STANDARD TERMS AND CONDITIONS FOR ALBERT MONITORING & MANAGEMENT SERVICES
Upon acceptance by Customer, these Terms and Conditions shall govern the purchase of Albert Monitoring & Management Services between the Center for Internet Security, Inc. (“CIS”), located at 31 Tech Valley Drive, East Greenbush, NY 12061-4134, and Customer (CIS and Customer each a “Party” and collectively referred to as the “Parties”).
A. Albert Monitoring & Management Services. Albert network monitoring uses intrusion detection system technology in conjunction with expert analysis of related data; event notification; delivery and management of associated devices, including all software necessary for service delivery. Also referred to as “Services.”
B. Security Operation Center (SOC). 24 X 7 X 365 watch and warning center that provides Albert event analysis and threat notification for Services, dissemination of cyber threat alerts, vendor patch notifications, cybersecurity advisories with threat intelligence, vulnerability identification and mitigation recommendations.
II. Selection of Albert Monitoring & Management Services
CIS hereby agrees to supply Customer with the Albert Monitoring & Management Services including hardware if so requested by Customer and set forth in an Order, which shall be incorporated and made a part of this Agreement. Additional Albert Monitoring & Management Services may be ordered by Customer during the Term of this Agreement by submitting a written request to CIS; such purchases are also subject to the terms and conditions contained in section IV described below, to the extent applicable. The Service Start Date of subsequent orders for Albert Monitoring & Management Services will be dependent upon CIS receiving sufficient information to begin services, but shall terminate as of the end of the applicable Term, as specified in Section V below.
III. Consideration, Payment Terms
A. Consideration; Payment for Initial Term. As consideration for the Albert Monitoring & Management Services requested by Customer, Customer hereby agrees to pay to CIS the costs for the Albert Monitoring & Management Services as specified in an Order, which shall be incorporated and made a part of this Agreement. CIS shall invoice Customer for the Albert Monitoring & Management Services. Unless otherwise agreed to by the Parties in writing, Customer shall pay CIS in full within 30 days of receipt of invoice.
B. Pricing for Subsequent Terms. At least thirty (30) days prior to the end of any Term of this Agreement, CIS shall provide Customer with updated pricing for Albert Monitoring & Management Services to apply for the subsequent Term. Unless Customer terminates the Agreement in accordance with the provision of Section V(A) of this Agreement, the parties agree that an Order will be provided to incorporate the updated pricing for the subsequent Term. Any such price increase shall not exceed 3%. This fee shall be due to CIS no later than the last day of the then-current Term.
C. Review of Network Utilization. The Parties recognize that the pricing set forth in an Order is based on good faith estimates of network utilization provided to CIS by Customer. During the Term of this Agreement and any subsequent Renewal Terms, CIS shall have the right, but not the obligation, to review Customer’s daily average network utilization to determine whether such actual utilization meets or exceeds the utilization parameters agreed to in an Order. CIS shall have the right to increase the pricing set forth in an Order if Customer’s daily average network utilization exceeds the utilization limit of the pricing category on which Customer’s then-current pricing is based. Such price increase shall be effective upon renewal, subject to the terms set forth in section III(B) above, and shall reflect the then-current price for the appropriate network utilization.
IV. Responsibilities of the Parties
The following terms set forth the respective responsibilities of CIS and Customer in establishing and maintaining Albert Monitoring & Management Services.
A. CIS Responsibilities. CIS will provide the following as part of the Albert Monitoring & Management Services, as specified below:
i. Monitoring and Event Related Services. CIS will provide the following monitoring and event related services:
a. Specifications for the sensor(s)/server(s) to be purchased by Customer for provision of the Albert Monitoring & Management Services.
b. Analysis of events from monitored devices for attacks and malicious traffic.
c. Analysis of security events.
d. Correlation of security data/logs/events with information from other sources.
e. Notification of security events per the Escalation Procedures provided by Customer.
f. 24/7 telephone (1-866-787-4722) availability for assistance with resolution of security events detected by the Albert Monitoring & Management Services.
ii. Device Management. For hardware provided by CIS, CIS will be responsible for the correct functioning of devices used as part of Albert Monitoring & Management Services, including ensuring that all upgrades, patches, configuration changes and signature upgrades are applied to such devices.
iii. Batch Queries. CIS will process batch queries of Netflow data upon Customer request, with a limit of 10 queries per month per device. CIS maintains flow records for a period of three (3) months.
