement will commence upon the Effective Date and shall continue for as long as the Order(s) to which this Agreement relates remains in effect.
b. Termination Rights. Either party may terminate an Order by written notice to the other party in the event of the other party’s material breach of this Agreement that is not cured within sixty (60) days after receipt of written notice. The written notice must include a detailed explanation that specifically identifies the performance issue or breach in question. Non-payment by Customer shall be considered a material breach of this Agreement, and if such breach is not cured by Customer within ten (10) days after Customer’s receipt of written notice of such breach, ReliaQuest may terminate this Agreement and any Order (in whole or part). In addition, ReliaQuest may immediately terminate this Agreement and any Order (in whole or in part) by providing written notice to Customer (a) if Customer materially breaches Sections 1, 3 or 4 of this Agreement or (b) as otherwise stated in this Agreement. ReliaQuest may also terminate Customer’s license to Beta Programs, at any time with or without cause after providing notice to Customer. For the avoidance of doubt, termination of a particular Order shall not affect the term of any other Order.
c. Effect of Termination.
i. Post-Termination License. Upon termination or expiration of the Order Term, subject to Customer’s compliance with this Agreement, ReliaQuest hereby grants to Customer, a non-exclusive, non-transferable, worldwide, non-sublicensable subscription license to access, use, modify, enhance, copy, or remove any Reporting or Security Tool Content provided by ReliaQuest solely for Internal Use.
ii. Agreement. Upon any expiration or termination of this Agreement, except as expressly provided otherwise in this Agreement, the associated rights and licenses granted to Customer will automatically terminate, and Customer agrees to immediately (a) cease using the ReliaQuest Platform, (b) return or destroy all copies of the ReliaQuest Platform, any Third-Party Software Products (if any), and other ReliaQuest’s Confidential Information in Customer’s possession or control, and (c) certify in writing the completion of the return or destruction in accordance with Section 8.d of this Agreement.
iii. Refunds. Termination of this Agreement or a license granted hereunder shall not relieve Customer of its obligation to pay all fees that have accrued, have been paid, or have become payable by Customer under an Order. Customer will be entitled to a pro-rata refund of any pre-paid amounts under the applicable Order attributable to the post-termination timeframe.
d. Survival. In addition to any other right or obligation that by its nature is intended to survive any termination or expiration, the following Sections shall survive any termination or expiration of this Agreement: (i) Section 3 (Ownership of Services and ReliaQuest Platform); (ii) Section 5 (Subscription Fees); (iii) Section 6 (Service Metrics); (iv) Section 8 (Confidentiality); (v) Section 9 (Warranties & Disclaimer); (vi) Section 10 (Indemnification); (vii) Section 11 (Limitation of Liability); (viii) Sections 13.c., 13.d. and 13.e. (Term and Termination); (x) Section 15 (General); and (xi) Section 16 (Definitions).
e. Suspension. ReliaQuest may suspend Customer’s access to, or use of, the ReliaQuest Platform if: (i) ReliaQuest reasonably believes that there is a significant threat to the security, integrity, functionality, or availability of the ReliaQuest Platform or any components, content, data, or applications in the ReliaQuest Platform; (ii) Customer is in material breach of the license granted in Section 1, 3 or 4 of this Agreement; or (iii) Customer fails to pay ReliaQuest any undisputed fees when due; provided, however, ReliaQuest will use commercially reasonable efforts under the circumstances to provide Customer with notice and, if applicable, an opportunity to remedy such violation prior to any such suspension.
14. Service Tools; Beta Testing Program.
a. Service Tools. ReliaQuest may use, or provide limited access for Customer to use, Service Tools, in whole or in part, at ReliaQuest’s sole discretion and subject to additional terms not otherwise set forth herein. Service Tools are provided to Customer “AS IS” and without warranty of any kind from ReliaQuest to Customer and may have limited or reduced functionality or features. ReliaQuest may revise, improve, diminish, or eliminate the functionality or features of Service Tools at any time and, unless otherwise stated in an Order, ReliaQuest shall have no obligation to develop, maintain, repair, productize, update, or support any Service Tools.
