Quick Quote
Contact Us

+61 1800 735 876

Contact Us
Quick Quote

Terms and Conditions

BACKGROUND

 

The Supplier, Sekuro Operations Pte Ltd (formerly trading as Privasec Pte Ltd.). (‘Sekuro’ or ‘Supplier’) is in the business of providing Cyber Security and Information Technology Services.

The ‘Customer’ wishes to obtain, and the Supplier wishes to provide, the Services on the terms set out in this Master Services Agreement (“MSA”).

 

GENERAL TERMS

  1. Definitions and interpretation
    • 1.1 Capitalised terms or expressions used in this agreement have the meanings set out in this clause.

      Agreement Commencement Date: the date when the agreement has been signed by all the parties.

      AWS Order: is an order placed through the AWS Marketplace.

      Business Day: a day on which banks are open for business in London, other than a Saturday, Sunday or public holiday.

      Business Hours: the period from 9.00 am to 5.00 pm on any Business Day.

      Change Order: has the meaning given in clause 7.1.

      Consumer Price Index: the Consumer Price Index (All Groups) (UK) published by the  Office for National Statistics.

      Companiess Act

      Customer’s Equipment: any equipment, including tools, systems, cabling or facilities, provided by the Customer, its agents, subcontractors or consultants which is used directly or indirectly in the supply of the Services.

      Customer Materials: all documents, information, items and materials in any form, whether owned by the Customer or a third party, which are provided by the Customer to the Supplier in connection with the Services.

      Customer’s Representative: has the meaning given in clause 5.1(b).

      Data Breach Investigation: an investigation as required to be carried out in accordance with clause 11.3(c).

      Data Incident: an Eligible Data Breach that has, or is reasonably suspected of having, occurred in respect of any Personal Information the Supplier has collected, held, used or disclosed in the course of or relating to this agreement.

      Deliverables: any output of the Services to be provided by the Supplier to the Customer as specified in an Order and any other documents, products and materials provided by the Supplier to the Customer in relation to the Services (excluding Hardware and Software and the Supplier’s Equipment).

      Eligible Data Breach

      VAT Law Value Added Tax Act 1994  (UK)

      Hardware: any physical product sold to the Customer by the Supplier.

      Intellectual Property Rights: patents, rights to inventions, copyright and related rights, trademarks, business names and domain names, technology and all other intellectual property rights, whether registered or unregistered.

      Managed Services:  where the Supplier provides certain, ongoing cyber security services, including, but not limited to the following services as described in the relevant Order:
      1. Cyber Resiliency Program
      2. Managed SOC
      3. Threat Monitoring
      4. Managed Detection & Response
      5. Continuous Vulnerability Management

      Milestone: a date by which a part or all of the Services is to be completed, as set out in a Quote, Proposal or SoW.

      Order: means either:

      1. the Customer’s request for Services based on a valid Quote that has subsequently been accepted by the Supplier (which may be made via the Supplier’s online quotation system);
      2. a SoW or Proposal, issued by Sekuro, for the provision of Services that has been signed by the Customer; or
      3. an AWS Order.

      Personal Data/Information:  is defined as “any information relating to an identified or identifiable natural person” (Articles 4 and 26 of the UK GDPR)

      Privacy Acts

      Professional Services: the provision of information technology professionals for consulting, design, development, implementation or training projects as described in a Quote, Proposal or SoW,

      Proposal: a document describing the Services to be provided by the Supplier and applicable pricing and charges.

      Quote: a quotation for Services to be provided, including applicable Service Charges.

      Resale Services: services (including support) that are performed by a third-party vendor and resold to the Customer by the Supplier under the Agreement.

      Sensitive Information: has the same meaning given to individual identifiable information in section 3(3) of the Data Protection Act

      Service Charges: the amounts payable for the Services as set out in the relevant Quote, Proposal or SoW.

      Services: the services to be provided to the Customer as set out in a Quote, Proposal or SoW, which may include the provision of Hardware, Software, Professional Services, Managed Security Services or any other services offered by the Supplier and agreed to be supplied under an Order.

      Software: software (including any software-as-a-service or licenced software) that is owned by a third-party vendor and provided to the Customer by the Supplier under the Agreement.

      Statement(s) Of Work (SoW(s)): a document describing the Services to be provided by the Supplier and applicable pricing and charges.

      Supplier’s Equipment: any equipment (other than Hardware), including tools, systems, cabling or facilities, provided by the Supplier to the Customer and used directly or indirectly in the supply of the Services.

      Term: has a meaning given in clause 2.1.