B. Customer Responsibilities
1. Customer acknowledges and agrees that CIS’s ability to perform the Albert Monitoring & Management Services is subject to Customer fulfilling certain responsibilities listed below. Customer acknowledges and agrees that CIS shall not have any responsibility whatsoever to perform or to continue to perform Albert Monitoring & Management Services in the event Customer fails to meet its responsibilities described below.
2. For purposes of this Agreement, Customer acknowledges and agrees that only those security devices supported by CIS fall within the scope of this Agreement.
3. Customer shall provide the sensor(s)/server(s) to be used for Albert Monitoring & Management Services, using the specifications provided by CIS, and in type and numbers as agreed to in this Agreement. Customer shall also provide logistic support in the form of rack space, electricity, Internet connectivity, and any other infrastructure necessary to support communications at Customer’s expense.
4. Customer shall provide the following to CIS prior to the commencement of Albert Monitoring & Management Services and at any time during the Term of the Agreement if the information changes:
a. Current network diagrams to facilitate analysis of security events on the portion(s) of Customer’s network being monitored. Network diagrams will need to be revised whenever there is a substantial network change.
b. Reasonable assistance to CIS, including, but not limited to, providing all technical information related to the Albert Monitoring Service reasonably requested by CIS, to enable CIS to perform the Albert Monitoring Service for the benefit of Customer.
c. Public and Private IP address ranges including a list of servers being monitored including the type, operating system and configuration information, as well as a list of IP ranges and addresses that are not in use by Customer (DarkNet space).
d. Completed Pre-Installation Questionnaires (PIQ) in the form provided by CIS. The PIQ will need to be revised whenever there is a change that would affect CIS’s ability to provide the Cyber Device Monitoring Services.
e. A completed Escalation Procedure Form including the name, e-mail address, and 24/7 contact information for all designated Points of Contact (POC).
f. The name, email address, and telephone numbers for all shipping, installation and security points of contact.
5. During the Term of this Agreement, Customer shall provide the following with respect to any Device Monitoring Services:
a. Written notification to CIS SOC ([email protected]) at least thirty (30) days in advance of changes in hardware or network configuration affecting CIS’s ability to provide Albert Monitoring & Management Services.
b. Written notification to CIS SOC ([email protected]) at least twelve (12) hours in advance of any scheduled downtime or other network and system administration scheduled tasks that would affect CIS’s ability to provide Albert Monitoring Service.
c. A revised Escalation Procedure Form must be submitted when there is a change in status for any POC.
d. Sole responsibility for maintaining current maintenance and technical support contracts with Customer’s hardware vendors for any device affected by Albert Monitoring & Management Services.
e. Active involvement with CIS SOC to resolve any tickets requiring Customer input or action.
f. Reasonable assistance in remotely installing and troubleshooting devices including hardware and communications.
6. If Customer performs recurring vulnerability scans on the Albert sensor(s), Customer shall be required to share any actionable findings from such scans with the CIS Device Engineering team. In addition, any Plans of Actions and Milestones (POA&M) or similarly-titled document or plan of action to resolve or remediate those actionable items must be jointly agreed upon in writing between Customer and CIS.
V. Term of this Agreement; Termination
A. Term. This Agreement will commence on the last date upon which it is signed by both Parties (the “Effective Date”), and Albert Monitoring & Management Services will start as of the date that all pre-service requirements as set forth in Section IV are met and Monitoring and Management Services are available (the “Service Start Date”). This Agreement shall continue in full force and effect for the period of time set forth in an Order, unless otherwise earlier terminated pursuant to the terms of this Section V. This Agreement shall not automatically renew and may renew only upon written agreement between both Parties.
