Access Technologies, Inc.
Master Services Agreement
Effective November 9, 2021; Version 3
This Master Services Agreement (this “Agreement”) is between Access Technologies, Inc., an Iowa corporation that maintains an office for business at 955 South East Olson Drive, Waukee, Iowa 50263 (“us”, “our”, “we”, “Access Systems” or “Access”), and you, the entity whose name, authorized signatory and contact information appear in the signature block of this Agreement (“you”, “your” or “Client”).
1. SCOPE OF SERVICES; SOW. This Agreement governs all of the services that we provide to you (collectively, the “Services”). The Services will be described in one or more statements of work that we provide to you (each, a “SOW”). Once you and we sign a SOW, the SOW will become a part of, and governed under, the terms of this Agreement. If there is a material difference or conflict between the language in a SOW and the language in this Agreement, then the language of the SOW will control, except in situations involving warranties, limitations of liability or termination of this Agreement. Under those limited circumstances, the terms of this Agreement will control unless the SOW expressly states that it is overriding the conflicting provisions of this Agreement.
2. DEFINITIONS. The terms in this section will have the meanings listed below; other terms may be defined within the context of this Agreement.
-
“Authorized Contact” means that person designated by a party to receive and provide instructions and directions concerning the Services.
-
“Client-Side Downtime” will have the meaning described in Section 9(a)(ii), below.
-
“Confidential Information” will have the meaning described in Section 10(a), below.
-
“Effective Date” means the latest date of the signatures of the parties below.
-
“Hard Costs” will have the meaning described in Section 8(a), below.
-
“Minimum Requirements” means the minimum hardware and software infrastructure that must be supplied and maintained by you at all times in order for Access to provide the Services to you.
-
“Response Time” will have the meaning described in Section 9(a), below.
-
“Startup Exception” will have the meaning described in Section 9(b), below.
-
“System” means, collectively, any computer network, computer system, peripheral or device installed, maintained, monitored or operated by Access pursuant to this Agreement.
-
“System Malfunction” will have the meaning described in Section 8(b)(i), below.
-
“Term” will have the meaning described in Section 8, below.
-
“Third Party Products” will have the meaning described in Section 6(a), below.
-
“Updates” means patches and other software-related maintenance updates that are produced and distributed by the manufacturers of software and/or hardware devices.
-
“Access Equipment” will have the meaning described in Section 8(d), below
3. GENERAL REQUIREMENTS
-
System Architecture. Our fees are based upon the configuration of your System as of the effective date of the SOW. Consequently, if the System configuration changes, then we may adjust the scope of services and/or the fees charged to you under an applicable SOW to accommodate those changes.
-
Requirements. At all times, all software on the System must be genuine and licensed, and you agree to provide us with proof of such licensing upon our request. If we require you to implement certain Minimum Requirements in a SOW, you agree to do so as an ongoing requirement of Access providing its Services to you.
-
Maintenance; Updates.If Updates are provided under a SOW, Access will install Updates only if Access has determined, in its reasonable discretion, that the Updates will be compatible with the particular configuration of the System. Access will not be responsible for any downtime or losses arising from or related to the installation or use of any Update, provided that the Update was installed in accordance with the manufacturer’s or applicable vendor’s instructions.
-
Third Party Support. If, in Access’s discretion, a hardware or software issue requires vendor or OEM support, Access may contact the vendor or OEM (as applicable) on your behalf and pass through to you, without markup, all fees and costs incurred in that process. If such fees or costs are anticipated in advance or exceed $75, Access will obtain your permission before incurring such expenses on your behalf.
-
Insurance. If you are supplied with Access Equipment or Third Party Products, you agree to acquire and maintain, at your sole cost, insurance for the full replacement value of that equipment. You shall name Access as an “Additional Insured” on all general liability insurance coverage and any other liability insurance coverage maintained, or which should be maintained, by you for which an “Additional Insured” endorsement is available, and you shall name Access as a “Loss Payee” under all property insurance coverage. Each policy of insurance required to be maintained by you hereunder shall (i) be written as a primary policy not contributing with any other coverage that Access may carry and (ii) not be canceled or modified without prior notification to Access. Upon Access’s request, you agree to provide proof of insurance to Access, including proof of payment of any applicable premiums or other amounts due thereunder. Client shall require its insurers to waive any and all rights of subrogation against Access. Client hereby waives any and all claims against Access to the extent the claims are covered by Client’s insurance. If Client fails to maintain insurance in accordance with this Section, Access shall have the right to purchase similar insurance and Client agrees to pay all fees and premiums for such policies.
-
Customer Responsibilities. Access’s provision of the Services is dependent on Client fully performing any Client responsibilities identified in this Agreement and the applicable SOW. Without limiting the generality of the foregoing, Client shall (i) be responsible for all of Client’s employees’ and agents’ compliance with the terms and conditions of this Agreement; (ii) respond promptly to any reasonably requests from Access for instructions, information, or approvals required by Access to provide the Services, (iii) cooperate with Access in its performance of the Services and provide access to Client's premises, employees, contractors, documents, records and equipment as required to enable Access to provide the Services, and (iv) take all steps necessary, including obtaining any required licenses or consents, in order for Access to provide the Services. Client represents and warrants that any premises owned, leased or controlled by Client on which Access performs any of the Services shall (i) be in compliance with all applicable laws, rules and regulations, (ii) be safe and non-hazardous, and (iii) not contain, present or expose any Access personnel to unsafe or hazardous materials or conditions.
4. FEES; PAYMENT. You agree to pay all fees and other amounts described in each SOW. If the SOW does not include a fee schedule, then you agree to pay Access on an hourly basis pursuant to Access’s standard hourly rate schedule, which will be provided to you prior to the commencement of Services.
-
Schedule; Payment Options. Unless otherwise stated in a SOW, all undisputed fees will be due and payable in advance of the calendar month in which the Services are to be provided to you. For prepaid fees or fees paid pursuant to a service plan, payment must be made in advance of work performed, unless other arrangements are expressly stated in the SOW. We offer you the ability to make payment in a variety of methods, including check, ACH, or wire payment. We generally do not allow you to pay via credit card or purchasing card, however, if we do accept a credit card or purchasing card payment, you agree to pay our then current surcharge.
-
Nonpayment. Fees that remain unpaid for more than fifteen (15) days after the date on the invoice will be subject to interest on the unpaid amount(s) until and including the date payment is received, at the lower of either 1.5% per month or the maximum allowable rate of interest permitted by applicable law. Access reserves the right, but not the obligation, to suspend part or all of the Services (including, without limitation, disabling any software and/or taking possession of, or rendering unusable, any Access Equipment wherever it may be located) without prior notice to you and without liability to you for any damages occasioned by such action in the event that any portion of undisputed fees are not timely received by Access. All disputes related to fees must be received by us within forty-five (45) days after the applicable Service is rendered or the date on which you receive an invoice, whichever is later; otherwise, you waive your right to dispute the fee thereafter. A re-connect fee may be charged to you in the event that Access suspends the Services due to your nonpayment. Time is of the essence in the performance of all payment obligations by you.
-
Taxes. You will pay when due, either directly or by reimbursing us, all taxes and fees relating to the Services and Access Equipment. If we pay any taxes or other expenses that you owe hereunder, you agree to reimburse us when we request. You hereby grant us a security interest in the Access Equipment to secure all amounts you owe us under any agreement with us, to be released at the end of the term provided you have performed all of your obligations under this Agreement. We will not pay any personal property taxes due on the Access Equipment and thus any such taxes are your responsibility.
5. ACCESS. You hereby grant to Access the right to monitor, diagnose, manipulate, communicate with, retrieve information from, and otherwise access the System on a 24x7x365 basis, for the purpose of enabling Access to provide the Services. It is your responsibility to secure, at your own cost and prior to the commencement of any Services, any necessary rights of entry, licenses, permits or other permissions necessary for Access to provide Services to the System and, if applicable, at your designated premises.
6. LIMITED WARRANTIES; LIMITATIONS OF LIABILITY.
-
Hardware / Software Rented or Purchased Through Access. Unless otherwise stated in a SOW, all hardware, software (including software as a service and other over the internet type products and services), peripherals or accessories purchased, rented, or leased through Access (“Third Party Products”) are nonrefundable once the applicable purchase order is placed in Access’s queue for ordering. We will use reasonable efforts to assign, transfer and facilitate all warranties (if any) and service level commitments (if any) for the Third Party Products to you, but will have no liability whatsoever for the quality, functionality, availability or operability of any Third Party Products, and we will not be held liable, either directly or indirectly as an insurer or guarantor, for the performance, uptime, unavailability or usefulness of any Third Party Products. Unless otherwise expressly stated in a SOW, all Third Party Products are provided “as is” and without any warranty whatsoever as between Access and you (including but not limited to implied warranties).
-
Unauthorized Access. Access and its suppliers are not responsible to you for unauthorized access to any data provided by you pursuant to your use of the Services or the unauthorized use of the Services. You are responsible for: (i) the use of the Services by any of your employees or any person to whom you have given access to the Services; and (ii) any person who gains access to Client Data or the Services as a result of your failure to use reasonable security precautions even if such use was not authorized by you.
-
Data Transmission over the Internet. In performing our Services, we use industry-recognized products and software to help ensure the security and integrity of your data. However, you understand and agree that all data transmitted over the Internet may be subject to malware and computer contaminants such as viruses, ransomware, worms and Trojan horses, as well as attempts by unauthorized users, such as hackers, to access or damage your data. Client is solely responsible for the content, security, confidentiality and integrity along with its receipt, transmission, or storage of its data, whether such data is maintained locally or hosted by a third party, and neither Access nor its affiliates will be responsible for the outcome or results of such activities.
-
Prohibited/Illegal Use of Services. Client shall not use any Service to upload, post, transmit or distribute (or permit any other person to upload, post, transmit or distribute) any prohibited content, which is generally content that (a) is obscene, illegal, or intended to advocate or induce the violation of any law, rule or regulation, (b) violates the intellectual property rights or privacy rights of any third party, (c) mischaracterizes you, and/or is intended to create a false identity or to otherwise attempt to mislead any person as to the identity or origin of any communication, (d) interferes or disrupts the Services provided by Access or the services of any third party, or (e) contains viruses, Trojan horses or any other malicious code or programs. In addition, Client shall not use any Service for the purpose of sending unsolicited commercial electronic messages (“SPAM”) in violation of any applicable law. Access reserves the right, but does not have the obligation, to suspend Client’s access to any Services if Access believes, in its discretion, that Client’s service is being used in violation of this subsection or otherwise in an improper or illegal manner.