    • 1.2 In this agreement, the following rules of interpretation apply unless the contrary intention appears or the context otherwise requires:
      1. a) headings and subheadings are for convenience only and do not affect the interpretation of this agreement;
      2. b) a reference to a body (other than a party to this agreement), whether statutory or not, that ceases to exist or has its powers or functions transferred to another body is a reference to the body that replaces it or that substantially succeeds to its powers or functions;
      3. c) no provision of this agreement will be construed adversely to a party because that party was responsible for the preparation of that provision or this agreement;
      4. d) specifying anything in this agreement after the terms “include”, “including”, “includes”, “for example”‘, “such as”, or any similar expression does not limit the sense of the words, description, definition, phrase or term preceding those; and
      5. e) this agreement includes all Schedules and attachments to it.
  2. Commencement and term
    • 2.1 This agreement starts on the Agreement Commencement Date and, unless terminated earlier in accordance with clause 14, ends when either party gives to the other party 30 days written notice to terminate, such notice to terminate only taking effect on the completion of all Orders entered into before the date on which the notice to terminate is served (the Term).
    • 2.2 If there are no uncompleted Orders as at the date notice to terminate is served under clause 2.1, such notice will terminate this agreement with immediate effect.
    • 2.3 The parties will not enter into any further Orders after the date on which notice to terminate is served under clause 2.1.
  3. Orders
    • 3.1 If, during the Term, the parties enter into an Order for Services, the Parties agree that the provision of the Services will be governed by the terms of this agreement.
    • 3.2 Once an Order has been agreed, no amendment will be made to it except in accordance with clause 7.
    • 3.3 Each Order will be part of this agreement and will not form a separate contract to it.
    • 3.4 Each Order will specify the Services to be provided. The Schedules to this agreement set out terms that will apply to the provision of specific types of Services in addition to these General Terms.
    • 3.5 If there is an inconsistency between the terms set out in this document and the terms set out in a Quote, Proposal or SoW, the terms shall be applied in this order of precedence:
      1. a) the terms of the Schedule(s) related to the Service(s);
      2. b) these General Terms; then
      3. c) the terms of the Order
    • 3.6 Any terms or conditions in any purchase order or any other related documentation submitted by or on behalf of the Customer in relation to the Services do not form part of this agreement and are void unless otherwise expressly agreed in writing and signed by authorised signatories of both parties.
  4. Supplier’s obligations and warranties
    • 4.1 The Supplier will endeavour to provide the Services at a professional standard to the Customer in accordance with a Order in all material respects.
    • 4.2 The Supplier will endeavour to meet any delivery, performance dates or Milestones specified in an Order, but any such dates will be estimates only. The Supplier will be excused from any failure to supply which was contributed to by causes beyond its reasonable control (including delay in supply from third parties), and the time specified for completion of supply will be extended commensurately.
    • 4.3 The Supplier will abide by the relevant information security laws and regulations applicable in the countries in which it operates.
    • 4.4 The Supplier makes no additional warranty in relation to the Services other than those prescribed by law.
    • 4.5 The Supplier does not represent or guarantee that the outcome of the Services will meet the Customer’s expectations or objectives. The Customer must make independent enquiries about the suitability of the Services for their requirements.
    • 4.6 The Supplier will provide the Services using appropriate skills, training and tools; however, the Customer acknowledges that the provision of Services does not guarantee or represent in any way that:
      • a) all threats or non-compliant environments will be identified;
      • b) all damage will be prevented; or
      • c) all responses will be effective.
  5. Customer’s obligations and warranties
    • 5.1 The Customer:
      • a) must provide assistance to the Supplier (including access to physical sites, networks, infrastructure, documentation, licence information, Customer Materials and employees and contractors) to the extent reasonably necessary to enable the Supplier to perform the Services;
      • b) must identify a manager who is appointed in respect of the relevant Services to be performed (Customer’s Representative); and
      • c) warrants that the Customer’s Representative has the authority to contractually bind the Customer on all matters relating to the relevant Services under an Order (including by signing Change Orders).
    • 5.2 The Customer warrants, throughout the term of this agreement that:
      • a) There are no legal restrictions preventing compliance with the terms of this agreement;
      • b) it will cooperate with the Supplier and provide all information that is reasonably necessary to enable satisfactory performance of the Services;
      • c) the information provided to the Supplier is true, correct and complete;
      • d) it has obtained any consents, licences and permissions from other parties necessary for the Services to be provided at the Customers cost; and
      • e) consent is given for the use of the Customer’s name and Intellectual Property in relation to the Services.
    • 5.3 The Customer acknowledges by entry into this agreement that no promise, representation, guarantee or undertaking has been made or given by the Supplier or any person on its behalf in relation to the capacity, uses, or benefits to be derived from use, profitability of or any other results to be obtained from the provision of the Services, except as set out in this agreement. The Customer has relied on its own skill and judgment in deciding to acquire the Services and acknowledges that the Supplier does not and cannot warrant that any services will be uninterrupted, error-free, or free of harmful components or that any content will be secure or not otherwise lost or damaged.
  6. Non-solicitation

    From the date of an Order until 12 months after its completion, neither party will, without the prior written consent of the other party, employ or engage or attempt to employ or engage any employee or contractor of the other party involved in the provision of the Services.
  7. Change control
    • 7.1 Either party may propose changes to the scope or delivery of the Services but no proposed changes shall come into effect until a relevant amendment has presented to the Customer by the Supplier by way of a quote and it has been accepted by the Customer (Change Order). A Change Order will set out the proposed changes and the effect that those changes will have on:
      1. a) the Services;
      2. b) the Service Charges;
      3. c) the timetable for the Services; and
      4. d) any of the other terms of the Order.
  8. Service Charges and Payment
    • 8.1 The Supplier will invoice the Customer for the Service Charges in accordance with the schedule specified in the Order. If no times are specified, the Supplier will invoice the Customer at the end of each month for Services delivered during that month.
    • 8.2 The Customer will pay any reasonable additional expenses incurred by the Supplier in performing the Services. The amount and nature of those expenses are to be advised to the Customer prior to those expenses being incurred.
    • 8.3 The Customer must pay each invoice submitted to it by the Supplier within 30 days of the date of invoice to a bank account nominated in writing by the Supplier from time to time or in accordance with the terms of the AWS Marketplace in respect of an AWS Order.
    • 8.4 All consulting and professional services work will be conducted during local Business Hours. If the Customer requires work to be conducted outside of those hours, any associated Service Charges will be calculated at a 150% of the quoted price for weekdays, and 200% of the quoted rate for weekends and public holidays.
    • 8.5 Unless specified otherwise in an Order, the Customer will have 10 Business Days to provide feedback, or request a project debrief meeting, on any deliverable, draft deliverable, or draft report. Upon completion of the project debrief meeting, or after 10 Business Days from the date of delivery, whichever occurs first, Sekuro will deliver the final version of the deliverable or report, and any related invoices will be issued to the Customer.
    • 8.6 The Supplier may increase any ongoing Service Charges on an annual basis with effect from each anniversary of the relevant Proposal / SoW in line with the percentage increase in the Consumer Price Index for the most recent 12-month period, as quoted by the Office for National Statistics.
    • 8.7 The Supplier reserves the right to charge a cost recovery fee in circumstances where the Customer postpones, or cancels Professional Services work, with less than 5 Business Days’ notice, and it is not able to redeploy the scheduled consultants onto other billable engagements. If a Cost Recovery Rate is not specified in an Order, £1,500 per-person, per-day, will be the default charge, up to a maximum of 5 days.
    • 8.8 If the Customer orders a Professional Services Retainer, or a block of days, they must be consumed within 12 months of purchase. Any unused time will be forfeited at the end of that period.
    • 8.9 Except for any amounts in dispute under clause 8.11, the Supplier will be entitled to charge interest on any amount due and not paid the Customer in accordance with clause 8.3, at the, calculated monthly. In addition, the Supplier Bank of England’s Excess Drawing Interest Rate is entitled to be reimbursed by the Customer for the full costs of recovery of overdue amounts on an indemnity basis.
    • 8.10 Without limiting the Supplier’s rights to terminate or take other action under this agreement, if the Customer fails to pay any amount due in accordance with clause 8.3, which are not legitimately in dispute under clause 8.11, the Supplier may cease or suspend providing a Service and any credit facility to the Customer.
    • 8.11 If the Customer disputes the whole or any portion of an invoice:
      1. a) the Customer will pay any amount in the invoice which is not in dispute;
      2. b) within 5 Business Days of receipt of the invoice, the Customer will notify the Supplier in writing of the reasons for disputing the remainder of the invoice; and
      3. c) within 5 Business Days of that notification, the parties must meet with a view to resolving the dispute.
    • 8.12 All sums payable to the Supplier under this agreement:
      1. a) are exclusive of VAT (unless expressly stated otherwise), and the Customer must, in addition, pay an amount equal to any VAT chargeable on those sums on delivery of a VAT invoice; and
      2. b) must be paid in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of tax as required by law).
  9. Intellectual Property Rights
    • 9.1 Each party retains ownership of all its pre-existing Intellectual Property Rights.
    • 9.2 Unless the contrary is expressly set out in the relevant Order:
      1. a) the Supplier and its licensors will retain ownership of all Intellectual Property Rights in the Deliverables (except to the extent of any Customer Materials contained therein); however
      2. b) the Supplier grants to the Customer a non-exclusive, royalty-free licence during the term of this agreement to use the Deliverables for the sole purpose of receiving and using the Services.
  10. Insurance
    • 10.1 During the Term of this agreement, the Supplier will have and maintain the following insurances:
      1. a) Public Liability Insurance up to £5,000,000;
      2. b) Professional Indemnity Insurance up to £5,000,000; and
      3. c) Employer’s Liability Insurance in accordance with applicable law.
  11. Privacy
    • 11.1 If the Supplier collects, holds, uses or discloses Personal Information in the course of or relating to this agreement, the Supplier must:
      1. a) handle all Personal Information in accordance with the Supplier’s privacy policy;
      2. b) only use Personal Information for the purpose of performing its obligations under this agreement; and
      3. c) not disclose Personal Information to any third party (including any subcontractor) without the Customer’s prior written consent or as required by law.
    • 11.2 The Customer warrants that it:
      1. a) Will not provide any Sensitive Information to the Supplier unless that information is necessary for the Supplier to perform its obligations under the agreement and then only with the Supplier’s specific written consent;
      2. b) has:
        1. i) made all necessary notifications required by Articles 5 and 6(1) of the UK GDPR, on behalf of itself and the Supplier to; and
        2. ii) obtained all necessary consents required by Articles 5 and 6(1) of the UK GDPR from, the individuals whose Personal Information it is disclosing to the Supplier in the course of this agreement to enable to the Supplier to lawfully use the Personal Information and perform its obligations in accordance with this agreement; and
      3. c) the Supplier may provide access to the Personal Information to people located overseas for the purpose of enabling it to perform the Services and perform back of house functions including billing.
    • 11.3 If the Supplier becomes aware, or there are reasonable grounds to suspect, that a Data Incident has occurred, the Supplier must:
      1. a) immediately take reasonable steps to contain the Data Incident and prevent any further serious harm to affected individuals;
      2. b) immediately notify the Customer in writing, stating the:
        1. (i) nature and details of the Data Incident;
        2. (ii) specific Personal Information affected; and
        3. (iii) actions taken by the Supplier at clause 11.3(a);
      3. c) identify whether the Data Incident is an Eligible Data Breach by conducting a thorough investigation of the Data Incident within 20 days of becoming aware of the Data Incident (Data Breach Investigation);
      4. d) provide a copy of the report of the Data Breach Investigation in clause 11.3(a) to the Customer on completion;
      5. e) engage in discussions with the Customer regarding:
        1. (i) the conduct and outcomes of the Data Breach Investigation; and
        2. (ii) in the case of an Eligible Data Breach, whether the Customer or the Supplier will make the relevant notifications under the Data Protection Act; and
      6. e) where it is agreed by the parties that the Supplier is making the relevant notifications, the Customer must approve the notifications before they are made (such approval to be given promptly and not to be unreasonably withheld).
    • 11.4 The Customer:
      1. a) acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use Personal Information disclosed to it in the course of and for the purpose of this agreement;
      2. b) indemnifies the Supplier for any claim brought by any third party in connection with any act or omission by the Supplier in relation to a third party’s Personal Information to the extent that such act or omission resulted directly from the Customer’s instructions or the Customer’s breach of this agreement; and
      3. c) acknowledges that from time to time it may provide information to third parties in order to assess the Customer’s credit standing, credit history and financial capacity.
  12. Confidentiality
    • 12.1 Each party (Recipient) must keep secret and confidential and not disclose any information relating to another party or its business (which is or has been disclosed to the Recipient by the other party, its representatives or advisers) or the terms of this agreement, except:
      1. a) where the information is in the public domain as at the date of this agreement (or subsequently becomes in the public domain other than by breach of any obligation of confidentiality binding on the Recipient);
      2. b) if the Recipient is required to disclose the information by applicable law or the rules of any recognised securities exchange, provided that the Recipient has to the extent practicable, having regard to those obligations and the required timing of the disclosure, consulted with the provider of the information as to the form and content of the disclosure;
      3. c) where the disclosure is expressly permitted under this agreement;
      4. d) if the disclosure is made to its officers, employees and professional advisers to the extent necessary to enable the Recipient to properly perform its obligations under this agreement or to conduct their business generally, in which case the Recipient must ensure that such persons keep the information secret and confidential and do not disclose the information to any other person;
      5. e) where the disclosure is required for use in legal proceedings regarding this agreement; or
      6. f) if the party to whom the information relates has consented in writing before the disclosure.
    • 12.2 Each Recipient must ensure that its directors, officers, employees, agents, representatives and related bodies corporate comply in all respects with the Recipient’s obligations under this clause 12.
    • 12.3 On termination of the Agreement, the customer may provide the Supplier with a written direction requiring the Supplier to either destroy or return its confidential information, subject to the Supplier being able to retain such information required in order to maintain good corporate and accounting practices.
  13. Limitation of remedies and liability
    • 13.1 Nothing in this agreement limits or excludes either party’s liability:
      1. a) for death or personal injury; or
      2. b) for fraud by it or its employees.
    • 13.2 Subject to clause 13.1, the parties exclude any liability to each other, whether in contract, tort (including negligence) or otherwise, for any special, indirect or consequential loss arising under or in connection with this agreement, including any loss of profits (except to the extent contained in the Service Charges), loss of sales or business, loss of production, loss of agreements or contracts, loss of business opportunity, loss of anticipated savings, loss of or damage to goodwill, loss of reputation, loss of use or corruption of software, data or information.
    • 13.3 If the supply of any goods or services under this agreement constitutes a supply of goods or services to a consumer as defined in The Consumer Rights Act (UK), as amended or replaced, or relevant EU legislation (“the Acts”), nothing contained in this agreement excludes, restricts or modifies any condition, warranty or other obligation where to do so is unlawful. Where permitted, the Supplier’s liability for breach of any such condition, warranty or other obligation, including any consequential loss which the Customer may sustain or incur, shall be limited to:
      1. a) In relation to goods:
        1. i. the replacement of the goods or the supply of equivalent goods or payment of the cost of replacing the goods or acquiring equivalent goods; or
        2. ii. the repair of the goods or payment of the cost of having the goods repaired; and
      2. b) In relation to services:
        1. i. the supplying of the services again; or
        2. ii. the payment of the cost of having the services supplied again.
    • 13.4 Subject to clause 13.1 and 13.3, a party’s aggregate liability in respect of claims:
      1. a) based on events in any calendar year arising out of or in connection with an Order under this agreement, whether in contract or tort (including negligence) or otherwise, will in no circumstances exceed 100% of the total charges (including fees and interest) payable by the Customer to the Supplier under that Order in that calendar year; or
      2. a) where not in connection with an Order, whether in contract or tort (including negligence) or otherwise, will in no circumstances exceed 100% of the total charges (including fees and interest) payable by the Customer to the Supplier under this agreement in the 12months prior to the claim arising.
    • 13.5 While the Supplier will take all reasonable measures to preserve the Customer’s data which the Supplier may have access to while providing the Services, the Supplier cannot accept any responsibility if any data is corrupted or erased for any reason. The Customer accepts that it must maintain backup data to avoid any loss or damage arising from such corruption or erasure and will hold the Supplier and its employees harmless from any claims, loss or damage arising from a failure to restore the Customer’s data.
    • 13.6 The Supplier will not be liable in relation to any proceeding or claim which:
      1. a) was caused by any act or omission of the Customer or its employees or agents; or
      2. b) relates to actions of the Supplier which were expressly or impliedly authorised by the Customer or by the Customer’s employees or agents.
  14. Termination
    • 14.1 Without affecting any other right or remedy available to it, either party may terminate this agreement with immediate effect by giving written notice to the other party if:
      1. a) the other party fails to pay any amount due under this agreement on the due date for payment and remains in default not less than seven days after being notified in writing to make such payment;
      2. b) the other party commits a material breach of any term of this agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 14 days after being notified in writing to do so; or
      3. c) the other party becomes, threatens or resolves to become or is in jeopardy of becoming subject to any form of insolvency, administration, receivership or liquidation.
    • 14.2 On termination of this agreement under this clause 14:
      1. a) all existing Orders will terminate automatically;
      2. b) the Customer must immediately pay to the Supplier all of the Supplier’s outstanding unpaid invoices and interest, and in respect of the Services supplied but for which no invoice has been submitted, the Supplier may submit an invoice (including for Hardware and Software orders placed that cannot be cancelled by the Supplier in the ordinary course of business), which shall be payable in accordance with clause 8.3
      3. c) the Customer must, within a reasonable time, return all of the Supplier’s Equipment. If the Customer fails to do so, then the Supplier may enter the Customer’s premises and take possession of the Supplier’s Equipment. Until the Supplier’s Equipment has been returned or repossessed, the Customer shall be solely responsible for its safekeeping;
      4. d) the Supplier must, on request, return any of the Customer Materials not used up in the provision of the Services; and
      5. e) the following clauses will continue in force: clause 1 (Interpretation), clause 6 (Non-solicitation), clause 9 (Intellectual Property Rights), clause 12 (Confidentiality), clause 13 (Limitation of remedies and liability), this clause 14 (Termination), clause 19 (Waiver), clause 20 (Severability) and clause 25 (Governing law and jurisdiction).
  15. Force Majeure
    • 15.1 either party is in breach of this agreement or is liable to the other party for any loss incurred by that other party as a direct result of a party (Affected Party) failing or being prevented, hindered or delayed in the performance of its obligations under this agreement where such prevention, hindrance or delay results from events, circumstances or causes beyond the Affected Party’s reasonable control (Force Majeure Event).
    • 15.2 The Affected Party will be entitled to a reasonable extension of time for performing its obligations under the agreement. However, the Affected Party must continue to use all reasonable endeavours to perform those obligations.
    • 15.3 The performance of the affected obligations must be resumed as soon as practicable after such Force Majeure Event is removed or has ceased.
  16. Assignment and subcontracting

    Neither party may assign any right arising out of this agreement, or novate the agreement, without the other party’s prior written consent, which must not be unreasonably withheld. The Supplier may subcontract any of its obligations under this agreement and remains responsible for the performance of the Services under this agreement.
  17. Variation

    An amendment or variation of any term of this agreement must be in writing and signed by each party.
  18. Modern Slavery
    • 18.1 In this clause 18, Modern Slavery has the same meaning as it has in the Modern Slavery Act 2015.
    • 18.2 The Supplier must take reasonable steps to identify, assess and address the risks of Modern Slavery practices in the operations and supply chains used in the provision of the Service.
    • 18.3 If at any time the Supplier becomes aware of Modern Slavery practices in the operations and supply chains used in the performance of the Services, the Supplier must, as soon as reasonably practicable, take all reasonable action to address or remove these practices, including where relevant by addressing any practices of other entities in its supply chains.
  19. Waiver

    No party may rely on the words or conduct of any other party as being a waiver of any right, power or remedy arising under or in connection with this agreement unless the other party or parties expressly grant a waiver of the right, power or remedy. Any waiver must be in writing, signed by the party granting the waiver and is only effective to the extent set out in that waiver.
  20. Severability
    • If the whole or any part of a provision of this agreement is or becomes invalid or unenforceable under the law of any jurisdiction, it is severed in that jurisdiction to the extent that it is invalid or unenforceable and whether it is in severable terms or not.
  21. Entire agreement

