Terms and Conditions
Term
This Agreement shall be for a term of at most one year commencing on the date of execution by both parties, and is subject to earlier termination as provided in this Agreement.
Change Procedure
Any changes and/or modification to this Statement of Work must be done in writing and approved by both RSAA and Client. Some changes may result in a change to the service fees associated with this SOW. Should the changes result in additional time or material, RSAA will provide to the Client in writing an estimated cost for approval before such costs are incurred.
Termination
Either Party may terminate this Agreement either (a) upon Default if the defaulting Party fails to cure within 30 days following written notice by the non-defaulting Party, (b) upon the other Party's insolvency or liquidation as a result of which such party ceases to do business for a continuous period of at least three months, (c) upon either party’s petition for bankruptcy protection under the US Bankruptcy Code, or (d) as provided under Client Responsibilities of this Agreement.
Either party may terminate this Agreement for cause upon the expiration of thirty (30) calendar days following detailed written notice to the other party of its material breach of any of its material obligations under this Agreement if the other party has not remedied such breach during the notice period. In the event of a termination due to material breach of any of its material obligations for cause by RSAA or by Client, only those amounts for services not rendered shall be credited by RSAA.
Auto Renewal
Sixty (60) days before completion of the contract period, Client shall provide the termination notice. If Client chooses to not terminate the Agreement, Client will automatically enter into one (1) year agreement with additional 5% market adjusted price increase. Client may terminate this agreement with advance written notice of at least sixty (60) days.
Payment
All payments under this Agreement shall be made in United States dollars, in immediately available funds, without set-off and net of any applicable taxes or fees.
Applicable to Professional Services (PS). PS work involves the performance of specific tasks for a fixed-price. RSAA will invoice Client an amount equal to half (50%) of the estimated price as a deposit for these services at the execution of a PS SOW which shall be due upon receipt. The deposit is non-refundable. The remaining balance will be prorated monthly during the course of the project and final payment is due upon completion of the project, or before deliverables (if any) are ready to be delivered, whichever comes first. Client must provide RSAA with 10 days notice if work needs to be paused, for any reason. If Client fails to provide notice and the delay exceeds forty five days (45 days) then the Client must also pay the project delay expenses equal to ten percent (10%) of the total contract value, payable in advance of Service(s) restarting. RSAA reserves the right to withhold any report(s) or analysis until full payment is received. RSAA also reserves the right to revoke any reports or deliverables at any time due to breach of this contract. Any payments to be made by Client shall be via check, money order, wire transfer or automatic ACH.
Applicable to Managed Services (MS). Client agrees that MRC listed on the MS Agreement or MS Change Order shall begin upon execution of the MS Agreement. Client will be invoiced the first MRC on the scheduled start date and shall be due upon receipt. Subsequent MRC invoices shall be sent monthly on the day the services commence with Net 30 payment terms. In the event that the MS Agreement is terminated early before the completion of the term (unless month-to-month), the unpaid balance for the remaining number of months is to become due and paid immediately. Clients must provide RSAA with 30 days notice if MRC needs to be paused, for any reason. If Client fails to provide notice and the delay exceeds forty five days (45 days) then the Client must also pay the MRC delay expenses equal to ten percent (10%) of the total contract value, payable in advance of MRC restarting. All payments must be made via check or ACH.
The prices contained in this SOW are based on the information provided by Client. If Client has correctly informed RSAA of its Policies, Procedures, and Systems then the non-binding estimate will be accurate. RSAA will only perform the Services estimated in the non-binding estimate and will only analyze those Systems designated by Client for the price estimated.
Prices are entirely dependent upon the information provided to RSAA by Client and are subject to change by RSAA as RSAA discovers more information during subsequent calls and visits on-site.
Additional charges will apply to analyze other Systems or Policies and Procedures not identified by Client prior to initiation of Service(s).
If applicable, Client must provide RSAA with 10 days’ notice to reschedule on-site activities and pay any non-refundable travel expenses and project delay expenses incurred by RSAA. If Client fails to provide RSAA 10 days’ notice to reschedule the Assessment, and project delay expenses equal to ten percent (10%) of the contract value, payable in the advance of Service(s) restarting.
