SecureWorks | Master Services Agreement
This SECURITY SERVICES CUSTOMER MASTER SERVICES AGREEMENT (“MSA”) is entered into by SecureWorks Inc. (“SecureWorks”), and Customer and/or one of its Affiliates (as defined in Section 2.8 below) as of the Effective Date (as defined by the latest date in the signature block of the Service Order or SOW or if Customer purchased Services online, the date which such online purchase was accepted by SecureWorks). SecureWorks and Customer hereby agree to the following terms and conditions:
1.0 Services; Equipment and Order of Precedence.
1.1 Services. During the term of this MSA and subject to the terms and conditions herein, SecureWorks agrees to provide certain: (i) managed security services (“MSS Services”), and/or (ii) security risk consulting services (“Consulting Services”) purchased by Customer in accordance with the terms of this Section 1.1. The MSS Services and Consulting Services are collectively referred to hereafter as the “Services”. The Services being purchased are specified in a physical, electronic or online service order (“Service Order”) or statement of work (“SOW”) executed (or, if online, accepted pursuant to an online order process) by the parties which references this MSA. A detailed description of the MSS Services being purchased is provided in the service description and service level agreement (“SLA”) for such MSS Services attached to the Service Order (or linked to if the Customer is purchasing online) and incorporated therein by reference. Certain Consulting Services may be purchased online. If Customer is purchasing Consulting Services online, a link to an SLA for the applicable Consulting Service is provided. All Services Orders (whether signed or accepted pursuant to an online order process) and all SOWs are subject to the terms and conditions of this MSA and will include the following: (i) the particular Services to be performed, including, if applicable, any SLAs; (i) the term of the Services; (iii) the compensation and billing method for the Services; and (iv) any other applicable information agreed to by the parties.
1.2 Equipment. Except for equipment or hardware purchased by Customer pursuant to a Service Order (“Customer Purchased Equipment”), SecureWorks will provide the equipment or hardware as necessary for Customer to receive the MSS Services (“Equipment”). The Service Order will specify whether such equipment or hardware is Customer Purchased Equipment and/or Equipment. Upon the earlier of the termination or expiration of this MSA and/or the applicable Service Order, Customer will return all Equipment to SecureWorks and/or shall erase, destroy and cease use of all Software (as defined in Section 5 below) located on any Customer Purchased Equipment. If such Equipment is not returned by Customer, Customer will be responsible for the then-current replacement costs of such Equipment.
1.3 Order of Precedence. In the event of a conflict between the terms of the MSA and a Service Order/SOW (including any exhibits or attachments thereto), the terms of the Service Order/SOW shall govern.
2. Fees; Taxes; Invoicing and Payment.
2.1 MSS Services Fees. SecureWorks’ fees for the MSS Services are set forth on the Service Order. The MSS Services ordered will commence on the first day in which SecureWorks: (a) has established communication with the contracted Customer device(s) and/or Equipment/Customer Purchased Equipment; and (b) has verified the availability of Customer Data (as defined in Section 6.1 below) on the SecureWorks client portal, (the “Service Commencement Date”), and SecureWorks shall invoice Customer for such MSS Services on or after the Service Commencement Date.
If Customer is ordering Server/Network Infrastructure Monitoring, Security Information and Event Management, Managed and Monitored Firewall, Managed and Monitored Integrated Appliance, or Managed and Monitored Next Generation Firewall MSS Services pursuant to the Service Order, Customer shall be billed for the entire number of devices in the tier being purchased (as outlined in the Service Order) upon the Service Commencement Date of the initial device. If there are any devices remaining to be integrated thereafter, Customer shall be responsible for initiating the integration of such devices via the Portal (as defined in Section 5 below).
2.2 Consulting Service Fees. SecureWorks’ fees and billing milestones for the Consulting Services are set forth on the SOW or Service Order (as applicable).
2.3 Change Control. “Change” means any change to the Services that (i) would modify or alter the delivery of the Services or the composition of the Services, (ii) would alter the cost to Customer for the Services, or (iii) is agreed by Customer and SecureWorks in writing to be a Change. From time to time during the term of the Services, Customer or SecureWorks may propose Changes to the Services. Any Change to the applicable Service Order/SOW shall be: (i) approved by both SecureWorks and Customer, (ii) executed by an authorized representative of Customer and SecureWorks, and (iii) memorialized in a change order (“Change Order”) or other written amendment that specifically identifies the portion of the Service Order/SOW that is the subject of the modification or amendment and the changed or new provision.
2.4 Work on Customer Premises. If and to the extent that the implementation, performance or delivery of the Services require SecureWorks to be present at the Customer’s premises, then, subject to SecureWorks’ adherence to the SecureWorks travel reimbursement policy, or other travel reimbursement guidelines set forth in the Service Order/SOW, Customer shall reimburse SecureWorks for all reasonable and actual out-of-pocket travel expenses, including, but not limited to, hotel, airfare and meals, incurred in connection with the implementation, performance or delivery of the Services.