    This agreement states all the express terms agreed by the parties about its subject matter. It supersedes all prior agreements, understandings, negotiations, proposals and discussions in respect of its subject matter.
  22. Relationship of the parties

    Nothing in this agreement gives a party authority to bind any other party in any way or imposes any fiduciary duties on a party in relation to any other party.
  23. Notices
    • 23.1 All notices under this agreement must be in writing.
    • 23.2 A notice will be taken to be received:
      1. a) If hand delivered, on delivery; or
      2. b) If sent by email, on receipt of a non-automated reply or other form of communication confirming or indicating that the notice has been received.
  24. Counterparts

    This agreement may be executed in any number of counterparts.
  25. Governing law and jurisdiction
    • 25.1 This Agreement shall be governed by and construed in accordance with the laws of England and Wales.
    • 25.2 Each party irrevocably submits to the exclusive jurisdiction of courts exercising jurisdiction in England and courts of appeal from them in respect of any proceedings arising out of or in connection with this agreement.

The following additional terms and conditions contained in this Schedule 1 apply to the provision of Services only where the Customer is acquiring Offensive Security, Penetration Testing, Red Teaming Services or Incident Response Services (as defined below or referred to in any relevant Order).

  1. Where Supplier is providing services designed to test the security of the Customer’s environment (including Penetration Testing), the Customer acknowledges that the nature of the Services is such that the Supplier will actively attempt to breach security controls in order to obtain access to the Customer systems and data and that such attempts might otherwise amount to criminal activity. Customer specifically consents to the Supplier attempting to gain such access to systems and data (except for any systems or data specifically referred to as out of scope) and that if Supplier activities are identified by Customer staff and reported to any external body (including law enforcement agencies), the Customer will promptly confirm to that external body that the Supplier is acting in an authorised manner.
  2. The Customer acknowledges that security testing is inherently risky due to the potential frailties of networks and their reaction to unknown variables and that intrusion testing will largely take place over open public networks, and that a risk exists of information being accidentally disclosed to third parties.
  3. The Customer acknowledges that Services and Deliverables designed by the Supplier to test the security of the Customer’s environment have the potential to cause damage. The Customer shall defend and hold the Supplier harmless from any claim, suit, damages and expenses (including, but not limited to legal costs) arising out of (i) the misuse of the Services or Deliverables (other than by the Supplier); (ii) deploying the Services or Deliverables in accordance with the Customer’s instructions (iii) Customer’s failure to comply with applicable laws, rules, and/or regulations regarding use of the Services and Deliverables; or (iv) any negligent act or omission by the Customer in relation to the Services or Deliverables.  This includes indemnifying the Supplier for any loss we suffer arising out of the above, including damage to reputation.
  4. The Supplier reserves the right to charge a cost recovery fee in circumstances where the Customer postpones, or cancels Offensive Security Services work, with less than 10 Business Days’ notice, and it is not able to redeploy the scheduled consultants onto other billable engagements. If a Cost Recovery Rate is not specified in an Order, £1,500 per-person, per-day, will be the default charge, up to a maximum of 5 days.
  5. The Customer acknowledges and agrees that despite any other clause of this Agreement, where the Supplier is engaged to respond to an actual or potential breach of its IT security (Incident Response Services), it will conduct the services on a best-efforts basis but in no circumstances will the Supplier be liable for any damage arising from its acts or omissions other than as a result of its fraudulent or unlawful activity. 

The following additional terms and conditions contained in this Schedule 2 apply to the provision of Services only where the Customer is purchasing Resale Services and Software under an Order.

Vendor Terms

  1. Where the Supplier is reselling a service, either Resale Services or Software, those Services will be subject to any vendor terms provided to the Customer prior to or at the time of accepting the Services (Vendor Terms). Vendor Terms may take the form of an end-user licence agreement and may be provided separately or be included as click-through terms of use of the Service. The Customer agrees that as a condition of accepting Resale Services or Software, it will agree to the Vendor Terms and failure to do so could result in the Customer being unable to use the Resale Services or Software, in which case the Customer will still be liable for the Service Charges set out in the relevant Order.
  2. The Customer agrees that, to the extent permitted by law and without limiting the Customer’s rights against the Supplier, if it has a claim in respect of the Resale Services or Software under the applicable Vendor Terms or otherwise as available at law (including the The Consumer Rights Act 2015 (UK) if applicable) it will, along with any redress it chooses to seek, pursue that claim against the relevant vendor.
  3. A failure of the Customer to comply with its obligations under the Vendor Terms is grounds for the Supplier to suspend, or if irreparable, terminate the provision of the relevant Resale Services or Software. In this event, the Customer will remain liable for the Service Charges set out in the relevant Order.
  4. The Customer acknowledges that the Supplier has no direct control over the features or performance of the Resale Services and Software and is bound to only supply those Services on strict resale terms which include passing through the Vendor Terms. As a result, the Customer agrees that in no circumstances (other than as prescribed by law) will the Supplier be liable for any amount or provide any warranties in relation to the Resale Services or Software that exceed the liability accepted and warranties provided by the relevant vendor in the Vendor Terms.

