PLEASE READ THIS END USER SOFTWARE LICENSE AGREEMENT (“AGREEMENT”). BY DOWNLOADING, INSTALLING OR USING VIRSEC SOFTWARE (DEFINED BELOW), YOU AND ANY ENTITY YOU REPRESENT (“LICENSEE”) AGREE TO BE BOUND BY THIS AGREEMENT WITH VIRSEC SYSTEMS INC. (“VIRSEC”). IF LICENSEE DOES NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE VIRSEC SOFTWARE.
This Agreement governs Licensee’s use of the Virsec Software unless the particular Virsec Software is subject to a separate written agreement that does not refer to these terms between Virsec and Licensee that is signed by Virsec.
1. Definitions
1.1. “Authorized Modules” means those modules of the Virsec Software identified by Virsec in writing designated as authorized for Licensee’s use and for which Licensee has paid the applicable fees. If no separate Authorized Modules are specified in accordance with the foregoing, Authorized Modules means the Virsec Software.
1.2. “Documentation” means the then-current printed, online, and/or electronic documentation, if any, that is provided by Virsec to Licensee describing the use of the Virsec Software. “Documentation” does not include any sales or marketing materials.
1.3. “Evaluation Software” means any Virsec Software provided to Licensee for evaluation purposes or otherwise designated by Virsec as evaluation software.
1.4. “Improvements” means modifications, improvements, derivative works and the like.
1.5. “Intellectual Property Rights” means all intellectual property and proprietary rights throughout the world, including patents, trade secrets, copyrights and trademarks.
1.6. “Location” means Licensee’s primary location or otherwise, if specified therein, the location(s) specified on Virsec’s order form or agreement that references this Agreement.
1.7. “Virsec Software” means the Virsec software provided by Virsec for which Virsec references this Agreement including Virsec software identified in Virsec’s order form or agreement that references this Agreement and including any updates Virsec provides to Licensee to such software for use in connection with it.
2. License Grant and Intellectual Property Rights
2.1. License. For the term of this Agreement, subject to the terms and conditions of this Agreement, including, without limitation, payment and Section 2.3 (License Restrictions), Virsec grants Licensee a non-exclusive, non-transferable, non-assignable, non-sublicensable and limited license, only in object code form, to (a) install one (1) copy of the Virsec Software on Licensee’s own computer system, and (b) use the Authorized Modules of such installed Virsec Software for which Licensee has paid the applicable fees in accordance with the Documentation solely for Licensee’s internal business purposes at the Location.
2.2. Evaluation License. All terms and provisions of this Agreement shall apply to Evaluation Software, subject to the following modifications: (a) the license of Section 2.1 (License) shall be limited to Licensee’s evaluation of the Evaluation Software only, (b) Virsec shall have the right at any time in its sole discretion to terminate this Agreement and any license to Evaluation Software upon written notice to Licensee, and (c) the provision of Section 5 (Limited Warranty) shall not apply with respect to Evaluation Software and all Evaluation Software is provided “as is,” without any warranties whatsoever, express or implied.
2.3. License Restrictions. The licenses under Section 2 (License Grant and Intellectual Property Rights) are conditioned on Licensee’s compliance with, and Licensee agrees to, the following: (i) Licensee shall not use the Virsec Software outside of the scope of the license granted hereunder; (ii) Licensee shall not sublicense, distribute, disclose, market, rent, lease or transfer to any third party of the Virsec Software or the Documentation, including through any dial-up, remote access, interactive, Internet-based, service bureau or other on-line service; (iii) Licensee shall not remove or cause to be removed from any copies of the Virsec Software and Documentation, any copyright, licensed trademark, patent or other proprietary notices on the Virsec Software or Documentation, or any portion thereof; (iv) Licensee shall not modify, alter, adapt, translate, reverse-engineer, decompile, disassemble or attempt to discover the source code, underlying ideas, algorithms, file formats or programming interfaces of the Virsec Software, Documentation, or any portion thereof in any way, without the prior written consent of Virsec; (v) Licensee shall not export or re-export the Virsec Software, either directly or indirectly, without Virsec’s written consent or in violation of the laws of the United States or other jurisdiction; and (vi) Licensee shall not use any aspects of the Virsec Software other than the Authorized Modules, and without limiting the foregoing, Licensee shall use the Virsec Software only in accordance with the respective Documentation, license key and any usage limitations and/or requirements provided in the Documentation, license file from Virsec or Virsec’s order form or agreement that references this Agreement (including without limitation regarding territory, location, server, users including number of users or other requirements and/or limitations), and only within the scope for which Licensee is paying the required fees. Licensee agrees that the Virsec Software may use or contain a license key mechanism limiting its use, and Licensee shall not use or enable the use of the Virsec Software other than in accordance with the intended limitations of any license key provided by Virsec (in addition to any contractual limitations). Licensee agrees that, without limitation, any breach of this Section 2.3 (License Restrictions) or unauthorized use of the Virsec Software or Documentation is a material breach of this Agreement.