2.5 Taxes. Customer shall be responsible, on behalf of itself and its Affiliate(s), for the payment of all taxes and fees assessed or imposed on the Services provided or the amounts charged under the Service Order/SOW in any country or territory in which the Customer receives the benefit of the Services, including any sales, use, excise, value-added, or comparable taxes, but excluding taxes: (i) for which the Customer has provided a valid resale or exemption certificate, or (ii) imposed on SecureWorks’ income or arising from the employment relationship between SecureWorks and its employees. Should any payments become subject to withholding tax, the Customer will deduct these taxes from the amount owed and pay the taxes to the appropriate tax authority in accordance with applicable tax laws. Customer will promptly provide SecureWorks with receipts or documents evidencing these tax payments. SecureWorks shall not be liable for any withholding tax, penalty or interest due as a result of Customer’s failure to withhold any applicable tax.
2.6 Invoices and Payment. SecureWorks will invoice Customer in accordance with the billing terms set forth and detailed on the applicable Service Order or SOW. Unless otherwise specified on the Service Order or SOW, (i) all charges, fees, payments and amounts hereunder will be in United States dollars, and (ii) all undisputed amounts due hereunder are payable within thirty (30) days from the date of the invoice, which shall be submitted to Customer electronically (the “Invoice Due Date”).
2.7 Disputes and Nonpayment. Customer shall have the right to reasonably, and in good faith, dispute any invoice or any portion of any invoice claimed by SecureWorks as due and payable provided that, prior to the Invoice Due Date, Customer (i) timely pays any undisputed portion of the amount due and payable, and (ii) provides SecureWorks with written notice specifying the disputed amount and the basis for the dispute in reasonable detail.
Except for amounts that are disputed in good faith by Customer in accordance with this Section 2.7, SecureWorks reserves the right to charge Customer a late fee of one and a half percent (1.5%) per month or the maximum rate permitted by law, whichever is less, for invoices not paid on or before the Invoice Due Date. In addition, SecureWorks, without waiving any other rights or remedies to which it may be entitled, shall have the right, upon prior written notice to Customer, to suspend the Services until such payment is received.
2.8 Affiliates. As used herein, the term “Affiliate” with respect to a party means any entity that, directly or indirectly, through one or more intermediaries, controls, is controlled by or is under common control with such party. “Customer” may include Customer’s Affiliate(s): (i) receiving the benefit of the Services through Customer’s purchase of the Services, or (ii) whose data is included, accessed or received by SecureWorks in connection with the performance of the Services for Customer. With respect to such Customer Affiliate(s), Customer hereby represents and warrants that: (A) Customer has obtained the necessary consent from each Customer Affiliate for SecureWorks to access such Customer Affiliate’s networks and data in connection with providing the Services, and (B) each Customer Affiliate agrees to, and is hereby legally bound by, the terms of this MSA. The parties acknowledge and agree that Customer Affiliate(s) are not intended to be third party beneficiaries to this MSA. Customer shall be fully liable for any breach of the terms of this MSA by its Affiliate(s) receiving or having access to the Services hereunder.
In addition, in the event that a Customer Affiliate with a location outside of the United States is purchasing Services under this MSA (“Customer International Affiliate”), (i) such Customer International Affiliate shall enter into a Service Order and/or SOW directly with the SecureWorks local Affiliate (“SecureWorks Local Affiliate”) for such Services, and (ii) Customer shall execute a local country addendum specifying any local country required terms on behalf of Customer’s International Affiliate. For the purposes of either party’s Affiliate(s) performing, receiving or purchasing Services hereunder, references to SecureWorks and Customer herein shall be deemed references to such party’s respective Affiliate(s).
2.9 Third-Party Product Purchases. If Customer is purchasing any third-party products or services (“Third-Party Purchases”) as specified on the Service Order and/or SOW, Customer agrees that it will comply with any third-party flow down terms and conditions, including but not limited to, any third-party end-user license agreement attached to the Service Order or SOW relating to such Third-Party Purchases.
3. Term of MSA; Service Order(s) and SOW(s).
3.1 Term of MSA. The term of this MSA shall commence on the Effective Date and shall continue until the completion or expiration of the Services set forth on the Service Order/ SOW or until this MSA is terminated pursuant to the provisions hereof.