Software Pricing

  1. The Supplier agrees to maintain the Software licence charges set out in the relevant Order for the initial licence period. After the initial licence period, where the Customer continues to use the Software, the Supplier may, on reasonable notice to the Customer, increase the licence charges, which may include passing on incremental increases proportionate to increased pricing from relevant vendors and any other input costs including operational costs and currency fluctuations.
  2. In the event that a vendor conducts an audit of your use of Software and reasonably establishes that your use of the Software exceeded the licence volume during any period, you will be liable to promptly pay for that use. The Customer acknowledges that this is a right that the vendor may enforce against the Supplier as a reseller and agrees that it is reasonable to pass this onto the Customer as the beneficiary of the use of the Software. Despite anything to the contrary, this clause survives termination of the Agreement.

Intellectual Property

  1. The Vendor Terms will set out the scope of the licence and acceptable use of the Software and any Intellectual Property Rights associated with the Resale Services. The Supplier provides the Software and Resale Services consistent with the scope and acceptable use constraints as contained in those terms.

 

 

 

Intellectual Property

  1. We assign the rights to any intellectual property developed by the Consultant in the course of carrying out the Assignment to you.
  2. We reserve the exclusive right to any pre-existing methods, techniques and processes utilised or owned by us. These will remain our property at all times.  You will maintain the confidentiality of all of our methods, techniques and processes given to you or communicated to you by the Consultant or by us and will not communicate or give any such information to any third party without our prior written consent.

 

 

 

 

 

The following additional terms and conditions contained in this Schedule 5 apply to the provision of Services only where the Customer is purchasing the Sekuro Cyber Resiliency Program (CRP or the Program) under an Order.

CRP Services

  1. The Cyber Resilience Program is a program of Services designed to deliver a strategic and programmatic approach to cyber security. It goes beyond individual services and solutions, providing an ongoing security program, tailored to continuously improve cyber security posture and maturity.

Term and Price of Service

  1. The Program will be priced in accordance with the relevant Order and may consist of a once-off onboarding charge and an ongoing, periodic service charge.
  2. The Program will continue from the service commencement date until cancelled in accordance with clause 6 below.
  3. On each anniversary of the Program, the monthly service charges will increase in line with the Consumer Price Index, unless alternative pricing has been agreed by way of an Order.
  4. At the end of any term specified in an Order, the Program, and the associated ongoing, periodic service charges will continue, unless varied in accordance with clause 7.

Variation and Cancellation

  1. Subject to any term specified in an Order, either party may cancel the Program by giving the other party written notice of its intention to cancel the service on 3 complete months’ notice. The service will terminate 3 months after the end of the month in which the notice is given.

 

  1. If either party wishes to vary the Program in terms of scope, pricing or applicable rates (other than in accordance with clause 6) they will provide the other party details of the requested change. If the changes are agreed in writing, they will take effect 3 months after the end of the month in which they are agreed (unless the parties mutually agree that they apply sooner).

Customer Obligations

  1. The Customer will:
    1. provide the Supplier with all accesses and rights with respect to the Customers IT environment and architecture to enable the Supplier to perform the CRP Services, including, where necessary, the necessary rights under third-party licences to access and use Customer software and equipment on the Customer’s behalf;
    2. promptly notify the Supplier about any changes proposed or made to the Customer IT environment and architecture which may affect any aspect of the CRP Services;
    3. make all reasonably requested changes required by the Supplier to the Customers IT environment to enable the proper performance of the CRP Services; and
    4. ensure that it provides the Supplier with up-to-date contact information to allow Customer contact for all security notifications to the Customer.

Incorporation of other Services

  1. CRP may incorporate other Services, including, but not limited to, Offensive Security Services. The Schedules to this agreement that relate to those Services apply to those elements of the CRP.
  2. In providing the Program, the Customer may be required to enter into Software Vendor Terms and/or Resale Service Vendor Terms directly with the Software Vendor (as defined in Schedule 2 above).

The following additional terms and conditions contained in this Schedule 7 apply to the provision of Services only where the Customer is purchasing Managed Services, including OVM, or Managed XDR NGSIEM, or (see Schedule 8 for Sovereign Managed Services)

OVM Service

  1. The Orchestrated Vulnerability Management (OVM) Service provides a centralised approach to identifying, prioritising, and remediating vulnerabilities across digital infrastructure. By leveraging automation and orchestration, OVM streamlines the vulnerability management process, reducing the time between detection and resolution.

OVM Platform

  1. Log Files collected from scanners and other vulnerability detection software is ingested into the Sekuro OVM Platform via encrypted API, where the third-party software Nucleus is used to analyse the Log Files to detect vulnerabilities.
  2. The Nucleus terms apply to the OVM Platform and prevail in the case of inconsistency with any other term of this Agreement: https://nucleussec.com/wp-content/uploads/2022/04/20220427-Nucleus-pass-through-MSA-online.pdf

Managed XDR NGSIEM Service

  1. The Managed XDR NGSIEM Service is designed to combine CrowdStrike’s NextGen SIEM platform, with Sekuro’s human skills and expertise, to deliver a world class managed extended detection and response service.

