InsecureWeb Software License and Support

INSECURE WEB LLC

STATEMENT OF WORK (SOW)

CYBERSECURITY SOLUTIONS

This Statement of Work for Cybersecurity Solutions (“Statement of Work”) describes the Cybersecurity Solutions (defined below) that Insecure Web will provide to customer SECURITY (the “Customer or Partner”) under the terms and conditions of the Master Services Agreement entered into between the Parties (the “MSA”). This Statement of Work is hereby incorporated into the MSA, and Customer hereby agrees to be bound by and abide with the terms and conditions of this Statement of Work. This Statement of Work is effective upon the execution by Insecure Web and Customer of an MSA, which incorporates this Statement of Work by reference and shall remain in effect for so long as the MSA is in effect. All provisions and definitions included in the MSA shall fully apply to this Statement of Work.

WHEREAS, the Parties desire to determine the terms and conditions under which Insecure Web will provide Customer with Cybersecurity Solutions (defined below) in accordance with the terms and conditions of both the MSA and this Statement of Work.

NOW THEREFORE, in consideration of the representations, covenants and agreements contained herein, and certain other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties hereby agree as follows:

1. SCOPE OF WORK

1.1 Insecure Web is a dark web monitoring, typo squatting and email security provider, who shall provide Customer with cybersecurity solutions and/or services (collectively the “Cybersecurity Solutions”), as determined by the Parties under this Statement of Work.

1.2 In the event of any conflict, the order in which each document will take precedence over the other is as follows: (i) Master Services Agreement (MSA); and (ii) Statement of Work (Cybersecurity Solutions).

1.3 SOFTWARE LICENSE AGREEMENT

Technical Support provides Customer access to a Insecure Web team member to help troubleshoot and resolve problems with the software. Such technical support will be provided remotely using e-mail, telephone, the web and/or remote access.

TECHNICAL SUPPORT SERVICES INCLUDE

Case management of Problem Reports from initiation to closure. An individual case will be assigned to each customer Problem Report with status documented, tracked and updated through closure.
Remote problem diagnostics, troubleshooting and repair via telephone, the web and/or remote access;
Software Updates according to Insecure Web roadmap
Software troubleshooting and repair as needed
Unlimited number of technical support cases to restore solution functionality and for general questions related to configuration and operation by emial;
Case management until final resolution;
Escalation management
Ticket reviews of open cases.

OUT-OF-SCOPE ERRORS

If Insecure Web believes that an error reported by Customer may not be due to a Defect or is otherwise outside the scope of the Services, Insecure Web will so notify the Customer, who may

then either (i) instruct Insecure Web to proceed with services regarding said error at Customer’s

expense; or (ii) advise Insecure Web that Customer does not wish the error pursued, in which case Insecure Web may at its sole discretion, close the case and not to pursue the error without any further liability or obligation.

INSECURE WEB RESPONSIBILITIES

Insecure Web is responsible for the following:

· Providing documentation describing Product configuration needs.

· Specifying required dimensioning/server sizing/reservation/exclusivity needs.

· Validating that servers have been commissioned, as requested by the Customer.

· Recommending prerequisites on the deployment Services required, security and firewall policies and implications.

SEVERITY LEVEL

Severity level means classification of a problem determined by Insecure Web personnel based upon the Customer’s assessment of business impact. The three (3) Severity Levels that apply to the Services are as follows:

1. Problem Report – Critical means conditions that severely affect the primary functionality of the System and because of the business impact to the customer requires non-stop immediate corrective action, regardless of time of day or day of the week as viewed by a customer on discussion with the organization such as:

• System inoperability (total or partial outage),

• a reduction in the capacity capability, that is, traffic/data handling capability, such that expected loads cannot be handled,

• Security breach

2. Problem Report – Major means System is usable, but a condition exists that seriously degrades the System operation, maintenance or administration, etc., and requires attention during pre-defined standard hours to resolve the situation. The urgency is less than in critical situations because of a lesser immediate or impending effect on System performance, customers and the customer’s operation and revenue such as:

• reduction in the System’s capacity (but still able to handle the expected load),

• any loss of administrative or maintenance visibility of the System and/or diagnostic capability,

• repeated degradation of an essential component or function, or

• degradation of the System’s ability to provide any required notification of malfunction.