3.2 Term of Service Orders/SOW(s). The term for the Services is specified on the Service Order and/or SOW.
4.1 Termination for Breach. Either party may terminate this MSA or the Service Order and/or SOW in the event that the other party materially defaults in performing any obligation under this MSA (including any Service Order/SOW) and such default continues un-remedied for a period of thirty (30) days following written notice of default. If this MSA or the Service Order and/or SOW is terminated by Customer prior to the Service term expiration date for any reason other than SecureWorks’ breach, Customer agrees to pay to SecureWorks: (i) for the Consulting Services, all unpaid Consulting Service fees as set forth on the Service Order and/or SOW for the Consulting Services performed through the effective termination date; or (ii) for MSS Services, all unpaid MSS Service fees as set forth on the Service Order for the MSS Services performed through the effective termination date plus liquidated damages equal to the MSS Service fees that will become due during the remaining term of the Service Order(s). If Customer terminates this MSA or the Service Order and/or SOW as a result of SecureWorks’ breach, then to the extent that Customer has prepaid any Service fees, SecureWorks shall refund to Customer any prepaid Service fees on a pro-rata basis to the extent such Service fees are attributable to the period after such termination date.
4.2 Termination for Insolvency. This MSA and the Services hereunder will terminate, effective upon delivery of written notice by either party to the other party upon the following: (a) the institution of insolvency, receivership or bankruptcy proceedings or any other proceedings for the settlement of debts of the other party; (b) the making of an assignment for the benefit of creditors by the other party; or (c) the dissolution of the other party.
5. MSS Services Software; Restrictions.
SecureWorks will provide Customer with: (i) user IDs, tokens, passwords, (ii) access and use of the software (in object code format only), (iii) digital signatures, and (iv) access and use of the SecureWorks customer portal (the “Portal”), as necessary for Customer to receive the MSS Services (the “Software”) and the applicable written directions and/or policies relating to the MSS Services, which may be in paper or electronic format (the “Documentation” and collectively, with the MSS Services, Equipment and the Software, the “Products”), or a combination thereof, as necessary for Customer to receive the MSS Services and access the Portal. SecureWorks grants to Customer a limited, nontransferable, royalty-free and nonexclusive license to access and use, and for Customer’s Affiliate(s) to access and use, during the term of the MSS Services only, the Products delivered to Customer, subject to the restrictions set forth below.
Customer (i) will use the Products for its internal security purposes, or for the internal security purposes of Customer’s Affiliates purchasing MSS Services hereunder, and (ii) will not, for itself, any Affiliate of Customer or any third party: (a) sell, rent, license, assign, distribute, or transfer any of the Products; (b) decipher, decompile, disassemble, reconstruct, translate, reverse engineer, or discover any source code of the Software; (c) copy any Software or Documentation, except that Customer may make a reasonable number of copies of the Documentation for its internal use (provided Customer reproduces on such copies all proprietary notices of SecureWorks or its suppliers); or (d) remove from any Software, Documentation or Equipment any language or designation indicating the confidential nature thereof or the proprietary rights of SecureWorks or its suppliers. In addition, Customer will not, and will not permit unaffiliated third parties to, (I) use the Products on a time-sharing, outsourcing, service bureau, hosting, application service provider or managed service provider basis; (II) alter any aspect of any Software or Equipment; or (III) assign, transfer, distribute, or otherwise provide access to any of the Products to any unaffiliated third party or otherwise use any Product with or for the benefit of any unaffiliated third party.
This Section 5 shall survive any expiration or termination of this MSA.
6. Proprietary Rights.
6.1 Customer’s Proprietary Rights. Customer represents and warrants that it has the necessary rights, power and authority to transmit Customer Data (as defined below) to SecureWorks under this MSA. As between Customer and SecureWorks, Customer will own all right, title and interest in and to (i) any data provided by Customer and/or its Affiliate(s) to SecureWorks and/or Customer and/or its Affiliate(s)’ data accessed or used by SecureWorks or transmitted by Customer and/or its Affiliate(s) to SecureWorks or SecureWorks Equipment in connection with SecureWorks’ provision of the Services, including, but not limited to, Customer and/or its Affiliate(s)’ data included in any written or printed summaries, analyses or reports generated in connection with the Services (Customer and its Affiliate(s)’ data, collectively, the “Customer Data”), (ii) all intellectual property, including patents, copyrights, trademarks, trade secrets and other proprietary information (“IP”) of Customer that may be made available to SecureWorks in the course of providing Services under this MSA, and (iii) all confidential or proprietary information of Customer or Customer Affiliates, including, but not limited to, Customer Data, Customer Reports (as defined in Section 6.3), and other Customer files, documentation and related materials, in each case under this clause (iii), obtained by SecureWorks in connection with this MSA.
During the term of the Services, Customer grants to SecureWorks a limited, non-exclusive license to use the Customer Data solely for the purposes contemplated by this MSA and for SecureWorks to perform the Services hereunder. This MSA does not transfer or convey to SecureWorks or any third party any right, title or interest in or to the Customer Data or any associated IP rights, but only a limited right of use as granted in and revocable in accordance with this MSA.