b. Beta Testing Program. ReliaQuest may make available to Customer certain products, versions, capabilities, components, features or software that are for evaluation or are not yet generally available, including such items that are labeled or identified as “preview”, “pre-release” or “beta” (collectively, “Beta Program”). Customer may access and use the Beta Program in accordance with the Beta Terms. In the event of any conflict between this Agreement, an Order, and the Beta Terms, the Beta Terms shall govern and control solely with respect to the Beta Program. Customer may participate in the Beta Program through an executed Order or as separately agreed in writing (email being sufficient for such purposes).
a. Force Majeure. Neither party shall be liable for, nor shall either party be considered in breach of this Agreement due to, any failure to perform its obligations under this Agreement (other than its payment obligations) as a result of a cause beyond its control, including acts of God, nature or a public enemy, acts of any military, civil or regulatory entity, terrorism or other third party criminal actions, change in any law or regulation, fire, flood, earthquake, pandemic, global health emergency, epidemic, quarantine restrictions and/or actual or anticipated public health crisis, storm or other like event, disruption or outage of communications (including an upstream server block and Internet or other networked environment disruption or outage), power or other utility, labor problem, or any other cause, whether similar or dissimilar to any of the foregoing. The party experiencing a force majeure event shall use commercially reasonable efforts to provide notice of such to the other party.
b. Assignment. Neither party may assign this Agreement without the prior written consent of the other party, except (i) to an Affiliate in connection with a corporate reorganization or (ii) in connection with a merger, acquisition, or in connection with a sale of all or substantially all of its business and/or assets. Any assignment in violation of this Section shall be void. Subject to the foregoing, all rights and obligations of the parties under this Agreement shall be binding upon and inure to the benefit of and be enforceable by and against the successors and permitted assigns.
c. Governing Law; Venue. This Agreement shall be construed in accordance with and governed for all purposes by the laws of the State of Delaware (for customers located in North America), or England & Wales (for customers located outside of North America), each excluding its respective choice of law provisions. Each party consents and submits to the jurisdiction and forum of the state and federal courts in the State of Delaware (for customers located in the United States) or London, England (for customers located outside the United States) for all questions and controversies arising out of this Agreement and waives all objections to venue and personal jurisdiction in these forums for such disputes. The Uniform Computer Information Transactions Act and the United Nations Convention on the International Sale of Goods shall not apply to this Agreement or the transactions contemplated hereunder. Notwithstanding the foregoing, each party reserves the right to file a suit or action in any court of competent jurisdiction as such party deems necessary to protect its Intellectual Property Rights and, in ReliaQuest’s case, to recoup any payments due. Customer’s location for the purpose of this Section 15.c is determined based on the Customer address specified in the Order.
d. Entire Agreement. This Agreement forms the entire agreement between ReliaQuest and Customer regarding the subject matter herein and supersedes and replaces any previous or contemporaneous communications, representations, or agreements, or Customer’s additional or inconsistent terms, whether oral or written. Any Order through an Authorized Reseller is subject to, and ReliaQuest’s obligations and liabilities to Customer are governed by, this Agreement. By accepting this Agreement or any subsequent Order under this Agreement, Customer, on behalf of itself, its Affiliates, and other related persons, expressly waives and releases ReliaQuest from any and all legal and equitable claims, demands, actions, and other obligations arising out of or relating to any prior agreements entered into between ReliaQuest and Customer or its Affiliates dated or effective before this Agreement or any subsequent Order under this Agreement.
e. Affiliates. Any Affiliate purchasing hereunder, or using or accessing any offering hereunder, or benefitting from the Customer’s use thereof, will be bound by and comply with all terms and conditions of this Agreement. The Customer accepting this Agreement will remain responsible for Customer’s Affiliates’ acts and omissions unless Customer’s Affiliate has entered into its own agreement with ReliaQuest with respect to the subject matter herein.
f. Enforceability of Limitations. THE TERMS OF THIS AGREEMENT THAT LIMIT, DISCLAIM, OR EXCLUDE WARRANTIES, REMEDIES, OR DAMAGES ARE INTENDED BY THE PARTIES TO BE INDEPENDENT AND REMAIN IN EFFECT DESPITE THE FAILURE OR UNENFORCEABILITY OF ANY OTHER PROVISION OF THIS AGREEMENT. THE PARTIES HAVE RELIED ON THE LIMITATIONS AND EXCLUSIONS SET FORTH IN THIS AGREEMENT IN DETERMINING WHETHER TO ENTER INTO IT.