If Client must pause the engagement for a period of time, RSAA Assurance will grant Client a one-time extension period of no more than thirty (30) consecutive days, after which the engagement should recommence with any outstanding invoices immediately paid. All subsequent invoices shall follow their original payment schedule.
If any payment is not received, in full, by the invoice due date, a late charge of five percent (5%) per month (or the maximum amount allowable by law) will be charged on the outstanding amount and will compound on a daily basis.
If, at any time, Client has any unpaid invoice that is greater than thirty (30) days past due, RSAA Assurance will cease providing the Services until such time as Client’s account is brought current. If, at any time, Client has any unpaid invoice that is greater than sixty (60) days past due, RSAA Assurance will attempt to collect the debt using a 3rd party collection company or legal remediation through the Client's jurisdiction and Client is responsible for the cost of collection and any legal fees associated with such.
RSAA Assurance Responsibilities
RSAA Assurance represents and warrants that it has the right and authority to enter into this Agreement, and that by entering into this Agreement, it will not violate, conflict with or cause a material default under any other contract, agreement, indenture, decree, judgment, undertaking, conveyance, lien or encumbrance to which it is a party or by which it or any of its property is or may become subject or bound.
RSAA Assurance shall comply with all applicable operational rules and regulations, while on the premises of each Company. Client, in its sole discretion, may limit RSAA Assurance's access to a reasonable number of its authorized employees or designees. RSAA Assurance shall use its best efforts to not interfere with the business operations of the Client.
Unless otherwise agreed, RSAA Assurance shall maintain Comprehensive General Liability Insurance in an amount not less than $1,000,000 per occurrence for bodily injury or property damage and (ii) Property Insurance on an "all risk" form covering equipment and personal property owned or leased by RSAA Assurance and used or stored on Client’s premises. If required by Client, such Comprehensive General Liability Insurance shall have an additional insured endorsement naming the Client, and shall be primary and non-contributing with any insurance policies carried by RSAA Assurance.
RSAA Assurance shall appoint a Project Manager to coordinate all activities, or any of its subcontractors' activities, in connection with the IT Services. The services of the Project Manager shall be included in the Service Fees. In the event that any employee of RSAA Assurance or of any of its subcontractors, performing services hereunder is found to be unacceptable to Client, Client shall notify RSAA Assurance of such fact and RSAA Assurance shall use its best efforts to remove said employee or subcontractor from performing services for Client and provide a qualified Replacement.
Client Responsibilities
Client represents and warrants that it has the right and authority to enter into this Agreement, and that by entering into this Agreement, it will not violate, conflict with or cause a material default under any other contract, agreement, indenture, decree, judgment, undertaking, conveyance, lien or encumbrance to which it is a party or by which it or any of its property is or may become subject or bound.
Client shall grant RSAA Assurance reasonable access to each location identified on page 1 of the Agreement. Client shall inform RSAA Assurance in writing of any modifications to be made by Client to the functional and licensed computer hardware or software that is used by Client including but not limited to Servers, Workstations, printers, switches, routers and firewalls (the “Equipment”). RSAA Assurance shall not be responsible for maintaining Client or third party modified portions of the Equipment affected by such modifications.
Maintenance or repairs requested due to Client’s unauthorized or misuse of Equipment shall be performed subject to RSAA Assurance’s personnel availability and billed at RSAA Assurance’s standard time and materials charges. In addition, all warranties express, implied or statutory are deemed revoked by RSAA Assurance and waived by Client until such repair or maintenance has been performed by RSAA Assurance and the Equipment has been certified by RSAA Assurance for performance.
Client agrees to use the Equipment in accordance with standard operating procedures. Client agrees to provide RSAA Assurance with access to its facilities and the necessary equipment and documentation for RSAA Assurance to perform the IT Services, and with sufficient support and test time so that RSAA Assurance is able to duplicate any problem reported, to certify that the problem is with the Equipment, to correct the problem and to certify to Client that the problem has been corrected. Client shall be solely responsible for its data, information and programs stored on the network including the making of timely and accurate back-up copies.
Client agrees to use technology solutions provided by RSAA including but not limited to security portal, software and other tools during contracted service period. If Client opts out of using the aforementioned, a fee of $2500 or 5% of service contract, whichever is greater, shall be applied.
