Terms and Conditions

Updated: 6 APR 2026

PARTIES

Sekuro Operations Pty Limited (ABN 52 652 187 785) of Level 5/727 George St, Haymarket NSW 2000 (Supplier)
The entity procuring the Services (Customer)

BACKGROUND

The Supplier is in the business of providing Cyber Security and Information Technology Services.
The Customer wishes to obtain, and the Supplier wishes to provide, the Services on the terms set out in this agreement.

GENERAL TERMS

Definitions and interpretation

1.1

Capitalised terms or expressions used in this agreement have the meanings set out in this clause.

Affiliate means, in relation to a party, any entity that directly or indirectly, controls, is controlled by, or is under common control of or with a party to this agreement. “Control” means having 50% or more of the outstanding equity interests or having, by contract or otherwise, the right and ability to direct management and policies.

Agreement Commencement Date: the date when the agreement has been signed by all the parties.

APP: means an Australian Privacy Principle as defined in the Privacy Act.

APP Entity: has the meaning given in the Privacy Act.

AWS Order: is an order placed through the AWS Marketplace portal.

Business Day: a day on which banks are open for business in Sydney, other than a Saturday, Sunday or public holiday.

Business Hours: the period from 9.00 am to 5.00 pm on any Business Day.

Change Order: has the meaning given in clause 7.1.

Consumer Price Index: the Consumer Price Index (All Groups) (Australia) published by the Australian Bureau of Statistics.

Control: the definition given to that term in section 50AA of the Corporations Act and the expression change of control shall be construed accordingly.

CBA Excess Drawing Interest Rate: means a variable rate per annum equal to the Commonwealth Bank of Australia (CBA) Indicator Rate (or its equivalent successor), plus a margin of 4%, as amended and published by CBA from time to time.

Corporations Act: the Corporations Act 2001 (Cth).

Customer's Equipment: any equipment, including tools, systems, cabling or facilities, provided by the Customer, its agents, subcontractors or consultants which is used directly or indirectly in the supply of the Services.

Customer Materials: all documents, information, items and materials in any form, whether owned by the Customer or a third party, which are provided by the Customer to the Supplier in connection with the Services.

Customer's Representative: has the meaning given in clause 5.1(b).

Data Breach Investigation: an investigation as required to be carried out in accordance with clause 11.3(c).

Data Incident: an Eligible Data Breach that has occurred in respect of any Personal Information the Supplier has collected, held, used or disclosed in the course of or relating to this agreement.

Deliverables: any output of the Services to be provided by the Supplier to the Customer as specified in an Order (excluding Hardware and Software and the Supplier's Equipment).

Eligible Data Breach: an eligible data breach as that term is defined in the Privacy Amendment (Notifiable Data Breaches) Act 2016 (Cth), occurring on or after 22 February 2018.

General Terms means clauses 1 – 27 of this agreement.

GST: goods and services tax chargeable under A New Tax System (Goods and Services Tax) Act 1999 (Cth).

GST Law: has the same meaning as "GST Law" in the A New Tax System (Goods and Services Tax) Act 1999 (Cth).

Hardware: any third-party hardware provided to the Customer by the Supplier in its capacity as a reseller.

Intellectual Property Rights: means all statutory, proprietary, and other rights throughout the world, whether existing now or in the future, conferred by statute, common law, or equity in relation to any confidential information, inventions, or discoveries, including patents, trademarks, service marks, design rights, copyrights (including future copyright and rights in software), topography rights, database rights, trade names, and business names, circuit layout rights, plant breeder rights, and rights in respect of domain names and social media identifiers, trade secrets, technical data, formulae, algorithms, know-how, best practice, methods, and other confidential or protected information.

Log Files: means computer or software generated machine data / telemetry, ingested into Sekuro’s Managed Service platforms, containing information about the operations, activities and usage patterns within the Customer’s ITC / OT environment.

Managed Services: means where the Supplier provides certain, ongoing cyber security services as specified in the Managed Services Schedules to this Agreement

Milestone: except in relation to any Resale Services, a date by which a part or all of the Services is to be completed, as set out in an Order.

Order: means either:

the Customer’s request for Services based on a valid Quote that has subsequently been accepted by the Supplier (which may be made via the Supplier’s online quotation system);

a SoW or Proposal, issued by Sekuro, for the provision of Services that has been signed by the Customer; or

an AWS Order.

Personal Information: has the meaning given in the Privacy Act.

Privacy Act: the Privacy Act 1988 (Cth) as amended from time to time.

Professional Services: the provision of information technology professionals for consulting, design, development, implementation or training projects as described in an Order.

Professional Services Retainer: means a pre-purchased allocation of service hours to be utilised by the Customer for Services within a defined period specified in an Statement of Work.

Proposal: a document describing the Services to be provided by the Supplier and applicable pricing and charges.

Quote: a quotation for Services to be provided, including applicable Service Charges.

Resale Services: means services (including support) that are performed by a third-party vendor and resold to the Customer by the Supplier under the Agreement.

Schedules means Schedules 1 – 9 (inclusive) annexed to this agreement.

Sensitive Information: has the meaning given in the Privacy Act.

Service Charges: the amounts payable for the Services as set out in the relevant Order.

Services: means the services to be provided to the Customer as set out in an Order, which may include (a) the resale of Hardware, Software, (b) the provision of Professional Services, (c) Managed Security Services, (d) or any other services offered by the Supplier and agreed to be supplied under an Order.

Software: means software (including any software-as-a-service or licenced software) owned by a third-party vendor and provided to the Customer by the Supplier in its capacity as a reseller under the agreement.

Statement(s) Of Work (SoW(s)): a document with that name describing the Services to be provided by the Supplier and applicable pricing and charges.

Supplier's Equipment: any equipment (other than Hardware), including tools, systems, cabling or facilities, provided by the Supplier to the Customer and used directly or indirectly in the supply of the Services.

Supplier IP: means without limitation, any work of authorship (including computer software), schema, invention, process, device, apparatus, schematic or technical information, report, documentation, workflow, know-how, and best practice, that is invented, created, authored, or reduced to practice by Supplier, and that is included in the Work Product or is used by Supplier to carry out the Services described in and delivered pursuant to this Agreement or to the applicable SOW to this Agreement.

Term: has a meaning given in clause 2.1.

Work Product: means Deliverables resulting from the Services described in and delivered pursuant to this Agreement or to the applicable SOW to this Agreement.

1.2

In this agreement, the following rules of interpretation apply unless the contrary intention appears or the context otherwise requires:

(a)

headings and subheadings are for convenience only and do not affect the interpretation of this agreement;

(b)

a reference to a body (other than a party to this agreement), whether statutory or not, that ceases to exist or has its powers or functions transferred to another body is a reference to the body that replaces it or that substantially succeeds to its powers or functions;

(c)

no provision of this agreement will be construed adversely to a party because that party was responsible for the preparation of that provision or this agreement;

(d)

specifying anything in this agreement after the terms "include", "including", "includes", "for example"', "such as", or any similar expression does not limit the sense of the words, description, definition, phrase or term preceding those; and

(e)

this agreement includes all Schedules and attachments to it.

Commencement and Term

2.1

This agreement starts on the Agreement Commencement Date and, unless terminated earlier in accordance with clause 14, ends when either party gives to the other party 30 days written notice of termination to the other party. Despite the termination of the agreement, any Orders entered into prior to the effective date of termination will continue to remain in full force and effect until finalised, and the terms and conditions of this agreement will continue to apply to such Orders until their completion.

2.2

The parties must not enter into any further Orders after the date on which notice to terminate is served under clause 2.1 and any Orders entered into after such notice will be void.

Orders

3.1

If, during the Term, the parties enter into an Order for Services, the Parties agree that the provision of the Services will be governed by the terms of this agreement.

3.2

Orders are subject to acceptance by Sekuro. Once accepted, amendments to an Order are not permitted except in accordance with clause 7.1.

3.3

Each accepted Order forms part of this agreement and does not create a separate contract to it.

3.4

Each Order will specify the Services to be provided. The Schedules to this agreement set out terms that will apply to the provision of specific types of Services in addition to these General Terms.

3.5

If there is an inconsistency between the terms set out in this document and the terms set out in an Order the terms shall be applied in this order of precedence:

(a)

the terms of the Schedule(s) related to the Service(s) acquired under an Order;

(b)

these General Terms; then

(c)

the terms of the Order.

3.6

Any terms or conditions in any purchase order or any other related documentation submitted by or on behalf of the Customer in relation to the Services do not form part of this agreement and are void unless otherwise expressly agreed in writing and signed by authorised signatories of both parties.

Supplier's obligations and warranties

4.1

The Supplier will perform the Services in a professional manner in accordance with an Order in all material respects.