2.4. Ownership by Virsec. Virsec retains all Intellectual Property Rights covering or embodied in the Virsec Software and any Improvements to any Virsec Software. In the event that Licensee acquires any rights in or to any Improvements or Intellectual Property Rights covering or embodying Improvements or the Virsec Software, Licensee shall assign, and hereby assigns, all right, title and interest in such Improvements and Intellectual Property Rights to Virsec. In any event, Virsec shall have the right to integrate and use all Improvements and associated Intellectual Property Rights in Virsec’s products and services without restriction.
2.5. License Only. The Virsec Software is licensed, not sold, to Licensee. This Agreement does not transfer any right, title, or interest in or to any such Virsec Software regardless of any use of the terms “purchase,” “acquire,” “sale” or similar language herein or in any agreement between Licensee and any third party.
2.6. Third Party Software. The Virsec Software may use or rely on software that is subject to open source or commercial license terms as identified by Virsec in writing on its website or connection with Licensee’s order and/or receipt of the Virsec Software (“Third Party Software”). Any Third Party Software Virsec provides to Licensee is for convenience only, and is not part of the Virsec Software and is not licensed or subject to Virsec warranties or other obligations hereunder. Licensee is solely responsible for procuring and complying with any necessary license rights if it chooses to use any Third Party Software.
2.7. No Other Rights. All Intellectual Property Rights of Virsec not expressly granted to Licensee in this Agreement are expressly reserved by Virsec. Without limitation, Licensee receives no right or license, by implication, estoppel or otherwise, to any software, technology or Intellectual Property Rights not embodied in the Virsec Software, even if such other software, technology or Intellectual Property Rights are useful or necessary in connection with the Virsec Software.
3. Payment
3.1. Payment. Unless otherwise specified by Virsec, Licensee shall pay all amounts for the Virsec Software in U.S. dollars by bank wire transfer in immediately available funds to a bank account designated by Virsec. If not otherwise provided in the respective schedule or other documentation from Virsec, Licensee shall pay amounts due within thirty (30) days of invoice.
3.2. Records and Audit Rights. Licensee shall keep and maintain books and records in sufficient detail to permit the verification of Licensee’s obligations hereunder. Virsec shall have the right to inspect or appoint an auditor to inspect Licensee’s systems, books and records relevant to this Agreement and other materials as may be required to verify or determine Licensee’s compliance with its obligations hereunder during regular business hours, wherever they are normally kept by Licensee, upon not less than one (1) week’s prior written notice. The cost of any such audit shall be paid for by Virsec unless material non-compliance is found, in which case Licensee shall pay Virsec for the costs associated with the audit.
3.3. Late Payment. All late payments shall be subject to interest calculated at the rate of one and one‑half percent (1.5%) per month or the maximum allowable by law, whichever is less. This Section 3.3 (Late Payment) shall in no way limit any other rights or remedies that may otherwise be available to Virsec. Licensee agrees to pay all expenses associated with collection, including reasonable attorneys’ fees.
3.4. Taxes. All stated prices, fees and other stated charges are exclusive of applicable sales, excise, use or similar taxes. Licensee shall pay all such taxes, either directly or to Virsec, as required by applicable law or regulation. In the event that Licensee is required to withhold taxes, Licensee shall provide to Virsec official receipts issued by the appropriate taxing authority or other evidence to establish that such taxes have been paid.
3.5. Payment Terms. Virsec shall have the right to require advance payment and require adequate assurance of payment in the event that Licensee fails to make payment within the time limits required hereunder, or if, in Virsec’s sole discretion, it is advisable in view of Licensee’s financial condition. The foregoing does not limit Virsec’s other remedies hereunder, including the right to terminate this Agreement for breach.
4. Confidential Information
4.1. General. “Confidential Information” shall mean information disclosed by one party (“Disclosing Party”) to the other party or its affiliates (“Receiving Party”) pursuant to this Agreement, which, if disclosed in tangible form, is marked “Confidential” or with other similar designation to indicate its confidential or proprietary nature, or, if disclosed orally, is indicated orally to be confidential or proprietary by the Disclosing Party at the time of such disclosure or is confirmed in writing as confidential or proprietary by the Disclosing Party within a reasonable time after such disclosure. Notwithstanding anything to the contrary, the source code and other non-public aspects of the Virsec Software are the Confidential Information of Virsec, regardless of whether or not marked.
4.2. Exceptions. Notwithstanding the foregoing, Confidential Information shall not include information that, in each case as demonstrated by written documentation: (a) was already known to the Receiving Party, other than under an obligation of confidentiality, at the time of disclosure; (b) was generally available to the public or otherwise part of public knowledge at the time of its disclosure to the Receiving Party; (c) became generally available to the public or otherwise part of public knowledge after its disclosure and other than through any act or omission of the Receiving Party in breach of any confidentiality obligations; (d) was subsequently lawfully disclosed to the Receiving Party by a person other than a party without an obligation of confidentiality; or (e) was independently developed by the Receiving Party without reference to or use of any Confidential Information disclosed by the Disclosing Party.
4.3. Non-Use and Non-Disclosure. The Receiving Party may use or disclose the Disclosing Party’s Confidential Information solely to the extent such use or disclosure is reasonably necessary for exercising its rights or performing its obligations under this Agreements.