g. Waiver and Severability. Neither party’s failure to exercise, or delay in exercising, any of its rights under this Agreement will constitute or be deemed a waiver or forfeiture of those rights. If any provision of this Agreement is held to be illegal, invalid, or unenforceable, the provision will be enforced to the maximum extent permissible so as to affect the intent of the parties, and the remaining provisions of this Agreement will remain in full force and effect.
h. Amendment. ReliaQuest may change the terms and conditions of this Agreement from time to time for business purposes and to comply with changes in applicable law. In the event of any substantive or material changes, ReliaQuest shall communicate these changes to you by posting the updated Agreement on ReliaQuest’s website, by email, or by other methods. Your continued use of, or access to, the ReliaQuest Platform following such changes to this Agreement constitutes your acceptance of the Agreement and your agreement to follow and be bound by the updated Agreement. Changes in any other form other than a signed written amendment by authorized representatives of each party are void, including any handwritten interlineations to this Agreement that are not duly executed. Any conflicting or additional terms and conditions on or accompanying any purchase order or other communication from Customer are void and Customer shall not seek or attempt to: (i) modify; (ii) contradict; (iii) negate; or (iv) add to, any term or condition contained in this Agreement. ReliaQuest’s failure to object to provisions contained in any purchase order or other communication from Customer will not be construed as a waiver of this Section 15.h. ReliaQuest expressly rejects any terms and conditions in Customer’s purchase order that differ from or are in addition to those in this Agreement or the Order. Any different or additional terms and conditions will not become a part of the agreement between the parties notwithstanding any subsequent acknowledgement, invoice, or license that ReliaQuest may issue.
i. Interpretation. Headings in this Agreement are for convenience only and do not affect the meaning or interpretation of this Agreement. This Agreement will not be construed either in favor of or against one party or the other, but rather in accordance with its fair meaning. When the term “including” is used in this Agreement it will be construed in each case to mean “including, but not limited to.”
j. Order of Precedence. In the event of a conflict, the terms of this Agreement shall prevail over any conflicting terms in an Order, unless such Order expressly references the section of this Agreement that it is intended to override.
k. Relationship of the Parties; No Third-Party Rights. Each party is an independent contractor in the performance of this Agreement. Neither party is, nor will claim to be, a legal representative, partner, franchisee, agent, or employee of the other, unless explicitly provided otherwise in this Agreement. Personnel of each party and their Affiliates will not be deemed employees or agents of the other party. No provision in this Agreement is intended or shall create any rights with respect to the subject matter of this Agreement in any third party.
l. Publicity. Without the prior written consent of the other party or unless as otherwise provided in this Agreement, neither party will: (i) publicly use the name, logo or other identifying marks of the other party, or (ii) issue or permit the issuance of any press release or other public statement regarding this Agreement or the parties’ relationship.
m. Subcontracting. ReliaQuest shall be entitled to subcontract the performance of any component of the ReliaQuest Platform, or any part of it, to subcontractors selected by ReliaQuest so long as ReliaQuest remains liable to Customer for the performance of the ReliaQuest Platform as specified in the applicable Order.
n. Counterparts. This Agreement may be executed in counterparts, each of which will be deemed to be an original, but all of which together will be deemed to be one and the same instrument. This Agreement may be executed and delivered by PDF (portable document format) or by means of other electronic signature and delivery. PDF or other electronic signatures will be deemed to be valid and original. For the purposes of this Agreement, “written” or “writing” includes any electronic record or mode of communication that accurately preserves its information and is capable of being reproduced in tangible form, such as an electronically reproduced facsimile document, and “electronic signature” means any electronic sound, symbol, or process attached to or logically associated with a record and executed and adopted by a party with the intent to sign such record. Neither ReliaQuest nor Customer may contest the validity or enforceability of a PDF or electronic document on the grounds that it fails to comply with the Statute of Frauds or similar laws requiring that contracts be in writing.
o. Notices. All legal notices will be given in writing to the addresses in the Order and will be effective: (i) when personally delivered, (ii) on the reported delivery date if sent by a recognized international or overnight courier, or (iii) five (5) business days after being sent by registered or certified mail (or ten days for international mail). For clarity, Orders, purchase orders, confirmations, invoices, and other documents relating to order processing and payment are not legal notices and may be delivered electronically in accordance with each party’s standard ordering procedures.