4.2

The Supplier will endeavour to meet any delivery, performance dates or Milestones specified in an Order, but any such dates will be estimates only. The Supplier will be excused from any failure to supply which was contributed to by causes beyond its reasonable control (including delay in supply from third parties), and the time specified for completion of supply will be extended commensurately.

4.3

The Supplier will abide by the relevant information security laws and regulations applicable in the countries in which it operates as applicable to the Services.

4.4

The Supplier makes no additional warranty in relation to the Services other than those prescribed by law.

4.5

The Supplier does not represent or guarantee that the outcome of the Services will meet the Customer’s expectations or objectives. The Customer must make independent enquiries about the suitability of the Services for their requirements.

4.6

The Supplier will provide the Services using appropriate skills, training, and tools; however, the Customer acknowledges and agrees the provision of Services does not guarantee or represent in any way that:

all threats or non-compliant environments will be identified;

all damage will be prevented; or

all responses will be effective.

Customer's obligations and warranties

5.1

The Customer:

(a)

must provide assistance to the Supplier (including access to physical sites, networks, infrastructure, documentation, licence information, Customer Materials and employees and contractors) to the extent reasonably necessary to enable the Supplier to perform the Services; and

(b)

must identify a manager who is appointed in respect of the relevant Services to be performed (Customer's Representative).

5.2

The Customer represents, warrants, and undertakes, throughout the Term that:

(a)

the Customer's Representative has the authority to contractually bind the Customer on all matters relating to the relevant Services under an Order (including by signing Change Orders);

(b)

there are no legal restrictions preventing compliance with the terms of this agreement;

(c)

it will cooperate with the Supplier and provide all information that is reasonably necessary to enable satisfactory performance of the Services;

(d)

the information provided to the Supplier is true, correct and complete;

(e)

it has obtained any necessary consents, licences and permissions from other parties necessary for the Services to be provided at the Customers cost;

(f)

Unless specified otherwise in an Order, the Customer is responsible for conducting business-as-usual activities on all Customer systems and infrastructure including those systems and infrastructure relevant to the engagement. This includes, but is not limited to, establishing and maintaining a robust security environment, capability, controls, processes and safeguards, including to reasonably protect against compromises of information security monitoring, patching and maintenance, backups, and timely communication of any outages or changes that may impact Supplier’s activities or performance of its obligations under this agreement and any Order; and

(g)

during the Term, Customer consents to the use of the Customer’s name and Intellectual Property in relation to the Supplier’s performance of the Services.

5.3

The Customer acknowledges by entry into this agreement that no promise, representation, guarantee or undertaking has been made or given by the Supplier or any person on its behalf in relation to the capacity, uses, or benefits to be derived from use, profitability of or any other results to be obtained from the provision of the Services, except as set out in this agreement. The Customer has relied on its own skill and judgment in deciding to acquire the Services and acknowledges that the Supplier does not warrant that any Services will be uninterrupted, error-free, free of harmful components, that any content or data will be secure or not otherwise lost or damaged.

Non-solicitation

6.1

During the Term and for a period of 12 months post termination of this agreement neither party will, without the prior written consent of the other party, employ or engage or attempt to employ or engage any employee or contractor of the other party involved in the provision of the Services.

Change control

7.1

Either party may propose changes to the scope or delivery of the Services but no proposed changes shall come into effect until such has been agreed in writing by the Supplier and the Customer (Change Order). A Change Order will set out the proposed changes and the effect that those changes will have on:

(a)

the Services;

(b)

the Service Charges;

(c)

the timetable for the Services; and

(d)

any of the other terms of the Order.

Service Charges and Payment

8.1

The Supplier will invoice the Customer for the Service Charges in accordance with the schedule specified in the Order. If no times are specified, the Supplier will invoice the Customer at the end of each month for Services delivered during that month.

8.2

The Customer will pay any reasonable additional expenses incurred by the Supplier in performing the Services. The amount and nature of those expenses are to be advised to the Customer prior to those expenses being incurred.

8.3

The Customer must pay each invoice submitted to it by the Supplier within 30 days of the date of invoice to a bank account nominated in writing by the Supplier from time to time, or in accordance with the terms of the AWS Marketplace in respect of an AWS Order.

8.4

All consulting and professional services work will be conducted during Business Hours. If the Customer requires work to be conducted outside of Business Hours (overtime), overtime Service Charges will be calculated at a 150% of the quoted rate for weekdays, and 200% of the quoted rate for weekends and public holidays.

8.5

Unless specified otherwise in an Order (and excluding any Hardware, Software or Resale Services), the Customer will have 10 Business Days to provide feedback, or request a project debrief meeting, on any deliverable, draft deliverable, or draft report. Upon completion of the project debrief meeting, or after 10 Business Days from the date of delivery, whichever occurs first, Sekuro will deliver the final version of the deliverable or report and will be entitled to issue any related invoices to the Customer.

8.6

The Supplier may increase Service Charges on an annual basis with effect from each anniversary of the relevant Order in line with the percentage increase in the Consumer Price Index for the most recent 12-month period, as quoted by the Australian Bureau of Statistics.

8.7

The Supplier reserves the right to charge a cost recovery fee in circumstances where the Customer postpones, or cancels Professional Services work, with less than 5 Business Days’ written notice, and Supplier is not able to redeploy the scheduled consultants onto other billable engagements. If a cost recovery rate is not specified in an Order, the applicable cost recovery rate is AUD $2,500 per-person, per-day, up to a maximum of 5 days.

8.8

If the Customer orders a Professional Services Retainer, the allocated hours must be consumed within 12 months of purchase, or the hours will expire, and are non-refundable.

8.9

Except for any amounts in dispute under clause 8.11, the Supplier may charge interest on any amount due and not paid the Customer in accordance with clause 8.3, at the CBA Excess Drawing Interest Rate, calculated monthly and Customer must reimburse the Supplier for the full costs of recovery of overdue amounts (including legal fees and charges) on an indemnity basis.

8.10

Without limiting the Supplier’s rights to terminate or take other action under this agreement, if the Customer fails to pay any amount due in accordance with clause 8.3, which are not in dispute under clause 8.11, the Supplier may in its sole election either suspend or terminate any Order, or this agreement, in whole or in part.

8.11

If the Customer disputes the whole or any portion of an invoice:

(a)

the Customer must pay any amount in the invoice which is not in dispute by the due date;

(b)

within 5 Business Days of receipt of the invoice, the Customer must notify the Supplier in writing of the reasons for disputing the remainder of the invoice; and

(c)

within 5 Business Days of that notification, the parties must meet with a view to resolving the dispute. If the parties are not able to resolve the dispute within 10 business days the matter must be addressed in accordance with the Disputes process in clause 27.1.

8.12

All Service Charges and any other amounts payable by Customer to the Supplier under this agreement or any Order:

(a)

are exclusive of GST (unless expressly stated otherwise), and the Customer must, in addition, pay an amount equal to any GST chargeable on those sums on delivery of a GST invoice; and

(b)

must be paid in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of tax as required by law).

Intellectual Property Rights

9.1

Customer retains all right, title and interest in Customer’s Intellectual Property Rights, including such Customer Intellectual Property Rights contained in the Work Product.

9.2

Supplier retains all right, title and interest in Supplier IP.

9.3

Supplier hereby grants to Customer a worldwide, non-exclusive, non-transferable, royalty-free, perpetual, without the right of sublicense, license to use Supplier IP that is included in the Work Product in the course of Customer’s internal, business operations, provided that no Supplier IP may be unbundled or separated from the Work Product or used on a stand-alone basis. Supplier reserves the right to revoke the license for non-payment of required fees under this Agreement or the applicable SOW to this Agreement.

Insurance

10.1

During the Term, the Supplier will have and maintain the following insurances:

(a)

Public Liability Insurance up to $20,000,000;

(b)

Professional Indemnity Insurance up to $10,000,000; and

(c)

Workers’ Compensation Insurance in accordance with applicable law.

Privacy

11.1

If the Supplier collects, holds, uses or discloses Personal Information in performing the Services, the Supplier must:

(a)

handle all Personal Information in accordance with the Supplier's privacy policy;

(b)

only use Personal Information for the purpose of performing its obligations under this agreement; and

(c)

not disclose Personal Information to any third party (including any subcontractor) without the Customer's prior written consent or as required by law.

11.2

The Customer warrants that it:

(a)

will not provide any Sensitive Information to the Supplier unless that information is necessary for the Supplier to perform its obligations under the agreement and then only with the Supplier's specific written consent;

(b)

has:

(i)

made all necessary notifications required by APP 5, on behalf of itself and the Supplier to; and

(ii)

obtained all necessary consents required by APP 6 from,

the individuals whose Personal Information it is disclosing to the Supplier under this agreement or any applicable Statement of Work to enable to the Supplier to lawfully use the Personal Information and perform its obligations under this agreement; and

(c)

the Supplier may provide access to the Personal Information to people located overseas for the purpose of enabling it to perform the Services and perform operational and administrative functions including billing.