-
DISCLAIMER OF WARRANTIES. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS AGREEMENT AND IN EACH SOW, ACCESS AND ACCESS’S LICENSORS DISCLAIM ANY AND ALL OTHER WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AS WELL AS ANY WARRANTIES OF REGULATORY COMPLIANCE, PERFORMANCE, ACCURACY, RELIABILITY, AND NONINFRINGEMENT, IN EACH CASE WHETHER EXPRESS OR IMPLIED BY LAW, COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OF TRADE, OR OTHERWISE. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THE AGREEMENT.
-
Limitations. In no event shall either party be liable for any indirect, special, exemplary, consequential or punitive damages, or for lost revenue, loss of profits (except for fees due and owing to Access), savings, or other indirect or contingent event-based economic loss arising out of or in connection with this Agreement, any SOW, or the Services, or for any loss or interruption of data, technology or services, or for any breach hereof or for any damages caused by any delay in furnishing Services under this Agreement or any SOW, even if a party has been advised of the possibility of such damages. Except for your payment obligations and each party’s indemnification obligations described in this Agreement, each party’s aggregate liability to the other for damages from any and all causes whatsoever and regardless of the form of action that arise from or relate to this Agreement (collectively, “Claims”), whether in contract, tort or negligence, shall be limited to the amount of the aggrieved party’s actual direct damages, not to exceed the amount of fees paid by you to Access for the specific Service upon which the applicable claim(s) is/are based during the six (6) month period immediately prior to the date on which the cause of action accrued. It is understood and agreed that the costs of hardware or software (if any) provided to Client under this Agreement shall not be included in the calculation of the limitation of damages described in this paragraph.
7. INDEMNIFICATION.
-
Related to Services. You agree to indemnify, defend and hold Access harmless from and against any and all losses, damages, costs, expenses or liabilities, including reasonable attorneys’ fees, (collectively, “Damages”) arising in connection with the receipt and use of the Services or in any way related to your performance under this Agreement or any SOW, including, but in no way limited to, (i) a breach by you of your representations and warranties, except those losses, claims, liabilities, damages, costs or expenses arising out of the willful misconduct of Access, its employees, agents or other representatives; (ii) any alleged infringement of copyrights, patent rights and/or the unauthorized or unlicensed use of any material, property or other work in connection with the performance of the Services; (iii) any damage to or loss or destruction of any real or tangible personal property in the possession or under your control; (iv) your or your personnel's negligent acts, omissions and/or willful misconduct; (v) the death or bodily injury of any of your agents, employees, subcontractors, customers, business invitees or business visitors; or (vi) any violation by you or any of your personnel of any laws. Access will have the right, but not the obligation, to control the intake, defense and disposition of any claim or cause of action for which indemnity may be sought under this section.
-
Related to Equipment Malfunctions and Telecommunication-related Issues.The Services require a reliable, always-connected internet solution. Internet and telecommunications outages will prevent the Services from operating correctly. In addition, all computer hardware is prone to failure due to equipment malfunction, telecommunication-related issues, etc., for which Access shall be held harmless. Due to technology limitations, all computer hardware, including communications equipment, network servers and related equipment, has an error transaction rate that can be minimized, but not eliminated. As such, Client understands and agrees that any data sent to or stored by Access may become corrupted or lost due to communication or hardware-related failures. Access cannot and does not warrant that such data corruption or loss will be avoided, and Client agrees that the Access shall be held harmless if such data corruption or loss occurs.
-
Related to Breach of Your System. Furthermore, you agree to indemnify, defend and hold Access harmless from and against any and all Damages that arise from, or are related to, any breach of your System, hacking or unauthorized disclosure, or unauthorized use or unauthorized access to your System unless such occurs as a direct result of Access’ breach of its obligations under a SOW and this Agreement.
-
Related to Uninsurable Obligations.It is understood and agreed that, in seeking the professional services of Access, you may be requesting Access to undertake uninsurable obligations for your benefit and, in connection therewith, Access may encounter the presence or potential presence of hazardous substances or contaminants at your site. Therefore, you hereby indemnify and agree to defend and hold us harmless against and from any and all loss, cost, damage, liability and expense incurred by us arising from the presence or potential presence of any hazardous substance or contaminant at your site. Such cost and expense shall include, without limitation, (i) reasonable attorneys’ fees and costs of litigation, (ii) reasonable costs arising from any investigation of any governmental agency for purported violation of any environmental law or regulation relating as hazardous substances; (iii) costs of any investigative response, clean-up or remedial actions with respect to the same; and any and all of the foregoing which we may be required under any applicable law or regulation to take, cause to be taken, or pay for.
8. TERM; TERMINATION. This Agreement will begin as of the latest date of the signatures of the parties below, and will continue until terminated as described in this Section (the “Term”). Since this is a master agreement, you may have the option (depending on the circumstances) to terminate individual SOWs without affecting other SOWs that are in-progress.
-
Termination Without Cause. Access may terminate this Agreement (including any and all SOWs hereunder) at any time, without cause, by providing written notice to you at least thirty (30) days prior to the intended termination date. You may not terminate this Agreement or a SOW without cause. If you terminate a SOW without cause, then you will be responsible for paying the early termination fee described in the applicable SOW. If no early termination fee is listed, then prior to the effective date of termination of this Agreement without cause, you agree to pay Access an amount equal to (i) all expenses incurred by Access in its preparation and provision of the Services to you, e.g., licensing fees incurred by Access, non-mitigatable hard costs, etc. (“Hard Costs”), as well as (ii) all fees that would have been paid to Access had the term not been terminated prematurely.
-
Termination For Cause. In the event that one party (a “Defaulting Party”) commits a material breach under a SOW or under this Agreement, the non-Defaulting Party will have the right, but not the obligation, to terminate immediately this Agreement or the relevant SOW (a “For Cause” termination) provided that (i) the non-Defaulting Party has notified the Defaulting Party of the specific details of the breach in writing, and (ii) the Defaulting Party has not cured the default within twenty (20) days (ten (10) days for non-payment by Client) following receipt of written notice from the non-Defaulting Party. If Access terminates this Agreement or any SOW For Cause, then Access shall be entitled to receive, and you hereby agree to pay to Access, (i) all amounts that would have been paid to Access had this Agreement or SOW (as applicable) remained in effect, and (ii) all Hard Costs. If you terminate this Agreement or a SOW for cause, then you will be responsible for paying only for those services that were properly delivered and accepted by you up to the effective date of termination.
-
System Malfunction As A Basis for Termination. In the event that any Client-supplied equipment, hardware or software, or any action undertaken by you, causes the System or any part of the System to malfunction on three (3) occasions or more (“System Malfunction”), and you fail to remedy, repair or replace the System Malfunction as directed by Access, then Access will have the right, upon ten (10) days prior written notice to you, to terminate this Agreement or the applicable SOW For Cause or, at Access’s discretion, amend the applicable SOW to eliminate from coverage any System Malfunction or any equipment or software causing the System Malfunction.
-
Client Activity As A Basis for Termination. Your use of the Services must, at all times, be in accordance with all applicable local, state, federal or international laws, regulations, rules, orders and other requirements, now or hereafter in effect. Access may suspend Services (or any portion thereof) without liability if: (i) Access reasonably believes that the Services are being used in violation of these terms and conditions; (ii) Access is required by any laws to suspend the Services; or (iii) Access reasonably believes that the suspension of the Services is required.
-
-
Consent. You and we may mutually consent, in writing, to terminate a SOW or this Agreement at any time.
-
Equipment / Software Removal. Upon termination of this Agreement for any reason, you will provide Access with access, during normal business hours, to your premises or any other locations at which Access-owned equipment or software (collectively, “Access Equipment”) is located to enable Access to remove all Access Equipment from the premises. If you fail or refuse to grant Access Systems access as described herein, or if any of the Access Equipment is missing, broken or damaged (normal wear and tear excepted) or any of Access-supplied software is missing, Access will have the right to invoice you for, and you hereby agree to pay immediately, the full replacement value of any and all missing or damaged items. Any equipment or software rented or leased by you under a Rental Agreement is considered non-cancelable for the full term of that agreement. Even if you terminate this Agreement for any reason, you agree that you are unconditionally obligated to pay all amounts due under that Rental Agreement for its entire term and you are not entitled to reduce or set-off against any amounts due under that Rental Agreement for any reason.
-
Transition; Deletion of Data. In the event that you request Access’s assistance to transition to a new service provider, Access will provide such assistance if (i) all fees due and owing to Access are paid to Access in full prior to Access providing its assistance to you, and (ii) you agree to pay Access its then-current hourly rate for such assistance, with up-front amounts to be paid to Access as may be required by Access. Unless otherwise expressly stated in a SOW, Access will have no obligation to store or maintain any Client data in Access’s possession or control beyond fifteen (15) calendar days following the termination of this Agreement.Access will be held harmless for, and indemnified by you against, any and all claims, costs, fees, or expenses incurred by either party that arise from, or are related to, Access’s deletion of your data beyond the time frames described in this Section 8(e).
9. RESPONSE; REPORTING.
-
Response. Access warrants and represents that Access will provide the Services, and respond to any notification received by Access of any error, outage, alarm or alert pertaining to the System, in the manner and within the time period(s) designated in an applicable SOW (“Response Time”), except for (i) those periods of time covered under the Startup Exception, or (ii) periods of delay caused by Client-Side Downtime, or (iii) periods in which Access is required to suspend the Services to protect the security or integrity of your System or Access’s equipment or network, or (iv) delays caused by a force majeure event.