p. Insurance. ReliaQuest will maintain, at its sole cost and expense, during the Order Term and for at least one (1) year thereafter, the following insurance coverage:
(i) a commercial general liability insurance policy with limits for bodily injury, property damage and products liability/completed operations coverage of not less than $1,000,000 per occurrence, with an aggregate limit of not less than $2,000,000, such policy to include contractual liability and contain no exclusion related to ReliaQuest’s compliance status with mandatory or voluntary safety standards of the United States of America;
(ii) an automobile liability insurance policy with limits not less than $1,000,000 combined single limit;
(iii) workers’ compensation insurance, including coverage for occupational disease, in the benefit amounts required by applicable law, and employer’s liability insurance, with a limit of liability not less than $1,000,000 per accident, each of which includes coverage for temporary and contingent workers;
(iv) professional liability errors and omissions insurance with limits not less than $1,000,000 per occurrence and an aggregate limit of not less than $3,000,000; and
(v) privacy/network security (cyber) liability coverage with limits of not less than $3,000,000 per occurrence/annual aggregate.
All insurance will be maintained with insurance companies authorized by law to conduct business in the United States of America and Canada with the financial rating of at least A-VII status, as rated in the most recent edition of A.M. Best’s Insurance Reports. Upon written request, ReliaQuest will provide to Customer a certificate of insurance or similar binder for each policy evidencing compliance with this section. Should any of the above policies be canceled before the expiration date thereof, notice will be delivered in accordance with the applicable policy provisions.
Unless otherwise indicated in this Agreement, the following terms, when capitalized, shall have the following meaning:
“Add-On Products” means the component, extension, or other offering listed on the Product Schedule, which shall control in the event of any conflict or inconsistency with this Agreement. Customer may purchase Add-On Products in its Order in connection with its purchase of the ReliaQuest Platform.
“Affiliate” means any entity that a party directly or indirectly controls or is controlled by, or with which it is under common control.
“Agreement” means this Platform and Support Agreement together with its exhibits and all Orders.
“Authorized Reseller” means a reseller expressly authorized in writing by ReliaQuest to resell the ReliaQuest Platform and any Third-Party Software Products. For the purposes of this Agreement, an “Authorized Reseller” may also include a third-party electronic marketplace through which ReliaQuest has authorized the resale of the ReliaQuest Platform and any Third-Party Software Products.
“Authorized Use” means ReliaQuest identifying and/or describing Customer as a ReliaQuest customer on any of ReliaQuest’s websites, client lists, press releases, and other marketing materials, unless Customer instructs ReliaQuest to discontinue such use.
“Beta Terms” means the terms and conditions located at www.reliaquest.com/beta-terms.
“Confidential Information” means: (1) with respect to Customer, all Customer Log Data; (2) with respect to ReliaQuest, any information received from a third party that is relevant to ReliaQuest’s performance of its obligation under an Order; or (3) any nonpublic information provided or made available to a party by the other party, that is: (i) identified as confidential by the Discloser at the time of disclosure, or (ii) of a nature that would reasonably be considered to be confidential whether or not marked as confidential. ReliaQuest pricing and the terms of an Order are also considered Confidential Information of ReliaQuest. Confidential Information includes copies, summaries, and other derivatives of Confidential Information. Unless otherwise agreed to by the parties in writing, the use by ReliaQuest of its Confidential Information to perform Ongoing Enablement or to support any portion of any ReliaQuest Materials shall not itself become a ReliaQuest Material.
“Customer Data” means all Customer Operational Data and Customer Records.
“Customer Operational Data” means Log Data and relevant meta data from Customer reported and suspected malicious emails, if any, that are held or retained by ReliaQuest on ReliaQuest Systems.
“Customer Records” means all records, reports, emails, or other information directly related to Customer and held, or retained by ReliaQuest on ReliaQuest Systems, excluding any such information contained in the ReliaQuest Platform and any ReliaQuest’s Confidential Information.
“Customer Vendor” means any individual or entity (other than a ReliaQuest Competitor) that: (i) has access or use of the ReliaQuest Platform solely on behalf of and for Internal Use, (ii) has an agreement to provide Customer (or its Affiliates) services, and (iii) is subject to confidentiality obligations covering ReliaQuest’s Confidential Information (including the ReliaQuest Platform) at least as stringent as the obligations of confidentiality under this Agreement.