NGSIEM Platform

  1. The Customer acknowledges and accepts that it’s Log Files will be routed to, and hosted in CrowdStrike’s AWS tenancy in the United States, or other locations, as notified by CrowdStrike.
  2. The CrowdStrike terms apply to the NG SIEM Platform and prevail in the case of inconsistency with any other term of this Agreement: https://www.crowdstrike.com/terms-conditions/

Customer Obligations

  1. The Customer must nominate a manager who is appointed to manage the Customer’s obligations with respect to service onboarding.
  2. The Customer must provide assistance to Sekuro (including but not limited to access to physical sites, networks, infrastructure, documentation, licence information, Customer Material and employees and contractors) to the extent reasonably necessary to enable Sekuro to perform the Managed Services.
  3. Except for specific, associated Hardware or Software Services that the Customer is also procuring from Sekuro, that relate to the Managed Services, the Customer is responsible for procuring and maintaining all software, telecommunications, network and computer equipment required to create the Log Files.
  4. The Customer acknowledges and accepts that Sekuro has no control of the content of the Log Files. Should the Customer require that any of its confidential, private, or personally identifiable information be excluded from the OVM Platform, or NGSIEM Platform, then it alone is responsible for ensuring that the Log Files do not contain data of that nature.
  5. If a verification or usage report reveals that the Customer has exceeded the purchased capacity or usage limits specified in an Order, then Sekuro will have the right to recover any resulting fees, payable in accordance with the terms of this Agreement. Without limiting our foregoing rights, Sekuro may work with you to reduce usage so that it conforms to the applicable usage limit, and will in good faith discuss options to right size the subscription as appropriate.
  6. Where the Customer permits or authorises it’s employees, consultants, contractors, or agents to access the OVM Platform or NGSIEM Platform, the Customer will be responsible for any of their actions that affect the viability, security, and usage of the Managed Services.

Term & Termination

  1. Unless otherwise agreed by the Parties in writing, The Managed Services, will start on the earlier of the date that Service onboarding has been completed, or 12 weeks after the date that the Order was signed.
  2. The Customer may terminate the services by providing 90 days notice and paying any post-termination third-party software licence fees for the remainder of the term specified in an Order.

The following additional terms and conditions contained in this Schedule 8 apply to the provision of Services only where the Customer is purchasing Managed XDR Sekuro Private Cloud (Managed XDR SPC) under an Order.

Managed XDR SPC Service

  1. The Managed XDR SPC Service is designed to provide a world class managed extended detection and response service, combining best-of-breed technology and skilled human expertise, whilst ensuring sovereignty of the Customer’s data in a single, dedicated AWS tenancy located in the country of the Customer’s election.

The SPC Platform

  1. In providing the Managed XDR SPC Service , the Customers Log Files will be ingested into the SPC Platform, where the software and infrastructure referred to below will be utilised. The third-party terms referred to below apply to the provision of that aspect of the Managed XDR SPC Service and prevail in the case of inconsistency with any other term of this Agreement:
    1. In respect of hosting of the Log Files: AWS – [https://aws.amazon.com/service-terms/]
    2. In respect of routing of the Log Files: Cribl – [https://cribl.io/legal/cribl-subscription-services-agreement/]
    3. In respect of the management of the Log Files: CrowdStrike – [https://www.crowdstrike.com/terms-conditions/]
  2. Sekuro will not intentionally delete any Log Files from the SPC Platform. However, unless explicitly specified in an Order, Sekuro is under no obligation to backup the Log Files, and therefore will not be liable for any loss or corruption of Customer Data ingested into the SPC Platform.

Customer Obligations

  1. The Customer must identify a manager who is appointed in respect of the relevant services to be performed.
  2. The Customer must provide assistance to Sekuro (including but not limited to access to physical sites, networks, infrastructure, documentation, licence information, Customer Material and employees and contractors) to the extent reasonably necessary to enable Sekuro to perform the Managed Services.
  3. With the exception of specific, associated Hardware or Software Services that the Customer is also procuring from Sekuro, that relate to the Managed Services, the Customer is responsible for procuring and maintaining all software, telecommunications, network and computer equipment required to create the Log Files.
  4. The Customer acknowledges and accepts that Sekuro has no control of the content of the Log Files. Should the Customer require that any of its confidential, private, or personally identifiable information be excluded from the SPC Platform, then it alone is responsible for ensuring that the Log Files do not contain data of that nature.
  5. If a verification or usage report reveals that the Customer has exceeded the purchased capacity or usage limits specified in an Order, then Sekuro will have the right to recover any resulting fees, payable in accordance with the terms of this Agreement. Without limiting our foregoing rights, Sekuro may work with you to reduce usage so that it conforms to the applicable usage limit and will in good faith discuss options to right size the subscription as appropriate.
  6. Where the Customer permits or authorises employees, consultants, contractors, or agents to access the SPC Platform, the Customer will be responsible for any of their actions that affect the viability, security, and usage of the Managed Services.

Termination

The Customer may terminate the services by providing 90 days written notice and paying any post-termination third-party software licence fees for the remainder of the term specified in an Order.