MASTER SERVICES AGREEMENT
Last Updated: December 31st, 2022
This Master Services Agreement (“Agreement”) contains the terms for use of the Cyber Security Services, Inc. and is between Cyber Security Services, Inc., a Delaware corporation having a place of business AT 2440 Louisiana Blvd NE Suite 560, Albuquerque, NM 87110 (“Securin”) and the party agreeing to the terms of this Agreement (“CUSTOMER”). By EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, clicking an “Accept” or similar button, or otherwise using the Securin, Inc. Platform and/or Professional Services, CUSTOMER agrees to be bound by the terms of this Agreement. CUSTOMER may not ACCESS OR use the Securin, Inc. Platform and/or Professional Services without agreeing to this Agreement first. If a written agreement regarding CUSTOMER’S use of the Securin, Inc. Platform and/or Professional Services exists between and has been executed by both Securin, Inc. and CUSTOMER, the terms of that written agreement shall take precedence over this Agreement.
“Affiliate” means, with respect to a party, any entity which directly or indirectly Controls, is Controlled by, or is under common Control with such party.
“Asset” Every physical and virtual object being registered, managed, and discovered by the Platform as measured by overall instances used by Customer, as well as Customer’s subsidiaries and affiliates. Assets include objects on premise (including network devices, applications, databases), in the cloud, IoT, or mobile devices and is typically identified by a unique IP or MAC address, but also includes web application software and databases.
“Confidential Information” has the meaning set forth in Section 10.
“Control” means ownership or control, directly or indirectly, of more than 50% of the voting interests of the subject entity.
“Customer Data” means data, text, files, and the like that Customer inputs and/or loads into the Platform, and output from the foregoing.
“Data Protection Laws and Regulations” means all EU/Swiss applicable legislation with respect to the processing of Personal Data.
“Documentation” means the description of the Platform and Professional Services licensed or purchased by Customer contained in the Platform specification sheet.
“Order” means an order and/or statement of work for the Platform and/or Professional Services signed by Securin or a Reseller.
“Platform” means any Securin cloud solution and software programs (in object code format) and application programming interfaces (“API”) licensed by Securin to Customer (and any other data provided by Securin to Customer through the Platform), together with all Updates, as further described in the Documentation and in an Order.
“Professional Services” means the penetration testing, vulnerability management, compliance, installation, implementation, training, and/or other professional services listed in Section 4 and further identified in an Order.
“Reseller” means a reseller authorized in writing by Securin to provide the Platform and/or Professional Services on Securin’s behalf.
“Support” has the meaning set forth in Section 7.
“Taxes” means any direct or indirect local, state, federal or foreign taxes, levies, duties or similar governmental assessments of any nature, including value-added, sales, use or withholding taxes.
“Term” means the Term applicable to each Securin Product, or if no such term period is defined, twelve (12) months, commencing on the Effective Date.
“Updates” means all Platform updates and enhancements that Securin generally makes available at no additional charge to its customers of the version of the Platform licensed hereunder who are current in payment of applicable fees.
“Users” means Customer’s and its Affiliates’ employees, agents, contractors, and consultants who are authorized by Customer to use the Platform.
2. Terms of the Platform.
Subject to the terms of the Agreement, Securin grants Customer and its Affiliates a non-exclusive, non-transferable (except to a successor in interest as permitted hereunder) license to access, use, install (only for the portions of the Platform that are available for download by Securin). And configure the Platform listed under an Order during the Term. Customer’s right to use the Platform is limited to the tier and other restrictions contained in in an Order and the Documentation.
3. Customer Responsibilities Relating to Use of the Platform.
3.1 As between the parties, Customer is responsible for, (i) all activities conducted under its User logins, and (ii) obtaining and maintaining any Customer Equipment and any ancillary software and/or services needed to connect to, access, install (only for the portions of the Platform that are available for download by Securin), configure, or otherwise use the Platform.