4.4. Maintenance of Confidentiality. The Receiving Party agrees that it shall use the same degree of care to protect the secrecy of and avoid disclosure and unauthorized use of the Confidential Information of the Disclosing Party that it uses to protect its own confidential information of similar importance, but no less than reasonable care. The Receiving Party shall reproduce the Disclosing Party’s proprietary rights notices on all copies of Confidential Information, in the same manner in which such notices were set forth in or on the original. Each party shall immediately notify the other party in the event of any unauthorized use or disclosure of the other party’s Confidential Information.
4.5. Terms of Agreement. Each party agrees not to disclose to any third party the terms of this Agreement without the prior written consent of the other party, except: (i) as may be required by law; (ii) in confidence, to legal counsel of the party; (iii) in connection with the requirements of a securities filing; (iv) in confidence, to a party’s accountants, banks, investors, and other current and prospective financing sources and their advisors; (v) in connection with the enforcement of this Agreement or rights under this Agreement; or (vi) in confidence, in connection with a merger, acquisition, change of control or sale of substantially all of the assets of such party.
4.6. Authorized Disclosures. Notwithstanding anything to the contrary, the Receiving Party may disclose such Confidential Information of the Disclosing Party as required to be disclosed by law or pursuant to a valid order of a court or other government body provided that the Receiving Party promptly provides, in compliance with law, prior written notice to the Disclosing Party of any planned disclosure based on such legal requirement or order and cooperates with Disclosing Party to obtain such confidential treatment or protective orders as may be available under applicable law.
5. Limited Warranty
5.1. Software Warranty. Unless otherwise specified in Virsec’s order form or agreement that references this Agreement, Virsec warrants to Licensee that, for a period of ninety (90) days following the delivery of the initial Virsec Software to Licensee (the “Software Warranty Period”), the Virsec Software will substantially conform to the Documentation when maintained and operated in accordance with the Documentation (“Software Warranty”). Following the Software Warranty Period, Virsec may provide maintenance and support, to the extent provided under the terms of a separate maintenance agreement and subject to Licensee’s payment and compliance with the applicable terms of this Agreement and any separate maintenance agreement.
5.2. Remedy. Licensee shall provide Virsec notice during the Software Warranty Period identifying any non-conformity to Software Warranty and shall provide detail as requested by Virsec to identify the nature of the non-conformity and conditions under which it appears. Virsec, at its sole option, shall use commercially reasonable efforts to repair or to deliver a replacement copy of the Virsec Software. All warranty repairs by Virsec shall be made at Virsec’s premises, unless Virsec otherwise agrees. Licensee’s sole remedy and Virsec’s sole liability with respect to any warranty regarding the Virsec Software shall be for Virsec to use such commercially reasonable efforts to provide the above a correction during the Warranty Period.
5.3. Exclusions. Virsec provides no warranty for the following or any liability or claim arising from any of the following: (i) software and equipment of Licensee or any third party (including any Third Party Software); (ii) directions, designs, plans or specifications furnished by or on behalf of Licensee; (iii) unauthorized use, or use of the Virsec Software in violation of this Agreement or other terms with Virsec, including any copies of the Virsec Software not made in accordance with the terms of this Agreement and the limitations of the licenses granted hereunder; (iv) Licensee’s failure to comply with applicable law, or failure to obtain any authorizations, consents, releases or permissions that are necessary for Licensee’s use of the Virsec Software or any service provided by Virsec; (v) any data provided by Licensee or third party; (vi) any activities of Licensee or third party through the use of the Virsec Software; (vii) modification of the Virsec Software made other than by Virsec; (viii) the combination, operation or use by Licensee of the Virsec Software with equipment, devices or software not supplied by Virsec; (ix) failure of Licensee to use an updated or modified Virsec Software provided by Virsec, including those provided to avoid error or infringement; or (x) Licensee’s use of the Virsec Software after termination of this Agreement (collectively, “Exclusions”).
5.4. Warranty Disclaimer. THE FOREGOING LIMITED WARRANTIES AND REMEDIES PROVIDED BY VIRSEC ARE THE SOLE AND EXCLUSIVE REMEDIES FOR ANY BREACH OF WARRANTY. EXCEPT TO THE EXTENT EXPRESSLY SET FORTH ABOVE, VIRSEC DISCLAIMS ALL WARRANTIES, CONDITIONS, AND REPRESENTATIONS (EXPRESS OR IMPLIED, ORAL OR WRITTEN) WITH RESPECT TO THE VIRSEC SOFTWARE OR ANY SUPPORT RELATED THERETO, INCLUDING, WITHOUT LIMITATION, ANY AND ALL WARRANTIES OF (i) MERCHANTABILITY, (ii) FITNESS FOR A PARTICULAR PURPOSE, (iii) NON‑INFRINGEMENT, (iv) NON‑INTERFERENCE, (v) ACCURACY OF DATA, (vi) OPERATION WITHOUT INTERRUPTION OR ERROR, (vii) FREEDOM FROM VULNERABILITY TO INTRUSION OR ATTACK, (viii) INTEROPERABILITY WITH ANY HARDWARE, SOFTWARE, SYSTEMS, OR DATA NOT PROVIDED BY VIRSEC, AND (ix) WARRANTIES ARISING FROM A COURSE OF DEALING, AND ALL SUCH WARRANTIES ARE EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
