CIS Social Engineering (Phishing) Services Terms and Conditions

The following terms and conditions (“TCS”) apply to social engineering (phishing) services (the “Services”) provided by Center for Internet Security, Inc. (“CIS”) to Customer, as specified in the accompanying Statement of Work issued by CIS to Customer (the “SOW”).

  1. CIS Obligations. CIS will provide the Services specified in the SOW.
    All other cybersecurity monitoring or assessment or additional consulting services will be subject to a separate agreement. CIS will delete the email addresses provided by Customer from its network no later than 30 days after completion of the Services.
  1. Customer Obligations. In order to perform the Services, Customer will provide CIS with email addresses and/or telephone numbers and template approval prior to the start of the phishing campaign.
  1. Payment Terms. The payment terms are as specified in the SOW.
  2. Pricing for the Services is based on the assumptions as set forth in the SOW. If, during the course of providing the Services, CIS determines that the assumptions are substantially different than those set forth in the SOW, it reserves the right to adjust the pricing prior to completion of the Services to reflect additional work required as a result of the change in assumptions.

  1. Confidentiality Obligations. In connection with performing the Services, certain confidential or proprietary information may either be provided by Customer to CIS or generated in the performance of the Services, including without limitation, the results of social engineering (phishing) exercise as described in the SOW (“Confidential Information”). CIS agrees to keep Customer’s Confidential Information in confidence to the same extent and the same manner as CIS protects its own confidential information, but in no event will less than reasonable care be provided and Customer’s Confidential Information will not be released in any identifiable form without the express written permission of Customer or as required pursuant to lawfully authorized subpoena or similar compulsive directive or is required to be disclosed by law, provided that CIS shall be required to make reasonable efforts, consistent with applicable law, to limit the scope and nature of such required disclosure. CIS shall, however, be permitted to disclose relevant aspects of such Confidential Information to its employees and CIS's third party Cyber Security Services partners including federal partners provided that they agree to protect the Confidential Information to the same extent as required under this Agreement. CIS further agrees to use reasonable steps to ensure that Confidential Information received under this Agreement is not disclosed in violation of this Section. These confidentiality obligations shall survive the termination of this Agreement.
  1. Limitation of Liability. CIS DOES NOT ASSUME ANY RESPONSIBILITY OR LIABILITY FOR ANY ACT OR OMISSION OR OTHER PERFORMANCE RELATED TO THE SERVICES, INCLUDING ANY ACT OR OMISSION BY CONTRACTORS OR SUBCONTRACTORS OF CIS, OR FOR THE ACCURACY OF THE INFORMATION PROVIDED AS PART OF THE SERVICES. THE SERVICES ARE PROVIDED ON AN “AS-­‐IS” BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED
  1. Termination. Either party may terminate the Services in the event that the other party is in breach of these TCS and such breach is not corrected within 10 days of receipt of written notice of such Customer shall be responsible for payment of that portion of the Services completed prior to date of termination.
  1. Force Majeure. Neither party shall be liable for performance delays or for non-­‐ performance due to causes beyond its reasonable control.
  1. Relationship of the Parties. Neither the SOW nor these TCS create an employment relationship, agency, joint venture or partnership between the parties. Neither party is authorized to make any representation or commitment on behalf of the other party without its prior written consent. Each party shall be responsible for its own employees, contractors and agents.
  1. Governing Law. Unless otherwise specifically prohibited by the laws of Customer’s jurisdiction, any disputes arising in connection with the Services or these TCS shall be governed and interpreted by the laws of the State of New York without regard to its conflict of law In the event that the laws of Customer’s jurisdiction require that the laws of that jurisdiction apply to all contracts entered into by Customer, then the laws of that jurisdiction shall apply.
  1. Entire Agreement. The SOW and these TCS constitute the entire agreement between CIS and Customer with respect to the Services, superseding any prior representations, discussions, negotiations or other agreement, whether written or oral, between the parties. Except as otherwise expressly stated, in the event that there is a conflict between the terms of Customer’s SOW and these TCS, the provisions of these TCS shall prevail.
  1. Waiver and Severability of Terms. The failure of either party to exercise or enforce any right or provision of these TCS shall not constitute a waiver of such right or If any provision of the TCS is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court should endeavor to give effect to the parties' intentions as reflected in the provision, and the other provisions of the TCS remain in full force and effect.

Rev. 05/13/2020