-
-
Scheduled Downtime.For the purposes of this Agreement, Scheduled Downtime will mean those hours, as determined by Access but which will not occur between the hours of 8 AM and 5:00 PM CST (or CDT, as applicable), Monday through Friday without your authorization or unless exigent circumstances exist, during which time Access will perform scheduled maintenance or adjustments to its network. Access will use its best efforts to provide you with at least twenty-four (24) hours of notice prior to scheduling Scheduled Downtime.
ii. Client-Side Downtime. Access will not be responsible under any circumstances for any delays or deficiencies in the provision of, or access to, the Services to the extent that such delays or deficiencies are caused by your actions or omissions (“Client-Side Downtime).
iii. Remedies; Limitations.Except for the Startup Exception, if Access fails to meet its service level commitment in a given calendar month, then upon receiving your written request for credit, Access will issue you a pro-rated credit in an amount equal to the period of time of the outage and/or service failure. All requests for credit must be made by you no later than forty-five (45) days after the outage. The remedies contained in this paragraph are in lieu of (and are to the exclusion of) any and all other remedies that might otherwise be available to you for Access’s failure to meet any service level commitment during the term of this Agreement.
-
-
Startup Exception. You acknowledge and agree that for the first ten (10) business days following the commencement date of a SOW, the Response Time commitments described in this Agreement will not apply to Access, it being understood that there may be unanticipated downtime or delays due to Access’s initial startup activities with you (the “Startup Exception”).
10. CONFIDENTIALITY.
-
Defined. For the purposes of this Agreement, Confidential Information means any and all non-public information that is disclosed by or on behalf of one party (the "Disclosing Party") to the other party (the "Receiving Party") under or in relation to this Agreement that is identified as confidential at the time of disclosure . Confidential Information will not include information that: (i) has become part of the public domain through no act or omission of the Receiving Party, (ii) was developed independently by the Receiving Party, or (iii) is or was provided to the Receiving Party by a third party who, to the actual knowledge of the Receiving Party, was not subject to an obligation of confidentiality to the Disclosing Party.
-
Use. The Receiving Party will keep the Disclosing Party's Confidential Information confidential, and will not use or disclose such information to any third party for any purpose except (i) as expressly authorized by the Disclosing Party in writing, or (ii) as needed to fulfill the Receiving Party’s obligations under this Agreement.
-
Due Care. The Receiving Party will exercise the same degree of care with respect to the Confidential Information it receives from the Disclosing Party as the Receiving Party normally takes to safeguard and preserve its own confidential and proprietary information of a similar nature, which in all cases will be at least a commercially reasonable level of care.
-
Compelled Disclosure. If the Receiving Party is legally compelled (whether by deposition, interrogatory, request for documents, subpoena, civil investigation, demand or similar process) to disclose any of the Confidential Information, the Receiving Party will, to the extent permitted under applicable law, notify the Disclosing Party of such requirement so that the Disclosing Party may seek a protective order or other appropriate remedy, but the Receiving Party shall otherwise be permitted to comply with the applicable request.
11. THIRD PARTY SERVICES.
-
EULAs. Portions of the Services may require you to accept the terms of one or more third party end user license agreements (“EULAs”). EULAs may contain service levels, warranties and/or liability limitations that are different than those contained in this Agreement. You agree to be bound by the terms of such EULAs, and will look only to the applicable third party provider for the enforcement of the terms of such EULAs. If, while providing the Services, Access is required to comply with a third party EULA and the third party EULA is modified or amended, Access reserves the right to modify or amend any applicable SOW with you to ensure Access’s continued compliance with the terms of the third party EULA. You agree to indemnify, defend and hold Access harmless from and against any and all Damages arising in connection with your breach of any EULA.
-
Information Reporting. In order to improve security awareness, you agree that Access or its designated third party affiliate may transfer information about the results of processed files, information used for URL reputation determination, security risk tracking, and statistics for protection against spam and malware. Any information obtained in this manner does not and will not contain any personal or confidential information.
-
Data Loss. If backup and/or disaster recovery services are to be provided under a SOW, then you hereby understand and agree that Access will not be responsible for any data lost, corrupted or rendered unreadable due to (i) communication and/or transmissions errors or related failures, (ii) equipment failures (including but not limited to silent hardware corruption-related issues), or (iii) Access’s failure to backup or secure data from portions of the System that were not expressly designated in the applicable SOW as requiring backup or recovery services.
-
BYOD. You hereby represent and warrant that Access is authorized to provide the Services to all devices, peripherals and/or computer processing units, including mobile devices (such as notebook computers, smart phones and tablet computers) that (i) are connected to the System, and (ii) have been designated by you to receive the Services, regardless of whether such device(s) are owned, leased or otherwise controlled by you. Unless otherwise stated in a SOW, devices will not receive or benefit from the Services while the devices are detached from or unconnected to the System.
12. OWNERSHIP. Each party is, and will remain, the owner and/or licensor of all works of authorship, patents, trademarks, copyrights and other intellectual property owned or licensed by such party (“Intellectual Property”), and nothing in this Agreement or any SOW shall be deemed to convey or grant any ownership rights in one party’s Intellectual Property to the other party.
13. MISCELLANEOUS.
-
Assignment. Neither this Agreement nor any SOW may be assigned or transferred by a party without the prior written consent of the other party. This Agreement will be binding upon and inure to the benefit of the parties hereto, their legal representatives, and permitted successors and assigns. Notwithstanding the foregoing, Access may assign its rights and obligations hereunder without the prior written consent of Client to (i) an affiliate of Access or (ii) a successor in ownership in connection with any merger, consolidation, or sale of substantially all of the assets of the business to which this Agreement relates, or any other transaction in which ownership of more than fifty percent (50%) of Access’s voting securities is transferred.
-
Amendment. No amendment or modification of this Agreement or any SOW will be valid or binding upon the parties unless such amendment or modification is originated in writing by Access, specifically refers to this Agreement, and is accepted in writing by one of your Authorized Contacts.
-
Time Limitations. Client agrees that any action brought by Client for any matter arising out of this Agreement or any SOW must be commenced within six (6) months after the cause of action accrues or the action is forever barred.
-
Severability. If any provision hereof or any SOW is declared invalid by a court of competent jurisdiction, such provision will be ineffective only to the extent of such invalidity, illegibility or unenforceability so that the remainder of that provision and all remaining provisions of this Agreement or any SOW will be valid and enforceable to the fullest extent permitted by applicable law.
-
Other Terms. Access will not be bound by any terms or conditions printed on any presentation, proposal, quote, purchase order, invoice, memorandum, or other written communication between the parties unless such terms or conditions are incorporated into a duly executed SOW. In the event any provision contained in this Agreement is held to be unenforceable in any respect, such unenforceability will not affect any other provision of this Agreement, and the Agreement will be construed as if such an unenforceable provision or provisions had never been included in this Agreement.
-
No Waiver. The failure of either party to enforce or insist upon compliance with any of the terms and conditions of this Agreement, the temporary or recurring waiver of any term or condition of this Agreement, or the granting of an extension of the time for performance, will not constitute an Agreement to waive such terms with respect to any other occurrences.
-
Merger. This Agreement, together with any and all SOWs, sets forth the entire understanding of the parties and supersedes any and all prior agreements, arrangements or understandings related to the Services, and no representation, promise, inducement or statement of intention has been made by either party which is not embodied herein. Any document that is not expressly and specifically incorporated into this Agreement or SOW will act only to provide illustrations or descriptions of Services to be provided, and will not act to modify this Agreement or provide binding contractual language between the parties. Access will not be bound by any agents’ or employees’ representations, promises or inducements not explicitly set forth herein.
-
Force Majeure. Access will not be liable to you for delays or failures to perform Access’s obligations under this Agreement or any SOW because of circumstances beyond Access’s reasonable control. Such circumstances include, but will not be limited to, any acts or omissions of any governmental authority, natural disaster, act of a public enemy, acts of terrorism, riot, sabotage, disputes or differences with workmen, power failure, communications delays/outages, delays in transportation or deliveries of supplies or materials, and acts of God.
-
Non-Solicitation. You acknowledge and agree that during the term of this Agreement and for a period of one (1) year following the termination of this Agreement, you will not, individually or in conjunction with others, directly or indirectly solicit, induce or influence any of Access’s employees or subcontractors to discontinue or reduce the scope of their business relationship with Access, or recruit, solicit or otherwise influence any employee or agent of Access to discontinue such employment or agency relationship with Access. In the event that you violate the terms of the restrictive covenants in this Section 13(i), you acknowledge and agree that the damages to Access would be difficult or impracticable to determine, and you agree that in such event, as Access’s sole and exclusive remedy therefore, you will pay Access as liquidated damages and not as a penalty an amount equal to one hundred percent (100%) percent of that employee or subcontractor’s first year of base salary with you (including any signing bonus).
-
Survival. The provisions contained in this Agreement that by their context are intended to survive termination or expiration of this Agreement will survive.
-
Risk of Loss. Client assumes and shall bear the entire risk of loss and damage, whether or not insured against, of the Access Equipment and Third Party Products from any and every cause whatsoever as of the date the Access Equipment or Third Party Products are delivered to Client.
-
Arbitration / Venue and Governing Law. This Agreement and any SOW will be governed by, and construed according to, the laws of the State of Iowa. Except for attempts by us to collect amounts owed under this Agreement, which may be pursued, among other ways, through the federal and state judicial systems, any dispute arising out of or relating to this Agreement or the breach thereof, shall be referred to arbitration by either party hereto and finally settled by arbitration in accordance with the rules of the American Arbitration Association as the exclusive method of dispute resolution. The arbitration panel shall consist of three (3) arbitrators, to be appointed by each party and the third to be appointed by the first two arbitrators so selected. The arbitration shall take place in Dallas County, Iowa. The arbitration award shall be final, binding upon the parties, not subject to any appeal, and shall deal with the question of costs of arbitration and all matters related thereto. Judgment upon the award rendered may be entered by any court having jurisdiction, or application may be made to such court for judicial recognition of the award or an order of enforcement thereof, as the case may be. With respect to attempts by us to collect amounts owed under this Agreement, you hereby irrevocably consent to the exclusive jurisdiction and venue of the state courts in Dallas County, in the State of Iowa, for any and all claims and causes of action arising from or related to this Agreement. YOU FURTHER AGREE THAT YOU WAIVE ANY RIGHT TO A TRIAL BY JURY FOR ANY AND ALL CLAIMS AND CAUSES OF ACTION ARISING FROM OR RELATED TO THIS AGREEMENT.
-
No Third Party Beneficiaries. The Parties have entered into this Agreement solely for their own benefit. They intend no third party to be able to rely upon or enforce this Agreement or any part of this Agreement.
-
Usage in Trade. It is understood and agreed that no usage of trade or other regular practice or method of dealing between the Parties to this Agreement will be used to modify, interpret, supplement, or alter in any manner the terms of this Agreement.