11.3

If the Supplier becomes aware, that a Data Incident has occurred, the Supplier must:

(a)

promptly take reasonable steps to contain the Data Incident and prevent any further serious harm to affected individuals;

(b)

undertake an investigation into the issue and within 48 hours notify the Customer in writing, stating the:

(i)

nature and details of the Data Incident;

(ii)

specific Personal Information affected; and

(iii)

actions taken by the Supplier at clause 11.3(a);

(c)

provide a copy of the report of the Data Breach Investigation in clause 11.3(a) to the Customer on completion which will remain Supplier Confidential Information;

(d)

engage in discussions with the Customer regarding:

(i)

the conduct and outcomes of the Data Breach Investigation; and

(ii)

in the case of an Eligible Data Breach the relevant notifications under the Privacy Act by the parties; and

The Customer:

(e)

acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use Personal Information disclosed to it in the course of and for the purpose of this agreement;

(f)

indemnifies the Supplier for any claim brought by any third party in connection with any act or omission by the Supplier in relation to a third party's Personal Information to the extent that such act or omission resulted directly from the Customer's instructions or the Customer's breach of this agreement; and

(g)

acknowledges that from time to time it may provide information to third parties in order to assess the Customer’s credit standing, credit history and financial capacity, or as otherwise required by applicable law.

Confidentiality

12.1

Each party (Recipient) must keep secret and confidential and not disclose any information relating to another party or its business (which is or has been disclosed to the Recipient by the other party, its representatives or advisers) or the terms of this agreement, except:

(a)

where the information is in the public domain as at the date of this agreement (or subsequently becomes in the public domain other than by breach of any obligation of confidentiality binding on the Recipient);

(b)

if the Recipient is required to disclose the information by applicable law or the rules of any recognised securities exchange, provided that the Recipient has to the extent practicable, having regard to those obligations and the required timing of the disclosure, consulted with the provider of the information as to the form and content of the disclosure;

(c)

where the disclosure is expressly permitted under this agreement;

(d)

if the disclosure is made to its officers, employees and professional advisers to the extent necessary to enable the Recipient to properly perform its obligations under this agreement or to conduct their business generally, in which case the Recipient must ensure that such persons keep the information secret and confidential and do not disclose the information to any other person;

(e)

where the disclosure is required for use in legal proceedings regarding this agreement; or

(f)

if the party to whom the information relates has consented in writing before the disclosure.

12.2

Each Recipient must ensure that its directors, officers, employees, agents, representatives and related bodies corporate comply in all respects with the Recipient's obligations under this clause 12.

12.3

On termination of the Agreement, the customer may provide the Supplier with a written direction requiring the Supplier to either destroy or return its confidential information, subject to the Supplier being able to retain such information required in order to maintain good corporate and accounting practices.

Limitation of Remedies and Liability

13.1

Nothing in this agreement limits or excludes either party's liability:

(a)

for death or personal injury; or

(b)

for fraud by it or its employees.

13.2

Subject to clause 13.1, the parties exclude any liability to each other, whether in contract, tort (including negligence) or otherwise, for any special, indirect or consequential loss arising under or in connection with this agreement, including any loss of profits (except to the extent contained in the Service Charges), loss of sales or business, loss of production, loss of agreements or contracts, loss of business opportunity, loss of anticipated savings, loss of or damage to goodwill, loss of reputation, loss of use or corruption of software, data or information.

13.3

If the supply of any Software, Hardware and Resale Services and Professional Services under this agreement constitutes a supply of Software, Hardware and Resale Services or Professional Service sto a consumer as defined in the Competition and Consumer Act 2010 (Cth), as amended or replaced, or relevant State or Territory legislation (“the Acts”), nothing contained in this agreement excludes, restricts or modifies any condition, warranty or other obligation where to do so is unlawful. Where permitted, the Supplier’s liability for breach of any such condition, warranty or other obligation, including any consequential loss which the Customer may sustain or incur, shall be limited to:

(a)

In relation to Software, Hardware and Resale Services:

the replacement, or the supply of equivalent Software, Hardware and Resale Services, or payment of the cost of replacing or acquiring equivalent Software, Hardware and Resale Services ; or

ii.

the repair of, or payment of the cost of having the Software, Hardware and Resale Services repaired; and

(b)

In relation to Professional Services:

the supplying of the Professional Service again; or

ii.

the payment of the cost of having the Professional Service supplied again.

13.4

Subject to clause 13.1 and 13.3, to the maximum extent permitted by applicable law, the total amount of damages in aggregate recoverable from a party under this agreement is limited to:

(a)

the total amount paid or to be paid by Customer for Hardware, Software, and Resale Services purchased under this Agreement giving rise to the claim, or

(b)

the total amount paid or to be paid by the Customer for Professional Services performed under the relevant Statement of Work during the 12 months immediately preceding the event giving rise to the claim.:

13.5

While the Supplier will take all reasonable measures to preserve the Customer’s data which the Supplier may have access to while providing the Services, the Supplier is not responsible for any data loss, erasure, or corruption for any reason. The Customer must maintain backup data to avoid any loss or damage arising from such corruption or erasure and will hold the Supplier and its employees harmless from any claims, loss or damage arising from a failure to restore the Customer’s data resulting directly or indirectly from Customer’s failure to keep adequate and proper backups.

13.6

The Supplier will not be liable in relation to any proceeding or claim which:

(a)

was caused by any act or omission of the Customer or its employees or agents; or

(b)

relates to actions of the Supplier which were expressly or impliedly authorised by the Customer or by the Customer's employees or agents.

Termination

14.1

Without affecting any other right or remedy available to it, either party may terminate this agreement with immediate effect by giving written notice to the other party if:

14.2

the other party fails to pay any amount due under this agreement on the due date for payment and remains in default not less than seven days after being notified in writing to make such payment;

(a)

the other party commits a material breach of any term of this agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 14 days after being notified in writing to do so; or

(b)

the other party becomes, threatens or resolves to become or is in jeopardy of becoming subject to any form of insolvency, administration, receivership or liquidation.

14.3

On termination of this agreement under this clause 14:

(a)

except any Orders placed with a vendor or manufacture that cannot be cancelled all existing Orders will terminate automatically;

(b)

the Customer must immediately pay to the Supplier all of the Supplier's outstanding unpaid invoices and interest, and in respect of the Services performed but for which no invoice has been submitted, the Supplier may submit an invoice (including for Hardware and Software orders placed that cannot be cancelled), which shall be payable in accordance with clause 8.3.

(c)

the Customer must, within a reasonable time, return all of the Supplier's Equipment. If the Customer fails to do so, then the Supplier may enter the Customer's premises and take possession of the Supplier's Equipment. Until the Supplier's Equipment has been returned or repossessed, the Customer shall be solely responsible for its safekeeping;

(d)

the Supplier must, on request, return any of the Customer Materials not used up in the provision of the Services; and

(e)

the following clauses will continue in force: clause 1 (Interpretation), clause 6 (Non-solicitation), clause 9 (Intellectual Property Rights), clause 12 (Confidentiality), clause 13 (Limitation of Remedies and Liability), this clause 14 (Termination), clause 20 (Waiver), clause 21 (Severability) and clause 26 (Governing Law and Jurisdiction).

Force Majeure

15.1

Neither party is in breach of this agreement or is liable to the other party for any loss incurred by that other party as a direct result of a party (Affected Party) failing or being prevented, hindered or delayed in the performance of its obligations under this agreement where such prevention, hindrance or delay results from events, circumstances or causes beyond the Affected Party's reasonable control (Force Majeure Event).

15.2

The Affected Party will be entitled to a reasonable extension of time for performing its obligations under the agreement. However, the Affected Party must continue to use all reasonable endeavours to perform those obligations.

15.3

The performance of the affected obligations must be resumed as soon as practicable after such Force Majeure Event is removed or has ceased.

Assignment and Subcontracting

16.1

Subject to clause 16.2, neither party may assign any right arising out of this agreement, or novate the agreement, without the other party’s prior written consent, which must not be unreasonably withheld.

16.2

The Supplier may assign or novate this Agreement, including all integrated Orders, to a Supplier Affiliate or any corporate successor at any time. The Customer consents to such assignment or novation and agrees to execute any documents necessary to give effect to this transfer.

16.3

The Supplier may subcontract any of its obligations under this agreement and remains responsible for the performance of the Services under this agreement.

Variation

17.1

An amendment or variation of any term of this agreement must be in writing and signed by each party.

Modern Slavery

18.1

In this clause 18, Modern Slavery has the same meaning as it has in the Modern Slavery Act 2018 (Cth).

18.2

The Supplier must take reasonable steps to identify, assess and address the risks of Modern Slavery practices in the operations and supply chains used in the provision of the Service.