3.2 Customer shall use the Platform solely for its internal business purposes, in compliance with applicable law, and shall not: (a) resell, sublicense, lease, time-share or otherwise make the Platform available to any third party; (b) process, send, or store infringing or unlawful material using the Platform; (c) attempt to gain unauthorized access to, or disrupt the integrity or performance of, the Platform or the data contained therein; (d) modify, copy or create derivative works based on the Platform; (e) do any “mirroring” or “framing” of any part of the Platform, or create Internet links to the Platform which include log-in information, user names, passwords, and/or secure cookies; (f) reverse engineer the Platform; (g) propagate any virus, worms, Trojan horses, or other programming routine intended to damage any system or data; or (h) use the Platform, or permit it to be used, for purposes of product evaluation, benchmarking or other comparative analysis intended for publication without Securin’s prior written consent.
3.3 From time-to-time, Securin may provide certain portions of the Platform as new, beta-only features (“Beta Features”). Beta Features will be identified to Customer in an Order or Platform log-in or landing page, or will otherwise be identified to Customer. Beta Features are provided without any warranties or SLAs and Securin has no liability to Customer for the Beta Features only.
4. Professional Services.
Securin will provide Professional Services if and to the extent stated in an Order that specifically incorporates this Agreement by reference.
5.1 Customer shall retain all ownership rights in and to all Customer Data passing though or generated by the Platform and Customer Confidential Information. Securin and/or its licensors (as applicable) shall have and retain all ownership rights in the Platform and all work developed or created by Securin during the course of providing Support or Professional Services to Customer (if any). Securin hereby grants Customer a royalty-free, fully paid-up, nonexclusive, license to use the foregoing on the same terms and conditions as the Platform.
5.2 Securin shall own any suggestions, enhancement requests, recommendations, or other feedback provided by Customer or its Users under this Agreement.
5.3 No license, right or interest in any Securin or Customer trademark, copyright, trade name or service mark is granted hereunder.
6.1 The Fees for the Platform and the Processional Services are as stated in an Order. Unless otherwise stated in the applicable Order, Fees for the initial Term for the Platform are due and payable in advance and are payable to Securin or Reseller, as applicable. Fees for any renewal Terms are due in accordance with the above, except that they are due on the effective date of the renewal. Fees may be paid by wire (without deduction for any wire fees) or by check to Securin or Reseller using Securin’s or the Reseller’s instructions.
6.2 Upon execution of this Agreement, payment obligations are non-cancelable and, except as expressly provided in this Agreement, upon payment, all payments made by Customer are non-refundable. All undisputed fees due hereunder shall be due and payable within thirty (30) days of receipt of invoice. Any payment not received from Customer by the due date may accrue (except for amounts then under reasonable and good faith dispute) late charges at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid. Failure to make payments in accordance with this Section may result in suspension of the Professional Services and Customer’s ability to access or use the Platform until payment is made. In the event Customer issues purchase orders in its normal course of business, Customer shall provide Securin with a purchase order upon execution of this Agreement, or if Customer does not provide Securin with such purchase order, Customer authorizes Securin to accept this Agreement in lieu of a purchase order.
6.3 Customer is responsible for monitoring Customer’s use of the Platform. If Customer is aware that its use of the Platform is found to be greater than the number of Asset and/or other restrictions licensed hereunder, Customer shall notify Securin or Reseller of such excess use. Securin or Reseller will invoice Customer for the additional Fees for the period commencing on the date of excess use through the remainder of the Term, and the unpaid Fees shall be payable in accordance with Section 6.1.
6.4 Unless otherwise provided, the fees do not include any Taxes. Customer is responsible for paying all Taxes, including, but not limited to sales, use, GST, and VAT taxes, associated with its purchases hereunder, excluding Taxes based on Securin’s or Reseller’s net income or property. If an invoice includes Taxes, Customer is responsible for such Taxes, unless Customer provides a valid tax exemption certificate authorized by the appropriate taxing authority upon execution of this Agreement. Taxes not included on an invoice shall be the responsibility of the Customer to remit to the appropriate tax authorities as necessary.
Securin shall provide Support provided Customer is current on payment of Support fees (if any) and all other Fees. Support shall be provided in accordance with the terms and conditions described in Securin’s technical support policy, a copy of which is attached as Exhibit A.
8.1 Each party represents and warrants that (i) it has the legal power to enter into and perform under this Agreement; and (ii) it shall comply with all other applicable laws in its performance hereunder.