“Data Processing Addendum” means that certain data processing addendum available at www.reliaquest.com/data-processing-addendum and incorporated by reference herein if and to the extent provided in Section 6.a.
“Delivery” means the date of ReliaQuest’s initial delivery of the account or log-in information for GreyMatter or otherwise making GreyMatter available for download, access, or use by Customer.
“Disabled Functionality” means certain functionality or materials (including programs, modules or components, functionality, features, documentation, content, or other materials) that may be contained in or provided with the ReliaQuest Products that are disabled or hidden, because Customer either: (a) does not have the relevant license or approval from ReliaQuest to use such functionality of the ReliaQuest Products, or (b) has not paid the applicable fees for such functionality or materials.
“Excluded Data” means data or information consisting of, subject to or concerning (i) the import or export of controlled data, articles, or services under the Arms Export Control Act or similar laws; (ii) payment or financial records (including credit cards, debit cards, and bank account information) or related data under the Gramm-Leach-Bliley Act or similar laws or the Payment Card Industry Data Security Standards; (iii) protected health information under the Health Insurance Portability and Accountability Act or similar laws, including genetic and biometric information; (iv) unique government identifiers, including social security numbers, tax filing numbers, passport numbers, driver’s license numbers, or similar identifiers; (v) consumer or educational information or unencrypted, deanonymized, or non-obfuscated personal data; or (vi) sensitive or special categories of personal data, as described under applicable law. For the purposes of this definition, a reference to a particular law or industry standard includes subsequent amendments or restatements of that law or industry standard, administrative regulations or regulatory guidance implementing that law or industry standard, and, to the extent applicable, foreign laws or industry standards governing the same specific subject matter of that law or industry standard.
“Feedback” means suggestions, ideas, feature requests, and recommendations by Customer relating to the ReliaQuest Platform or other elements of ReliaQuest’s business.
“GreyMatter” means the security operations platform developed by ReliaQuest and consisting of GreyMatter Automate, GreyMatter Detect, GreyMatter Health, GreyMatter Intel, and GreyMatter Investigate capabilities, as further described on the Product Schedule, including the Mobile Application, any application programming interfaces (or successor or functionally comparable connector technologies), derivatives, enhancements, or developments.
“Intellectual Property Rights” means all patent, copyright, trademark, and trade secret rights and other similar intellectual property and proprietary rights, whether registered or unregistered.
“Internal Use” means access or use solely for Customer’s and its Affiliates’ own business operations on Customer’s systems, networks and devices with Customer’s data. “Internal Use” is limited to access and use by Customer, its Affiliates, and Customer Vendors, solely on Customer’s behalf and for Customer’s benefit. “Internal Use” does not include access or use: (i) for the benefit of any person or entity other than Customer or its Affiliates, (ii) for any commercial purpose in which Customer generates financial gain through the use or exploitation of the services or technology provided by ReliaQuest; or (iii) for the development of any product or service by Customer, its Affiliates, or any Customer Vendors.
“Log Data” means log entries and log data generated from Customer’s in-scope applications, tools, and systems.
“Ongoing Enablement” means, collectively, any GreyMatter related activities as identified in an Order, and may include implementation, incident response, engineering, Security Tool Content creation, on-going enablement, and other cyber-security investigation and forensic services.
“Order Term” means the period of time set forth in the applicable Order during which Customer is authorized by ReliaQuest to access and use GreyMatter and any related services, including Ongoing Enablement.
“Order” means a mutually agreed and executed written ordering document describing the Third-Party Software Products, ReliaQuest Products licensed to Customer, and the related Ongoing Enablement to be performed by ReliaQuest for Customer, including identification of the applicable Order Term and fees related thereto. For the purposes of this Agreement, an “Order” may take the form of: (i) a separate GreyMatter order form to cover the licensing of Third-Party Software Products, ReliaQuest Products, and any Ongoing Enablement incorporating the terms or referencing this Agreement; (ii) a Statement of Work or SOW incorporating the terms or referencing this Agreement; or (iii) an amendment to an existing agreement between Customer and ReliaQuest (including a no-cost addendum or other similar document) incorporating the terms or referencing this Agreement. To the extent an ordering document issued to Customer by an Authorized Reseller includes products or services other than the ReliaQuest Platform and any Third-Party Software Products, the “Order” only consists of the portions of the ordering document covering the ReliaQuest Platform and any Third-Party Software Products. “Product Schedule” means the ReliaQuest Product specification schedule available at www.reliaquest.com/greymatter-product-schedule/.