6. Indemnification.
6.1. Indemnification by Virsec. Virsec agrees to defend at its own expense any action brought against Licensee that the Virsec Software infringes a third-party Intellectual Property Right, and Virsec shall pay any costs and damages finally awarded against Licensee in any such actions that are attributable to such claim. Notwithstanding the foregoing, this Section 6.1 (Indemnification by Virsec) shall not apply to, and Virsec shall have no liability for, any claim arising out of or relating to any Exclusions. Virsec’s sole liability and Licensee’s sole remedy for infringement claims shall be to obtain indemnity under the provisions of this Section 6.1 (Indemnification by Virsec). Virsec’s obligation under this Section 6 (Indemnification) is subject to, and Licensee shall, (i) promptly notify Virsec in writing of any such claim, and provide Virsec with sole control of the defense of such claim and all negotiations for any settlement or compromise, and (ii) provide all information and assistance reasonably requested by Virsec for the defense and settlement of such claim.
6.2. Infringement; Injunctions. If Licensee’s use of the Virsec Software hereunder is, or in Virsec’s opinion is likely to be, enjoined as an infringement or misappropriation of any third party intellectual property right under the laws of the United States, Virsec shall have the right, at Virsec’s sole option and expense, either: (a) to procure for Licensee the right to continue to use the Virsec Software under the terms of this Agreement; or (b) replace or modify the Virsec Software so that it is non-infringing.
6.3. Sole Remedy. The foregoing provisions of this Section 6 (Indemnification) set forth Virsec’s sole and exclusive obligations, and customer’s sole and exclusive remedies, with respect to infringement of Intellectual Property Rights of any kind.
6.4. Indemnification by Licensee. Licensee agrees to indemnify and hold harmless Virsec at Licensee’s expense from and against any claim against Virsec arising out of any Exclusion, and Licensee will pay any costs and damages finally awarded against Virsec in any such actions which are attributable to such claim.
7. Limitation of Liability.
7.1. Limitation of Liability. VIRSEC SHALL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION, RELATING TO THIS AGREEMENT OR IN ANY WAY RELATED TO THIS AGREEMENT, REGARDLESS OF WHETHER VIRSEC WAS ADVISED OF THE POSSIBILITY OF ANY OF THE FOREGOING. IN NO EVENT SHALL THE TOTAL COLLECTIVE LIABILITY OF VIRSEC FOR ALL CLAIMS HEREUNDER OR IN ANY WAY RELATED TO THIS AGREEMENT EXCEED THE GREATER OF: (i) THE AMOUNTS PAID BY LICENSEE FOR THE RESPECTIVE VIRSEC SOFTWARE GIVING RISE TO THE CLAIM IN THE LAST TWELVE (12) MONTHS UNDER THIS AGREEMENT BEFORE THE EARLIER OF THE MAKING OF THE CLAIM OR TERMINATION OR END OF THE TERM OF THIS AGREEMENT OR (ii) FIVE HUNDRED DOLLARS ($500).
7.2. Allocation of Risk. The warranty disclaimer and limitations of liability set forth in this Agreement shall apply irrespective of any failure of the essential purpose of any limited remedy. Licensee and Virsec each acknowledge and agree that the limitation of liability provisions of this Agreement reflect an informed, voluntary allocation between them of the risk associated with the exercise of Licensee’s rights regarding the Virsec Software and, but for these provisions, Virsec would not have made the Virsec Software available to Licensee under the terms contemplated under this Agreement.
7.3. Applicable Law. The warranty disclaimer and limitations of liability set forth in this Agreement shall not apply to the extent prohibited by law, in which case the disclaimer or limitation shall be modified to disclaim and/or limit in accordance with applicable law. Without limiting the foregoing, to the extent required by law, the foregoing limitations shall not apply to claims due to fraud, bodily injury or death.
8. Term and Termination
8.1. Term. Unless terminated earlier as set forth below, this Agreement shall continue for the license term identified in Virsec’s order form or agreement that references this Agreement.
8.2. Termination for Cause. Without prejudice to any other right or remedy which may be available to it, each party may terminate this Agreement upon written notice to the other upon the other party’s material breach of this Agreement that is incurable or, if curable, remains uncured thirty (30) days after notice to the other party, or, in the case of failure to make payment, remains uncured thirty (30) days after notice to the other party. Licensee’s failure to pay amounts when due hereunder shall be deemed a material breach.
8.3. Termination for Bankruptcy. If either party (a) becomes insolvent or bankrupt, (b) dissolves or ceases to conduct business in the ordinary course, (c) makes an assignment for the benefit of its creditors, (d) commences any insolvency, receivership, bankruptcy or other similar proceeding for the settlement of its debts or (e) has commenced against it any insolvency, receivership, bankruptcy or other similar proceeding for the settlement of its debts that is not dismissed within thirty (30) days after notice of such proceeding, then the other party may terminate this Agreement immediately upon written notice to such party.