8.2 Securin warrants (i) it will provide the Professional Services in a professional and workmanlike manner consistent with good industry standards and practices; and (ii) that for a period of thirty (30) days after completion, the Professional Services will conform to the representations in Section 4. As Customer’s sole and exclusive remedy and Securin’s entire liability for any breach of the foregoing warranty, Securin will re-perform the Professional Services, or, if Securin is unable to do so, return or request the Reseller to return the fees paid for such deficient Professional Services.
8.3 Securin warrants to Customer that the Platform will substantially conform in all material respects to the Documentation (“Platform Warranty”). The Platform Warranty does not apply when: (a) the Platform that has been modified by any party other than Securin; or (b) the Platform that has been improperly used, configured, and/or installed in a manner other than as authorized under the Agreement to the extent such modification(s) or improper installation cause the Platform to be nonconforming. As Customer’s sole and exclusive remedy and Securin’s entire liability for any breach of the foregoing warranty, Securin will repair or replace any nonconforming Platform so that it operates as warranted or, if Securin is unable to do so, terminate the license for such Platform and return or request the Reseller to return the license fees paid for the nonconforming Platform, pro-rated from the date of termination.
8.4 Securin shall provide its service level agreement as set forth in the Securin SLA attached hereto as Exhibit A.
8.5 EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTIES OF ANY KIND, WHETHER IMPLIED, STATUTORY OR OTHERWISE, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SECURIN DOES NOT WARRANT THE OPERATION OF THE PLATFORM AND RESULTS OF THE PROFESSIONAL SERVICES WILL BE UNINTERRUPTED AND/OR ERROR-FREE.
9. Patent and Copyright Indemnity.
9.1 Securin or its licensors shall defend, indemnify and hold Customer harmless against any loss, damage or costs (including reasonable attorneys’ fees) incurred in connection with claims, demands, suits, or proceedings (“Claims”) made or brought against Customer by a third party alleging that the use of the Platform as contemplated hereunder infringes the U.S. intellectual property rights of such third party, provided that Customer (a) promptly gives written notice of the Claim to Securin; (b) gives Securin or its licensors sole control of the defense and settlement of the Claim (provided that Securin or its licensors may not settle any Claim unless it unconditionally releases Customer of all liability); and (c) provides to Securin or its licensors, at Securin’s cost, all reasonable assistance.
9.2 Securin or its licensors may, at its sole option and expense: (i) procure for Customer the right to continue using the Platform under the terms of this Agreement; (ii) replace or modify the Platform to be non-infringing without material decrease in functionality; or (iii) if the foregoing options are not reasonably practicable, terminate the license for the Platform and refund Customer or request the Reseller to refund the prepaid fees for the remainder of the then-current Term after the date of termination.
9.3 Securin shall have no liability for any Claim to the extent the Claim is based upon (i) the use of the Platform in combination with any other product, service or device not furnished, recommended or approved by Securin in writing, if such Claim would have been avoided by the use of the Platform, without such product, service or device; or (ii) Customer’s use of the Platform other than in accordance with this Agreement.
9.4 The provisions of this Section 9 set forth Securin’s sole and exclusive obligations, and Customer’s sole and exclusive remedies, with respect to infringement or misappropriation of third party intellectual property rights of any kind.
10.1 As used herein, “Confidential Information” means all confidential and proprietary information of a party (“Disclosing Party”) disclosed to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including the terms and conditions of this Agreement (including pricing and other terms reflected under this Agreement), the Platform, Documentation, business and marketing plans, technology and technical information, product designs, and business processes. Confidential Information shall not include any information that: (i) is or becomes generally known to the public without breach of any obligation owed to Disclosing Party; (ii) was known to Receiving Party prior to its disclosure by Disclosing Party without breach of any obligation owed to Disclosing Party; (iii) was independently developed by Receiving Party without breach of any obligation owed to Disclosing Party; or (iv) is received from a third party without breach of any obligation owed to Disclosing Party.
10.2 Receiving Party shall not disclose any Confidential Information of Disclosing Party for any purpose outside the scope of this Agreement, except with Disclosing Party’s prior written consent. Receiving Party shall protect the confidentiality of Disclosing Party’s Confidential Information in the same manner that it protects the confidentiality of its own confidential information of like kind (but in no event using less than reasonable care). Notwithstanding the foregoing, Securin may use, for its business purposes, data generated by the use of the Platform in anonymized format. Receiving Party shall promptly notify Disclosing Party if it becomes aware of any actual or reasonably suspected breach of confidentiality of Disclosing Party’s Confidential Information.