“ReliaQuest Competitor” means a person or entity in the business of developing, distributing, or commercializing cyber security products or services substantially similar to or competitive with ReliaQuest’s products or services.
“ReliaQuest Materials” means any Security Tool Content, Reporting, or Service Tools provided to Customer or used by ReliaQuest pursuant to an Order.
“ReliaQuest Platform” means, collectively: (i) ReliaQuest Products; (ii) Ongoing Enablement; and (iii) all updates, enhancements, and modifications to the foregoing.
“ReliaQuest Products” means, collectively: (i) GreyMatter, (ii) Add-On Products, and (iii) ReliaQuest Materials.
“Reporting” means any tangible and intangible reports provided by ReliaQuest to Customer with respect to GreyMatter or the Ongoing Enablement provided by ReliaQuest, including any reports provided by ReliaQuest utilizing ReliaQuest’s proprietary model index reporting capabilities.
“Security Tool Content” means the methodology, design, logic, and construction (including all code and scripts) of rules created by ReliaQuest and designed to detect, correlate, and flag actionable activity in any security information and event management software, end point detection and response software, or other software application or security tool software during the Order Term, including any improvements, modifications, changes, or enhancements made thereto.
“Service Tool” means any ReliaQuest developed software program, application, or script that is used by ReliaQuest to perform the Ongoing Enablement.
“Specifications” means the applicable description of the offering found or referenced in an Order.
“Statement of Work” or “SOW” means a mutually agreed executed written document describing the Third-Party Software Products, ReliaQuest Products licensed to Customer, and the related Ongoing Enablement to be performed by ReliaQuest for Customer, including identification of the applicable Order Term and fees related thereto. To the extent a statement of work issued by an Authorized Reseller includes products or services other than the ReliaQuest Platform and any Third-Party Software Products, the SOW only consists of the portions of the statement of work covering the ReliaQuest Platform and any Third-Party Software Products.
“Third-Party Software Product” or “Third Party Software Product” means an independent third-party software program that is manufactured or developed by an original equipment manufacturer, third-party licensor, or similar entity and is generally available from ReliaQuest for access or resale, including any updates to such software program. Third-Party Software Product may (i) consist of support services, professional service credits, training programs or materials, or other offerings made available by the applicable manufacturer, licensor or similar entity in connection with such Third-Party Software Product and (ii) include ReliaQuest operating, managing and/or subscribing to a third-party software on Customer’s behalf. For the avoidance of doubt, “Third-Party Software Product” does not include the ReliaQuest Platform or any software developed by ReliaQuest.
Data Security Schedule
This Data Security Schedule applies to the collection, processing, use, storage, disclosure, destruction, and transmittal by ReliaQuest of all Customer Operational Data using ReliaQuest Systems in connection with the Agreement (individually and collectively, “Data Processing”).
1.1 “Data Security Breach” means an instance in which ReliaQuest’s intentional or gross negligent acts or omissions result in: (i) any loss or unauthorized access, acquisition, theft, destruction, disclosure or use of Customer Operational Data from ReliaQuest Systems; (ii) the security of the ReliaQuest Systems being materially compromised resulting in exposure of Customer Operational Data; or (iii) ReliaQuest otherwise directly compromising the security, confidentiality, or integrity of Customer Operational Data on ReliaQuest Systems.
1.2 “Security Event” means any incident, occurrence or circumstance that results in a Data Security Breach.
1.3 “ReliaQuest Systems” means the networks, systems, software, equipment, and premises controlled by ReliaQuest to provide the services under the Agreement or otherwise for Data Processing.
2. Data Security:
ReliaQuest will make reasonable efforts to materially comply with all applicable laws and regulations in connection with its Data Processing of Customer Operational Data. ReliaQuest will implement and maintain reasonable physical, technical, and organizational measures and safeguards that are intended to protect the security and confidentiality of Customer Operational Data against unlawful or accidental access to, or unauthorized processing, disclosure, destruction, damage, or loss of Customer Operational Data. Without limiting the generality of the foregoing, where appropriate, ReliaQuest will implement or use commercially appropriate network management and maintenance applications and tools, fraud prevention and intrusion detection systems, and encryption technologies.