8.4. Return or Destruction of Virsec Software. Within fifteen (15) days after termination of this Agreement, Licensee will certify in writing to Virsec that all copies of the Virsec Software and Documentation in any form, including partial copies, have been destroyed or returned to Virsec.
8.5. Effect of Termination. If this Agreement is terminated for any reason, all rights granted hereunder to Licensee shall terminate. The provisions of Sections 1 (Definitions), 2.3 (License Restrictions), 2.4 (Ownership by Virsec), 3 (Payment), 4 (Confidential Information), 5.3 (Exclusions), 5.4 (Warranty Disclaimer), 6.3 (Indemnification by Licensee), 7 (Limitation of Liability), 8 (Term and Termination) and 9 (Miscellaneous) shall survive termination of this Agreement.
9. Miscellaneous
9.1. Relationship of Parties. The parties to this Agreement are independent contractors and this Agreement shall not establish any relationship of partnership, joint venture, employment, franchise or agency between the parties. Neither party shall have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent.
9.2. Assignment. Licensee shall not have the right to assign this Agreement, in whole or in part, without Virsec’s prior written consent. Virsec shall have the right to terminate this Agreement in the event of a change of control of Licensee. Virsec may freely assign this Agreement without Licensee’s consent. Any attempt to assign this Agreement, other than as permitted above, shall be null and void.
9.3. Force Majeure. Nonperformance of any party (other than with respect to payment obligations) shall be excused to the extent that performance is rendered impossible by strike, fire, earthquake, flood, governmental acts or orders or restrictions, failure of suppliers or any other reason where failure to perform is beyond the reasonable control of the nonperforming party.
9.4. Federal Acquisition. This provision applies to all acquisitions of the Virsec Software by or for the Federal Government, whether by any prime contractor or subcontractor and whether under any procurement contract, grant, cooperative agreement, or other activity by or with the Federal Government. By accepting delivery of the Virsec Software, the Government agrees the Virsec Software qualifies as “commercial” computer software within the meaning of the acquisition regulations applicable to this procurement. The terms and conditions of this Agreement shall pertain to the Government’s use and disclosure of the software, and shall supersede any conflicting contractual terms or conditions. If this Agreement fails to meet the Government’s needs or is inconsistent in any respect with Federal law, the Government agrees to return the Virsec Software, unused, to Virsec.
9.5. Governing Law. This Agreement shall be governed by, and construed in accordance with, the laws of the State of California, U.S.A., applicable to contracts made in and fully performed in the State of California, U.S.A., without reference to conflict of law or choice of law principles that would cause the application of laws of any other jurisdiction. Any legal suit, action or proceeding arising out of or relating to this Agreement shall be commenced in a federal or state courts located in Santa Clara County, State of California, and each party hereto irrevocably submits to the exclusive jurisdiction and venue of any such court in any such suit, action or proceeding. The United Nations Convention on Contracts for the International Sales of Goods shall not apply to this Agreement. The Uniform Computer Information Transactions Act shall not apply to this Agreement.
9.6. Language of Agreement. This Agreement is in the English language only, and the English language version shall control in all respects. In the event that this Agreement is translated into another language, such translation shall not be binding upon the parties.
9.7. Severability. If any provision of this Agreement, or the application thereof, shall for any reason and to any extent be determined by a court of competent jurisdiction to be invalid or unenforceable under applicable law, a valid provision that most closely matches the intent of the original shall be substituted, and the remaining provisions of this Agreement shall be interpreted so as best to reasonably effect its original intent.
9.8. Waiver. The failure by either party to enforce any provision of this Agreement shall not constitute a waiver of future enforcement of that or any other provision.
9.9. Notices. All notices required or permitted under this Agreement shall be in writing and delivered by courier, overnight delivery service, or by certified mail, and in each instance shall be deemed given upon receipt. All notices shall be sent to the addresses set forth in Virsec’s order form or agreement that references this Agreement. Either party may change its address for notices under this Agreement by giving written notice to the other party by the means specified in this Section 9.9 (Notices).
9.10. Effect of Purchase Orders and Other Documents. This Agreement is intended by Virsec and Licensee to operate as a basic set of operating conditions regarding the license of the Virsec Software and related services. Purchase orders may be used for convenience to identify the order information, and any other terms of purchase orders are hereby rejected. This Agreement shall prevail over any conflicting or additional terms or conditions of any purchase order, acknowledgement or other document exchanged in connection with the ordering of the Virsec Software and related services. Any conflicting or additional terms in any such documents of Licensee are hereby deemed to be material alterations and notice of objection to and rejection of them is hereby given.
9.11. Entire Agreement. This Agreement contains the complete understanding and agreement of the parties and supersedes all prior or contemporaneous agreements or understandings, oral or written, relating to the subject matter herein. Any waiver, modification, or amendment of any provision of this Agreement shall be effective only if in writing and signed by duly authorized representatives of the parties.
1. Overview of Support Services
This page describes the support for the Virsec Software (the “Support Services”).