6.2 SecureWorks’ Proprietary Rights. As between Customer and SecureWorks, SecureWorks will own all right, title and interest in and to the Products and Services. This MSA does not transfer or convey to Customer or any third party any right, title or interest in or to the Products and Services or any associated IP rights, but only a limited right of use as granted in and revocable in accordance with this MSA. SecureWorks will retain ownership of all copies of the Documentation. SecureWorks agrees to transfer to Customer all right, title and interest in and to any Customer Purchased Equipment, excluding any right, title or interest in and to the Software and any other SecureWorks IP loaded onto such Customer Purchased Equipment. In addition, Customer agrees that SecureWorks is the owner of all right, title and interest in all IP in any work, including, but not limited to, all inventions, methods, processes, and computer programs including any source code or object code, (and any enhancements and modifications made thereto) contained within the Services and/or Products (collectively, the “Works”), developed by SecureWorks in connection with the performance of the Services hereunder and of general applicability across SecureWorks’ customer base, and Customer hereby assigns to SecureWorks all right, title and interest in and to any copyrights that Customer may have in and to such Work; provided, however, that such Work shall not include Customer’s Confidential Information (as defined in Section 8), Customer Data, Customer Reports (as defined in Section 6.3) or other information belonging, referencing, identifying or pertaining to Customer or Customer Affiliates. Without limiting the foregoing, SecureWorks will own all right, title and interest in all IP in any advisory data, threat data, vulnerability data, analyses, summaries, bulletins and information made available to Customer in SecureWorks’ provision of its Counter Threat Intelligence Services (the “TI Reports”). During the term of the Services, SecureWorks grants to Customer a limited, non-exclusive license to use such Works and TI Reports solely for Customer to receive the Services and for Customer’s or its Affiliate’s internal security purposes only. Customer acknowledges that any license to the SecureWorks Products, Services, Works and TI Reports expires upon the expiration or termination of any individual Service Order/SOW and/or this MSA.
6.3 Customer Reports. Customer shall own all right, title and interest in and to any written summaries, reports, analyses, and findings or other information or documentation prepared uniquely and exclusively for Customer in connection with the Services and as specified in the Service Order/SOW (the “Customer Reports”). The provision by Customer of any Customer Report or any information therein to any unaffiliated third party shall not entitle such unaffiliated third party to rely on the Customer Report or the contents thereof in any manner or for any purpose whatsoever, and SecureWorks specifically disclaims all liability for any damages whatsoever (whether foreseen or unforeseen, direct, indirect, consequential, incidental, special, exemplary or punitive) to such unaffiliated third party arising from or related to reliance by such unaffiliated third party on any Customer Report or any contents thereof.
This Section 6 shall survive any expiration or termination of this MSA.
7. Customer Cooperation.
Customer acknowledges that SecureWorks’ performance and delivery of the Services are contingent upon: (A) Customer providing safe and hazard-free access to its personnel, facilities, equipment, hardware, network and information, and (B) Customer’s timely decision-making, providing the requested information and granting of approvals or permissions, as (A) and (B) are deemed reasonably necessary and reasonably requested for SecureWorks to perform, deliver and/or implement the Services. Customer will promptly obtain and provide to SecureWorks any required licenses, approvals or consents necessary for SecureWorks’ performance of the Services. SecureWorks will be excused from its failure to perform its obligations under this MSA to the extent such failure is caused solely by Customer’s delay in performing or failure to perform its responsibilities under this MSA and/or the Service Order/SOW.
In the performance of the Services, Customer and SecureWorks may have access to or be exposed to information of the other party not generally known to the public, including, but not limited to software, product plans, marketing and sales information, customer lists, “know-how,” or trade secrets which may be designated as being confidential or which, under the circumstances surrounding disclosure, ought to be treated as confidential (collectively, “Confidential Information”). Confidential Information may not be shared with third parties unless such disclosure is to personnel of SecureWorks or Customer, including employees, agents and subcontractors, on a “need-to-know” basis in connection with its performance obligations pursuant to this MSA, so long as such personnel have agreed to treat such Confidential Information under terms at least as restrictive as those herein. Each party agrees to take the necessary precautions to maintain the confidentiality of Confidential Information by using at least the same degree of care as such party employs with respect to its own Confidential Information of a like-kind nature, but in no case less than a commercially reasonable standard of care. The foregoing shall not include information, which, (A) was known by one party prior to its receipt from the other or is or becomes public knowledge without the fault of the recipient, (B) is received by the recipient from a source other than a party to this MSA, (C) is independently developed by a party without causing a breach of the terms hereunder, or (D) a party is required to disclose in response to an order by a court or governmental agency, provided that advance notice of the disclosure is provided to other party.
During the term of this MSA and the Services, SecureWorks shall employ and maintain reasonable and appropriate safeguards designed to: (a) reasonably protect all Customer Data in SecureWorks’ possession from unauthorized use, alteration, access or disclosure; (b) detect and prevent against a Breach (as defined below); and (c) ensure that SecureWorks’ employees and agents are appropriately trained to maintain the confidentiality and security of Customer Data in SecureWorks’ possession.