10.3 If Receiving Party is compelled by law to disclose Confidential Information of Disclosing Party, it shall provide Disclosing Party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Disclosing Party’s cost, if Disclosing Party wishes to contest the disclosure.
10.4 Upon any termination of this Agreement, the Receiving Party shall continue to maintain the confidentiality of the Disclosing Party’s Confidential Information as long as it remains confidential and, upon request, return to the Disclosing Party or destroy (at the Disclosing Party’s election) all materials containing such Confidential Information.
10.5 Securin will process all personally identifiable information originating in the EU, the United Kingdom, or Switzerland in accordance with the Data Protection Laws and Regulations.
11. Limitation of Liability.
11.1 EXCEPT (i) FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS; (ii) FOR CUSTOMER’S FAILURE TO PAY ANY FEES DUE UNDER THIS AGREEMENT; (iii) IN THE EVENT OF EITHER PARTY’S UNAUTHORIZED USE, DISTRIBUTION OR DISCLOSURE OF THE OTHER PARTY’S INTELLECTUAL PROPERTY; OR (iv) EITHER PARTY’S MATERIAL BREACH OF SECTION 10 (“CONFIDENTIALITY”), IN NO OTHER EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER FOR ANY LOST PROFITS OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES HOWEVER CAUSED AND, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
11.2 IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, EXCEED THE SUBSCRIPTION FEES PAID TO SECURIN DURING TWELVE MONTHS PRIOR TO WHEN THE CLAIM ACCRUED. IN THE EVENT CUSTOMER HAS LICENSED PLATFORM FOR EVALUATION PURPOSES WHERE NO FEES ARE DUE, THE LIMITATION OF LIABILITY IN THE PREVIOUS SENTENCE SHALL BE $1,000.
12. Term and Termination.
12.1 This Agreement commences on the Effective Date and continues until all licenses granted in accordance with this Agreement have expired or have been terminated.
12.2 A party may terminate this Agreement for cause: (i) upon 30 days written notice to the other party of a material breach of this Agreement if such breach remains uncured at the expiration of such period; (ii) immediately upon written notice if the other party becomes the subject of a bankruptcy, insolvency, receivership, liquidation, assignment for the benefit of creditors or similar proceeding; and (iii) as otherwise provided herein.
12.3 The parties’ rights and obligations under Sections 5, 6, 8.5, 9, 10, 11, 12.3, and 13 shall survive termination of this Agreement.
13.1 The parties are independent contractors, and no partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties is created hereby. There are no third party beneficiaries to this Agreement.
13.2 Notices shall be in writing, sent using a recognized private mail carrier or the United States Postal Service and effective on proof of delivery.
13.3 Each party may include the other’s name and logos in its customer or vendor lists and marketing materials.
13.4 No amendment or waiver of any provision of this Agreement shall be effective unless in writing and signed by Customer and Securin. To the extent of any conflict between this Agreement and any other schedule or attachment, this Agreement shall prevail unless expressly stated otherwise. Notwithstanding any language to the contrary therein, no terms stated in a purchase order or in any other order document (other than a statement of work, or other mutually executed order document expressly incorporated herein) shall be incorporated into this Agreement, and all such terms shall be void. This Agreement, which includes all documents referenced herein, statements of work and attachments hereto, represents the entire agreement of the parties, and supersedes all prior or contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter.
13.5 No failure or delay in exercising any right hereunder shall constitute a waiver of such right. Except as otherwise provided, remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, such provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions shall remain in effect.
13.6 Neither party shall be liable to the other for any delay or failure to perform hereunder (excluding payment obligations) due to a natural disaster, actions or decrees of governmental bodies or communications line failure which (i) hinders, delays or prevents a party in performing any of its obligations, and (ii) is beyond the control of, and without the fault or negligence of, such party, and (iii) by the exercise of reasonable diligence such party is unable to prevent or provide against (“Force Majeure Event).
13.7 Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety, without consent of the other party, to its successor in interest in connection with a merger, reorganization, or sale of all or substantially all assets or equity not involving a direct competitor of the other party. Any attempted assignment in breach of this Section shall be void. This Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns. For clarity, Securin may use subcontractors in the ordinary course of business.