3. Third-Party Security Assessments
ReliaQuest will have a SOC 2 Type 2 attestation conducted on an annual basis and will maintain a certification of Information Security and Information Technology controls pursuant to the ISO/IEC 27001:2013 Certification Standard (or successor standard). ReliaQuest will promptly seek to address any exceptions noted in the resulting reports. Customer has the right to request a SOC 2 report and ISO/IEC 27001 certificate at any time during the term of the Agreement.
ReliaQuest will ensure that all Customer Operational Data once received by ReliaQuest in accordance with the Agreement will be encrypted at rest (e.g., AES 256) and while in transit using a secure transfer method (e.g., SFTP, TLS).
5. Return or Destruction:
Upon the written request of Customer after the termination or expiration of the Agreement, ReliaQuest will render unreadable or return to Customer, or any third party designated by Customer, within one hundred eighty (180) days, all Customer Operational Data in ReliaQuest Systems, without charge to Customer. For electronic media, “render unreadable” may include, among others, degaussing or using a FIPS compliant military-grade wipe program, and for hard-copy material “render unreadable” may include, among others, cross-cut shredding or incineration consistent with ISO 9564-1 or ISO 11568-3e.
6. Data Security Breaches and Security Events:
6.1 Notice: If ReliaQuest discovers and has conclusive knowledge of a Data Security Breach or Security Event, ReliaQuest will provide prompt notice to Customer, which in no case will be more than five (5) business days thereafter. ReliaQuest will provide Customer with the name and contact information for a primary security contact that will be available to assist Customer in resolving obligations associated with any Data Security Breach or Security Event.
6.2 Investigation, Remediation, Mitigation: ReliaQuest, at its own expense, will investigate, remediate and mitigate the effects of a Data Security Breach or Security Event and, upon request or at reasonable junctures, report to Customer all relevant information, details and findings regarding such activities. In the event of a Data Security Breach, ReliaQuest shall reasonably cooperate with Customer and Customer’s representatives to provide reasonable assistance to Customer in its efforts to help mitigate the effect of such Data Security Breach.
6.3 Notifications: In the event of a Data Security Breach or Security Event, ReliaQuest will not notify authorities or media unless: (i) explicit, written permission has been provided by Customer; or (ii) ReliaQuest is otherwise required by law to notify authorities, provided ReliaQuest makes commercially reasonable attempts to notify Customer in advance of making any such required notification unless not permitted by applicable law. To the extent Customer is required to provide notice of any kind to the authorities or media, Customer shall not under any circumstances identify ReliaQuest in such notice or announcement, unless as required to comply with applicable law.
Background Screening Requirements
If permitted by applicable law, ReliaQuest shall perform reasonable background and drug screening on the ReliaQuest employees that materially participate in Ongoing Enablement activities under an Order. ReliaQuest shall use a reputable vendor for the performance of such verification and testing. Specifically, ReliaQuest shall ensure that, in accordance with applicable law, and unless as otherwise prohibited by applicable law:
(i) such individual has been required to take the legally permitted equivalent of a 10-panel drug screening test for those controlled substances as dictated by ReliaQuest and the results of the test were negative prior to any access of Customer premises or systems;
(ii) a national, regional, or other jurisdictionally appropriate criminal background check, subject to the extent permitted by local law, was performed on such individual and the check revealed, over the prior seven (7) years from the date of the background check, no (a) convictions for felonies, (b) misdemeanor convictions related to financial crimes or offenses, or (c) other information which would reasonably indicate that the individual is a danger to Customer, its customers, or any of their property; and
(iii) an identity verification against a government database, e.g. national insurance or social security number equivalent verification or driver’s license check has occurred (where applicable).
Third-Party Software Products
If any Third-Party Software Products are included in an Order, then the terms in this Exhibit C govern ReliaQuest’s resale, and Customer’s access to and use of, such Third-Party Software Products, in addition to any other applicable terms identified in the Agreement or the Order.