18.3

If at any time the Supplier becomes aware of Modern Slavery practices in the operations and supply chains used in the performance of the Services, the Supplier must, as soon as reasonably practicable, take all reasonable action to address or remove these practices, including where relevant by addressing any practices of other entities in its supply chains.

Anti-Bribery/Corrupt Practices

19.1

Each Party and its respective Affiliates agree that they will not take any action under this Agreement that could cause it to be in violation of any applicable anti-bribery and anti-corruption laws or regulations. A breach of this clause 19.1 shall be deemed a material breach of this Agreement and if a Party becomes aware of any such violation, it will immediately notify the other Party.

Waiver

20.1

No party may rely on the words or conduct of any other party as being a waiver of any right, power or remedy arising under or in connection with this agreement unless the other party or parties expressly grant a waiver of the right, power or remedy. Any waiver must be in writing, signed by the party granting the waiver and is only effective to the extent set out in that waiver.

Severability

21.1

If the whole or any part of a provision of this agreement is or becomes invalid or unenforceable under the law of any jurisdiction, it is severed in that jurisdiction to the extent that it is invalid or unenforceable and whether it is in severable terms or not.

Entire agreement

22.1

This agreement states all the express terms agreed by the parties about its subject matter. It supersedes all prior agreements, understandings, negotiations, proposals and discussions in respect of its subject matter.

Relationship of the parties

23.1

The parties are and shall be independent contractors to one another. This agreement does not and is not intended to create an agency, joint venture, or partnership between the parties. Nothing in this agreement gives a party authority to bind any other party in any way or imposes any fiduciary duties on a party in relation to any other party.

Notices

24.1

All notices under this agreement must be in writing.

24.2

A notice will be taken to be received:

(a)

If hand delivered, on delivery;

(b)

If sent by email, on receipt of a non-automated reply or other form of communication confirming or indicating that the notice has been received; or

(c)

one business day after having been sent by overnight mail via a professional carrier

24.3

All business communications must be sent to the addresses identified for each party or to other persons or addresses as either Party designates in writing to the other. Legal notices must be sent with a copy addressed to: [email protected].

Counterparts

25.1

This agreement may be executed in any number of counterparts.

Governing Law and Jurisdiction

26.1

This agreement is governed by the law in force in New South Wales.

26.2

Each party irrevocably submits to the exclusive jurisdiction of courts exercising jurisdiction in New South Wales and courts of appeal from them in respect of any proceedings arising out of or in connection with this agreement.

Dispute Resolution.

27.1

Except in relation to any urgent declaratory, interlocutory, or injunctive relief, a dispute will be resolved by the parties first notifying the other party in writing of the dispute and then engaging in good faith discussions to resolve the dispute. If the dispute cannot be resolved between the parties within 30 days of a party being notified in writing of a dispute, or such other timeframe as agreed in writing between the parties, a party may take any action it requires to resolve such dispute, including commencing legal proceedings. Customer acknowledges and agrees that, in relation to payment disputes, Supplier may engage a debt collection agency and may notify any applicable credit reporting agency of any payment defaults.

The following additional terms and conditions contained in this Schedule 1 apply to the provision of Offensive Security, Penetration Testing, or Red/Purple/Black Teaming Services (as defined below and as referred to in any relevant Order).

Where Supplier is providing services designed to test the security of the Customer’s environment (including Penetration Testing), the Customer acknowledges and agrees:

(a)

the nature of the Services is designed to enable the Supplier to actively attempt to breach Customer’s security controls in order to obtain access to Customer’s systems, infrastructure, and data, and that such attempts might otherwise amount to criminal activity;

(b)

Customer consents to the Supplier attempting to gain such access to systems, infrastructure, and data (except for any systems or data specifically referred to as out of scope in an Order);

if Supplier activities are identified by Customer staff or any third party and are reported to any external body (including law enforcement bodies or regulatory agencies), the Customer will promptly notify that external body that the Supplier is undertaking authorised activities and provide any information required by such law enforcement or regulatory body to prove the Supplier’s authorised activities.

The Customer accepts that security testing carries inherent risks due to network vulnerabilities and unpredictable system reactions to unknown variables. Given the Supplier often conducts intrusion testing over public networks, the Customer acknowledges and assumes the risk of accidental information disclosure to third parties despite the Supplier's use of industry-standard security measures.

The Customer acknowledges that Services and Deliverables designed by the Supplier to test the security of the Customer’s environment have the potential to cause damage. The Customer indemnifies and holds the Supplier harmless from any claim, suit, damages and expenses (including, but not limited to legal costs and any consequential losses) arising out of or in connection with (i) the misuse of the Services or Deliverables (other than by the Supplier); (ii) deploying the Services or Deliverables other than in accordance with the Customer’s instructions (iii) Customer’s failure to comply with applicable laws, rules, and/or regulations regarding use of the Services and Deliverables; or (iv) any negligent act or omission by the Customer in relation to the Services or Deliverables.

The Supplier reserves the right to charge a cost recovery fee in circumstances where the Customer postpones, or cancels Offensive Security Services work, with less than 10 Business Days’ notice, and it is not able to redeploy the scheduled consultants onto other billable engagements. If a Cost Recovery Rate is not specified in an Order, AUD $2,500 per-person, per-day, will be the default charge, up to a maximum of 5 days.

The following additional terms and conditions contained in this Schedule 2 apply to the provision of Resale Services and Software under an Order. Where the Customer is purchasing Managed Services, Sovereign Managed Services, or SOAR Managed Services, these terms shall apply with respect to the third-party software utilised under an Order for those Services.

Vendor Terms

Where the Supplier is reselling either Resale Services or Software, Customer’s access to and use of those Services will be subject to any vendor terms made available to the Customer prior to or at the time of accepting the Services (Vendor Terms). Vendor Terms may take the form of an end-user licence agreement and may be provided separately or be included as click-through terms of use of the Service. The Customer agrees that as a condition of accepting Resale Services or Software, it will agree to and comply with the Vendor Terms and failure to do so could result in the Customer being unable to use the Resale Services or Software, in which case the Customer will still be liable for the Service Charges set out in the relevant Order.

The Customer agrees that, to the extent permitted by law and without limiting the Customer’s rights against the Supplier, if it has a claim in respect of the Resale Services or Software under the applicable Vendor Terms or otherwise as available at law (including the Competition and Consumer Act 2010 (Cth) if applicable) it will, along with any redress it chooses to seek, pursue that claim against the relevant vendor.

A failure of the Customer to comply with its obligations under the Vendor Terms is grounds for the Supplier or the vendor to suspend, or if irreparable, terminate the provision of the relevant Resale Services or Software. In this event, the Customer will remain liable for the Service Charges set out in the relevant Order.

The Customer acknowledges that the Supplier has no direct control over the features or performance of the Resale Services and Software and is bound to only supply those Services on strict resale terms which include passing through the Vendor Terms. As a result, the Customer agrees that in no circumstances (other than as prescribed by law) will the Supplier be liable for any amount or provide any warranties in relation to the Resale Services or Software. Resale Services and Software are provided on an as is basis and are not subject to acceptance testing.

Title and risk of loss or damage to Resale Services or Software passes to Customer’s when such Resale Services or Software are delivered. For Software, delivery occurs the earlier of Customer’s receipt of the applicable license key or access to the software is granted by the software publisher. Title to Resale Services or Software remains with the applicable vendor.

Cancellations of Software orders prior to or following shipment must be made in accordance with the cancellation or applicable return policies of the relevant vendor. Customer acknowledges and agrees that not all Software orders are capable of cancellation.

Unless otherwise stated on an order, software will automatically renew after their initial subscription period and Customer shall be responsible for the costs associated with such renewal. If Customer does not want Software Orders to automatically renew, Customer is responsible for notifying Supplier in advance of the automatic renewal date in accordance with the Vendor Terms.

Certain Software offerings may only be acquired through the online e-commerce portal of an independent software or cloud product vendor that is not set up in Supplier’s system or network of suppliers. Purchasing directly from such supplier’s e-commerce portal may require Supplier to electronically accept the Vendor Terms on Customer’s behalf. For any such Software offerings, Customer (i) authorises Supplier to accept the applicable end user terms on Customer’s behalf, which will govern Customer’s purchase and use of such Software, and (ii) accepts and agrees to (a) fully comply with the applicable end user terms on the supplier’s online e-commerce portal and (b) holds Supplier harmless from any liability or loss arising from the acceptance of the end user terms on the supplier’s online e-commerce portal

Software Pricing

Unless otherwise modified by the software vendor, the Supplier agrees to maintain the Software licence charges set out in the relevant Order for the initial licence period. After the initial licence period, where the Customer continues to use the Software, the Supplier may, on reasonable notice to the Customer, increase the licence charges, which may include passing on incremental increases proportionate to increased pricing from relevant vendors and any other input costs including operational costs and currency fluctuations.