13.8 This Section 13.8 shall apply only if Customer is a federal government entity. Securin provides the Platform, including related technology, for ultimate federal government end use solely in accordance with the following: Government technical data and software rights related to the Platform include only those rights customarily provided to the public as defined in this Agreement. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If greater rights are needed, a mutually acceptable written addendum specifically conveying such rights must be included in this Agreement.
13.9 Each party agrees to comply fully with all applicable regulations of the United States Department of Commerce and with the United States Export Administration Act, as amended from time to time, and with all applicable laws and regulations of other jurisdictions with respect to the importation and use of the Platform.
13.10 This Agreement shall be governed exclusively by the internal laws of the state of New Mexico, without regard to its conflicts of laws rules. The United Nations Convention on Contracts for the International Sale of Goods shall not apply. The parties hereby consent to the exclusive jurisdiction of the state and federal courts located in New Mexico, for resolution of any disputes arising out of this Agreement.
Securin Support and Service Level Agreement
Support Service Levels
Initial Response Time
Severity 1 – Critical
Thirty (30) minutes*
As agreed with Customer
One (1) business day
Severity 2 – High
One (1) hour
Three (3) business days
Severity 3 – Medium
Four (4) hours
Seven (7) business days
Severity 4 – Low
One (1) business day
To be determined based upon problem
* Customer needs to file a ticket with Securin Support and follow ticket submission with an escalation call. Customer personnel will be accessible on a continuous basis to assist with troubleshooting efforts.
** Resolution target includes, but is not limited to work around, temporary configuration change, patch, or hot fix.
The Platform will be operational and available to Customers at least 99.5% of the time in any calendar month. If Securin does not meet the Securin SLA, and if Customer meets its obligations under this Securin SLA, Customer will be eligible to receive the Service Credits described below.
Monthly Uptime Percentage*
< 99.5% and ≥ 95.0%
< 95.0% and ≥ 90.0%
* The Monthly Uptime Percentage measurements exclude downtime resulting from any Predefined Maintenance Period.
Unavailable and Outage is defined as the Platform is non-operational and is defined as a Critical Support Priority. The following conditions are excluded from the outage definition:
- Any issues on the Customer’s network that causes the users not to be able to access the Platform shall not be considered as an outage.
- Any issues caused by factors outside of Securin’s reasonable control, including any force majeure event or Internet access or related problems beyond the demarcation point.
A Service Credit is a dollar credit, calculated as set forth below, for the applicable portion of the Platform. Service Credits are calculated as a percentage of the total monthly Platform charges paid by Customer during the current billing cycle (excluding any one-time payments and any Professional Services fees) for the portion of the Platform that is Unavailable.
- Securin will apply any Service Credits only against future payments otherwise due from the Customer. Service Credits will not entitle the Customer to any refund or other payment from Securin. Service Credits may not be transferred or applied to any other account. The Customer’s sole and exclusive remedy for any unavailability, non-performance, or other failure by Securin is the receipt of a Service Credit (if eligible) in accordance with the terms of this SLA.
- To receive a Service Credit, the Customer must submit a claim by opening a case in Securin Support Center or by emailing support at firstname.lastname@example.org. To be eligible, the credit request must be received by Securin by the end of the second billing cycle after which the incident occurred and must include the following:
- the words “SLA Credit Request” in the subject line;
- the dates and times of each Unavailability incident that Customer are claiming; and
- the Customer request logs that document the errors and corroborate Customer’s claimed outage (any confidential or sensitive information in these logs should be removed or replaced with asterisks).
Any Predefined Maintenance Period is defined as:
- Standard Weekly Maintenance – Every Tuesday evening from 7:00 PM MST/MDT to Wednesday 3:00 AM MST/MDT.
- Quarterly Maintenance – Once per quarter, the standard weekly maintenance may be extended to up to a maximum duration of 24-48 hours. Date and time will be scheduled with no less than 120-hour notice to the Customer.
- Emergency Maintenance – This is a scheduled maintenance to respond to emergency/security-related situations. These will be scheduled with no less than 5-hour advance notice which will be communicated via the platform notice page. Clients may subscribe to automatic notification for planned and unplanned platform services.
- Customer Requested Maintenance – This is a scheduled maintenance to respond to Customer specific requests for any reason. Any downtime required here does not count against the Monthly Uptime Percentage.