B. Termination. Unless otherwise specified in the additional terms and conditions related to the particular Albert Monitoring Service, either Party may terminate this Agreement and any Albert Monitoring Service being provided under this Agreement by providing written notice to the other Party ninety (90) days prior to such termination.
VI. Title, Limitation of Warranties and Liability
A. Title. CIS will at all times retain title to hardware and software provided to Customer during the Term of this Agreement. Customer shall retain title to all hardware and/or software purchased by Customer to provide Services under this Agreement. If CIS provides hardware to Customer during the Term of this Agreement, upon termination of the Agreement or experience of a hardware failure necessitating replacement, Customer shall be responsible for returning hardware to CIS at CIS’ expense within thirty (30) days of either the termination date or hardware failure.
If Customer provides hardware for utilization in the provision of the Services in lieu of provision of hardware from CIS, within 30 days of the termination of Services or upon a hardware failure necessitating replacement, Customer agrees to provide commercially reasonable assistance to CIS to offboard any sensors and to permit CIS to wipe or destroy proprietary information from that hardware. “Proprietary information” shall include, but not be limited to, custom signatures and any configurations made by CIS.
During this Agreement, Customer agrees to comply with any request from CIS to identify the physical location of any hardware, whether such hardware is provided by CIS or by Customer. Customer further agrees to notify CIS within thirty (30) calendar days if such hardware moves to a different physical location.
The Customer shall own all right, title and interest in its data that is provided to CIS pursuant to this Agreement. Customer hereby grants CIS a non-exclusive, non-transferable license to access and use such data to the extent necessary to provide Albert Monitoring & Management Services under this Agreement.
B. LIMITATION OF LIABILITY. CIS DOES NOT ASSUME ANY RESPONSIBILITY OR LIABILITY FOR ANY ACT OR OMISSION OR OTHER PERFORMANCE RELATED TO THE PROVISION OF ALBERT MONITORING & MANAGEMENT SERVICES OR FOR THE ACCURACY OF THE INFORMATION PROVIDED AS PART OF THE SERVICES. THE SERVICES ARE PROVIDED ON AN “AS-IS” BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED.
C. Right to Subcontract. In order to facilitate its performance of the Agreement, CIS may utilize a third-party subcontractor (“Subcontractor”) to provide any or all of the services required of it under this Agreement. Prior to any such subcontracting, CIS shall enter into a written agreement with Subcontractor in which Subcontractor accepts responsibility for all obligations that would otherwise be performed by CIS in accordance with the terms of this Agreement. Any written agreement between CIS and Subcontractor shall ensure for the provision of confidential information to require that Subcontractor abides by the same Confidentiality Terms contained herein. Customer may be directed to interact and communicate with Subcontractor at CIS’ direction.
VII. Confidentiality Obligation
CIS acknowledges that certain confidential or proprietary information may either be provided by Customer to CIS or generated in the performance of the Albert Monitoring & Management Services, including without limitation: information regarding the infrastructure and security of Customer’s information systems; assessments and plans that relate specifically and uniquely to the vulnerability of Customer’s information systems; the results of tests of the security of Customer’s information systems insofar as those results may reveal specific vulnerabilities; or information otherwise marked as confidential by Customer (“Confidential Information”). The Customer acknowledges that it may receive from CIS trade secrets and confidential and proprietary information (“Confidential Information”). Both Parties agree to hold each other’s Confidential Information in confidence to the same extent and the same manner as each Party protects its own confidential information, but in no event will less than reasonable care be provided and a Party’s information will not be released in any identifiable form without the express written permission of such Party or as required pursuant to lawfully authorized subpoena or similar compulsive directive or is required to be disclosed by law, provided that the Customer shall be required to make reasonable efforts, consistent with applicable law, to limit the scope and nature of such required disclosure. CIS shall, however, be permitted to disclose relevant aspects of such Confidential Information to its officers, employees and CIS’s federal partners provided that they agree to protect the Confidential Information to the same extent as required under this Agreement. The Parties agree to use all reasonable steps to ensure that Confidential Information received under this Agreement is not disclosed in violation of this Section VII. The obligations of the Parties pursuant to this paragraph shall survive the termination of this Agreement. Nothing in this Agreement shall prohibit CIS from using aggregated data of its customers in any format for any purpose, provided that such data cannot be identified to or associated with Customer.