SecureWorks agrees to notify Customer promptly (within 48 hours), upon becoming aware of a confirmed use or disclosure of Customer Data or Customer Information in violation of this MSA (a “Security Breach”). A Security Breach shall be treated as discovered as of the first day on which it is known or should reasonably have been reasonably known to SecureWorks.
SecureWorks will, on an annual basis, have an audit conducted by a reputable and experienced accounting firm in accordance with the Statement on Standards for Attestation Engagements (“SSAE”) No.16, Reporting on Controls at a Service Organization, developed by the American Institute of Certified Public Accountants (“AICPA”), (the “Security Audit”) and have such accounting firm issue a Service Organization Control (“SOC”) 1 Type II Report (or substantially similar report in the event the SOC 1 Type II Report is no longer the industry standard) which will cover, at a minimum, the security policies, procedures and controls required by this MSA (the “Audit Report”). Customer acknowledges that the SSAE16, the SIG Lite and/or any other information provided by SecureWorks pertaining to SecureWorks’ security controls, policies, procedures, etc. are considered Confidential Information of SecureWorks and shall be treated by Customer in accordance with the terms and conditions of this MSA, including, but not limited to, this Section 8.
This Section 8 shall survive for three (3) years following any termination or expiration of this MSA; provided that with respect to any Confidential Information remaining in the receiving party’s possession following any termination or expiration of this MSA, the obligations under this Section 8 shall survive for as long as such Confidential Information remains in such party’s possession.
9. Warranties; Limitation of Liability and Consulting Services Disclaimer.
9.1 Warranties. SECUREWORKS WARRANTS THAT: (I) ITS PERSONNEL ARE ADEQUATELY TRAINED AND COMPETENT TO PERFORM THE SERVICES, AND (II) THE SERVICES SHALL BE PERFORMED IN A PROFESSIONAL MANNER IN ACCORDANCE WITH THE SERVICE ORDER/SOW AND THIS MSA. EXCEPT AS EXPRESSLY STATED IN THIS SECTION 9.1, SECUREWORKS (INCLUDING ITS AFFILIATES, SUBCONTRACTORS AND AGENTS) AND EACH OF THEIR RESPECTIVE EMPLOYEES, DIRECTORS AND OFFICERS (COLLECTIVELY, THE "SECUREWORKS PARTY(IES)") MAKES NO EXPRESS OR IMPLIED WARRANTIES WITH RESPECT TO ANY OF THE PRODUCTS, SERVICES OR CUSTOMER REPORTS, INCLUDING BUT NOT LIMITED TO, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, PERFORMANCE, SUITABILITY OR NON-INFRINGEMENT, OR ANY WARRANTY RELATING TO THIRD-PARTY PURCHASES.
9.2 Limitation of Liability.
9.2.1 NEITHER THE SECUREWORKS PARTIES NOR CUSTOMER WILL BE LIABLE FOR ANY INCIDENTAL, INDIRECT, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF OR IN CONNECTION WITH THIS MSA.
9.2.2. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN SECTION 9.2.1, NEITHER PARTY SHALL HAVE ANY LIABILITY FOR THE FOLLOWING: (A) LOSS OF REVENUE, INCOME, PROFIT, OR SAVINGS, (B) LOST OR CORRUPTED DATA OR SOFTWARE, LOSS OF USE OF SYSTEM(S) OR NETWORK, OR THE RECOVERY OF SUCH, (C) LOSS OF BUSINESS OPPORTUNITY, OR (D) BUSINESS INTERRUPTION OR DOWNTIME.
9.2.3 SECUREWORKS’ AGGREGATE LIABILITY (WHETHER IN CONTRACT, TORT OR OTHERWISE) FOR ALL CLAIMS OF LIABILITY ARISING OUT OF, OR IN CONNECTION WITH, THIS MSA SHALL NOT EXCEED: (A) FOR THE MSS SERVICES: THE AMOUNTS PAID BY CUSTOMER FOR THE SPECIFIC MSS SERVICE(S) GIVING RISE TO SUCH CLAIM DURING THE PRIOR TWELVE (12) MONTH PERIOD; AND (B) FOR THE CONSULTING SERVICES: THE AMOUNT OF THE SOW.
9.2.4 The foregoing limitations, exclusions and disclaimers shall apply, regardless of whether the claim for such damages is based in contract, warranty, strict liability, negligence, and tort or otherwise. Insofar as applicable law prohibits any limitation herein, the parties agree that such limitation will be automatically modified, but only to the extent so as to make the limitation permitted to the fullest extent possible under such law. The parties agree that the limitations on liabilities set forth herein are agreed allocations of risk constituting in part the consideration for SecureWorks’ sale of Services and/or Products to Customer, and such limitations will apply notwithstanding the failure of essential purpose of any limited remedy and even if a party has been advised of the possibility of such liabilities.