10.

In the event that a vendor conducts an audit of your use of Software and reasonably establishes that your use of the Software exceeded the licence volume during any period, you will be liable to promptly pay for that use. The Customer acknowledges that this is a right that the vendor may enforce against the Supplier as a reseller and agrees that it is reasonable to pass this onto the Customer as the beneficiary of the use of the Software. Despite anything to the contrary, this clause survives termination of the Agreement.

Intellectual Property

11.

The Vendor Terms will set out the scope of the licence and acceptable use of the Software and any Intellectual Property Rights associated with the Resale Services. The Supplier provides the Software and Resale Services consistent with the scope and acceptable use constraints as contained in those terms.

The following additional terms and conditions contained in this Schedule 3 apply where the Customer is purchasing Hardware under an Order.

Delivery

Deliveries shall be made during normal working hours and at the cost and risk of the Customer.

The act of receiving the Hardware at the specified delivery address will constitute acceptance of the Hardware by the Customer. In the event the Customer or the Customer's agent was not available to accept the delivery, then the driver's signature, denoting the time, date & place of delivery shall be deemed to be acceptance of the said delivery by the Customer.

The Customer acknowledges that Hardware delivered to a courier is outside the Supplier’s control, and the Supplier will not be liable for any loss, damage, delay or non‐delivery of Hardware contributed to by a third party, to the extent permitted by law.

Ownership and Possession

Notwithstanding the delivery of any Hardware, the Hardware remains the sole and absolute property of the Supplier as full legal and equitable owner until such time as the Customer has paid the Supplier the full purchase price of the Hardware. Risk in all Hardware purchases passes to the Customer on delivery.

The Customer acknowledges that it receives possession of and holds Hardware delivered by the Supplier solely as bailee for the Supplier until such time as the full price for the Hardware has been paid to the Supplier. Until such time as the Customer becomes the owner of the Hardware, it must:

Store them on the premises separately;

ii.

Ensure that the Hardware are kept in good and serviceable condition;

iii.

Secure the Hardware from risk, damage and theft; and

iv.

Keep the Hardware fully insured against such risks that are usual or common to insure against in a business of a similar nature to that of the Customer.

Should the Customer stop payment or call a meeting of its creditors or become insolvent or subject to the bankruptcy law or being a company calls a meeting for the purpose of or to go into liquidation or have a winding-‐up petition presented against it or has a receiver or administrator appointed, the Supplier may at its option notwithstanding its waiver of such default or failure and without prejudice to its other rights under this agreement suspend or cancel this agreement or require payment in cash before or on delivery or tender of Hardware or documents notwithstanding terms of payment previously specified or may, subject to the law, repossess and take over the Hardware and dispose of the same in its own interest without prejudice to any claim it may have for damages for any loss resulting from such resale.

If the Customer does not pay for any Hardware on the due date then the Supplier is hereby irrevocably authorised by the Customer to enter the Customer’s premises (or any premises under the control of the Customer or as agent of the Customer in which the Hardware are stored at such premises) and use reasonable force to take possession of the Hardware without liability for the tort of trespass, negligence or payment of any compensation to the Customer whatsoever.

On retaking possession of the Hardware the Supplier may elect to refund to the Customer any part payment that may have been made and to credit the Customer’s account with the value of the Hardware less any charge for recover of the Hardware, or to resell the Hardware.

Security and PPSA

For the purposes of this clause, “PPSA” means the Personal Property Securities Act 2009 (Cth) as amended from time to time. Where a particular section or term from the PPSA is used in this agreement, it is deemed to be that section or term as defined or used in the PPSA as amended, renumbered or replaced from time to time.

10.

The Customer acknowledges and agrees that this agreement constitutes a security agreement in relation to the Supplier’s security interest in all present and after-acquired Hardware for the purposes of the PPSA. The Customer agrees to grant a “Purchase Money Security Interest” to the Supplier.

11.

For the avoidance of doubt, the Customer acknowledges and agrees that it grants to the Supplier a security interest in all Hardware supplied by the Supplier to the Customer (whether now or in the future) and in any proceeds from the sale of those Hardware.

12.

To the extent permitted by law, the following provisions of the PPSA do not apply and for the purposes of section 115 of the PPSA are contracted out of this agreement:

sections 95 (notice of removal of accession), to the extent that it requires the Supplier to give notice to the Customer, 96 (retain of accession) and 125 (obligation to dispose of or retain collateral);

ii.

section 130 (notice of disposal), to the extent that it requires the Supplier to give notice to the Customer;

iii.

section 132(3)(d) (contents of statement of account after disposal);

iv.

section 132(4) (statement of account if no disposal);

section 135 (notice of retention);

vi.

section 142 (redemption of collateral); and

vii.

section 143 (reinstatement of security agreement).

13.

For the purposes of section 14(6) of the PPSA, the Customer (and the Supplier) agree that any payments received from the Customer by the Supplier pursuant to or in any way connected with this agreement will be applied in such order as the Supplier deems fit in its absolute discretion.

14.

The Customer consents to:

execute any other document or instrument required to give effect to the security interests created by this agreement; and

ii.

the registration with the relevant authority or public register of any security interest created by this agreement or any other document required to give effect to a security interest created by this agreement, including without limitation the registration of a financing statement or financing change statement on the Personal Property Securities Register.

15.

The Customer must pay all costs of and incidental to the preparation, execution and registration of any instrument which is executed for the purposes of giving effect to this clause and must also pay all costs incidental to the withdrawal, discharge or release of such instrument.

16.

To the extent permissible at law, the Customer waives its right to receive notification of or a copy of any Verification Statement confirming registration of a Financing Statement or a Financing Change Statement relation to a Security Interest granted by the Customer as Grantor to the Supplier.

Returns

17.

Returns on Hardware can only be accepted if authorised in writing by the Supplier (which may be given, given with conditions, or withheld at the absolute discretion of the Supplier), and the Hardware are in the same condition as delivered and within 14 days of delivery. The Supplier reserves the right to charge the Customer for any costs or losses incurred by the Supplier, in addition to any amounts charged by the third-party manufacturer or distributor of the Hardware.

Hardware Pricing

18.

The price of any Hardware is quoted EXW (Incoterms 2010) from the Supplier’s premises.

Installation of Hardware

19.

The Supplier will only be responsible for the installation of the Hardware where specified in an Order. Acceptance of the Hardware will not be contingent on installation unless explicitly set out in the terms of the Order and liability for payment for the Hardware will arise on order.

20.

Pricing and details of installation will be set out in the Order.

21.

Where Supplier personnel are required to attend the Customer’s premise to conduct the installation, the Customer will ensure a safe working environment and indemnify the Supplier and its personnel for any injury or loss arising on the Customer’s premises.

Manufacturer’s terms

22.

Provision of the Hardware and ongoing maintenance and support (if included) may be provided on the basis of the Customer accepting end-user terms directly with the Hardware manufacturer (Manufacturer). The Customer agrees that as a condition of accepting the Hardware, it will enter into end user terms if provided and failure to do so could result in a failure to complete the sale and a return of goods in accordance with the above.

23.

The Customer acknowledges that the Supplier has no direct control over the features or performance of the Hardware and is bound to only supply the Software on strict resale terms which include passing through Manufacturer terms. As a result the Customer agrees that, to the extent permitted by law and without limiting the Customer’s rights against the Supplier, if it has a claim in respect of the Hardware under any end user agreement or otherwise as available at law (including the Competition and Consumer Act 2010 (Cth) if applicable) it will, along with any redress it chooses to seek, pursue that claim against the Manufacturer.

Dynamic Pricing and Volatile Components:

24.

Certain Hardware products contain components subject to significant market volatility, including without limitation DRAM, NAND, DIMMs, and other constrained products, as well as any finished products containing such components (“Volatile Components”). Prices and lead times for products containing Volatile Components may change at any time prior to shipment based on Manufacturer or supplier pricing, surcharges, discounts, incentives, allocation decisions, or other commercial terms (collectively, “Hardware Changes”).

25.

If any Hardware Change occurs after Supplier issues a quote but before shipment that materially affects Supplier’s cost or availability for such products, Supplier may adjust the price and/or estimated delivery date for the affected product to reflect such Hardware Change. Supplier will notify Customer of any such adjustment prior to shipment. Within the period specified in the notice, Customer may: (a) accept the adjusted price and/or delivery date; (b) request commercially reasonable alternative products or configurations proposed by Supplier; or (c) cancel the affected order to the extent it contains such products. If Customer does not respond within the specified period, Supplier may treat the affected product as cancelled and refund any prepaid amounts for that product as Customer’s sole remedy.

26.