VIII. Force Majeure
Neither Party shall be liable for performance delays or for non-performance due to causes beyond its reasonable control.
IX. No Third-Party Rights
Except as otherwise expressly stated herein, nothing in this Agreement shall create or give to third parties any claim or right of action of any nature against Customer or CIS.
Neither Party may assign their rights and obligations under this Agreement without the prior written approval of the other Party, which approval shall not be unreasonably withheld, conditioned or delayed. This Agreement shall be binding upon and inure to the benefits of each Party and their respective successors and assigns.
A. All notices permitted or required hereunder shall be in writing and shall be transmitted either: via certified or registered United States mail, return receipt requested; by facsimile transmission; by personal delivery; by expedited delivery service; or by e-mail with acknowledgement of receipt of the notice.
Such notices shall be addressed as follows or to such different addresses as the Parties may from time-to-time designate:
Name: CIS Services
Address: Center for Internet Security, Inc.
31 Tech Valley Drive
East Greenbush, NY 12061-4134
Phone: (518) 880-0766
E-Mail: [email protected]
With a copy to [email protected]
B. Any such notice shall be deemed to have been given either at the time of personal delivery or, in the case of expedited delivery service or certified or registered United States mail, as of the date of first attempted delivery at the address and in the manner provided herein, or in the case of facsimile transmission or email, upon receipt.
C. The Parties may, from time to time, specify any new or different contact information as their address for purpose of receiving notice under this Agreement by giving fifteen (15) days written notice to the other Party sent in accordance herewith. The Parties agree to mutually designate individuals as their respective representatives for the purposes of receiving notices under this Agreement. Additional individuals may be designated in writing by the Parties for purposes of implementation and administration, resolving issues and problems and/or for dispute resolution.
XII. Governing Law and Jurisdiction
Unless otherwise specifically prohibited by the laws of Customer’s jurisdiction, any disputes arising in connection with this Agreement shall be governed and interpreted by the laws of the State of New York without regard to its conflict of law provisions. In the event that the laws of Customer’s jurisdiction require that the laws of that jurisdiction apply to all contracts entered into by Customer, then the laws of that jurisdiction shall apply.
None of the provisions of this Agreement shall be considered waived by either Party unless such waiver is given in writing by the other Party. No such waiver shall be a waiver or any past or future default, breach or modification of any of the terms, provision, conditions or covenants of the Agreement unless expressly set forth in such waiver.
XIV. Entire Agreement; Counterparts; Amendments
This Agreement and the appendices attached hereto constitute the entire understanding and agreement between the Parties with respect to the subject matter hereof and replace and supersede all prior understandings, communications, agreements or arrangements between the parties with respect to this subject matter, whether oral or written. This Agreement may be executed in separate counterparts each signed by a Party and such counterparts deemed an executed whole with the full force and effect. Signatures may be exchanged by email or electronic signature and such signatures will be deemed original. This Agreement may only be amended as agreed to in writing by both Parties.
Unless otherwise specifically prohibited by the laws of Customer’s jurisdiction, for the avoidance of doubt, and whether or not CIS is deemed under applicable law to have accepted an offer by Customer, CIS objects to and rejects all additional and/or inconsistent terms contained in a Purchase Order (PO) or other similar document submitted by Customer to CIS, incidental to the purchase described herein. Any such terms which are not specifically addressed or referenced in this Agreement are hereby rejected and not agreed to nor consented to by CIS, absent express written acceptance.
XV. Partial Invalidity
If any provision of this Agreement be adjudged by a court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable.
XVI. Order of Precedence
Unless otherwise specifically prohibited by the laws of Customer’s jurisdiction or as otherwise agreed to between the Parties, in the event of a conflict between the terms of this Agreement and any other document executed between the Parties, the following order of precedence shall apply: (1) The terms contained in this Agreement; (2) An Order or Invoice provided by CIS to Customer; and (3) Any other document executed and/or agreed to in writing between the Parties.
Contract Version Date: 11/29/2021