Client agrees to attend scheduled meetings during the engagement period and give 24 hours' cancellation notice for any scheduled meeting they cannot attend. Without 24 hours’ cancellation notice, the meeting time will be billed against the client hours.
Default
Default may be caused by any of the following:
By Client for failing to pay, within 30 days of invoice due date any valid invoice provided by RSAA Assurance.
By Client failing to satisfy responsibilities outlined in Client Responsibilities.
By RSAA Assurance for failing to provide the IT Services as described in the Scope of Services provided that such failure is not as a result of Client’s failure to satisfy responsibilities outlined in RSAA Assurance Responsibilities.
Either Party will have 30 days to cure any default as per this paragraph once the other Party serves notice of such default in writing.
Scripting
Scripting is NOT included in this scope of work unless otherwise stated. This includes but is not limited to automation of failover for applications, movement of data or other automated functions.
Existing Equipment
RSAA is not responsible for any existing equipment defects or interoperability. It is the Client’s responsibility to have the data backed up and available on premise, if needed.
Applicable to Security Services
Should a Statement of Work include security scanning, testing, assessment, forensics, or remediation Services (“Security Services”), Client understands that RSAA may use various methods and software tools to probe network resources for security-related information and to detect actual or potential security flaws and vulnerabilities. Client authorizes RSAA to perform such Security Services (and all such tasks and tests reasonably contemplated by or reasonably necessary to perform the Security Services or otherwise approved by Client from time to time) on network resources with the IP Addresses identified by Client. Client represents that, if Client does not own such network resources, it will have obtained consent and authorization from the applicable third party, in form and substance satisfactory to RSAA, to permit RSAA to provide the Security Services. RSAA shall perform Security Services during a timeframe mutually agreed upon with Client. The Security Services, such as penetration testing or vulnerability assessments , may also entail buffer overflows, fat pings, operating system specific exploits, and attacks specific to custom coded applications but will exclude intentional and deliberate Denial of Service Attacks. Furthermore, Client acknowledges that the Security Services described herein could possibly result in service interruptions or degradation regarding the Client’s systems and accepts those risks and consequences. Client hereby consents and authorizes RSAA to provide any or all the Security Services with respect to the Client’s systems. Client further acknowledges it is the Client’s responsibility to restore network computer systems to a secure configuration after RSAA Consultant testing.
Applicable to Compliance Services
Should a Statement of Work include compliance testing or assessment or other similar compliance advisory Services (“Compliance Services”), Client understands that, although RSAA's Compliance Services may discuss or relate to legal issues, RSAA does not provide legal advice or services, none of such Services shall be deemed, construed as or constitute legal advice and that Client is ultimately responsible for retaining its own legal counsel to provide legal advice, Furthermore, any written summaries or reports provided by RSAA in connection with any Compliance Services shall not be deemed to be legal opinions and may not and should not be relied upon as proof, evidence or any guarantee or assurance as to Client’s legal or regulatory compliance. Furthermore Any outcome of the services involving compliance assessment is limited to a point-in-time examination of the Client’s compliance or non-compliance status with the applicable standards or industry best practices set forth in the Scope of Work and that the outcome of any audits, assessments, or testing by, and the opinions, advice, recommendations, and/or certification by RSAA does not constitute any form of representation, warranty, or guarantee that Client’s systems are 100% secure from every form of attack. In assisting in the examination of Client’s compliance or non-compliance status, RSAA relies upon accurate, authentic, and complete information provided by Client, as well as use of certain sampling techniques
Applicable to PCI Compliance Services
Should a Statement of Work include PCI compliance auditing, testing or assessment or other similar PCI compliance advisory Consulting Services (“PCI Compliance Services”), Client understands that RSAA's PCI Compliance Services do not constitute any guarantee or assurance that security of Client’s systems, networks and assets cannot be breached or are not at risk. These Services are an assessment, as of a particular date, of whether Client’s systems, networks and assets, and any compensating controls meet the applicable PCI standards. Mere compliance with PCI standards may not be sufficient to eliminate all risks of a security breach of Client’s systems, networks and assets. Furthermore, RSAA is not responsible for updating its reports and assessments, or inquiring as to the occurrence or absence of such, in light of subsequent changes to Client’s systems, networks and assets after the date of RSAA’ final report, absent a signed Statement of Work expressly requiring the same
WARRANTY
DUE TO THE NATURE OF THE COMPUTER SECURITY BUSINESS, NO SECURITY COMPANY CAN GUARANTEE THAT IT WILL DETECT EVERY VULNERABILITY OR SECURITY PROBLEM. RSAA PROVIDES ITS SERVICES ON AN “AS IS” BASIS AND WITHOUT ANY WARRANTIES WHATSOEVER.
RSAA DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO ITS SERVICES, MATERIALS AND PRODUCTS.
RSAA DOES NOT WARRANT THAT THE SERVICES WILL DETECT EVERY VULNERABILITY ON YOUR SYSTEM, OR THAT RSAA’ SECURITY ASSESSMENTS, SUGGESTED SOLUTIONS OR ADVICE WILL BE ERROR-FREE OR COMPLETE. Client AGREES THAT RSAA SHALL NOT BE RESPONSIBLE OR LIABLE FOR THE ACCURACY OR USEFULNESS OF ANY INFORMATION PROVIDED BY IT, OR FOR ANY USE OF SUCH INFORMATION.
Limitation of Liability
Client agrees, to the extent not prohibited by law, that RSAA Assurance shall not be liable for any claim involving, concerning or related to the loss or destruction of Client data or any portion thereof or for any damage either to person or property sustained by Client arising from its performance of IT Services or Cybersecurity Services (“excluded liability”), whether such performance is by RSAA Assurance or third parties designated by RSAA Assurance, unless such excluded liability arose as the result of RSAA Assurance’s intentional misconduct or gross negligence. In no event will RSAA Assurance be liable to Client, any employee, agent or contractor of Client, or any third party for any claims arising out of or related to this Agreement, including in relation to the Client Equipment, the IT Services, including without limitation the services set forth in the Scope of Services, Client’s business or otherwise, which claims involve indirect, incidental, punitive, or consequential damages, even if advised of the possibility of such damages, whether under theory of contract, tort (including negligence), strict liability or otherwise. Notwithstanding anything to the contrary in this Agreement, RSAA Assurance’ maximum aggregate liability to Client related to or arising under this Agreement will be limited to the total amount paid by Client to RSAA Assurance pursuant to this Agreement for the six (6) month period preceding the claim.
Confidentiality
The parties acknowledge that in the course of performing their responsibilities under this Agreement, they each may be exposed to or acquire information that is proprietary to or confidential to the other party or third parties. The parties agree to hold such information in strictest confidence and not to copy, reproduce, sell, assign, license, market, transfer, give or otherwise disclose such information to third parties or to use such information for any purposes whatsoever, without the express written permission of the other party, other than for the performance of obligations hereunder or as otherwise agreed to herein, and to advise each of their employees, agents and representatives of their obligations to keep such information confidential. All such confidential and proprietary information described herein (including, but not limited to, business plans and data relating to each party, RSAA Assurance Proprietary Materials, or Client Data) and any deliverable provided hereunder, in whatever form (including, but not limited to Work Product) are hereinafter collectively referred to as "Confidential Information." The parties shall use reasonable efforts to assist each other in identifying and preventing any unauthorized use or disclosure of any Confidential Information. Without limitation of the foregoing, the parties shall use reasonable efforts to advise each other immediately in the event that either learns or has reason to believe that any person or entity has violated or intends to violate the terms of this Agreement, and will reasonably cooperate in seeking injunctive relief against any such person or entity.
Non-Solicitation Clause
The parties each acknowledge that they are both involved in a highly strategic and competitive business. The parties further acknowledge that the hiring party would gain substantial benefit and that the non-hiring party would be deprived of such benefit, if one party were to directly hire personnel employed by the other. Therefore, except as otherwise provided by law, neither party shall, without the prior written consent of the other, solicit the employment of any personnel who performed work by reason of this Agreement or the work described hereunder, during the term of this Agreement and for a period of two (2) years following the termination or expiration of this Agreement. The parties agree that the damages resulting from breach of this provision are uncertain and that it would be impracticable or extremely difficult to ascertain the actual amount of the damages. Therefore, in the event either party violates this provision, the breaching party shall immediately pay to the non-breaching party an amount equal to 100% of the offered salary of the employee or 50% of the Client's offer, whichever is greater. This will be paid out within 5 days of breach, as liquidated damages and the non-breaching party shall have the option to terminate this Agreement without further notice or liability. The amount of the liquidated damages reflected herein is not intended as a penalty and is reasonably calculated by the parties based upon the projected costs the non-breaching party would incur to identify, recruit, hire, and train suitable replacements for such personnel. If any court of competent jurisdiction determines that any part of this provision or Agreement is invalid, the remainder of this provision or Agreement will continue in full force and effect. The offending part will be interpreted to whatever extent possible to give effect to its stated intent.
Assignment
Neither party may assign, in whole nor in part, this Agreement without the prior written consent of the other party, whose consent shall not be unreasonably withheld; except if a transfer or assignment of this Agreement is included in a sale of all or substantially all of the assets of the assigning party.
Indemnification
Client shall indemnify and hold harmless RSAA Assurance from any loss, cost or expense, including attorneys' fees, to persons or property, suffered or incurred in connection with any claim, suit or proceeding brought against RSAA Assurance to the extent that it arises out of this Agreement or services provided therefore.
Survival
Confidentiality and Assignment of this Agreement shall survive Termination.
Applicable Law
This Agreement shall be construed and enforced in accordance with the laws of the State of California. The Courts of San Diego, California shall have exclusive jurisdiction over all matters arising under this Agreement and will be the proper forum in which to settle any dispute, which arises out of this Agreement.
Notices
All notices hereunder or required by law will be sent (a) via US Mail, postage prepaid, certified or registered mail, return receipt requested; (b) via confirmed facsimile or (c) via any nationally recognized commercial overnight carrier with provisions for a receipt, in either case addressed to the parties hereto at their respective addresses or numbers set forth below or as they will have heretofore specified by notice delivered in accordance herewith:
If to RSAA Assurance:
10531 4S Commons Drive, Suite 527
San Diego, CA 92127
ATTN: Legal Dept.
If to Client:
Contact as specified on the last page.
Further, the Parties may, by notice in writing in the manner herein prescribed, change their respective address for service.
Attorneys' Fees
Should either Party commence any action against the other to enforce any obligations hereunder, the prevailing Party shall be entitled to recover from the other its costs and reasonable attorneys' fees.
Amendments
The terms, covenants, conditions, and provisions of this Agreement cannot be modified or added to except in writing signed by the Parties.
Time of Essence
Time is of the essence.
Entire Agreement
This Agreement is the entire agreement between the Parties with respect to the subject matter hereof and no alteration, modification or interpretation hereof shall be binding unless in writing and signed by the Parties.
Severability
If any provision of this Agreement or its application to any party or circumstances will be determined by any court of competent jurisdiction to be invalid and unenforceable to any extent, the remainder of this Agreement or the application of such provision to such person or circumstances, other than those as to which it is so determined invalid or unenforceable, will not be affected thereby, and each provision hereof will be valid and will be enforced to the fullest extent permitted by law.
Computation of Time
The time in which any act under this Agreement is to be done shall be computed by excluding the first day and including the last day. If the last day of any time period stated herein shall fall on a Saturday, Sunday or legal holiday, then the duration of such time period shall be extended so that it shall end on the next succeeding day which is not a Saturday, Sunday or legal holiday. Unless preceded by the word “business”, the word “day” shall mean a calendar day. The phrase “business day” or “business days” shall mean those days on which the Superior Court of the County in which any Company is located is open for business.
Waiver
The failure of either Party to insist upon a strict performance of any of the terms or provisions of this Agreement or to exercise any option, right or remedy herein contained, shall not be construed as a waiver or as a relinquishment for the future of such term, provision, option, right or remedy, but the same shall continue and remain in full force and effect. No waiver by either Party of any term or provision hereof shall be deemed to have been made unless expressed in writing and signed by such party.
Force Majeure
Each Party’s performance under this Agreement shall be modified or suspended to the extent either Party shall be delayed or hindered in or prevented from the performance of any act required by reason of strikes, lockouts, labor troubles, inability to procure materials, failure of power, restrictive governmental laws or regulations, riots, terrorism, insurrection, war or other reason of a like nature not the fault of either Party.
Headings
Headings of Articles and Sections are inserted only for convenience and are in no way to be construed as a limitation on the scope of the particular Articles or Sections.