Customer acknowledges that market conditions, including increased demand for certain components used in AI and datacentre workloads, may cause product prices to fluctuate over short periods. Supplier may update prices for affected products from time to time to reflect such market conditions. Unless otherwise expressly agreed in writing, no price is guaranteed for future orders, and any renewal, extension, or expansion will be priced at Supplier’s then current rates.

The following additional terms and conditions contained in this Schedule 4 apply where the Customer is acquiring Team Augmentation under an Order.

For the purpose of this Schedule, we, us, our is a reference to the Supplier and you, your is a reference to the Customer.

Relationships

Whilst on an assignment, our consultant/s (Consultants) will be under your day-to-day control, and you will be responsible for their supervision.

We reserve all other rights to control the employment or other contract relationship with our Consultants.

If you are not satisfied with one of our Consultants and want a replacement, you will:

(a)

speak to us directly about the replacement of our Consultant; and

(b)

not communicate anything to our Consultant indicating that their on-hire assignment will be cancelled, or words to that effect.

If you are not satisfied with one of our Consultants but do not want our Consultant replaced, you may speak to our Consultant in order to give any reasonable instruction, provided that you contact us as soon as reasonably practicable to discuss the matter.

Our Charges

Consultant’s work attendance records will be emailed to you, as set out in the Order, every week through our work attendance software. You agree to ensure the approver/s promptly respond to the previous week’s work attendance records.

You agree that you and your employees and agents will not disclose to the Consultant any information regarding the rates paid by you to us for the services of the Consultant unless unavoidable in the course of the assignment.

Invoicing and Charges

We may withdraw the services of the Consultant immediately if payment is not made within the payment terms specified in the Order. Any additional costs incurred by us and/or our agents in securing payment will be charged and invoiced to you, and you agree to pay any such invoice received from us in accordance.

In addition to sums due to us in respect of invoices rendered for work carried out by the Consultant, you will pay to us all reasonable expenses incurred by the Consultant in carrying out the work for you, provided that any such expenses have been authorised by you through our work attendance software, or in writing.

In the event of the Consultant’s place of work being changed during the term of this Agreement and/or if any work is to be performed by the Consultant outside Australia, we reserve the right to alter the charges payable by you and to recover from you any additional costs including, but without limitation, the reasonable travel and accommodation costs associated with the Consultant working outside Australia.

General matters and other responsibilities

10.

You will:

provide us with full and accurate information about the job requirements relevant to the assignment by means of an assignment description;

provide the Consultant with a suitable place for the Consultant to carry out his or her work that is comparable to and of a similar standard to that provided by you for your permanent staff;

not allocate tasks or responsibilities to our Consultants or require our Consultants to perform or participate in work, other than in accordance with the relevant assignment description;

not request our Consultants to perform or participate in any work or use any equipment with which our Consultants, or their employees or agents, are unfamiliar or in respect of which they are unqualified or have not received adequate training;

comply with your obligations to our Consultants pursuant to relevant legislation, including legislation relating to workplace or occupational health and safety, discrimination and harassment.

maintain a safe work environment and safe systems of work; establish safe work practices; communicate safe work procedures to each of our Consultants; comply with safety standards; maintain plant and equipment; and provide site-specific induction, training and safety consumables to our Consultants where appropriate;

inform our Consultants and us promptly of any unusual workplace risk or practice or of any change in the site or safety conditions that may present a hazard to our Consultants.

comply with our reasonable requests to ensure the workplace health and safety of our Consultants and to promptly rectify any deficiency in the provision of a safe work environment or safe systems of work that, in our reasonable opinion, would pose a threat to the safety of one of our Consultants or to any other person who may attend a place at which work is or may be performed by one of our Consultants under the assignment;

notify us immediately of any event that may give rise to a claim under any insurance policy, statutory indemnity or self-insurance arrangement that relates to our Consultants, whether such policy, indemnity or arrangement is held or established by you or by us;

report to us any performance issues in relation to our Consultants in a written format so that we can manage the feedback process with our Consultants;

forward to us promptly a written notification of any workplace incident that may give rise to a claim by, against or involving our Consultants; and

abide by all federal and state laws that cast upon you any obligation to do, or refrain from doing, anything or to make or pay any payment, deduction, premium, levy, allowance, compensation, damages, interest or costs in respect of or in connection with the engagement of our Consultants.

Our responsibilities

11.

We are responsible for the following in relation to our Consultants whilst on assignment with you:

establish and maintain communication methods for our Consultants to contact us if they consider that there is a risk to their health or safety;

the payment of all amounts due to our Consultants under the terms of any relevant industrial instruments or contracts;

if our Consultant is an employee, the payment of leave entitlements (if any), including but not limited to annual leave, sick leave, parental leave and long service leave;

subject to the Assignment Details, the deduction and/or remittance of all appropriate Federal and State taxes, including but not limited to income tax, fringe benefits tax and payroll tax, as may be required by law;

workers’ compensation under applicable legislation in the relevant jurisdiction, unless the legislation casts that responsibility on you;

the payment of an amount as superannuation into a superannuation fund to avoid the imposition of any charge as may be required by law; and

such other matters or things as may be negotiated between you and us and as are set out in the Order.

Exclusions and Indemnity

12.

Where they are acting under your direction we make no representation or guarantee that any of our Consultants will achieve a certain level of performance, achieve a certain outcome, solve a particular problem or attain a specific goal.

13.

Our Consultants may refuse work if it reasonably appears that the working environment is or has become unsafe for any reason, including but not limited to you:

having not established safe work procedures;

not complying with safety standards;

not maintaining plant and equipment; or

not complying with any relevant health or safety legislation or regulations;

14.

If you terminate an assignment other than for our material breach, you agree that you will reimburse us for any costs or claims that arise as a result of that termination including payments in respect of any notice period a Consultant is owed as a result of being contracted by us to provide the Services.

Intellectual Property

15.

We assign the rights to any intellectual property developed by the Consultant in the course of carrying out the Assignment to you.

16.

We reserve the exclusive right to any pre-existing methods, techniques and processes utilised or owned by us. These will remain our property at all times. You will maintain the confidentiality of all of our methods, techniques and processes given to you or communicated to you by the Consultant or by us and will not communicate or give any such information to any third party without our prior written consent.

The following additional terms and conditions contained in this Schedule 5 apply where the Customer is purchasing the Sekuro Cyber Resiliency Program (CRP or the Program) under an Order.

CRP Services

The Cyber Resilience Program is a program of Services designed to deliver a strategic and programmatic approach to cyber security. It goes beyond individual services and solutions, providing an ongoing security program, tailored to continuously improve cyber security posture and maturity.

Term and Price of Service

The Program will be priced in accordance with the relevant Order and may consist of a once-off onboarding charge and an ongoing, periodic service charge.

The Program will continue from the service commencement date until cancelled in accordance with clause 6 below.

On each anniversary of the Program, the monthly service charges will automatically increase in line with the Consumer Price Index, unless alternative pricing has been agreed by way of an Order.

At the end of any term specified in an Order, the Program, and the associated ongoing, periodic service charges will continue, unless varied in accordance with clause 7.

Variation and Cancellation

Subject to any term specified in an Order, either party may cancel the Program by giving the other party written notice of its intention to cancel the service on 3 complete months’ notice. The service will terminate 3 months after the end of the month in which the notice is given.

If either party wishes to vary the Program in terms of scope, pricing or applicable rates (other than in accordance with clause 6) they will provide the other party details of the requested change. If the changes are agreed in writing, they will take effect 3 months after the end of the month in which they are agreed (unless the parties mutually agree that they apply sooner).

Customer Obligations

The Customer will:

provide the Supplier with all accesses and rights with respect to the Customers IT environment and architecture to enable the Supplier to perform the CRP Services, including, where necessary, the necessary rights under third-party licences to access and use Customer software and equipment on the Customer’s behalf;

promptly notify the Supplier about any changes proposed or made to the Customer IT environment and architecture which may affect any aspect of the CRP Services;

make all reasonably requested changes required by the Supplier to the Customers IT environment to enable the proper performance of the CRP Services; and

ensure that it provides the Supplier with up-to-date contact information to allow Customer contact for all security notifications to the Customer.

Incorporation of other Services

CRP may incorporate other Services, including, but not limited to, Offensive Security Services. The Schedules to this agreement that relate to those Services apply to those elements of the CRP.

10.

In providing the Program, the Customer may be required to enter into Vendor Terms with respect to any Resale Services or Software provided as part of the CRP Services (as defined in Schedule 2 above). The terms of Schedule 2 are applicable to any Software resale.

The following additional terms and conditions contained in this Schedule 6 apply where the Customer is acquiring Incident Response Services under an Order, as described therein. For the purpose of this Schedule, we, us, our is a reference to the Supplier and you, your is a reference to the Customer.

Fees and charges

You must pay us the fees in the amounts and at the times set out in the Order.