-
Business Day. If any time period set forth in this Agreement expires on a day other than a business day in Dallas County, Iowa, such period will be extended to and through the next succeeding business day in Dallas County, Iowa.
-
Notices; Writing Requirement. Where notice is required to be provided to a party under this Agreement, such notice may be sent by Certified U.S. mail, overnight courier, or email as follows: notice will be deemed delivered one (1) day following delivery when sent by Certified U.S. mail, or one (1) day following delivery when sent by United Parcel Service, FedEx or other overnight courier, or one (1) day after notice is delivered by email. Notice sent by email will be sufficient only if (i) the sender emails the notice to the last known email address of the recipient, and (ii) the sender includes itself in the “cc” portion of the email and preserves the email until such time that it is acknowledged in writing by the recipient. Notwithstanding the foregoing, any notice from you to Access regarding (a) any alleged breach of this Agreement by Access, or (b) any request for indemnification, or (c) any notice of material breach or termination of this Agreement or any SOW, must be delivered to Access either by Certified U.S. mail or overnight courier, unless such requirement is expressly and specifically waived by Access. All electronic documents and communications between the parties will satisfy any “writing” requirement under this Agreement.
-
Independent Contractor. Each party is an independent contractor of the other, and neither is an employee, partner or joint venturer of the other.
-
Subcontractors. From time to time and in Access’s sole discretion, Access may use and you consent to Access’s use of subcontractors, vendors and other third parties (“Subcontractors”) to provide the Services. While Access uses the standard of care customary in Access’s industry in selecting its Subcontractors it cannot and does not guarantee the work performed by such Subcontractors nor shall Access be liable for any damages or losses of any kind or nature resulting from or caused by a Subcontractor; provided, that nothing in the foregoing sentence shall relieve Access of any of its obligations under this Agreement.
-
Software Tools. Access uses the standard of care customary in Access’s industry in selecting the software tools used to deliver Services as defined in each SOW. From time to time and in Access’s sole discretion, Access may switch software tools.
-
Prevailing Party. If a party is required to bring an action to enforce the terms of this Agreement, the party prevailing in the action shall be entitled to an award of the reasonable attorneys’ fees and costs that such party incurred in the action.
-
Counterparts. The parties may sign and deliver this Agreement and any SOW in any number of counterparts, each of which will be deemed an original and all of which, when taken together, will be deemed to be one agreement. Each party may sign and deliver this Agreement (or any SOW) electronically (e.g., by digital signature and/or electronic reproduction of a handwritten signature), and the receiving party will be entitled to rely upon the apparent integrity and authenticity of the other party’s signature for all purposes.
-
Diagnostic Services. Any diagnostic services performed by Access may require Access to install a small amount of code (“Diagnostic Code”) on one or more of the devices attached to the System. No personal information or personal data reviewed or copied by Access at any time during the testing process. No files will be erased, modified, opened, reviewed or copied at any time during the testing process. The Diagnostic Code will not install or create any disabling device, or any backdoor or hidden entryway into the System. The results of the diagnostic testing will be kept confidential by Access. You grant Access permission to access the System for the purpose of conducting the diagnostic testing, and agree to hold Access harmless from and against any and all incidents or damages that may occur during or as a result of the testing process, regardless of the cause of such damages including but not limited to data loss due to events beyond Access’s reasonable control, network or communication outages, and deficiencies or errors in any of hardware or equipment that may interrupt or terminate the diagnostic testing process. The testing process is for diagnostic purposes only. The process is not intended, and will not be used, to correct any problem or error in the System. Access does not warrant or represent that the testing process will result in any particular outcome, or that any particular issue, hardware or software configuration will be correctly detected or identified.
-
Maintenance Services. Unless otherwise provided in a SOW, maintenance services will be applied in accordance with the recommended practices of the managed services industry. Client understands and agrees that maintenance services are not intended to be, and will not be, a warranty or guaranty of the functionality of any particular device, or a service plan for the repair or remediation of any particular managed hardware or software. Repair and/or device remediation services are not covered under the Access’s maintenance service plan, and shall be provided on an hourly basis to Client.
-
IP Addresses. Any IP addresses provided to Client by Access during the term of the Agreement are managed by Access and Access will retain these IP addresses after termination of the agreement, meaning that they may not be transferred or utilized by Client after termination of the Agreement.
-
Unsupported Configuration Elements Or Services. If Client asks us to implement a configuration element (hardware or software) or hosting service in a manner that is not customary at Access, or that is in “end of life” or “end of support” status, Access may designate the element or service as “unsupported,” “non-standard,” “best efforts,” “reasonable endeavor,” “one-off,” “EOL,” “end of support,” or with like term in the Service Description (referred to in this Section as an “Unsupported Service”). Access makes no representation or warranty whatsoever regarding any Unsupported Service, and Client agrees that Access will not be liable to Client for any loss or damage arising from the provision of the Unsupported Service. The Deployment and Service Level Guaranties shall not apply to the Unsupported Service, or any other aspect of the Hosting Services that is adversely affected by the Unsupported Service. Client acknowledges that Unsupported Services may not interoperate with Access’s other services, such as backup or monitoring.
-
Sample Policies & Procedures. From time to time, Access may provide Client with sample (i.e., template) policies and procedures for use in connection with Client’s business (“Sample Policies”). The Sample Policies are for Client’s informational use only, and do not constitute or comprise legal or professional advice. The Sample Policies are not intended to be a substitute for the advice of competent counsel. Client should seek the advice of competent legal counsel prior to using the Sample Policies, in part or in whole, in any transaction. Access does not warrant or guaranty that the Sample Policies are complete, accurate, or suitable for Client’s specific needs, or that Client will reduce or avoid liability by utilizing the Sample Policies in its business operations.
-
Suggestions and Advice. Suggestions and advice rendered to you are provided in accordance with relevant industry practices, based on Client’s specific needs. By suggesting a particular service or solution, Access is not endorsing any particular manufacturer or service provider. Access is not a warranty service or repair center, and does not warrant or guarantee the performance of any third party service or solution.
In witness whereof, the parties hereto have entered into this Agreement as of the date this Agreement is signed by Client as set forth below.
AGREED AND ACCEPTED:
Date:
Access Technologies, Inc.
By:
Print Name / Position:
Date:
Client:
By:
Print Name / Position:
Contact Information:
EXHIBIT A
ADDITIONAL TERMS FOR TOTAL IT CARE SERVICES
These Additional Terms for Total IT Care Services (“Additional Terms”) shall apply to your order of any Services pursuant to a Statement of Work for Total IT Care Services (the “Total IT Care SOW”). These Additional Terms are in addition to the terms and conditions set forth under the Master Service Agreement (the “Agreement”) and the Total IT Care SOW. In the event of a conflict or inconsistency between any provision of the Agreement, the Additional Terms and the Total IT Care SOW, then the provisions in these Additional Terms will control over (a) the Agreement, except in situations involving warranties, limitations of liability or termination of the Agreement and (b) the Total IT Care SOW unless the Total IT Care SOW expressly states that it is overriding the conflicting provisions of these Additional Terms. Capitalized terms used but not defined in these Additional shall have the meanings ascribed to such terms in the Agreement or the Total IT Care SOW.
- ASSUMPTIONS AND MINIMUM REQUIREMENTS: The scheduling, fees and provision of the Services are based upon the following assumptions and minimum requirements (the “Minimum Requirements”): (a) all servers must have a manufacturer warranty which covers parts and labor for an manufacturer authorized service provider to replace or otherwise repair warrantied parts in an expedited manner; (b) no servers running an operating system that is currently beyond end of life as defined by the software provider, which includes but is not limited to the Windows 2003 and Windows 2008 operating systems; (c) no workstations with an operating system that is beyond end of life as defined by the software provider, which includes but is not limited to the Windows 7, Windows XP, and Windows Vista operating systems; (d) no active directory systems running at a functional level considered to be end of life by Microsoft; (e) no workstation, server, firewall, switch, access point, onsite backup media, or uninterrupted power source which was manufactured more than five years ago; (f) no firewall which the manufacturer no longer develops or releases firmware updates and/or security patches; (g) no computer systems running operating systems other than a Microsoft operating system unless otherwise specified in writing; (h) Windows LDAP domain; (i) static IP address(es); (j) anti-virus and Outgoing Traffic Filtering managed by us; (k) backup managed by us; (l) implementation of a secure socket layer virtual private network (SSL VPN) or SonicWall Global virtual private network (VPN) client in the instance your users need remote access; (m) implementation of basic password policies as defined by us, which may include minimum password length, maximum password age, minimum password age, password history, if complexity is enabled, lockout threshold, and idle session timeout settings; (n) each full time or part-time employee, independent contractor, or other individual performing work for you who accesses your systems must have their own unique account in Active Directory; (o) if you have wireless internet, it must be secured with an encryption type of WPA2 or a stronger encryption authentication; and (p) all third-party line of business applications must have vendor support. The definition of these Minimum Requirements does not indicate we have implemented such items in your environment or otherwise ensured your environment is free of such items. Instead, the definitions of these Minimum Requirements are meant as a minimum baseline that facilitates our performance of the Services for the fees described in the Total IT Care SOW in the most economical manner. If you do not agree to abide by the Minimum Requirements, you acknowledge we have the sole discretion to modify your payment, declare the related non-compliant configuration element as an Unsupported Service, or terminate any or all the Services in the Total IT Care SOW with a thirty (30) day notice to you.
In addition to the previous paragraph, the scheduling, fees and provision of the Unified Backup Services and Offsite Backup Services are based upon the following assumptions and minimum requirements: (a) your internet upload speed must be at least five (5) megabits per second (“Mbps”). Depending on specific circumstances of your network environment (such as the size of your incremental backups), your internet upload speed may need to be in excess of five (5) Mbps. If you do not have sufficient internet service requirements to perform the Services, the Unified Backup Service or Offsite Backup Service may be terminated immediately. (b) you currently have or will separately purchase or rent from us the hardware required to perform the Unified Backup Services or Offsite Backup Services.
- LIMITATIONS AND EXCLUSIONS: All costs for all hardware required to perform the Services are not included as part of the Total IT Care SOW. Furthermore, the following services are expressly excluded under the Total IT Care SOW but are otherwise available from Access Systems if mutually agreed upon in a separate SOW: (a) The cost to bring the System up to the Minimum Requirements; (b) Services related to the installation or troubleshooting of hardware or software not purchased from us; (c) installation of new or replacement hardware or software purchased from us; (d) any Services performed on or otherwise attributed to a device not meeting the Minimum Requirements; (e) significant application software upgrades that requires more than two hours of Services; (f) Services made necessary due to your use of application systems that are out of support or are at end of life as defined by the application service provider; (g) Equipment relocations; (h) Services made necessary by fire, water, accident, or natural disasters; (i) data/voice wiring or cabling services of any kind; (j) programming of peripheral devices, including phone systems, copiers, printers, scanners; (k) data destruction services which is defined as the permanent erasing of data on a hard drive. We highly recommend you define and ensure the execution of a data destruction policy pertaining to assets that are being retired in addition to destruction of your data that is older than a specified aged. For the various Services defined in the Total IT Care SOW, the data retention period may be up to a specified period referenced therein but data retention may also exceed such specified period even if not specifically stated. Thus if it is your desire to have a data destruction policy to delete data that is older than a specified age as it pertains to any of our Services defined therein, a separate SOW must be dually executed that defines the data destruction policy for each applicable Service along with the corresponding fees for such work.; (l) end user training; (m) customization of third party applications or programming of any kind; (n) reporting relating to Services provided in the Total IT Care SOW is limited to the standard reporting features offered by each software provider. Any reporting requests not satisfied from these standard reporting features will be at an additional charge; and (o) consultation or technical services related to compliance with any governmental or industry laws and regulations, including but not limited to HIPAA (Healthcare Information Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standard), Sarbanes-Oxley (SOX), the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Gramm-Leach Bliley Act.
In addition to the previous paragraph, pertaining to all Backup Services, the following services are expressly excluded under the Total IT Care SOW but are otherwise available from Access Systems if mutually agreed upon in a separate SOW: (a) Data Restoration or Recovery Services: data restoration or recovery services, including file/folder restoration and partial or full server or network restoration; (b) Test Data Restoration Services: For various reasons, including the event of a full hardware, system failure, or cybersecurity event, the length of time to your full system restoration may be up to one week if you have a recent full image backup. Your systems may not be accessible for an extended timeframe (referred to as “Downtime”) which may cause you significant business interruption and lost profits. As a result, we highly recommend you engage under a separate SOW us to routinely perform a data restoration test to validate the integrity of your backups, understand the length of your Downtime, assist you in developing your internal business processes for you to operate under during such Downtime, and offer you options for you to make technology investments to reduce the length of your Downtime if desired. Furthermore, we highly recommend you have insurance to cover lost profits due to business interruption, including for the causes mentioned in this paragraph.; (c) Cloud-Based Software Applications: You acknowledge all your data for any cloud-based software applications (“SaaS Applications”) is maintained by your software as a service provider (“SaaS Provider”). Unless otherwise specified in a dually executed statement of work, we do not configure or monitor onsite or offsite backup jobs for any of your SaaS Applications. We strongly recommend you separately engage us or your SaaS Provider to understand your offsite backup options for your SaaS Applications and subsequently enter into an agreement to configure and monitor such offsite backup jobs.; (d) Other Drives and Servers: Only the drives and servers specified above are included in the Services. If you create or instruct us to create a new drive and/or server you would like included in the Services, you are responsible to request from us and execute a SOW to reflect the necessary modifications to the Services, including the inclusion of additional drives or servers.; and (e) Services made necessary by fire, water, accident, or natural disasters. Additionally, as a result of the limited retention periods for Backup Services, we cannot guarantee archiving or retrieval of prior document or file versions. Only the latest version of a stored document or file may be recoverable. Further, you acknowledge the amount of free space on the device you own or rent to which your Onsite Backup Service jobs are written to impacts your data retention period. Your device in which the Onsite Backup Service jobs are written to must have adequate free space to allow your Onsite Backup Service jobs to be written.
In addition to the previous paragraphs, pertaining to information security services and Advanced Cybersecurity Protection (“ACP”), the following services are expressly excluded under the Total IT Care SOW but otherwise available from Access Systems if mutually agreed upon in a separate SOW: (a) network assets or web application vulnerability scanning, remediation, and reporting; (b) real-time alerting for changes to the administrative group membership, changes to active directory objects, changes to domain controller configurations, and user account lockouts.; (c) network-wide process and event logging such as those functionalities found in a Security Information and Event Management (“SIEM”) solution. The ability to collect and aggregate process logging or event logging from your organization’s technology infrastructure, including but not limited to host systems, applications, and other network devices such as firewalls and switches, will increase the likelihood subsequent forensic data analysis can be performed to identify the path of a malicious event and the resulting exposure whereas an Endpoint Detection & Response (“EDR”) tool, such as included in ACP, provides no such ability.; (d) Security awareness training and simulated phishing attacks; (e) all types of penetration tests; (f) data encryption services, such as encrypted email and data at rest encryption solutions; (g) all services pertaining to other networked devices which includes all devices except workstations, servers, firewalls, switches, access points, onsite backup media, or uninterrupted power sources (referred to as “Other Networked Devices”). All excluded services for Other Network Devices includes but is not limited to the monitoring, management, mitigation of security risks, and identification and remediation of security incidents; and (h) all services pertaining to incident response (“Incident Response”) which is defined as an organized approach to addressing and managing the aftermath of a security breach or cyberattack. Incident Response phases may include preparation, identification, containment, eradication, recovery/restoration of systems, and lessons learned. We highly recommend you purchase insurance which covers all costs pertaining to Incident Response.
- SERVICES SCHEDULE: The Services as described on the Schedule of Services in the Total IT Care SOW will be provided during the hours of 8:00 a.m. to 5:00 p.m. central standard time, except weekends and holidays (“Regular Service Hours”). Requests for services outside of Regular Service Hours will be provided on a best effort basis at our prevailing time and materials hourly rate plus a premium for off-hours service. Such charges for services outside the Regular Service Hours are in addition to the payments under the Total IT Care SOW.
- TERM & TERMINATION: If Access Systems or our service providers host any of your data, such data is retained for a ten (10) business day period from the effective date of your cancellation of the Total IT Care SOW. If you do not perform a data transfer within ten business days of the effective date of your cancellation date, all data may be automatically purged from our systems or the systems of our service providers and may not be recoverable.
- SCHEDULE OF USERS FOR NETWORK SUPPORT SERVICES AND ADVANCED CYBERSECURITY PROTECTION: The Network Support Services and Advanced Cybersecurity Protection (“ACP”) payments will be converted to a per User payment. The Customer shall review their accounts in active directory and instruct Access to make changes within 30 days of the start of this SOW. We will then create and email you a Notice of Amendment detailing the Schedule of Users for your review, which shall then amend this SOW to define the per User charge. This Notice of Amendment shall only specify the per User charge and will not increase nor decrease the Network Support Services amount or the Advanced Cybersecurity Protection amount.
- FEES: In consideration of the provision of the Services provided for in the Total IT Care SOW, you agree to pay the payments specified in the Total IT Care SOW and as adjusted from time-to-time as described herein or therein as follows: (a) Per User Charge Methodology: The Services categorized in the Schedule of Services as Network Support Services and Advanced Cybersecurity Protection are charged on a per user per month basis. For the purpose of Network Support Services and Advanced Cybersecurity Protection, a User is defined as an account in Active Directory which has been logged into within the last thirty (30) days by a full time or part-time employee, independent contractor, or any other individual using your computer system. Upon your request, we will provide you a list of Active Directory accounts which have been logged into within the last thirty (30) days for you to review. It is your responsibility to identify any accounts that should be inactivated and/or should not be defined as a User, such as generic service accounts, and request we make such changes. Each User must have their own unique account in Active Directory. In the instance you do not have Active Directory or, in our sole judgement, if the Users in Active Directory do not accurately represent the number full time or part-time employees, independent contractors, or any other individuals using your computer system, we have the right to otherwise develop a reasonable method to estimate your number of Users.; (b) Per Account Charge Methodology for Microsoft Subscription Services: The Services categorized in the Schedule of Services as Microsoft Subscription Services are charged on a per account per month basis. For the purpose of Microsoft Subscription Services, an account is defined as an account registered with Microsoft for that respective Microsoft plan. For example, an account could be specifically related to a user or could be a generic account such as a shared mailbox. In order to ensure continued access to data, Microsoft Subscription Services accounts may be assigned to users who have not logged in within the last (30) days such as terminated employees. If you no longer wish to maintain access to such accounts, please contact us with such request. Upon your request, we will provide you a list of Microsoft Subscription accounts for you to review. It is your responsibility to identify any Microsoft Subscription accounts that should be inactivated and request we make such changes.; (c) Adjustment Methodology for Multi-Factor Authentication Services (“MFA”) Charges: The Services categorized in the Schedule of Services as Multi-Factor Authentication Services (“MFA”) are charged on a per account per month basis. Upon your request, we will provide you a list of MFA accounts for you to review. It is your responsibility to identify any accounts that should be inactivated and/or otherwise excluded and request we make such changes.; (d) Adjustment Methodology for Non-User Based Charges: The Services categories in the Schedule of Services as Network License Renewal Services and Backup Services are not based on users but instead on the actual quantities of the licenses and/or services provided.; and (e) Annual Adjustments in Payment: After the end of the first year of this SOW and not more than once each successive twelve-month period thereafter, the then current payment may be increased by a maximum of five percent (5%) to cover, among other items, an increase in licensed software costs and an increase in personnel related costs.
We will periodically inspect the Services provided to you and in the instance we identify your usage differs from the specified quantities or limits, you authorize us without your additional consent to incrementally increase or decrease the payment based on our prevailing rates for such adjustments based on the request or effective date of each adjustment. Services may be decreased per the methodologies described herein or in the Total IT Care SOW but cannot decrease more than ten percent (10%) while maintaining the same price levels. All sales, property, use, or other applicable taxes are not included in the payment amounts in the Total IT Care SOW and are due and payable upon invoiced being to you. To provide you details of the Services included in your payment, we will invoice you separately for the Services in the Total IT Care SOW.
An initial one-time charge of the monthly payment amount will be due immediately upon your execution of the Total IT Care SOW (“Onboarding Consultation Charge”). This Onboarding Consultation Charge will allow us to provide you with the necessary consultation to configure the Services described in the Total IT Care SOW, which includes a detailed multi-phase non-technical and technical project implementation plan.
