Three-Year Contracts with 9-Month Opt Out Terms and Conditions

Below are the Terms and Conditions for the use of NetSPI’s services and technology.

1. Upon signature by Client and NetSPI, this document will act as the Statement of Work (SoW) for the services and/or deliverables described herein, and it will be deemed to be attached and incorporated by reference into (and governed by the terms of) the NetSPI Master Services Agreement (“MSA”) signed by Client and NetSPI.
2. Client is purchasing Services on a subscription basis for the entire term of this SoW, which begins on the date signed by NetSPI below (“Effective Date”) and ends 36 months later (also referred to as the “Service Period”). All Services that are described in the Pricing Summary must be scheduled and performed during each one of the three 12-month periods that make up the Service Period (each a “Service Term”). The Subscription Total reflects pricing for each Service Term. If all Services listed in the Pricing Summary are not performed during each Service Term, no credits are given for paid but unused Services. Notwithstanding the other terms of this paragraph, Client shall have a one-time option to terminate this SOW for convenience (with such termination to be effective at the end of the first Service Term) by providing NetSPI with a notice of termination at least 90 days prior to the end of the first Service Term 
3. Any meeting to review results or reports (including preliminary results or reports) must be held no later than 45 days from NetSPI’s delivery of such results or reports to Client. NetSPI may charge Client on a time and materials basis for preparation and attendance at meetings held after this 45-day period.
4. The undersigned certifies that he or she is the owner or authorized representative of the Client and attests to the Client’s financial ability and willingness to pay NetSPI’s invoices in accordance with the terms described in this document.

PTaaS Terms Applicable to The NetSPI Platform

1. Definitions:
   • “The NetSPI Platform” means NetSPI’s proprietary software as a service application in the version and release made available to Client.
   • “NetSPI Database” means NetSPI’s proprietary database of vulnerability and exploit research which may be made available to Client in conjunction with The NetSPI Platform.
   • “Track” means the component of The NetSPI Platform through which Client’s users access and manage reports that are provided as Deliverables.
2. NetSPI hereby grants Client a limited, non-exclusive, non-transferable worldwide right to access and use The NetSPI Platform solely for the purpose of receiving Services enabled by The NetSPI Platform and reviewing Deliverables available through The NetSPI Platform, for the duration of the Service Period. This right to use The NetSPI Platform shall be considered part of the Services, and subject to the same terms that apply to Services.
3. Client may only access and use The NetSPI Platform via a NetSPI instance of a cloud environment located in the United States or Canada using credentials supplied by NetSPI. NetSPI will set up Client users based on the functional roles each user will play, and each user will be extended single user access to each of the modules that are applicable to their specific roles. Client shall be solely responsible for ensuring that its own systems are operating in a manner that permits The NetSPI Platform to be available to its authorized users.
4. Client may permit a third party that Client has engaged to manage its information technology systems and/or assist Client with information technology security assessments and management (a “Provider”) to act as a Client user of The NetSPI Platform, but only if Client notifies NetSPI of the identity of the Provider and obtains NetSPI’s prior written consent (which may be withheld if NetSPI determines, in its sole discretion, that such Provider is a NetSPI competitor) to treat such Provider as one of Client’s users. A Provider’s access to and use of The NetSPI Platform shall be subject to the same terms and conditions as any Client user, and Client will be responsible for any unauthorized use or further disclosure of any portion of The NetSPI Platform by any user including a Provider.
5. Client shall not (a) license, sublicense, lease, sell, resell, copy, transfer, assign, distribute or otherwise commercially exploit or make available to any third party (other than as set forth below) any portion of The NetSPI Platform; (b) modify or make derivative works of The NetSPI Platform; (c) “frame” or “mirror” The NetSPI Platform (including the NetSPI Database) on any other server or device; or (d) reverse engineer, decrypt, decompile, translate, or access any portion of The NetSPI Platform or attempt to discover the source code of The NetSPI Platform in order to (i) build a competitive product or service, (ii) build a product using similar ideas, features, functions or graphics, or (iii) copy any ideas, features, functions or graphics. Client will not and will not allow its users to tamper with The NetSPI Platform or take any activity intended to bypass, modify, defeat or circumvent any security or access control features of The NetSPI Platform.