You acknowledge that units of time shall be charged for time spent on or incidental to the Services at the rates set out in the Order. Units of time will be billed in 6-minute increments.

Where pricing is based on use, we round up use in the billing period to the nearest whole unit (for example, 1.4GB is rounded up to 2GB).

You must reimburse us for out-of-pocket expenses reasonably and actually incurred by us in performing the Services, including but not limited to data storage devices, consumables, travel costs and couriers.

We may charge you, and you agree to pay, our reasonable costs incurred in identifying, examining and rectifying any of the following faults:

faults resulting from interference caused by you or any person accessing the products you are receiving using your password or access key or by your invitation;

faults caused by your breach of these Terms

your negligence or the negligence of any person accessing the products you are receiving using your password or access key or by your invitation;

faults as a result of your software being incompatible with a product, service or feature; or

faults with your equipment that have not been caused by us.

Variation to quoted price

Where the quoted price will be impacted as a result of any change to any matters not included in the scope of our engagement, we will be entitled to charge you reasonable additional fees which relate solely to these factors provided:

that we notify you as soon as possible after we become aware of one of these factors occurring; and

that we tell you what additional fees will be charged.

Financial Security

If you cancel all your services, we return the security deposit or advance payment to you less any outstanding charges.

Our acceptance of any form of security or advance payment does not affect any other terms of these Terms.

We shall be entitled to retain by way of lien any funds, property, papers or data of yours which are in our power, possession or control until all costs, disbursements, interest or other monies due to us have been paid, notwithstanding that our retainer may have ceased.

Subcontracting

10.

We reserve the right to Subcontract elements of our Incident Response and Digital Forensics Services. Our preferred partner for these Services is Forensics IT Pty Ltd (ABN 71 663 224 413).

Warranty

11.

We cannot guarantee that the Services will produce particular results or outcomes for you. If we are engaged as an expert witness, we do not warrant the outcome of any case. We remain bound by our overarching obligations to the Court to present our evidence without bias.

12.

We do not accept responsibility or liability for defects in a Service that result from your instructions, inputs and/or materials.

13.

We aim to meet the scheduled timeframes and delivery dates set out in the Order. Any indications given by us with respect to the delivery dates are estimates only and may vary.

Security

14.

We aim to keep your products secure so that your use of and the data you transfer to and/or from your products is not visible to unauthorised third parties. We do not, however, guarantee such protection. We will not be liable for the actions of unauthorised third parties obtaining data or access to data in our possession.

15.

We aim to protect our equipment and service platform against intrusions, viruses, Trojan horses, worms, time bombs and other similar harmful software which may affect your service, as well as vulnerabilities which may expose our equipment and service platform to the risk of intrusion or attack. We do not, however, guarantee such protection and will not be liable for any loss that may result to you or third parties.

Service Software

16.

We use software to provide many of the products provided and we do not guarantee that such software is error-free.

17.

As part of your service, we may provide you with a non-exclusive, non-transferable licence to use certain software or may give you access to software as a service (“Service Software”) for the sole purpose of you accessing and using your Service (including any software service).

Intellectual property rights

18.

If we provide you with any documents, processes, service configurations or software as part of your Service, we (or our licensors) will:

continue to own the Intellectual Property Rights in those materials; and

during the Term grant you a non-exclusive, non-transferable licence to use that material solely for purposes required to use the products, services and features you are receiving.

19.

If you provide us with material relevant to your products, you grant us a non-exclusive, non-transferable licence to use that material for purposes for or relating to the provision of your products, services or features.

Your obligations

20.

You must ensure that we are informed of all matters relevant to our engagement, including but not limited to:

Any Court orders that may apply to our engagement or the use of any data;

Our obligations to third parties or to a Court, including obligations relating to confidentiality, retention of data, possession of data and chain of title;

Any usual risks that our staff may face, including hostile opponents, and objectionable data content such as pornography or depictions of violence; or

Any other matters that may impact on the price of our services, the amount of work to be done to complete our services or the safety of our representatives.

21.

You must comply (and ensure that your users comply) with all licence terms applicable to the Service Software.

22.

Except as permitted by law, you must not (and you must ensure that your users do not):

remove any copyright, trademark or similar notices on the Service Software;

attempt to reverse engineer, decompile, disassemble, or derive any part of the source code of the Service Software; or

modify, translate, or create derivative works based on the Service Software.

23.

You must take steps to prevent unauthorised access to your service and our service platform, for example, by not disclosing security credentials (such as usernames and passwords) related to your products (except as required by such product).

24.

You must install Service Software, other software, upgrades and patches as directed by us (including allowing us to install certain Service Software). If you fail to do so, we may suspend or refuse to support your service.

Indemnity

25.

You indemnify us against all loss, liability, cost or expense, suits or proceedings arising as a result of or in connection with any third-party claim that relates to the provision (or lack of provision) of our Services, including but not limited to:

the seizing, access to, imaging or copying of third-party property or data;

your data (including any data stored on our storage platform); or

arising as a result of or in connection with your use of the products you are receiving pursuant to our engagement letter.

26.

You acknowledge that in the circumstances of an incident, timing and reliance by us on your obligations are critical and you indemnify us against (and must pay us for) any costs (including legal costs) relating to your breach of these Terms.

Our personnel

27.

Where our personnel perform the Services at your premises or at any location other than our offices, you will ensure that the premises comply with all applicable health, safety, environment and community laws and regulations.

28.

You will obtain any consents and fund any site access and induction fees necessary to enable our personnel to access premises for the purposes of providing the Professional Services to you.

Responsibility for your inputs

29.

You warrant that you have the full authority of the owners of copyright material in your possession for us to copy and interrogate that material. You must immediately inform us if you become aware of any infringement or suspected infringement of our Intellectual Property Rights.

30.

You are responsible for any loss, damage, liability, costs or expenses incurred by us as a result of a claim that any inputs or material provided by you or its use by us in accordance with your Services infringes the Intellectual Property Rights of any person.

31.

You are responsible for ensuring that you comply with all laws or regulations which require you to retain certain records, data and information.

Take Down Notices and Directions

32.

You must promptly notify us if you receive any direction, from any person, regulatory authority or court, which relates to the data that we are storing on your behalf. You must promptly comply with any such notices and directions.

Termination

33.

We may suspend our Services with immediate effect if we reasonably believe that you are in breach of these Terms.

34.

We may cancel our Services:

at our absolute discretion by giving at least 30 days’ notice;

if we believe in our reasonable opinion that you are in breach of these Terms;

if providing the Services to you may be illegal or we anticipate that it may become illegal; or

if you become bankrupt or insolvent or appear likely to do so.

35.

You may cancel your Services at any time by giving us not less than 14 calendar days prior written notice (or such other notice as may be specified in your application form) and only if you have paid all amounts outstanding to us. We will cease work in accordance with that notice. We will charge you for all Professional Services performed up to the end of the notice period.

Your Data

36.

If we store your data as part of your Services, you grant us a licence to host or store your data for all purposes required for or related to our provision of Services.

37.

Subject to all accounts being paid in full, we will provide you with a copy of your data on request. We will permanently delete your data on your request.

38.

Notwithstanding any clause to the contrary in these Terms, we accept liability for loss of data only where that loss of data is directly attributable to our breach of contract or negligent act or omission. The amount of any data loss for which we are liable is limited in aggregate to the total amount of $1,000.

Privacy

39.

11.1 We rely on you to ensure that you have taken all legally necessary steps to allow us and our third-party suppliers to collect personal information from your users and to use, disclose, store and transfer such personal information in accordance with this agreement. You indemnify us against any claim, cost, loss or liability which may arise in connection with your failure to do so.

Outages

40.

We will endeavour to carry out scheduled maintenance where we need to implement an emergency outage to perform urgent work without affecting your products, services or features. However, your products, services or features may not be available during these periods

41.

If we are required to perform emergency maintenance on our service platform, then we will endeavour to inform you as soon as possible. Your Services will not be available during an emergency outage. We aim to provide you with as much notice as possible before an emergency outage.

The following additional terms and conditions contained in this Schedule 7 apply where the Customer is purchasing Managed Services, including Orchestrated Vulnerability Management (OVM), or Managed Extended Detection & Response (Managed XDR). (refer to Schedule 8 for Sovereign Managed Service specific terms)

Managed XDR & OVM Services

The Managed XDR Service is designed to complement industry leading SIEM platforms with the Supplier’s human skills and expertise, to deliver a world class managed extended detection and response service.

The OVM Service provides a centralised approach to identifying, prioritising, and remediating vulnerabilities across digital infrastructure. By leveraging automation and orchestration, OVM streamlines the vulnerability management process, reducing the time between detection and resolution.

Where Cribl Software is being utilised as part of the Services, the Cribl terms will apply and prevail to the extent of inconsistency with any other term of this Agreement - [https://cribl.io/legal/cribl-subscription-services-agreement/]

In respect of access to, and use of the service management tool, Jira, The Atlassian terms will apply and prevail – [https://www.atlassian.com/legal/atlassian-customer-agreement#intro]

Third-Party SIEM & OVM Platforms

The Customer acknowledges and accepts that as part of the Managed XDR Service it’s Log Files will be routed to, and hosted by the third-party SIEM provider, and the Vendor Terms of that third-party provider shall apply and prevail in the case of any inconsistency with this Agreement.

The Customer acknowledges and accepts that as part of the OVM Service it’s Log Files, collected from scanners and other vulnerability detection software, will be routed to, and hosted by a third-party vulnerability management provider, and the Vendor Terms of that third-party provider shall apply and prevail in the case of any inconsistency with this Agreement.

Customer Obligations

The Customer must nominate a manager, who is appointed to manage the Customer’s obligations with respect to Managed Services onboarding, and to assist the Supplier (including but not limited to providing access to physical sites, networks, infrastructure, documentation, licence information, Customer Material and employees and contractors) to the extent reasonably necessary to enable the Supplier to perform the Managed Services.

Except for specific, associated Hardware or Software that the Customer is also procuring from the Supplier, the Customer is responsible for procuring all software, telecommunications, network and computer equipment required to create the Log Files.

10.

The Customer is responsible for configuring, and maintaining all software, telecommunications, network and computer equipment required to create the Log Files.

11.

The Customer acknowledges and accepts that the Supplier has no control of the content of the Log Files. Should the Customer require that any of its confidential, private, or personally identifiable information be excluded from the SIEM or OVM Platform, then it alone is responsible for ensuring that the Log Files do not contain data of that nature.

12.

Whilst the Supplier will make genuine and reasonable attempts to communicate foreseeable excess usage costs, if a verification or usage report reveals that the Customer has exceeded the purchased capacity or usage limits specified in an Order, the Supplier will have the right to recover any resulting third-party fees from the Customer.

13.

Where the Customer permits or authorises it’s employees, consultants, contractors, or agents to access the SIEM or OVM Platform, the Customer will be responsible for any of their actions that affect the viability, security, and usage of the Managed Services.

Term & Termination

14.

Unless otherwise agreed by the Parties in writing, The Managed Services, will start on the earlier of the date that Managed Service onboarding has been completed, or 12 weeks after the date that the Order was executed. The Managed Services will terminate at the end of the term, as specified in the Order.

The following additional terms and conditions contained in this Schedule 8 apply to the provision of Services only where the Customer is purchasing Sovereign Managed Services, including Managed XDR Sekuro Private Cloud (Managed XDR SPC), or Log Management as-a-Service (LMaaS) under an Order.

The SPC Services

The Managed XDR SPC Service is designed to provide a world class managed extended detection and response service, combining best-of-breed technology and skilled human expertise, whilst ensuring sovereignty of the Customer’s Log Files in a Dedicated AWS Instance located in the AWS Infrastructure Region of the Customer’s selection

LMaaS is designed to streamline and unify the collection, centralisation and management of Log Files, allowing Customer’s to derive increased value through fast, reliable and secure log querying and analysis.

The SPC Platform

In providing the Managed XDR SPC and LMaaS Services, the Customers Log Files will be ingested into the SPC Platform, where the software and infrastructure referred to below will be utilised. The Vendor Terms referred to below apply to the provision of that aspect of the Managed XDR SPC / LMaaS Services and prevail in the case of inconsistency with any other term of this Agreement:

In respect of hosting of the Log Files: AWS – [ https://aws.amazon.com/service-terms/ ]

In respect of routing of the Log Files: Cribl – [ https://cribl.io/legal/cribl-subscription-services-agreement/ ]

In respect of the management of the Log Files: CrowdStrike – [ https://www.crowdstrike.com/terms-conditions/ ]

In respect of the service management: Atlassian Jira – [ https://www.atlassian.com/legal/atlassian-customer-agreement#intro ]

The Supplier will not intentionally delete any Log Files from the SPC Platform. However, unless explicitly specified in an Order, the Supplier is under no obligation to backup the Log Files, and therefore will not be liable for any loss or corruption of Customer Data ingested into the SPC Platform.

Customer Obligations

The Customer must identify a manager, who is appointed to manage the Customer’s obligations with respect to Sovereign Managed Services onboarding, and to assist the Supplier (including but not limited to providing access to physical sites, networks, infrastructure, documentation, licence information, Customer Material and employees and contractors) to the extent reasonably necessary to enable The Supplier to perform the Sovereign Managed Services.

The Customer is responsible for configuring, and maintaining all software, telecommunications, network and computer equipment required to create the Log Files.

The Customer acknowledges and accepts that The Supplier has no control of the content of the Log Files. Should the Customer require that any of its confidential, private, or personally identifiable information be excluded from the SPC Platform, then it alone is responsible for ensuring that the Log Files do not contain data of that nature.

10.

Where the Customer permits or authorises it’s employees, consultants, contractors, or agents to access the SPC Platform, the Customer will be responsible for any of their actions that affect the viability, security, and usage of the Sovereign Managed Services.

Term & Termination

11.

Unless otherwise agreed by the Parties in writing, The Sovereign Managed Services, will start on the earlier of the date that Sovereign Managed Service onboarding has been completed, or 12 weeks after the date that the Order was executed. The Sovereign Managed Services will terminate at the end of the term, as specified in the Order.

The following additional terms and conditions contained in this Schedule 9 apply to the provision of Services only where the Customer is purchasing Service Orchestration and Response Managed Services (SOAR) under an Order.

Security Orchestration and Response

Sekuro’s SOAR Service is designed to integrate with the Customer’s environment to automate incident response processes and mange alerts more efficiently,

The SOAR Platform

In providing the SOAR Services, the customers Log files will be ingested into the SOAR Platform, where security event management is managed and automated using Swimlane software. The Swimlane Vendor Terms (Swimlane SaaS Terms of Service and Software License Agreement) apply to the provision of that aspect of the SOAR Services and prevail in the case of inconsistency with any other term of this Agreement: [ https://swimlane.com/legal/ ]

In respect of access to and use of the service management tool, Jira, The Atlassian terms will prevail – [ https://www.atlassian.com/legal/atlassian-customer-agreement#intro ]

The Supplier will not intentionally delete any Log Files from the SOAR Platform. However, unless explicitly specified in an Order, the Supplier is under no obligation to backup the Log Files and therefore will not be liable for any loss or corruption of Customer Data ingested into the SOAR Platform.

Customer Obligations

The Customer must identify a manager, who is appointed to manage the Customer’s obligations with respect to SOAR Services onboarding, and to assist the Supplier (including but not limited to providing access to physical sites, networks, infrastructure, documentation, licence information, Customer Material and employees and contractors) to the extent reasonably necessary to enable The Supplier to perform the SOAR Services.

Except for specific, associated Hardware or Software Services that the Customer is also procuring from the Supplier, the Customer is responsible for procuring all software, telecommunications, network and computer equipment required to create the Log Files.

The Customer is responsible for configuring, and maintaining all software, telecommunications, network and computer equipment required to create the Log Files.

The Customer acknowledges and accepts that the Supplier has no control of the content of the Log Files. Should the Customer require that any of its confidential, private, or personally identifiable information be excluded from the SOAR Platform, then it alone is responsible for ensuring that the Log Files do not contain data of that nature.

Where the Customer permits or authorises it’s employees, consultants, contractors, or agents to access the SOAR Platform, the Customer will be responsible for any of their actions that affect the viability, security, and usage of the SOAR Services.

10.

Before commencement of the SOAR Managed Services, the Customer accepts that it must sign a SOAR Authorisation Form that includes a ‘playbook’ of agreed actions workflows that define the responsibilities of the Customer and the Supplier in the provision of the SOAR Services.

Service Limitations

11.

While the Supplier will exercise reasonable care in the performance of the SOAR Services, the Customer acknowledges that the SOAR Services are designed as a threat incident response service and are provided on a best-efforts basis only. The Customer agrees that the Supplier shall not be liable for any damages, costs or other consequences arising from the Supplier taking an action that has been authorised and specified in the SOAR Authorisation Form; nor shall the Supplier be liable for any damages, costs or other consequences arising from a decision not to take an action specified in the SOAR Authorisation Form, where it decides in good faith, based on the information available to the Supplier at the time, action was not in the best interest of the Customer.

Term & Termination

12.

Unless otherwise agreed by the Parties in writing, The SOAR Services will start on the date specified in the SOAR Authorisation Form. The SOAR Services will terminate at the end of the term, as specified in the Order. If a term is not specified in in the Order, the SOAR Services shall terminate on the date that the Customer’s Managed Service, or Sovereign Managed Service terminates.