The Support Services has two major components: Support and Maintenance, as described in further detail below. Virsec may provide supplemental services as described in an addendum to this Exhibit as purchased by Licensee pursuant to any mutually agreed upon ordering documents. For the avoidance of doubt, this Exhibit addresses Support Services for both the SaaS and On-Premise Software.
The Support Services described cover one instance of the Virsec Software. The table below provides a short glossary of any terms crucial to the understanding of this document, and lists the acronyms and abbreviations used in the document. Any other capitalized terms not defined herein shall have the meaning provided to them in the End User Software License Agreement.
Term |
Definition |
VSP Probe |
means the component installed on the workload VM/container instance that continuously monitors the workload. This is applicable to both SaaS and the On-Premise Software. |
VSP Proxy |
means optional device installed on the network to proxy outbound connections from workloads to SaaS CMS (the UI component that allows for configuration of security policies and monitoring of the workload in real-time). This is only applicable to the SaaS. |
Licensee Infrastructure |
means the Licensee devices that the On-Premise Software is deployed on. It also includes the Licensee devices the VPS Probe is deployed on to deliver Detect and Protect functionality (both SaaS and On-Premise Software). |
Error |
means a situation where the Virsec Software does not behave in accordance with the Documentation. |
Incident |
means an unplanned interruption to the Virsec Software or a reduction in the quality of the Virsec Software. |
Request For Enhancement |
means a request to modify or enhance the Virsec Software. |
Service Request |
means a request from for information, advice, or access to the Virsec Software. |
Update |
Changes to the software used in the Virsec Software, including but not limited to error corrections, bug fixes and other enhancements. Unless specifically agreed, Updates shall not include any release, option, or future product which Virsec licenses separately or which is not included under the applicable level of support. |
Upgrade |
Changes to the software used in the Virsec Software that includes new features and functionality. New features may require additional licensing. Upgrades may also include Updates. |
2. Licensee Operations
Licensee operations covers both the pre-deployment phase of the implementation of the Virsec Software, prior to commercial launch by Licensee and various ongoing engagement management services post-launch.
Licensee is responsible for the day-to-day business operations of the Virsec Software. The business operation of a platform such as Virsec Software includes tasks such as, but not limited to, managing probes, managing policies, assessing incidents, updating allow-lists, managing exceptions, etc.
2.1 Service Management
2.1.1 Engagement Management
A Customer Success Manager (CSM) will be provided by Virsec and will be the point of contact for the Licensee throughout the term of the Support Services. The Customer Success Manager will coordinate business and roadmap reviews which will be scheduled at regular intervals as agreed by Virsec and the Licensee. Status reporting will be provided if required. At roadmap reviews Virsec will provide updates on roadmap features and their release. Notwithstanding the foregoing, Virsec shall in no way be obligated to provide any new features discussed in such roadmap review meetings.
Feature and integration requests will be reviewed by Virsec. At Virsec’s discretion, these requests may be added to the roadmap. Alternatively, these changes can be implemented by the Licensee, or Licensee appointed third party, using documented software interfaces. Where additional hardware is required, Licensee is responsible to purchase, install, support, and operate the hardware.
2.1.2 Service Reviews
In the ongoing On-Premise Software deployment, the Virsec CSM and the Licensee shall conduct service review meetings at agreed upon intervals, as well as on demand (by conference call) in case of the need for escalation following a particular Incident, to find ways of improving collaboration and quality of the Support Services. The Support Services review participants should include both technical and managerial representatives from Virsec and Licensee.
3. Service Delivery
For the SaaS, Virsec will handle platform definition, setup of appropriate architecture and tools, and platform components, as necessary.
For both SaaS and On-Premise Software, Virsec will provide Updates, and Upgrades, following a continuous delivery methodology. The deployment/enablement of new features not included as an Update may be subject to any applicable purchase conditions. Ongoing improvements are not limited to the core portions of the system, but also include tools for monitoring and alarming. Installation of the VSP Probes onto Licensee workloads is the responsibility of the Licensee. However, Virsec provides all documentation of the probe installation process which can be accessed at docs.virsec.com. In addition, the Licensee has access to a CSM to assist with probe installations as required.
For On-Premise Software, Virsec will provide Updates and Upgrades, but Licensee will be responsible for installation and execution thereof.
3.1 Change and Release Management - Software Installation & Upgrades
The Support Services include a continuous delivery process that will give the Licensee access to the most recent releases of software being developed using agile software development practices. Virsec will perform quality assurance testing on all major and minor product releases internally before providing them to the Licensee and will ensure that such releases do not remove critical functionality from the Software or degrade the performance of the Software. These regular Updates may include new product roadmap items as well as bug fixes. As part of the pipeline release process the version of On-Premise Software used by Licensee must not be more than two releases behind the current release version.
Virsec will be responsible for the installation of all software related to the Virsec Software in the SaaS. The Licensee is responsible for deployment and installation of On-Premise Software. Virsec will provide Licensee with at least 5 business days advance written notice of any proposed release.
In conjunction with the Support Services, the Licensee will be provided with access to a web-based service desk as described in Section 4.1 herein.