3. Problem Report – Minor means other problems of a lesser severity than “critical” or “major” such as conditions that have little or no impairment on the function of the System.

a) Software means the computer software in object code or other format that Insecure Web agrees to deliver or make available to Customer and licensed by Customer under an Agreement, excluding related Documentation provided to Customer or supported under these Terms and Conditions. For clarity purposes, no licenses for Software granted under these Terms and Conditions shall extend to any source code.

b) Software Maintenance Pack means a bundle of patches providing fixes for Defects in the Software.

c) Software Maintenance Period means a period of twelve (12)

consecutive calendar months commencing on either (i) the date of

Acceptance of the Software, or (ii) the annual renewal thereafter.

d) Software Release means a particular version of Software identified by a change in the version numbering.

e) Software Update means Defect, fixes and Software enhancements on the Insecure Web System. A subsequent release of Software that Insecure Web makes, at is sole discretion, generally available to purchasers of the Services for such Software.

f) System means a collection of hardware and/or software items located at one or more physical locations where all of the items are required for proper operation. No single item can function by itself. This may include third parties’ products.

g) System Handle means a unique reference number, assigned by Insecure Web to each Customer that determines entitlement to Services.

h) Team member means a qualified and skilled Insecure Web engineer designated to assist Customer with technical support issues.

Resolution times for Software are as set out below. Such times shall constitute targets only. Restoration and resolution intervals for Software issues in 90% of cases are defined as follows:

Criteria	Premium Plan
Critical Response	One (1) hour
Critical Restoration	Twenty-four (24) hours\Best Efforts
Major Response	Two (2) hours
Major Restoration	Forty-eight (48) hours (excluding weekends and Insecure Web Holidays) \Best Efforts 1
Major Resolution	Fifty (50) days
Minor Response	Two (2) Business Days
Minor Resolution	One-hundred eighty 180 days 2

Note 1 – Major restoration times for issues requiring an engineering change (i.e. change to the Software or Documentation) will be mutually agreed upon between Customer and Insecure Web. Minor issues requiring an engineering change will be added to a Defects register and periodically reviewed as candidate fixes in future release plans.

Note 2 – Minor issues requiring an engineering change will be added to a Defects register and periodically reviewed as candidate fixes in future release plans.

Insecure Web will record delays. The cases below will not be counted in elapsed time:

· Excessive delay in testing or deploying a proposed solution due to Customer resource constraints.

· Customer delay in supplying sufficient information to commence or continue problem resolution.

· Not being able to access the Customer’s System to resolve a problem remotely.

· If, with the Customer’s agreement

o a fix is deferred to a later patch, Software Maintenance Pack or Software Release; or

o a temporary fix is in place, the time to deliver the permanent fix is not included.

2. THIRD-PARTY INTERFACE ENHANCEMENTS

a) Some Insecure Web systems support interfaces with third-party systems to provide enhanced functionalities. Strategy for adding these third-party interface and enhancements to them are defined by product management as part of the roadmap planning process. Insecure Web reserves the right to charge for these enhancements or to include them for free of charge a s part the software update plan or on a case-by-case basis. If a third-party enhancement is desire which Is not planned as part of the existing product roadmap in the some cases these can be delivered as optional professional services from Insecure Web.

b) If a customer is aware that any of these interfaces are going to be changing they may notify Insecure Web of the change in advance to determine if an update will be needed to maintain functionality of each interface. Insecure Web will then evaluate the interface change and determine if and when a third-party Enhancement may be developed.

c) In cases where Insecure Web is planning to provide a customer-requested third-party interface enhancement, customer will provide full documentation and sample data for each of the vendors new releases to Atlas a minimum of 90 days prior to the implementation of such releases in the network. The Customer will assist Insecure Web in testing of such new interfaces in a controlled fashion, either in a lab environment or live network, before they are rolled out across the complete system footprint.