9.2.5 Certain Consulting Services follow a defined sampling methodology, rather than being driven by a specific end result or deliverable. This sampling methodology aims to reduce cost while at the same time minimizing any detrimental impact on the accuracy and reliability of the results. Due to the inherent risks and limitations associated with this methodology, SecureWorks cannot guarantee (i) the outcome of its testing, assessment, forensics, or remediation methods, or (ii) that all weaknesses, noncompliance issues or vulnerabilities will be discovered (clauses (i) and (ii) (together, the “Risks and Limitations”). Customer acknowledges and accepts these Risks and Limitations. Depending upon the type of Consulting Services being purchased pursuant to a Service Order or SOW, Appendix A may apply.
This Section 9 shall survive any expiration or termination of this MSA.
"Indemnified Parties" shall mean, in the case of SecureWorks, SecureWorks, its Affiliates and subcontractors, and each their respective directors, officers, employees, contractors and agents and, in the case of Customer, Customer, its Affiliates, and each of their respective directors, officers, employees, contractors and agents.
10.1 SecureWorks Indemnity. SecureWorks shall defend, indemnify and hold harmless the Customer Indemnified Parties from any damages, costs and liabilities, expenses (including reasonable and actual attorney’s fees) (“Damages”) actually incurred or finally adjudicated as to any third-party claim or action alleging that the Products, Services or any Customer Reports prepared or produced by SecureWorks and delivered pursuant to this MSA infringe or misappropriate any third party’s patent, copyright, trade secret, or other intellectual property rights enforceable in the country(ies) in which the Products, Services or any Customer Reports are performed or prepared for Customer by SecureWorks (“Indemnified Claims”). If an Indemnified Claim under this Section 10.1 occurs, or if SecureWorks determines that an Indemnified Claim is likely to occur, SecureWorks shall, at its option: (A) obtain a right for Customer to continue using such Products, Services or Customer Reports; (B) modify such Products, Services or Customer Reports to make them non-infringing; or (C) replace such Products, Services or Customer Reports with a non-infringing equivalent. If (A), (B) or (C) above are not reasonably available, either party may, at its option, terminate this MSA and/or the Service Order and/or SOW and SecureWorks will refund any pre-paid fees on a pro-rata basis for the allegedly infringing Products, Services or Customer Reports that have not been performed or provided. Notwithstanding the foregoing, SecureWorks shall have no obligation under this Section 10.1 for any claim resulting or arising from: (A) modifications made to the Products, Services or Customer Reports that were not performed or provided by or on behalf of SecureWorks; or (B) the combination, operation or use by Customer, or anyone acting on Customer’s behalf, of the Products, Services or Customer Reports in connection with a third-party product or service (the combination of which causes the infringement).
10.2 Customer Indemnity. Customer shall defend, indemnify and hold harmless the SecureWorks Indemnified Parties from any Damages actually incurred or finally adjudicated as to any (i) third-party claim or action alleging that the Customer Data infringes a copyright or misappropriates any trade secrets enforceable in the country(ies) where the Customer Data is accessed, provided to or received by SecureWorks or was improperly provided to SecureWorks in violation of Customer’s privacy policies or applicable laws (or regulations promulgated thereunder), and (ii) claim or action by Customer Affiliates arising from or relating to the Services. For the avoidance of doubt, Customer’s indemnity obligations in clause (ii) of this Section 10.2 shall not affect Customer’s rights or remedies under this MSA.
10.3 Mutual General Indemnity. Each party agrees to indemnify and hold harmless the other party from any third-party claim or action (i) for personal bodily injuries, including death, or tangible property damage resulting from the indemnifying party’s gross negligence or willful misconduct, and (ii) relating to the indemnifying party’s violation or alleged violation of applicable export laws, regulations and orders.
10.4 Indemnification Procedures. The Indemnified Party will (i) promptly notify the indemnifying party in writing of any claim, suit or proceeding for which indemnity is claimed, provided that failure to so notify will not remove the indemnifying party’s obligation except to the extent it is prejudiced thereby, and (ii) allow the indemnifying party to solely control the defense of any claim, suit or proceeding and all negotiations for settlement. In no event may either party enter into any third-party agreement which would in any manner whatsoever affect the rights of the other party or bind the other party in any manner to such third party, without the prior written consent of the other party.
This Section 10 states each party’s exclusive remedies for any third-party claim or action, and nothing in this MSA or elsewhere will obligate either party to provide any greater indemnity to the other.
This Section 10 shall survive any expiration or termination of this MSA.