- CLIENT RESPONSIBILITIES: You are responsible for all aspects of your network and related information systems. In addition to the other requirements and recommendations detailed in these Additional Terms or in the Total IT Care SOW, Client’s responsibilities include, but are not limited to: (a) understanding all network and information system related risks to develop and execute strategies you deem as necessary to reduce such risks; (b) control of all authentication, authorization, and accounting requirements pertaining to access to your systems; (c) understanding and adhering to all data privacy requirements and other applicable compliancy requirements; (d) physical site security, including loss protection, disaster or business recovery, and protection against losses caused by natural disasters, acts of violence, and willful use of force or sabotage; (e) communicating changes to your information technology environment to us (i.e., expansion or removal of infrastructure, adding/removing users, changes in your regulatory environment, etc.); (f) ensuring that access to email and phone-in service request to Access Systems are restricted to authorized and appropriate personnel; (g) reviewing to ensure the users and/or devices covered by the Services offered by us are complete and accurate; and (h) ensuring the systems covered by the Services we provide are available to us to provide such Services, this includes ensuring devices are left powered on. Further, due to the competitive nature of the information provided in the Total IT Care SOW, Access Systems and Client agree to keep the Total IT Care SOW in strict confidence.
- INFORMATION SECURITY: As described in the Total IT Care SOW, certain configurations are made and software is deployed to provide you a basic level of information security protection only. Our information security services are not intended to serve as a substitute for your routine and independent evaluation of your information security risks and your implementation of other information security solutions and internal controls to further mitigate your risks. For example, we highly recommend you evaluate and implement internal controls including, but not limited to, processes around your electronic payment authorizations to mitigate the likelihood of wire/ACH payment fraud which may be initiated from an email phishing attack. Your failure to perform a routine, independent, and robust evaluation your information security risks and your mitigating internal control environment to then implement other information security solutions not provided to you in the Total IT Care SOW and internal controls will further increase your risk of viruses, malware, ransomware, phishing, and getting hacked or otherwise compromised which may lead to significant interruptions to your business, breach of your data, or financial loss. We shall not be liable for the occurrence or lack of identification of any breach or compromise of your systems or internal processes, any hacking or unauthorized disclosure, unauthorized use or any unauthorized access to your customer data. No software or technology can absolutely guarantee a 100% catch or detection rate and therefore we can accept no liability for any damage or loss resulting directly or indirectly from any failure of any of our Services to detect malicious items or for wrongly identifying an item as malicious which subsequently proves not to be as such. We also highly recommend you purchase from an insurance provider an appropriate level of cybersecurity insurance with a single claim minimum of at least one million ($1,000,000) dollars to protect your business in the event of a cybersecurity incident.
- BACKUP SERVICES: Backup Services for backup jobs can be set to run periodically, typically on a daily scheduled basis. You are expected to review the log content of each backup job to make sure the backup jobs have taken place successfully and include all data you desire to back up. You acknowledge it is your sole ongoing responsibility, as the data owner, to determine what drives and volumes are included in the Backup Services and provide us with a corresponding written notice to include in the Backup Services any missing drives and volumes. The software provides various means for communication of the backup status including email notification. If you do not receive backup status notifications, please contact us to request you receive such notifications. In addition to you reviewing the backup status notifications, we will review the backup status notifications for the completion of the backup job. In the event a backup job does not complete as scheduled according to the backup status notifications, we will investigate and communicate to you within five business days if we are unable to successfully restart and complete a successful backup job. If you do not receive communication from us within five business days and the backup job continues to be incomplete, you are to contact us to place a service ticket. As it relates to the Backup Services, your internet service provider may charge you additional data charges if you exceed certain data upload usage amounts. Any such charges and all costs to provide an internet service connection with sufficient requirements to perform the Service is your sole responsibility and is not included in the payments under the Total IT Care SOW. We recommend you contact your internet service provider to understand all potential costs prior to your signature of the Total IT Care SOW.
- NETWORK LICENSE RENEWAL SERVICES: Network License Renewal Services will be provided to you if listed on the Schedule of Services in the Total IT Care SOW:
- Firewall Services: Our services include utilizing proprietary algorithms and other technologies to filter incoming and outbound packets from the firewall based on designated signatures and sources. From time to time the service may filter packets that are not malicious or may block content from legitimate sources. You are advised to periodically review content, including firewall logs, to ensure that relevant content is not being filtered improperly and you shall notify us in the event that the firewall filter settings require adjustment. If you instruct us to make configuration changes to turn off or scale back certain firewall services, you acknowledge by making such requests you are increasing your information security risks. You shall release and discharge us from any and all claims or causes of action of any kind arising from any such requests.
- VMware Renewal: We will renew the license and support agreement with VMWare. This renewal provides access to patches, version upgrades, and vendor technical support. Our sole responsibility is to renew the annual license and support agreement and thus we are not responsible for any errors, omissions, or failures of VMWare.
- Domain Name Renewal: If you register, renew, or transfer a domain name through us, we will submit the request to its domain name services provider (the “Registrar”) on your behalf. Our sole responsibility is to submit the domain name renewal request to the Registrar. We are not responsible for any errors, omissions, or failures of the Registrar. You are responsible for closing any account with any prior reseller of or registrar for the requested domain name, and you are responsible for responding to any inquiries sent to you by the Registrar.
- SSL Certificate Renewal: If you register, renew, or transfer an SSL certificate through us, we will submit the request to its SSL certificate provider (the “Registrar”) on your behalf and apply the SSL certificate. Our sole responsibility is to submit the request to the Registrar and apply the SSL certificate. We are not responsible for any errors, omissions or failures of the Registrar.
- Website Hosting: Our website hosting services are limited to engaging with a provider (the “Website Hosting Provider”) to resell you website hosting services. Our sole responsibility is to provide your website files to the Website Hosting Provider. We are not responsible for any errors, omissions, or failures of the Website Hosting Provider. We are not responsible if your website’s data contains vulnerabilities, is compromised, or otherwise lost nor are we or the Website Hosting Provider responsible for providing backup services for your website. Any services related to website development or website changes are not included in the Total IT Care SOW.
- Other License Renewal: Upon your request, we will renew the specified license with the respective licensor (the “Licensor”). Our sole responsibility is to submit the request to and pay the Licensor. You agree we will pass on to you any cost increase charged by the Licensor. We provide such services solely for your convenience and thus we shall not be held liable for any errors, omissions, or failures of the Licensor.
11. DISCLAIMER: You hereby specifically acknowledge and agree the Services are not intended to function as a comprehensive information security protection plan. You further acknowledge the Services described IN THE TOTAL IT CARE SOW represent only basic information security measures that are intended to reduce, but does not eliminate, your information security risk. You hereby acknowledge and agree that no information security program can claim to be fully effective in preventing and/or identifying all forms of malicious activity. We make no claims, guarantees, or warranties regarding the effectiveness of the Services provided in this SOW; including the likelihood that such Services will prevent, detect, or mitigate malicious activity which includes but is not limited to the following: (a) the installation of viruses or malware on your network; (b) the breach of your system, which may cause a significant interruption to your business; (c) the unauthorized use or unauthorized access to your data; and (d) the partial or complete loss of some or all of your data. You acknowledge the foregoing, understand and fully assume all potential business and financial risks associated with information security, and hereby release and discharge us from any and all claims or causes of action of any kind arising from providing you any information security services, including the Services detailed in this SOW. You further hereby specifically acknowledge and agree the Services are not intended to function as a comprehensive disaster recovery solution, does not include checks for lost or corrupted data, and is not intended to be the sole backup for any of your data. We make no claims, guarantees, or warranties regarding the availability or performance of the backups. You hereby acknowledge that systemic problems affecting the network server may also affect the Services. We strongly recommend you configure backup jobs and monitor for the successful completion of independent local full image offsite backup copies, such as you rotating external hard drives offsite daily, to further mitigate the risks described herein AND IN THE SOW.
- MISCELLANEOUS: The offers, terms and prices of the Total IT Care SOW shall expire if not executed within thirty (30) days of your initial receipt of the Total IT Care SOW.
EXHIBIT B
ADDITIONAL TERMS FOR CO-MANAGED IT SERVICES
These Additional Terms for Co-Managed IT Services (“Additional Terms”) shall apply to your order of any Services pursuant to a Statement of Work for Co-Managed IT Services (the “Co-Managed IT Services SOW”). These Additional Terms are in addition to the terms and conditions set forth under the Master Service Agreement (the “Agreement”) and the Co-Managed IT Services SOW. In the event of a conflict or inconsistency between any provision of the Agreement, the Additional Terms and the Co-Managed IT Services SOW, then the provisions in these Additional Terms will control over (a) the Agreement, except in situations involving warranties, limitations of liability or termination of the Agreement and (b) the Co-Managed IT Services SOW unless the Co-Managed IT Services SOW expressly states that it is overriding the conflicting provisions of these Additional Terms. Capitalized terms used but not defined in these Additional shall have the meanings ascribed to such terms in the Agreement or the Co-Managed IT Services SOW.
- ASSUMPTIONS AND MINIMUM REQUIREMENTS: The scheduling, fees and provision of the Services are based upon the following assumptions and minimum requirements (the “Minimum Requirements”): (a) all servers must have a manufacturer warranty which covers parts and labor for an manufacturer authorized service provider to replace or otherwise repair warrantied parts in an expedited manner; (b) no servers running an operating system that is currently beyond end of life as defined by the software provider, which includes but is not limited to the Windows 2003 and Windows 2008 operating systems; (c) no workstations with an operating system that is beyond end of life as defined by the software provider, which includes but is not limited to the Windows 7, Windows XP, and Windows Vista operating systems; (d) no active directory systems running at a functional level considered to be end of life by Microsoft; (e) no workstation, server, firewall, switch, access point, onsite backup media, or uninterrupted power source which was manufactured more than five years ago; (f) no firewall which the manufacturer no longer develops or releases firmware updates and/or security patches; (g) no computer systems running operating systems other than a Microsoft operating system unless otherwise specified in writing; (h) Windows LDAP domain; (i) static IP address(es); (j) anti-virus and Outgoing Traffic Filtering managed by us; (k) backup managed by us; (l) implementation of a secure socket layer virtual private network (SSL VPN) or SonicWall Global virtual private network (VPN) client in the instance your users need remote access; (m) implementation of basic password policies as defined by us, which may include minimum password length, maximum password age, minimum password age, password history, if complexity is enabled, lockout threshold, and idle session timeout settings; (n) each full time or part-time employee, independent contractor, or other individual performing work for you who accesses your systems must have their own unique account in Active Directory; (o) if you have wireless internet, it must be secured with an encryption type of WPA2 or a stronger encryption authentication; and (p) all third-party line of business applications must have vendor support. The definition of these Minimum Requirements does not indicate we have implemented such items in your environment or otherwise ensured your environment is free of such items. Instead, the definitions of these Minimum Requirements are meant as a minimum baseline that facilitates our performance of the Services for the fees described in the Co-Managed IT Services SOW in the most economical manner. If you do not agree to abide by the Minimum Requirements, you acknowledge we have the sole discretion to modify your payment, declare the related non-compliant configuration element as an Unsupported Service, or terminate any or all the Services in the Co-Managed IT Services SOW with a thirty (30) day notice to you.
