INSECURE WEB LLC
STATEMENT OF WORK (SOW)
CYBERSECURITY SOLUTIONS
This Statement of Work
for Cybersecurity Solutions (“Statement of Work”) describes the Cybersecurity
Solutions (defined below) that Insecure Web will provide to customer
SECURITY (the “Customer or Partner”) under the terms and conditions of
the Master Services Agreement entered into between the Parties (the “MSA”). This Statement of Work is hereby
incorporated into the MSA, and Customer hereby agrees to be bound by and abide
with the terms and conditions of this Statement of Work. This Statement of Work
is effective upon the execution by Insecure Web and Customer of an MSA, which
incorporates this Statement of Work by reference and shall remain in effect for
so long as the MSA is in effect. All
provisions and definitions included in the MSA shall fully apply to this Statement
of Work.
WHEREAS, the Parties desire to
determine the terms and conditions under which Insecure Web will provide Customer
with Cybersecurity Solutions (defined below) in accordance
with the terms and conditions of both the MSA and this Statement of Work.
NOW THEREFORE, in consideration of
the representations, covenants and agreements contained herein, and certain
other good and valuable consideration, the receipt and sufficiency of which are
hereby acknowledged, the Parties hereby agree as follows:
1.
SCOPE OF WORK
1.1
Insecure
Web is a dark web monitoring, typo squatting and email security provider, who shall
provide Customer with cybersecurity solutions and/or services (collectively the
“Cybersecurity Solutions”), as determined by the Parties under this Statement of Work.
1.2
In the event of any
conflict, the order in which each document will take precedence over the other
is as follows: (i) Master Services Agreement (MSA); and (ii) Statement of Work
(Cybersecurity Solutions).
1.3 SOFTWARE LICENSE AGREEMENT
Technical
Support provides Customer access to a Insecure Web team member to help
troubleshoot and resolve problems with the software. Such technical support
will be provided remotely using e-mail, telephone, the web and/or remote
access.
- TECHNICAL SUPPORT
SERVICES INCLUDE
- Case management of
Problem Reports from initiation to
closure. An individual
case will be assigned to each customer Problem Report with status
documented, tracked and updated through closure.
- Remote problem
diagnostics, troubleshooting and repair via telephone, the web and/or
remote access;
- Software Updates
according to Insecure Web roadmap
- Software
troubleshooting and repair as needed
- Unlimited number
of technical support cases to restore solution functionality and for
general questions related to configuration and operation by emial;
- Case management
until final resolution;
- Escalation
management
- Ticket reviews
of open cases.
- OUT-OF-SCOPE
ERRORS
If Insecure
Web believes that an error reported by Customer may not be due to a Defect or
is otherwise outside the scope of the Services, Insecure Web will so notify the
Customer, who may
then
either (i) instruct Insecure Web to proceed with services regarding said error
at Customer’s
expense;
or (ii) advise Insecure Web that Customer does not wish the error pursued, in
which case Insecure Web may at its sole discretion, close the case and not to
pursue the error without any further liability or obligation.
- INSECURE WEB
RESPONSIBILITIES
Insecure Web is responsible for the following:
·
Providing documentation describing Product configuration
needs.
·
Specifying required dimensioning/server
sizing/reservation/exclusivity needs.
·
Validating that servers have been commissioned, as
requested by the Customer.
·
Recommending prerequisites on the deployment Services
required, security and firewall policies and implications.
- SEVERITY LEVEL
Severity level means classification of a problem
determined by Insecure Web personnel based upon the Customer’s assessment of
business impact. The three
(3) Severity Levels that apply to the Services are as follows:
1.
Problem Report – Critical means
conditions that severely
affect the primary functionality
of the System and because of the business impact to the customer requires
non-stop immediate corrective action, regardless of time of day or day of the
week as viewed by a customer on discussion with the organization such as:
• System
inoperability (total or partial outage),
• a
reduction in the capacity capability, that is, traffic/data handling
capability, such that expected loads cannot be handled,
• Security
breach
2.
Problem Report – Major means System is usable,
but a condition exists that seriously degrades the System operation,
maintenance or administration, etc., and requires attention during pre-defined
standard hours to resolve the situation. The urgency is less than in critical
situations because of a lesser immediate or impending effect
on System performance,
customers and the
customer’s operation and revenue such as:
• reduction in
the System’s capacity
(but still able
to handle the expected load),
• any loss
of administrative or maintenance visibility of the System and/or diagnostic
capability,
• repeated
degradation of an essential component or function, or
• degradation
of the System’s ability to provide any required notification of malfunction.
3.
Problem Report – Minor means other problems of
a lesser severity than “critical” or “major” such as conditions that have
little or no impairment on the function of the System.
a)
Software means the computer software in object code or other format
that Insecure Web agrees to
deliver or make available to
Customer and licensed by Customer under an Agreement, excluding related
Documentation provided to Customer or supported under these Terms and
Conditions. For clarity purposes, no licenses for Software granted under these
Terms and Conditions shall extend to any source code.
b) Software Maintenance Pack means a bundle of
patches providing fixes for Defects in the Software.
c) Software
Maintenance Period means
a period of
twelve (12)
consecutive
calendar months commencing on either (i) the date of
Acceptance
of the Software, or (ii) the annual renewal thereafter.
d) Software Release means a particular version
of Software identified by a change in the version numbering.
e) Software Update means Defect, fixes and
Software enhancements on the Insecure Web System. A subsequent release of Software that Insecure
Web makes, at is sole discretion, generally available to purchasers of the
Services for such Software.
f) System means a collection of hardware and/or
software items located at one or more physical locations where all of the items
are required for proper operation. No
single item can function by itself. This may include third parties’ products.
g) System Handle means a unique reference number,
assigned by Insecure Web to each Customer that determines entitlement to
Services.
h) Team member means a qualified and skilled
Insecure Web engineer designated to assist Customer with technical support
issues.
Resolution times for Software are as set out
below. Such times shall constitute
targets only. Restoration and resolution intervals for Software issues in 90%
of cases are defined as follows:
Criteria |
Premium Plan |
Critical Response |
One (1) hour |
Critical Restoration |
Twenty-four
(24) hours\Best Efforts |
Major Response |
Two (2) hours |
Major Restoration |
Forty-eight
(48) hours (excluding weekends and Insecure Web Holidays) \Best Efforts 1 |
Major Resolution |
Fifty (50) days |
Minor Response |
Two (2) Business
Days |
Minor Resolution |
One-hundred eighty 180 days 2 |
Note 1 – Major
restoration times for issues requiring an engineering change (i.e. change to
the Software or Documentation) will be mutually agreed upon between Customer
and Insecure Web. Minor issues requiring an engineering change will be added to
a Defects register and periodically reviewed as candidate fixes in future
release plans.
Note 2 – Minor issues requiring an engineering change
will be added to a Defects register and periodically reviewed as candidate
fixes in future release plans.
Insecure Web will record delays. The cases below will
not be counted in elapsed time:
·
Excessive delay in testing or deploying a proposed
solution due to Customer resource constraints.
·
Customer delay in supplying sufficient information to
commence or continue problem resolution.
·
Not being able to access the Customer’s System to
resolve a problem remotely.
·
If, with the Customer’s agreement
o a fix is
deferred to a later patch, Software Maintenance Pack or Software Release; or
o a
temporary fix is in place, the time to deliver the permanent fix is not
included.
2.
THIRD-PARTY
INTERFACE ENHANCEMENTS
a) Some Insecure
Web systems support interfaces with third-party systems to provide enhanced
functionalities. Strategy for adding
these third-party interface and enhancements to them are defined by product
management as part of the roadmap planning process. Insecure Web reserves the
right to charge for these enhancements or to include them for free of charge a
s part the software update plan or on a case-by-case basis. If a third-party
enhancement is desire which Is not planned as part of the existing product
roadmap in the some cases these can be delivered as optional professional
services from Insecure Web.
b) If a customer is aware
that any of these interfaces are going to be changing they may notify Insecure
Web of the change in advance to determine if an update will be needed to
maintain functionality of each interface. Insecure Web will then evaluate the
interface change and determine if and when a third-party Enhancement may be
developed.
c) In cases where Insecure
Web is planning to provide a customer-requested third-party interface
enhancement, customer will provide full documentation and sample data for each
of the vendors new releases to Atlas a minimum of 90 days prior to the
implementation of such releases in the network.
The Customer will assist Insecure Web in testing of such new interfaces
in a controlled fashion, either in a lab environment or live network, before
they are rolled out across the complete system footprint.
3.
LIMITATION AND EXCLUSIONS
a) Data recovery services
are not included as part of the Services, regardless of the cause of data
loss. If Customer requests Insecure Web
to perform data recovery, this service, if available, will be charged at Insecure
Web then-current rates.
a) Services do not include
program development, coding, isolation of coding problems, assistance to or
consulting or implementation of the Customer’s application on the System,
customization of Insecure Web tools or integration of Insecure Web tools with
customer systems.
b) Services are not a
substitute for any formal Customer education course. Insecure Web and Customer
may plan and implement a training program to train Customer Contacts, System
administrators and users on the current revision of the Software.
c) Insecure Web will
provide Services thro
d) ugh its own staffing
or by working with qualified third-party suppliers and subcontractors, as
appropriate.
e) Insecure Web will use
commercially reasonable efforts to resolve problems but does not guarantee that
it will be able to do so or that any resolution will be satisfactory to
Customer.
f)
Decommissioning and disposal of system hardware is not included as part
of the Services.
g)
Support for cases relating to integration or communication between two
or more Insecure Web systems requires all of the systems to have a valid
support contract unless agreed in advance, in writing, by Insecure Web.
h) Insecure Web shall not
be obligated to provide Services if Defects are caused by or related to the
following:
i.
Customer’s mishandling, abuse, misuse, or use of the
Software other than in accordance with Insecure Web’s operating instructions.
ii.
use of the Software with hardware or software that was
not expressly specified in writing by Insecure Web as suited for use with the
Software;
iii.
changes to the Customer environment, in which the
Software was provided;
iv.
actions or omissions of persons other than Insecure
Web;
v.
installation, maintenance, or repair of Software by
someone other than Insecure Web, except maintenance performed by Customer if
and to the extent authorized by Insecure Web in a duly signed writing;
vi.
failure to implement all Software Updates, Software
Releases, and other new upgrades of the Software made available to Customer
(provided, for the avoidance of doubt, that Insecure Web is not obligated to
make available any minimum number of such new upgrades); or
vii.
Force Majeure conditions as defined in the General
Terms.
i)
Insecure Web shall not be obligated to provide Services for the
following:
i.
Software that has been modified by someone other than Insecure Web,
unless such modifications were directed or approved by Insecure Web in writing
and made in strict conformance with all specifications and instructions
provided by Insecure Web in such writing;
ii.
Software that Insecure Web modified in accordance with Customer’s
request, specifications, or instructions;
iii.
third-party products
j)
Insecure Web shall not be obligated to provide Services, except for the
(i) most recent (Major or Minor) Software Release and (ii) immediately
preceding (Major or Minor) Software Release for a period of twelve (12) months
following the issuance of the next Major or Minor Software Release, and only
when used with Insecure Web specified hardware configurations and Insecure Web
recommended operating system, database and applied Software Updates. Insecure
Web shall have no obligation to provide Services for any Software that has been
superseded by a current release more than twelve (12) months prior to the
then-current date.
4. TERM OF STATEMENT OF WORK
This Statement of Work
shall be effective as of the execution date of the MSA and the date of
signature of this Statement of Work by both Parties and shall continue unless
terminated earlier as provided under Section 16 (Term and Termination) of the
MSA (“Term”). Any termination of this Statement of Work shall not
relieve the Customer of its obligation to pay the Fees incurred hereunder prior
to such termination.
5. CHANGES IN THE SCOPE OF WORKS
Customer may decide to
change the scope of the Cybersecurity Solutions. Insecure Web will then inform Customer
on whether or not such change in the scope of the Cybersecurity Solutions
requires an adjustment of the delivery dates. Insecure Web will do its best
efforts to make changes as requested by Customer. Customer hereby understands
and agrees that any requested change in the scope of the Cybersecurity
Solutions may affect both milestone delivery dates and final cost.
6. DURATION &
EXPIRATION
Subject to Section 16
(Term and Termination) of the MSA, this Statement of Work shall come into force
on the date of signature below and shall remain in force until full (i)
completion of the Cybersecurity Solutions by Insecure Web in line with Section 2
of this Statement of Work, and (ii) payment by Customer of the Cybersecurity Solutions Fees in accordance with Section 4 of this Statement of Work and Section 4 (Fees, Costs, Payment, Taxes and Refunds) of the MSA.
WHEREOF, each of the Parties
hereto has executed this Statement of Work by its duly authorized
representatives effective as of the date of signature.
LICENSE
AND SUPPORT COST
The cost is calculated monthly in a pay-as-you-go license model.
You will be billed an invoice at the end of the moth with the amount to be paid
within 7 days.
WHEREOF, THE PARTIES HAVE EXECUTED THIS SOFTWARE
LICENSE AGREEMENT OR SOW BY COMPLETING THE ONLINE SIGNUP PROCESS. CUSTOMER
UNDERSTANDS THAT INSECURE WEB LLC DOES NOT ALLOW THE USAGE OF ITS
SERVICE IF AND SOFTWARE IF CUSTOMER DOES NOT FULLY ACCEPT THEM.