Each party agrees to comply with all laws and regulations applicable to such party in the course of performance of its obligations under this MSA. Customer acknowledges that the Products and/or Services provided under this MSA, which may include technology, authentication and encryption, are subject to the customs and export control laws and regulations of the United States (“U.S.”); may be rendered or performed either in the U.S., in countries outside the U.S., or outside of the borders of the country in which Customer or its systems are located; and may also be subject to the customs and export laws and regulations of the country in which the Products and/or Services are rendered or received. Customer also may be subject to import or re-export restrictions in the event Customer transfers the Products and/or Services from the country of delivery and Customer is responsible for complying with applicable restrictions. SecureWorks’ acceptance of any order for Products is contingent upon the issuance of any applicable export license required by the U.S. Government or any other applicable national government. SecureWorks will not liable for delays or failure to deliver Products resulting from Customer’s failure to obtain such license or to provide such certification.
This Section 11 shall survive any expiration or termination of this MSA.
12. OFAC Warranty. Each party warrants to the best of its knowledge that neither it, nor any of its Affiliates or such party’s agents are on any list maintained by the United States Treasury Department’s Office of Foreign Assets Control of persons, entities, or prohibited or restricted jurisdictions. Each party agrees that it will promptly notify the other party in writing if the notifying party becomes aware of any changes to this warranty or if to the notifying party’s knowledge any change is threatened. In such event, the notified party shall have the ability to terminate this MSA without affording the notifying party an opportunity to cure.
This Section 12 shall survive any expiration or termination of this MSA.
13. Government Entity.
Customer represents and warrants that it is not a national, provincial, Federal, state, county or municipal government or any governmental agency, department, subdivision, instrumentality, body, corporation or other arm or extension of any of the foregoing and, in executing and delivering this MSA and receiving the Products and Services hereunder, is not acting under the authority or color of authority of any of the foregoing.
This Section 13 shall survive any expiration or termination of this MSA.
14. Important Additional Terms.
14.1 Independent Contractor Relationship; Subcontracting. The parties are independent contractors. Neither party will have any rights, power or authority to act or create an obligation, express or implied, on behalf of another party except as specified in this MSA. Neither party will use the other party’s name (except internal use only), trademark, logos, or trade name without the prior written consent of the other party. SecureWorks has the right to assign, subcontract or delegate in whole or in part this MSA, or any rights, duties, obligations or liabilities under this MSA, by operation of law or otherwise, provided that SecureWorks shall remain responsible for the performance of Services under this MSA. Otherwise, neither party may assign this MSA or the Services hereunder without the permission of the other party.
14.2 Entire Agreement; Amendments; Severability; Section Headings. This MSA and the Service Order and/or SOW are the entire agreement between SecureWorks and Customer with respect to its subject matter and supersede all prior oral and written understandings, agreements, communications, and terms and conditions attached to or contained within a purchase order issued by Customer in connection with the Services, including, but not limited to, any security or privacy agreements executed by the parties. No amendment to or modification of this MSA, in whole or in part, will be valid or binding unless it is in writing and executed by authorized representatives of both parties; provided, however, that the SLA(s) may be amended from time to time by SecureWorks, as reasonably necessary, in its reasonable discretion as long as such amendments (a) will have no material adverse impact on the Services, Service Levels or Service credits currently being provided to Customer by SecureWorks; and (b) are being effected with respect to all similarly situated SecureWorks customers. If any provision of this MSA is void or unenforceable, the remainder of this MSA will remain in full force and effect. Section headings are for reference only and shall not affect the meaning or interpretation of this MSA.
14.3 Force Majeure. Neither party shall be liable to the other party for any failure to perform any of its obligations under this MSA during any period in which such performance is delayed by circumstances beyond its reasonable control including, but not limited to, fire, flood, war, embargo, strike, riot or the intervention of any governmental authority (a “Force Majeure”). In such event, however, the delayed party must promptly provide the other party with written notice of the Force Majeure. The delayed party’s time for performance will be excused for the duration of the Force Majeure, but if the Force Majeure event lasts longer than thirty (30) days, or fifteen (15) business days as to a Force Majeure delaying Customer's performance of its payment obligations, the other party may immediately terminate the applicable Service Order and/or SOW by giving written notice to the delayed party.
14.4 Notices. Notices to SecureWorks under this MSA must be in writing and sent by postage prepaid first-class mail or receipted courier service at the address below or to such other address (including facsimile or electronic) as specified in writing and will be effective upon receipt.
One Concourse Parkway, Suite 500
Atlanta, GA 30328
This Section 14.4 shall apply for formal contract notices only and shall not limit the parties’ ability to communicate via electronic mail or other methods as agreed to by the parties for routine communications.
14.5 Governing Law, Forum and Language. THE PARTIES AGREE THAT THIS MSA, ANY THE SERVICES HEREUNDER, OR ANY CLAIM, DISPUTE OR CONTROVERSY (WHETHER IN CONTRACT, TORT, OR OTHERWISE, WHETHER PREEXISTING, PRESENT OR FUTURE, AND INCLUDING STATUTORY, COMMON LAW, AND EQUITABLE CLAIMS) BETWEEN CUSTOMER AND SECUREWORKS ARISING FROM OR RELATING TO THIS MSA, THE SERVICES, ITS INTERPRETATION, OR THE BREACH, TERMINATION OR VALIDITY THEREOF, THE RELATIONSHIPS WHICH RESULT FROM THIS MSA OR ANY RELATED PURCHASE SHALL BE GOVERNED BY THE LAWS OF THE STATE OF TEXAS, WITHOUT REGARD TO CONFLICTS OF LAW.