In addition to the previous paragraph, the scheduling, fees and provision of the Unified Backup Services and Offsite Backup Services are based upon the following assumptions and minimum requirements: (a) your internet upload speed must be at least five (5) megabits per second (“Mbps”). Depending on specific circumstances of your network environment (such as the size of your incremental backups), your internet upload speed may need to be in excess of five (5) Mbps. If you do not have sufficient internet service requirements to perform the Services, the Unified Backup Service or Offsite Backup Service may be terminated immediately. (b) you currently have or will separately purchase or rent from us the hardware required to perform the Unified Backup Services or Offsite Backup Services.
- LIMITATIONS AND EXCLUSIONS: All costs for all hardware required to perform the Services are not included as part of the Co-Managed IT Services SOW. Furthermore, the following services are expressly excluded under the Co-Managed IT Services SOW but are otherwise available from Access Systems if mutually agreed upon in a separate SOW: (a) The cost to bring the System up to the Minimum Requirements; (b) Services related to the installation or troubleshooting of hardware or software not purchased from us; (c) installation of new or replacement hardware or software purchased from us; (d) any Services performed on or otherwise attributed to a device not meeting the Minimum Requirements; (e) significant application software upgrades that requires more than two hours of Services; (f) Services made necessary due to your use of application systems that are out of support or are at end of life as defined by the application service provider; (g) Equipment relocations; (h) Services made necessary by fire, water, accident, or natural disasters; (i) data/voice wiring or cabling services of any kind; (j) programming of peripheral devices, including phone systems, copiers, printers, scanners; (k) data destruction services which is defined as the permanent erasing of data on a hard drive. We highly recommend you define and ensure the execution of a data destruction policy pertaining to assets that are being retired in addition to destruction of your data that is older than a specified aged. For the various Services defined in the Co-Managed IT Services SOW, the data retention period may be up to a specified period referenced therein but data retention may also exceed such specified period even if not specifically stated. Thus if it is your desire to have a data destruction policy to delete data that is older than a specified age as it pertains to any of our Services defined therein, a separate SOW must be dually executed that defines the data destruction policy for each applicable Service along with the corresponding fees for such work.; (l) end user training; (m) customization of third party applications or programming of any kind; (n) reporting relating to Services provided in the Co-Managed IT Services SOW is limited to the standard reporting features offered by each software provider. Any reporting requests not satisfied from these standard reporting features will be at an additional charge; and (o) consultation or technical services related to compliance with any governmental or industry laws and regulations, including but not limited to HIPAA (Healthcare Information Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standard), Sarbanes-Oxley (SOX), the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Gramm-Leach Bliley Act.
In addition to the previous paragraph, pertaining to all Backup Services, the following services are expressly excluded under the Co-Managed IT Services SOW but are otherwise available from Access Systems if mutually agreed upon in a separate SOW: (a) Data Restoration or Recovery Services: data restoration or recovery services, including file/folder restoration and partial or full server or network restoration; (b) Test Data Restoration Services: For various reasons, including the event of a full hardware, system failure, or cybersecurity event, the length of time to your full system restoration may be up to one week if you have a recent full image backup. Your systems may not be accessible for an extended timeframe (referred to as “Downtime”) which may cause you significant business interruption and lost profits. As a result, we highly recommend you engage under a separate SOW us to routinely perform a data restoration test to validate the integrity of your backups, understand the length of your Downtime, assist you in developing your internal business processes for you to operate under during such Downtime, and offer you options for you to make technology investments to reduce the length of your Downtime if desired. Furthermore, we highly recommend you have insurance to cover lost profits due to business interruption, including for the causes mentioned in this paragraph.; (c) Cloud-Based Software Applications: You acknowledge all your data for any cloud-based software applications (“SaaS Applications”) is maintained by your software as a service provider (“SaaS Provider”). Unless otherwise specified in a dually executed statement of work, we do not configure or monitor onsite or offsite backup jobs for any of your SaaS Applications. We strongly recommend you separately engage us or your SaaS Provider to understand your offsite backup options for your SaaS Applications and subsequently enter into an agreement to configure and monitor such offsite backup jobs.; (d) Other Drives and Servers: Only the drives and servers specified above are included in the Services. If you create or instruct us to create a new drive and/or server you would like included in the Services, you are responsible to request from us and execute a SOW to reflect the necessary modifications to the Services, including the inclusion of additional drives or servers.; and (e) Services made necessary by fire, water, accident, or natural disasters. Additionally, as a result of the limited retention periods for Backup Services, we cannot guarantee archiving or retrieval of prior document or file versions. Only the latest version of a stored document or file may be recoverable. Further, you acknowledge the amount of free space on the device you own or rent to which your Onsite Backup Service jobs are written to impacts your data retention period. Your device in which the Onsite Backup Service jobs are written to must have adequate free space to allow your Onsite Backup Service jobs to be written.
In addition to the previous paragraphs, pertaining to information security services and Advanced Cybersecurity Protection (“ACP”), the following services are expressly excluded under the Co-Managed IT Services SOW but otherwise available from Access Systems if mutually agreed upon in a separate SOW: (a) network assets or web application vulnerability scanning, remediation, and reporting; (b) real-time alerting for changes to the administrative group membership, changes to active directory objects, changes to domain controller configurations, and user account lockouts.; (c) network-wide process and event logging such as those functionalities found in a Security Information and Event Management (“SIEM”) solution. The ability to collect and aggregate process logging or event logging from your organization’s technology infrastructure, including but not limited to host systems, applications, and other network devices such as firewalls and switches, will increase the likelihood subsequent forensic data analysis can be performed to identify the path of a malicious event and the resulting exposure whereas an Endpoint Detection & Response (“EDR”) tool, such as included in ACP, provides no such ability.; (d) Security awareness training and simulated phishing attacks; (e) all types of penetration tests; (f) data encryption services, such as encrypted email and data at rest encryption solutions; (g) all services pertaining to other networked devices which includes all devices except workstations, servers, firewalls, switches, access points, onsite backup media, or uninterrupted power sources (referred to as “Other Networked Devices”). All excluded services for Other Network Devices includes but is not limited to the monitoring, management, mitigation of security risks, and identification and remediation of security incidents; and (h) all services pertaining to incident response (“Incident Response”) which is defined as an organized approach to addressing and managing the aftermath of a security breach or cyberattack. Incident Response phases may include preparation, identification, containment, eradication, recovery/restoration of systems, and lessons learned. We highly recommend you purchase insurance which covers all costs pertaining to Incident Response.
- SERVICES SCHEDULE: The Services as described on the Schedule of Services in the Co-Managed IT Services SOW will be provided during the hours of 8:00 a.m. to 5:00 p.m. central standard time, except weekends and holidays (“Regular Service Hours”). Requests for services outside of Regular Service Hours will be provided on a best effort basis at our prevailing time and materials hourly rate plus a premium for off-hours service. Such charges for services outside the Regular Service Hours are in addition to the payments under the Co-Managed IT Services SOW.
- TERM & TERMINATION: If Access Systems or our service providers host any of your data, such data is retained for a ten (10) business day period from the effective date of your cancellation of the Co-Managed IT Services SOW. If you do not perform a data transfer within ten business days of the effective date of your cancellation date, all data may be automatically purged from our systems or the systems of our service providers and may not be recoverable.
- SCHEDULE OF USERS FOR NETWORK SUPPORT SERVICES AND ADVANCED CYBERSECURITY PROTECTION: The Network Support Services and Advanced Cybersecurity Protection (“ACP”) payments will be converted to a per User payment. The Customer shall review their accounts in active directory and instruct Access to make changes within 30 days of the start of this SOW. We will then create and email you a Notice of Amendment detailing the Schedule of Users for your review, which shall then amend this SOW to define the per User charge. This Notice of Amendment shall only specify the per User charge and will not increase nor decrease the Network Support Services amount or the Advanced Cybersecurity Protection amount.
- FEES: In consideration of the provision of the Services provided for in the Co-Managed IT Services SOW, you agree to pay the payments specified in the Co-Managed IT Services SOW and as adjusted from time-to-time as described herein or therein as follows: (a) Per User Charge Methodology: The Services categorized in the Schedule of Services as Network Support Services and Advanced Cybersecurity Protection are charged on a per user per month basis. For the purpose of Network Support Services and Advanced Cybersecurity Protection, a User is defined as an account in Active Directory which has been logged into within the last thirty (30) days by a full time or part-time employee, independent contractor, or any other individual using your computer system. Upon your request, we will provide you a list of Active Directory accounts which have been logged into within the last thirty (30) days for you to review. It is your responsibility to identify any accounts that should be inactivated and/or should not be defined as a User, such as generic service accounts, and request we make such changes. Each User must have their own unique account in Active Directory. In the instance you do not have Active Directory or, in our sole judgement, if the Users in Active Directory do not accurately represent the number full time or part-time employees, independent contractors, or any other individuals using your computer system, we have the right to otherwise develop a reasonable method to estimate your number of Users.; (b) Per Account Charge Methodology for Microsoft Subscription Services: The Services categorized in the Schedule of Services as Microsoft Subscription Services are charged on a per account per month basis. For the purpose of Microsoft Subscription Services, an account is defined as an account registered with Microsoft for that respective Microsoft plan. For example, an account could be specifically related to a user or could be a generic account such as a shared mailbox. In order to ensure continued access to data, Microsoft Subscription Services accounts may be assigned to users who have not logged in within the last (30) days such as terminated employees. If you no longer wish to maintain access to such accounts, please contact us with such request. Upon your request, we will provide you a list of Microsoft Subscription accounts for you to review. It is your responsibility to identify any Microsoft Subscription accounts that should be inactivated and request we make such changes.; (c) Adjustment Methodology for Multi-Factor Authentication Services (“MFA”) Charges: The Services categorized in the Schedule of Services as Multi-Factor Authentication Services (“MFA”) are charged on a per account per month basis. Upon your request, we will provide you a list of MFA accounts for you to review. It is your responsibility to identify any accounts that should be inactivated and/or otherwise excluded and request we make such changes.; (d) Adjustment Methodology for Non-User Based Charges: The Services categories in the Schedule of Services as Network License Renewal Services and Backup Services are not based on users but instead on the actual quantities of the licenses and/or services provided.; and (e) Annual Adjustments in Payment: After the end of the first year of this SOW and not more than once each successive twelve-month period thereafter, the then current payment may be increased by a maximum of five percent (5%) to cover, among other items, an increase in licensed software costs and an increase in personnel related costs.
We will periodically inspect the Services provided to you and in the instance we identify your usage differs from the specified quantities or limits, you authorize us without your additional consent to incrementally increase or decrease the payment based on our prevailing rates for such adjustments based on the request or effective date of each adjustment. Services may be decreased per the methodologies described herein or in the Co-Managed IT Services SOW but cannot decrease more than ten percent (10%) while maintaining the same price levels. All sales, property, use, or other applicable taxes are not included in the payment amounts in the Co-Managed IT Services SOW and are due and payable upon invoiced being to you. To provide you details of the Services included in your payment, we will invoice you separately for the Services in the Co-Managed IT Services SOW.
An initial one-time charge of the monthly payment amount will be due immediately upon your execution of the Co-Managed IT Services SOW (“Onboarding Consultation Charge”). This Onboarding Consultation Charge will allow us to provide you with the necessary consultation to configure the Services described in the Co-Managed IT Services SOW, which includes a detailed multi-phase non-technical and technical project implementation plan.
- CLIENT RESPONSIBILITIES: You are responsible for all aspects of your network and related information systems. In addition to the other requirements and recommendations detailed in these Additional Terms or in the Co-Managed IT Services SOW, Client’s responsibilities include, but are not limited to: (a) understanding all network and information system related risks to develop and execute strategies you deem as necessary to reduce such risks; (b) control of all authentication, authorization, and accounting requirements pertaining to access to your systems; (c) understanding and adhering to all data privacy requirements and other applicable compliancy requirements; (d) physical site security, including loss protection, disaster or business recovery, and protection against losses caused by natural disasters, acts of violence, and willful use of force or sabotage; (e) communicating changes to your information technology environment to us (i.e., expansion or removal of infrastructure, adding/removing users, changes in your regulatory environment, etc.); (f) ensuring that access to email and phone-in service request to Access Systems are restricted to authorized and appropriate personnel; (g) reviewing to ensure the users and/or devices covered by the Services offered by us are complete and accurate; and (h) ensuring the systems covered by the Services we provide are available to us to provide such Services, this includes ensuring devices are left powered on. Further, due to the competitive nature of the information provided in the Co-Managed IT Services SOW, Access Systems and Client agree to keep the Co-Managed IT Services SOW in strict confidence.
- INFORMATION SECURITY: As described in the Co-Managed IT Services SOW, certain configurations are made and software is deployed to provide you a basic level of information security protection only. Our information security services are not intended to serve as a substitute for your routine and independent evaluation of your information security risks and your implementation of other information security solutions and internal controls to further mitigate your risks. For example, we highly recommend you evaluate and implement internal controls including, but not limited to, processes around your electronic payment authorizations to mitigate the likelihood of wire/ACH payment fraud which may be initiated from an email phishing attack. Your failure to perform a routine, independent, and robust evaluation your information security risks and your mitigating internal control environment to then implement other information security solutions not provided to you in the Co-Managed IT Services SOW and internal controls will further increase your risk of viruses, malware, ransomware, phishing, and getting hacked or otherwise compromised which may lead to significant interruptions to your business, breach of your data, or financial loss. We shall not be liable for the occurrence or lack of identification of any breach or compromise of your systems or internal processes, any hacking or unauthorized disclosure, unauthorized use or any unauthorized access to your customer data. No software or technology can absolutely guarantee a 100% catch or detection rate and therefore we can accept no liability for any damage or loss resulting directly or indirectly from any failure of any of our Services to detect malicious items or for wrongly identifying an item as malicious which subsequently proves not to be as such. We also highly recommend you purchase from an insurance provider an appropriate level of cybersecurity insurance with a single claim minimum of at least one million ($1,000,000) dollars to protect your business in the event of a cybersecurity incident.
- BACKUP SERVICES: Backup Services for backup jobs can be set to run periodically, typically on a daily scheduled basis. You are expected to review the log content of each backup job to make sure the backup jobs have taken place successfully and include all data you desire to back up. You acknowledge it is your sole ongoing responsibility, as the data owner, to determine what drives and volumes are included in the Backup Services and provide us with a corresponding written notice to include in the Backup Services any missing drives and volumes. The software provides various means for communication of the backup status including email notification. If you do not receive backup status notifications, please contact us to request you receive such notifications. In addition to you reviewing the backup status notifications, we will review the backup status notifications for the completion of the backup job. In the event a backup job does not complete as scheduled according to the backup status notifications, we will investigate and communicate to you within five business days if we are unable to successfully restart and complete a successful backup job. If you do not receive communication from us within five business days and the backup job continues to be incomplete, you are to contact us to place a service ticket. As it relates to the Backup Services, your internet service provider may charge you additional data charges if you exceed certain data upload usage amounts. Any such charges and all costs to provide an internet service connection with sufficient requirements to perform the Service is your sole responsibility and is not included in the payments under the Co-Managed IT Services SOW. We recommend you contact your internet service provider to understand all potential costs prior to your signature of the Co-Managed IT Services SOW.
- NETWORK LICENSE RENEWAL SERVICES: Network License Renewal Services will be provided to you if listed on the Schedule of Services in the Co-Managed IT Services SOW:
- Firewall Services: Our services include utilizing proprietary algorithms and other technologies to filter incoming and outbound packets from the firewall based on designated signatures and sources. From time to time the service may filter packets that are not malicious or may block content from legitimate sources. You are advised to periodically review content, including firewall logs, to ensure that relevant content is not being filtered improperly and you shall notify us in the event that the firewall filter settings require adjustment. If you instruct us to make configuration changes to turn off or scale back certain firewall services, you acknowledge by making such requests you are increasing your information security risks. You shall release and discharge us from any and all claims or causes of action of any kind arising from any such requests.
- VMware Renewal: We will renew the license and support agreement with VMWare. This renewal provides access to patches, version upgrades, and vendor technical support. Our sole responsibility is to renew the annual license and support agreement and thus we are not responsible for any errors, omissions, or failures of VMWare.
- Domain Name Renewal: If you register, renew, or transfer a domain name through us, we will submit the request to its domain name services provider (the “Registrar”) on your behalf. Our sole responsibility is to submit the domain name renewal request to the Registrar. We are not responsible for any errors, omissions, or failures of the Registrar. You are responsible for closing any account with any prior reseller of or registrar for the requested domain name, and you are responsible for responding to any inquiries sent to you by the Registrar.
- SSL Certificate Renewal: If you register, renew, or transfer an SSL certificate through us, we will submit the request to its SSL certificate provider (the “Registrar”) on your behalf and apply the SSL certificate. Our sole responsibility is to submit the request to the Registrar and apply the SSL certificate. We are not responsible for any errors, omissions or failures of the Registrar.
- Website Hosting: Our website hosting services are limited to engaging with a provider (the “Website Hosting Provider”) to resell you website hosting services. Our sole responsibility is to provide your website files to the Website Hosting Provider. We are not responsible for any errors, omissions, or failures of the Website Hosting Provider. We are not responsible if your website’s data contains vulnerabilities, is compromised, or otherwise lost nor are we or the Website Hosting Provider responsible for providing backup services for your website. Any services related to website development or website changes are not included in the Co-Managed IT Services SOW.
- Other License Renewal: Upon your request, we will renew the specified license with the respective licensor (the “Licensor”). Our sole responsibility is to submit the request to and pay the Licensor. You agree we will pass on to you any cost increase charged by the Licensor. We provide such services solely for your convenience and thus we shall not be held liable for any errors, omissions, or failures of the Licensor.
11. DISCLAIMER: You hereby specifically acknowledge and agree the Services are not intended to function as a comprehensive information security protection plan. You further acknowledge the Services described IN THE Co-Managed IT Services SOW represent only basic information security measures that are intended to reduce, but does not eliminate, your information security risk. You hereby acknowledge and agree that no information security program can claim to be fully effective in preventing and/or identifying all forms of malicious activity. We make no claims, guarantees, or warranties regarding the effectiveness of the Services provided in this SOW; including the likelihood that such Services will prevent, detect, or mitigate malicious activity which includes but is not limited to the following: (a) the installation of viruses or malware on your network; (b) the breach of your system, which may cause a significant interruption to your business; (c) the unauthorized use or unauthorized access to your data; and (d) the partial or complete loss of some or all of your data. You acknowledge the foregoing, understand and fully assume all potential business and financial risks associated with information security, and hereby release and discharge us from any and all claims or causes of action of any kind arising from providing you any information security services, including the Services detailed in this SOW. You further hereby specifically acknowledge and agree the Services are not intended to function as a comprehensive disaster recovery solution, does not include checks for lost or corrupted data, and is not intended to be the sole backup for any of your data. We make no claims, guarantees, or warranties regarding the availability or performance of the backups. You hereby acknowledge that systemic problems affecting the network server may also affect the Services. We strongly recommend you configure backup jobs and monitor for the successful completion of independent local full image offsite backup copies, such as you rotating external hard drives offsite daily, to further mitigate the risks described herein AND IN THE SOW.
- MISCELLANEOUS: The offers, terms and prices of the Co-Managed IT Services SOW shall expire if not executed within thirty (30) days of your initial receipt of the Co-Managed IT Services SOW.
Effective from November 9, 2021; click here for prior version