3. LIMITATION AND EXCLUSIONS

a) Data recovery services are not included as part of the Services, regardless of the cause of data loss. If Customer requests Insecure Web to perform data recovery, this service, if available, will be charged at Insecure Web then-current rates.

a) Services do not include program development, coding, isolation of coding problems, assistance to or consulting or implementation of the Customer’s application on the System, customization of Insecure Web tools or integration of Insecure Web tools with customer systems.

b) Services are not a substitute for any formal Customer education course. Insecure Web and Customer may plan and implement a training program to train Customer Contacts, System administrators and users on the current revision of the Software.

c) Insecure Web will provide Services thro

d) ugh its own staffing or by working with qualified third-party suppliers and subcontractors, as appropriate.

e) Insecure Web will use commercially reasonable efforts to resolve problems but does not guarantee that it will be able to do so or that any resolution will be satisfactory to Customer.

f) Decommissioning and disposal of system hardware is not included as part of the Services.

g) Support for cases relating to integration or communication between two or more Insecure Web systems requires all of the systems to have a valid support contract unless agreed in advance, in writing, by Insecure Web.

h) Insecure Web shall not be obligated to provide Services if Defects are caused by or related to the following:

i. Customer’s mishandling, abuse, misuse, or use of the Software other than in accordance with Insecure Web’s operating instructions.

ii. use of the Software with hardware or software that was not expressly specified in writing by Insecure Web as suited for use with the Software;

iii. changes to the Customer environment, in which the Software was provided;

iv. actions or omissions of persons other than Insecure Web;

v. installation, maintenance, or repair of Software by someone other than Insecure Web, except maintenance performed by Customer if and to the extent authorized by Insecure Web in a duly signed writing;

vi. failure to implement all Software Updates, Software Releases, and other new upgrades of the Software made available to Customer (provided, for the avoidance of doubt, that Insecure Web is not obligated to make available any minimum number of such new upgrades); or

vii. Force Majeure conditions as defined in the General Terms.

i) Insecure Web shall not be obligated to provide Services for the following:

i. Software that has been modified by someone other than Insecure Web, unless such modifications were directed or approved by Insecure Web in writing and made in strict conformance with all specifications and instructions provided by Insecure Web in such writing;

ii. Software that Insecure Web modified in accordance with Customer’s request, specifications, or instructions;

iii. third-party products

j) Insecure Web shall not be obligated to provide Services, except for the (i) most recent (Major or Minor) Software Release and (ii) immediately preceding (Major or Minor) Software Release for a period of twelve (12) months following the issuance of the next Major or Minor Software Release, and only when used with Insecure Web specified hardware configurations and Insecure Web recommended operating system, database and applied Software Updates. Insecure Web shall have no obligation to provide Services for any Software that has been superseded by a current release more than twelve (12) months prior to the then-current date.

4. TERM OF STATEMENT OF WORK

This Statement of Work shall be effective as of the execution date of the MSA and the date of signature of this Statement of Work by both Parties and shall continue unless terminated earlier as provided under Section 16 (Term and Termination) of the MSA (“Term”). Any termination of this Statement of Work shall not relieve the Customer of its obligation to pay the Fees incurred hereunder prior to such termination.

5. CHANGES IN THE SCOPE OF WORKS

Customer may decide to change the scope of the Cybersecurity Solutions. Insecure Web will then inform Customer on whether or not such change in the scope of the Cybersecurity Solutions requires an adjustment of the delivery dates. Insecure Web will do its best efforts to make changes as requested by Customer. Customer hereby understands and agrees that any requested change in the scope of the Cybersecurity Solutions may affect both milestone delivery dates and final cost.

6. DURATION & EXPIRATION

Subject to Section 16 (Term and Termination) of the MSA, this Statement of Work shall come into force on the date of signature below and shall remain in force until full (i) completion of the Cybersecurity Solutions by Insecure Web in line with Section 2 of this Statement of Work, and (ii) payment by Customer of the Cybersecurity Solutions Fees in accordance with Section 4 of this Statement of Work and Section 4 (Fees, Costs, Payment, Taxes and Refunds) of the MSA.

WHEREOF, each of the Parties hereto has executed this Statement of Work by its duly authorized representatives effective as of the date of signature.

LICENSE AND SUPPORT COST

The cost is calculated monthly in a pay-as-you-go license model. You will be billed an invoice at the end of the moth with the amount to be paid within 7 days.

WHEREOF, THE PARTIES HAVE EXECUTED THIS SOFTWARE LICENSE AGREEMENT OR SOW BY COMPLETING THE ONLINE SIGNUP PROCESS. CUSTOMER UNDERSTANDS THAT INSECURE WEB LLC DOES NOT ALLOW THE USAGE OF ITS SERVICE IF AND SOFTWARE IF CUSTOMER DOES NOT FULLY ACCEPT THEM.