The parties agree that any and all claims, causes of action or disputes (regardless of theory) arising out of or relating to the MSA and/or the Services shall be brought exclusively in the courts located in Travis County, Texas. Customer and SecureWorks agree to submit to the personal jurisdiction of the courts located within Travis County, Texas, and agree to waive any and all objections to the exercise of jurisdiction over the parties by such courts and to venue in such courts.
This MSA will be interpreted and construed in accordance with the English language.
14.6 Dispute Resolution. The parties will attempt to resolve any claim, or dispute or controversy (whether in contract, tort or otherwise) arising out of or relating to this MSA or the Services hereunder (a “Dispute”) through face-to-face negotiation with persons fully authorized to resolve the Dispute or through mediation utilizing a mutually agreeable mediator, rather than through litigation. The existence or results of any negotiation or mediation will be treated as confidential. Notwithstanding the foregoing, either party will have the right to seek from a court of competent jurisdiction a temporary restraining order, preliminary injunction or other equitable relief to preserve the status quo, prevent irreparable harm, avoid the expiration of any applicable limitations period, or preserve a superior position with respect to other creditors, although the merits of the underlying Dispute will be resolved in accordance with this paragraph. In the event the parties are unable to resolve the Dispute within thirty (30) days of notice of the Dispute to the other party, the parties shall be free to pursue all remedies available at law or equity.
Applicable to Security Services: Should the Service Order/SOW include security scanning, testing, assessment, forensics, or remediation Services (“Security Services”), Customer understands that SecureWorks may use various methods and software tools to probe network resources for security-related information and to detect actual or potential security flaws and vulnerabilities. Customer authorizes SecureWorks to perform such Security Services (and all such tasks and tests reasonably contemplated by or reasonably necessary to perform the Security Services) on network resources with the internet protocol addresses (“IP Addresses”) identified by Customer. Customer represents that, if Customer does not own such network resources, it will have obtained consent and authorization from the applicable third party to permit SecureWorks to provide the Security Services on such third party’s network resources. SecureWorks shall perform Security Services during a timeframe mutually agreed upon with Customer. The Security Services, such as penetration testing or vulnerability assessments, may also entail buffer overflows, fat pings, operating system specific exploits, and attacks specific to custom coded applications but will exclude intentional and deliberate DOS (“Denial of Service”) attacks. Furthermore, Customer acknowledges that the Security Services described herein could possibly result in service interruptions or degradation regarding the Customer’s systems and accepts those risks and consequences. Upon execution of the Service Order/SOW for such Security Services, Customer consents and authorizes SecureWorks to provide any or all of the Security Services specified in the applicable Service Order/SOW with respect to the Customer’s systems. Customer further acknowledges that it is the Customer’s responsibility to restore network computer systems to a secure configuration after the completion of SecureWorks’ testing.
Applicable to Compliance Consulting Services: Should the Service Order/SOW include compliance testing or assessment or other similar compliance advisory Services (“Compliance Services”), Customer understands that, although SecureWorks' Compliance Services may discuss or relate to legal issues, (i) SecureWorks does not provide legal advice or services, (ii) none of such Compliance Services shall be deemed, construed as or constitute legal advice, and (iii) Customer is ultimately responsible for retaining its own legal counsel to provide legal advice. Furthermore, the Customer Reports provided by SecureWorks in connection with any Compliance Services shall not be deemed to be legal opinions and may not and should not be relied upon as proof, evidence or any guarantee or assurance as to Customer’s legal or regulatory compliance.
Applicable to Payment Card Industry Compliance Consulting Services: Should the Service Order/SOW include payment card industry (“PCI”) compliance auditing, testing or assessment or other similar PCI compliance advisory Consulting Services (“PCI Compliance Services”), Customer understands that SecureWorks' PCI Compliance Services do not constitute any guarantee or assurance that security of Customer’s systems, networks and assets cannot be breached or are not at risk. PCI Compliance Services are an assessment, as of a particular date, of whether Customer’s systems, networks, assets, and any compensating controls meet the applicable PCI standards. Mere compliance with PCI standards may not be sufficient to eliminate all risks of a security breach of Customer’s systems, networks and assets. Furthermore, SecureWorks is not responsible for updating its reports and assessments, or enquiring as to the occurrence or absence of such, in light of changes to Customer’s systems, networks and assets after the date that SecureWorks issues its final Customer Report pursuant to the Service Order/SOW, absent a Change Order or a separately signed Service Order/SOW expressly requiring the same.