Licensee acknowledges that Virsec may need to perform emergency maintenance to the SaaS without providing advance notice. Emergency maintenance will only be performed when the anticipated impact to the Virsec Software of not carrying out the maintenance is considered to outweigh the impact of the maintenance actions. Virsec will send automated email notifications to inform the Licensee of any change.
4. Service Assurance
The SaaS includes a dedicated Service Assurance function provided on a 24×7×365 basis. The Service Assurance function monitors and detects issues with the SaaS and takes corrective action on an as needed basis. In the event of a Licensee raised Incident, Service Assurance can be reached via the methods described in Table 1 and in greater detail during the on-boarding process. Service Assurance acts as the single point of contact for case management and resolution. The priority of Service Assurance is to maximize the SaaS uptime. During an Incident, focus is initially on restoration of the SaaS. Once the SaaS is restored, root-cause analysis will take place when necessary and any longer-term corrective actions up to and including bug fixes will follow.
Virsec’s Service Assurance team will interact with Licensee’s internal operations team and SaaS users. Issues related to the installation of the VPS Probes should be assessed by the Licensee prior to escalation to Virsec.
Table 1 shows the coverage of Virsec’s Service Assurance for production environments.
Table 1 Service Assurance Coverage
Virsec Service Region |
Priority 1 & 2 |
Priority 3 & 4 |
Excluded Holidays |
Asia Pacific |
24x7x365 |
6AM-6PM AEDT Mon-Fri |
Recognized APAC Holidays |
EMEA |
24x7x365 |
6AM-6PM CET Mon-Fri |
Recognized EMEA Bank Holidays |
North America |
24x7x365 |
6AM-6PM PT Mon-Fri |
Recognized U.S. Federal Holidays |
There are several main activities of the Service Assurance function. They are described in the sections below.
4.1 Service Desk
The Licensee may contact Virsec regarding technical operations of the Software via the Service Desk. The Service Desk can be reached via a web-based service portal for the following purposes, including, but not limited to:
To report an Incident related to the Virsec Software;
To ascertain the status of a previously logged Incident;
To research or query issues regarding the Virsec Software in a Virsec knowledge base;
To discuss an action plan or escalate an Incident with the Virsec support manager;
To make Service Requests related to the Virsec Software;
Suggest improvements to the Virsec Software.
4.2 Incident Management
Service Assurance will be responsible for overseeing all activities related to Incidents opened by either Virsec or the Licensee. This includes Incident detection and recording, triaging Incidents to the appropriate Software components, engaging the appropriate engineering teams, communication of Incident status, and resolving the Incident.
4.2.1 Incident Priority
Priority defines the level of effort that will be expended by Virsec and the Licensee to resolve the Incident. Virsec Incident Management priorities are defined as follows:
Table 2 Incident Priority Level
Business Priority |
Incident Priority Definition |
Examples |
Priority 1 |
An Error that (a) renders the Virsec Software completely inoperative or (b) makes Licensee’s use of material features of the Virsec Software impossible, with no alternative available. |
All users unable to successfully login. All Virsec application pages do not load following successful login. UI is severely degraded/unresponsive, for a significant period. Virsec Proxy is not responding. Critical business systems being impacted with probe as suspected cause. Large portion of workloads not connecting to platform. |
Priority 2 |
An Error that (a) has a high impact to key portions of the Virsec Software or (b) |
Login page presents errors for multiple users. Specific individual pages in the Virsec Software do not render for all users or are severely degraded. High priority workloads not connecting, or policy is not being enforced. API based integration failing. All notifications are not functioning. |
Priority 3 |
An Error that has a medium-to-low impact on the Virsec Software, but Licensee can still access and use some functionality of the Virsec Software. |
Login page presents errors for under 10% of users. Noncritical business system being impacted with probe as suspected cause. Workloads not connecting to platform. Virsec proxy is degraded. Virsec APIs partially degraded. Notifications are not functioning. UI returns an error when configuring Virsec Software. |
Priority 4 |
An Error that has low-to-no impact on Licensee’s access to and use of the Virsec Software. |
Unable to apply any specific filter. |
The initial priority of an Incident will be determined by the Incident initiator based on the definitions and examples in Table 2. Incident priority may subsequently be amended by agreement between Virsec and the Licensee. If Virsec’s Priority level designation is different from that assigned by Licensee, Virsec will promptly notify Licensee in advance of such designation. If Licensee notifies Virsec of a reasonable basis for disagreeing with Virsec’s designated Priority level, the parties will discuss in an effort to come to mutual agreement. If disagreement remains after discussion, each party will escalate within its organization and use good faith efforts to mutually agree on the appropriate Priority level.
4.2.2 Response Time
Based on the assigned priority, the Service Assurance team will provide the target response times specified in Table 3. If Incidents are raised within the Service Desk, Licensee will receive an automated Incident confirmation within five minutes of the Incident creation. Updates to Incidents will be recorded within the web-based Service Desk.
