This Service Attachment is between Haxxess Enterprise Corporation (sometimes referred to as “Provider,” “we,” “us,” or “our”, and the Client found on the applicable Order or Service Description (sometimes referred to as “you,” or “your,”) and, together with the Order, Master Services Agreement, and other relevant Service Attachments or Descriptions, forms the Agreement between the parties the terms to which the parties agree to be bound.
The parties further agree as follows:
MANAGED SECURITY SERVICES
Provider will deliver to Client the Managed Security Services (“Service”) listed below and identified on the Order. Unless otherwise indicated, Provider will deliver the Services on an ongoing basis.
Standard Security Services
The Service includes the following:
Client-Side DNS Filtering
Provider will acquire and will assign an appropriate number of licenses to support the deployment of client-side DNS Filtering on all laptop systems.
The Service includes the following:
Security Awareness Training & Phishing Simulations
Provider will acquire and will assign an appropriate number of licenses to support the client environment.
The Service includes the following:
Multi-Factor Authentication Services / Password Credential Management Services
After performing a security assessment and assessing the state of Client’s existing policies and procedures pertaining to network security (if any), Provider will work with Client to prepare a new or revised set of policies and procedures that incorporate cutting edge best practices and that take advantage of the other Services delivered by Provider.
Premium Security Services
If Client purchase Premium Security Services, then in addition to all services included at the Standard Service levels, Provider will deliver the following:
Security Log Management.
Security Incident Event Management (SIEM) Services supported by SOC.
Provider will assist Client in the hours immediately following a data breach to identify the likely source of the breach and to begin formulating an appropriate response to the breach. However, any assistance with data breach-remediation efforts past the first twenty-four (24) hours following a breach – including but not limited to breach-notification planning, in-depth forensic examinations of the source of a breach, and significant, post-breach systems reconfiguration – are not within the scope of this Service Attachment. If Client requests Provider’s assistance with such activities, Provider will prepare a separate Service Attachment for Project Services that will specify what the charges will be for such assistance.
Provider shall provide remote help desk and vendor management services through remote means during Provider’s normal working hours.
Support Outside Normal Working Hours
Upon request, Provider shall perform emergency Services outside of normal working hours at the rates and according to the guidelines specified in the Order.
Routine server and application maintenance and upgrades will occur during maintenance windows, and some applications, systems or devices may be unavailable or non-responsive during such times.
CLIENT ENVIRONMENT STANDARDS
In order for Client’s existing environment to qualify for Provider’s Services, the following requirements must be met:
PCI-DSS (credit card)
All costs required to bring Client’s environment up to these minimum standards are not included in this Service Attachment.
If Client’s environment fails to satisfy the above requirements at any time during the Service term, Provider may suspend further delivery of the Services and/or terminate this Service Attachment upon five (5) business days’ advance, written notice.
ADDITIONAL CLIENT OBLIGATIONS
Minor On-Site Tasks
Provider may occasionally request Client staff to perform simple on-site tasks. Client shall comply with all reasonable requests.
Server Upgrades or Repair
Provider will authorize the conduct of all server upgrades or repair. Client shall not perform any of these actions without Provider notification.
Security and Regulatory Recommendations
Although it is under no obligation to do so, from time to time, Provider may make recommendations regarding regulatory compliance, safety and security related to Client’s network and practices (e.g., multi-factored authentication). If Client fails to adopt or implement the recommended protocols, Client is responsible for any and all damages related to regulatory, security, privacy, or data protection, including but not limited to fines, data breach notification, malware or ransomware costs, restoration, forensic investigation, restoring backups, or any other costs or damages related to Client’s refusal to implement the recommended protocols.
NETWORK CHANGE COORDINATION
Significant Changes to Client’s Network
Client shall notify Provider via email of all significant proposed network changes and shall provide the opportunity for Provider to comment and follow-up.
Research Regarding Network Changes
Evaluation of network change requests will sometimes require significant research, design, and testing by Provider. These types of requests are not covered by this agreement and will be billed at Provider’s then-current rate for time and materials.
For the Services described in this Service Attachment selected or ordered by Client, Client shall pay the Service Fees specified in the Order that is in effect at that time.
If Provider is unable to commence delivery of the Services on the Managed Services Start Date (defined below) because of any failure on the part of Client (including but not limited to failure of Client to provide the Client resources in a timely manner), Client nonetheless will begin to incur and Service Fees, which Client shall pay in accordance with this Service Attachment, beginning on the Managed Services Start Date.
We are not responsible for failures to provide Services that are caused by the existence of any of the following conditions:
We are not responsible for failures to provide Services that occur during any period of time in which any of the following conditions exist:
The following list of items are excluded from the scope of included Services, and may incur additional charges or require a separate billable project:
The following list of items are costs that are considered separate from the Service pricing:
Costs Outside Scope of the Service – The cost of any parts, equipment, or shipping charges of any kind. The cost of any software, licensing, or software renewal or upgrade fees of any kind. The cost of any third-party vendor or manufacturer support or incident fees of any kind. The cost of additional facilities, equipment, replacement parts, software or service contract.
The following is a list of Services Provider does not perform:
TERM AND TERMINATION
This Service Attachment is effective on the date specified on the Order (the “Service Start Date”). Unless properly terminated by either party, this agreement will remain in effect through the end of the term specified on the Order (the “Initial Term”).
“RENEWAL” MEANS THE EXTENSION OF ANY INITIAL TERM SPECIFIED ON AN ORDER FOR AN ADDITIONAL TWELVE (12) MONTH PERIOD FOLLOWING THE EXPIRATION OF THE INITIAL TERM, OR IN THE CASE OF A SUBSEQUENT RENEWAL, A RENEWAL TERM. THIS SERVICE ATTACHMENT WILL RENEW AUTOMATICALLY UPON THE EXPIRATION OF THE INITIAL TERM OR A RENEWAL TERM UNLESS ONE PARTY PROVIDES WRITTEN NOTICE TO THE OTHER PARTY OF ITS INTENT TO TERMINATE AT LEAST SIXTY (60) DAYS PRIOR TO THE EXPIRATION OF THE INITIAL TERM OR OF THE THEN-CURRENT RENEWAL TERM.
CLIENT MAY CANCEL AN AUTOMATIC RENEWAL BY CONTACTING PROVIDER.
If the Order specifies no Initial Term with respect to any or all Services, then we will deliver those Services on a month-to-month basis. We will continue to do so until one party provides written notice to the other party of its intent to terminate those Services, in which case we will cease delivering those Services at the end of the next calendar month following receipt such written notice is received by the other party.
Early Termination by Client With Cause
If an Initial Term is specified in the Order, then you may terminate this agreement for cause following sixty (60) days’ advance, written notice delivered to Provider upon the occurrence of any of the following:
Early Termination by Client Without Cause
If an Initial Term is specified in the Order , and if you have satisfied all of your obligations under this Service Attachment, then no sooner than ninety (90) days following the Service Start Date, you may terminate this Service Attachment without cause during the Initial Term upon sixty (60) days’ advance, written notice, provided that you pay us a termination fee equal to fifty percent (50%) of the recurring, Monthly Service Fees remaining to be paid from the effective termination date through the end of the Initial Term, based on the prices identified on the Order.
You may terminate this Service Attachment without cause following the Initial Term during any Renewal term upon sixty (60) days’ advance, written notice, without paying an early termination fee.
Termination by Provider
We may elect to terminate this Service Attachment upon ninety (90) days’ advance, written notice, with or without cause.
Effect of Termination
As long as Client is current with payment of: (i) the Fees under this Agreement, (ii) the Fees under any Project Services Attachment or Statement of Work for Off-Boarding, and/or (iii) the Termination Fee prior to transitioning the Services away from Provider’s control, then if either party terminates this Service Attachment, Provider shall assist Client in the orderly termination of services, including timely transfer of the services to another designated provider. Client shall pay Provider the actual costs of delivering at our then prevailing rates for any such assistance. Termination of this Service Attachment for any reason by either party immediately nullifies all access to Services supplied by Provider. Provider will immediately uninstall any affected software from your Client’s devices, and Client hereby consents to such uninstall procedures.
Upon request by Client, Provider may provide Client a copy of Client Data in exchange for a data-copy fee invoiced at Provider’s then prevailing rates, not including the cost of any media used to store the data. After thirty (30) days following termination of this Agreement by either party for any reason, Provider shall have no obligation to maintain or provide any Client Data and shall thereafter, unless legally prohibited, delete all Client Data on its systems or otherwise in its possession or under its control.
Provider may audit Client regarding any third-party services. Provider may increase any Fees for Off-boarding that are passed to the Provider for those third-party services Client used or purchased while using the Service.
Client agrees that upon Termination or Off-Boarding, Client shall pay all remaining third-party service fees and any additional third-party termination fees.