1.1 Resale of Third-Party Software Products. Any Third-Party Software Products that are resold to Customer under an Order resulting in a transfer of the underlying licenses to Customer are provided subject to the terms and conditions of the third-party license agreements (which shall be provided or referenced in such applicable Order) that are applicable to, or incorporated into, such Third-Party Software Products. To the extent Customer accesses or uses any Third-Party Software Products shown in an Order that are being held or used by ReliaQuest on Customer’s behalf during the Order Term, any such access or use is provided subject to this Agreement and the terms and conditions of any third-party license agreements applicable to, or incorporated into, such Third-Party Software Products. ReliaQuest shall provide copies of the applicable third-party licensing terms to Customer upon written request at the time of access or use by Customer. ReliaQuest shall attach or include any specific third-party licensing terms to an Order when applicable.
1.2 Ownership of Third-Party Software Products. Third-Party Software Products are licensed to Customer by ReliaQuest subject to the terms and conditions of any third-party software manufacturer or developer license agreement applicable to the Third-Party Software Product. As the Third-Party Software Products are created, developed, and provided by a third party, ReliaQuest can only provide such license rights as permitted by the third party. Third-Party Software Products provided under any open source licensing model are governed solely by such open source licensing terms, which prevail over this Agreement. ReliaQuest and its third-party suppliers, as applicable, shall retain exclusive ownership of all Third-Party Software Products and retain all Intellectual Property Rights, title, and interest therein. Third-Party Software Products are licensed to Customer, and Customer will not attempt to decompile, reverse engineer, or otherwise recreate the source code of a Third-Party Software Product.
1.3 Information and Access. To the extent required by an applicable original equipment manufacturer, third-party licensor, or similar entity, Customer agrees that ReliaQuest may maintain and disclose usage data, system tools output, and audit records reasonably necessary for the relevant manufacturer, licensor, or similar type entity to verify Customer’s compliance with this Agreement and the terms and conditions governing the applicable Third-Party Software Product. If an Order includes Third-Party Software Products intended for on-premises use, then Customer agrees that ReliaQuest may access Customer’s premises as reasonably necessary for the relevant manufacturer, licensor, or similar type entity to verify Customer’s compliance with this Agreement and the terms and conditions governing the applicable Third-Party Software Product.
2.1 Any Third-Party Software Products provided to Customer as part of an Order are provided “AS IS” without warranty regarding the performance or functionality of the Third-Party Software Products, regardless of whether the licenses, subscriptions or other entitlements to the Third-Party Software Products are held by Customer or by ReliaQuest on Customer’s behalf. Any Ongoing Enablement activities provided by ReliaQuest in connection with the management of the Third-Party Software Products on Customer’s behalf are considered a part of the Ongoing Enablement and shall be subject to the Ongoing Enablement warranty set forth in Section 9 (Warranties & Disclaimer) of the Agreement. To the extent Customer access or uses the Third-Party Software Products, all such access and use shall be in compliance with any end user terms applicable to such Third-Party Software Products. For Third-Party Software Products, warranties and statements of limited warranty, if any, given by the applicable original equipment manufacturer, third-party licensor, or similar entity may be expressed in a separate agreement between such manufacturer, licensor, or similar entity and Customer. To the extent permitted by the original equipment manufacturer, third-party licensor, or similar entity, ReliaQuest will make reasonable efforts to pass through to Customer any available warranties that are not provided directly to Customer.
2.2 RELIAQUEST MAKES NO AND EXPRESSLY DISCLAIMS ALL EXPRESS, IMPLIED, OR STATUTORY INDEMNITIES, REPRESENTATIONS, AND WARRANTIES WITH RESPECT TO THE THIRD-PARTY SOFTWARE PRODUCTS, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, WORKMANLIKE QUALITY, AND NON-INFRINGEMENT. RELIAQUEST’S (AND ANY ORIGINAL EQUIPMENT MANUFACTURER’S, THIRD-PARTY LICENSOR’S, OR SIMILAR ENTITY’S) ENTIRE LIABILITY WITH RESPECT TO ALL THIRD-PARTY SOFTWARE PRODUCTS SHALL BE LIMITED AS SET FORTH IN SECTION 11 (LIMITATION OF LIABILITY) OF THE AGREEMENT.
If an alleged material breach of the Agreement as described in Section 13.b. of the Agreement is caused by, or arises from, a performance issue relating to a Third-Party Software Product included in an Order, then Customer’s termination rights for such material breach with respect to such Order shall strictly apply to terminating the portions of the Order that relate to the Third-Party Software Product, and Customer shall not be permitted to terminate any other portion(s) of such Order as it relates to the ReliaQuest Platform.