Table 3 Target Response Times
Incident Priority |
Hours |
Initial Update Response |
Update Response |
Priority 1 |
24 x 7 |
1 hour |
Every 2 hours |
Priority 2 |
24 x 7 |
4 hours |
Every 8 hours |
Priority 3 |
8 x 5 |
8 Business Hours |
Every 72 hours |
Priority 4 |
8 x 5 |
8 Business Hours |
Not applicable |
“Initial Update Response” means the time elapsed from the occurrence of an actionable Incident as indicated in Virsec’s ticketing system until the time the Service Desk is updated post acknowledgement.
4.3 Remote Support and VPN Requirements
The Virsec Software includes components that are deployed on Licensee managed infrastructure. Virsec will provide remote support for this software using remote access as provided by the Licensee. This may include desktop sharing/remote meetings or VPN. The Licensee is responsible for providing any VPN access interface and ensuring that Licensee on-premise components can be accessed.
4.4 Service Requests
Virsec will provide the facility for Licensee to submit Service Requests via Virsec s Web Based Service Desk.
4.5 Requests For Enhancement
Virsec will provide the facility for Licensees to submit Requests For Enhancement via Virsec’s Web Based Service Desk. Any Requests for Enhancement will be assessed by the Virsec product management team, and if accepted, will be scheduled as part of the roadmap.
4.6 Monitoring and Logging
Virsec’s Service Assurance involves a 24 x 7 x 365 monitoring capability that is directly integrated into the SaaS. There is a continuous stream of information that is monitored and analyzed by the Service Assurance team with a goal of reacting to events and resolving Incidents before SaaS users are impacted. This monitoring capability includes availability and capacity management. Virsec continuously looks at system performance and will adjust the system as necessary and/or provide insight as to necessary system expansion requirements. Virsec reserves the right to collect usage information for performance and service management in order to meet agreed SaaS availability targets.
4.7 Reporting Capabilities
Virsec will provide KPI/metrics reports to the Licensee. These typically cover performance and usage metrics. These reports will be delivered on a monthly schedule or can be provided on-demand to a distribution list specified by the Licensee. A sample list of KPI’s and metrics is provided in Table 4 below. Note that these KPIs are examples. The actual KPIs that will be provided are dependent upon the Virsec Software selected and not all of the following KPIs are applicable to all installations.
Table 4 Reported Key Performance Indicators (KPIs)
KPI Name |
Description |
Incident SLA Compliance |
The number of Incidents raised and their compliance to the target response times. |
Service Requests |
The number of Service Requests raised and their compliance to the target response times. |
All KPI reporting is provided upon request to Licensee. KPI data is collected continuously and reported monthly, upon request.
4.8 Escalations
All technical case escalations are done via using the standard support channels (email, Jira Service Desk) and handled by on-duty escalation team. If priority attention is required, any case can be escalated by updating the case online or via email. Additionally, the following escalation contacts are available:
Escalation Level |
Contact |
|
L1 |
Technical Support Escalation Rinish Balan, Director, Licensee Success, rinish.b@virsec.com |
P1 Incidents - 24x7 - T0+12 P2 Incidents - 24x7 - T0+24 All Others - 8x5 |
Account Escalation Matt Clancy, Head of Licensee Success, matt.c@virsec.com |
P1 Incidents - 24x7 - T0+12 P2 Incidents - 24x7 - T0+24 All Others - 8x5 |
|
L2 |
Simone Sassoli – Chief Licensee Office, simone.s@virsec.com |
P1 Incidents - 24x7 - T0+24 P2 Incidents - 24x7 - T0+48 All Others - 8x5 |
5. SaaS Maintenance Windows
Virsec shall have a maintenance window every other week on Tuesdays from 3 AM - 5 AM Eastern US for SaaS infrastructure maintenance. Two different types of maintenance will be performed:
1. SaaS Infrastructure maintenance – This will include the components of the infrastructure that are required to deliver the SaaS solution, excluding the CMS.
2. SaaS CMS maintenance – This includes patches and / or upgrades to the CMS.
Either one of these or both can be executed during the maintenance window. However, if CMS maintenance is scheduled, Virsec will provide written notice 1 week in advance to the Licensee along with documentation of the changes including any functionality change or additions. Virsec personnel will be made available to walk the Licensee through the changes should Licensee so request. No advance notification for SaaS infrastructure maintenance will be provided.
6. Exceptions
The Support Services shall not include the correction of any Incident due to:
Licensee’s neglect or misuse of the Virsec Software or its failure to operate the Virsec Software for the purposes for which the Virsec Software was designed;
Any accident, disaster, or other force majeure cause affecting the Virsec Software including without limitation fire, flood, water, wind, lightning, transportation, vandalism or burglary;
Malicious activity outside of the Virsec Software which results in the Virsec Software being made unavailable and which Virsec could not reasonably have been expected to prevent;
Licensee’s failure, inability or refusal to afford Virsec’s personnel access to the Virsec Software; or
Any fault or unavailability of any third-party equipment, software or services owned, managed or controlled by Licensee and working in conjunction with the Virsec Software (whether or not supplied by Virsec or forming part of the Virsec Software).
Any out-of-scope Support Services requested by the Licensee may be provided to the Licensee, after discussion between Virsec and Licensee, at an agreed rate and terms.
7. Additional Obligations of Licensee
In addition to any obligations noted previously, Licensee shall also: