Schedule a Demo

NetSPI Online T&C
for Reseller End-Clients

NetSPI General Terms and Conditions

These Terms and Conditions (“Terms”) apply to the Services and other items provided by NetSPI, LLC (“NetSPI”) to the person that accesses, uses, or otherwise engages with the NetSPI Services, as well as the entity that employs such person or retains such person as a contractor (“Client”) identified in the proposal, quotation or Statement(s) of Work between Client and the applicable reseller of NetSPI Services (“SOW”).

I. Term; Fees

1.1  The Agreement shall commence at the beginning of access, use, or engagement with the NetSPI Services (the “Effective Date”) and end on completion of Services (“Term”), provided that Sections 1.2, II, III, IV, V and VI shall survive the end of the Term.

II. Intellectual Property

2.1  Upon reseller’s payment of all fees in the SOW, NetSPI grants Client a nonexclusive, perpetual, royalty-free, nontransferable license to review and distribute reports created by NetSPI for Client internally for the purpose of assessing the results of the Services. All licensed use is for internal use only and is subject to United States export control laws.

2.2  NetSPI items used to perform Services or included in deliverables, such as but not limited to software, appliances, methodologies, code, templates, tools, policies, records, working papers, knowledge, data, screenshots, or other tangible or intangible items, and all intellectual property rights in them (collectively, “NetSPI Information”), shall remain the exclusive property of NetSPI. If NetSPI incorporates any NetSPI Information into deliverables to Client, such NetSPI Information is subject to the license of 2.1 above. Except as specifically provided in this Agreement, NetSPI does not transfer or assign to Client any copyright, trademark, patent, trade secret or other intellectual property rights or interests of any kind (collectively, “Rights”).

III. Confidential Information

NetSPI and Client may exchange information that is marked confidential or which would, under the circumstances, appear to a reasonable person to be confidential or proprietary (“Confidential Information”), which the receiving party shall protect from disclosure with the same degree of care that the receiving party uses to protect its own Confidential Information, but not less than reasonable care. The receiving party shall not disclose Confidential Information to any party without either a subpoena or court order requiring its disclosure or the advance written consent of the disclosing party. Each party consents to the entry of injunctive relief against it if it discloses or threatens to disclose Confidential Information of the other party. The Agreement is Confidential Information. NetSPI may publicly refer to Client as a client of NetSPI in promotional materials and communications.
 

IV. Warranties

NetSPI warrants that all Services will be performed in a professional and workmanlike manner. EXCEPT AS EXPRESSLY SET FORTH IN THESE TERMS, NETSPI EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES OF ANY KIND, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.

V. Limitation of Liability

5.1 Neither party shall be liable to the other for any indirect, incidental, special, punitive, consequential or exemplary damages.

5.2 Subject to section 5.1, NetSPI’s total aggregate liability for all loss, damages and other obligations of any kind combined is limited to the amount of fees invoiced by NetSPI to reseller for Services described in the SOW.

VI. General Provisions

6.1 Entire Agreement. This Agreement constitutes the entire agreement of the parties and supersedes any prior correspondence, agreements or contracts.

6.2 Amendments. This Agreement may be amended only by a written agreement signed by NetSPI and Client.

6.3 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Minnesota, not including choice of law rules. The parties consent to the sole jurisdiction of the state and federal courts located in St. Paul, Minnesota, for the resolution of any disputes between them.

6.4 Assignment. Neither party may assign this Agreement without prior written consent of the other party.

6.5 Savings Clause. If any provision of this Agreement is determined by a court of competent jurisdiction to be illegal, invalid or unenforceable, the remaining provisions shall remain in full force and effect.

6.6 Force Majeure. NetSPI shall not be responsible for any failure to perform under this Agreement or the SOW which is due to causes beyond its control.

Attack Surface Management Terms and Conditions

The person that accesses, uses, or otherwise engages with the NetSPI ASM Platform or ASM Portal (defined below), as well as the entity that employs such person or retains such person as a contractor (collectively, the “Client”), accepts and agrees to be bound by these Attack Surface Management Terms and Conditions. Client further agrees that the ASM Services (defined below) are being provided to Client by a reseller of NetSPI services (“NetSPI Reseller”), and Client hereby acknowledges and agrees that such NetSPI Reseller has actual authority from the Client to act as the agent of Client for all matters related to the ASM Services. These Terms and Conditions (these “Terms”) are part of and incorporated into the NetSPI Attack Surface Management Subscription Agreement by NetSPI, LLC (“NetSPI”), which also consists of the Order Form or SOW (collectively, “Order Form”) executed by the NetSPI Reseller. The “Agreement” consists of the Order Form, including the Schedules attached thereto, and these Terms. Capitalized terms not defined herein have the meanings given to them in the Order Form and the Schedules attached to the Order Form. References to Sections in these terms mean the corresponding Section in these Terms, unless otherwise provided.

1. Attack Surface Management

1.1 ASM Services. During the Term (as defined below) and subject to the terms and conditions of this Agreement, NetSPI (a) shall host and maintain the ASM Platform in order to scan the Attack Surface and to monitor the Monitored Assets (as such terms are defined in the Schedules to the Order Form) and (b) shall configure, host and maintain a custom portal for Client (the “ASM Portal”) so that (i) those employees of Client who are authorized by Client to access the Services and (ii) those employees of third-party vendors engaged by Client to provide IT support services who require access to the Services to perform their function and who are approved in advance by NetSPI, in its sole discretion (“Users”) may access the ASM Portal and review and retrieve reports and metrics prepared by NetSPI (“Client Reports”) generated by the ASM Platform relating to the status of the Monitored Assets (collectively, the “ASM Services”). As used herein, the “ASM Platform” means the software, hardware, algorithms, services and other technology that are developed by or licensed to NetSPI that (x) permits scanning and information gathering regarding Client’s then-current Attack Surface, (y) identifies known changes in and potential external exposures to the Monitored Assets and (z) generates Client Reports. The ASM Platform includes all improvements, modifications, updates and enhancements (“Updates”) that NetSPI may, from time to time, incorporate into or use in connection with the ASM Platform. 

1.2 Rights of Access. During the Term and subject to the terms and conditions of this Agreement, NetSPI hereby grants to Users a limited, non-exclusive, non-sublicensable, non-transferable, terminable license to access the ASM Portal and use, copy and distribute Client Reports solely for Client’s internal business purposes.

1.3 Subcontractors. NetSPI may engage subcontractors to provide the ASM Services under this Agreement, provided that such subcontractors shall be subject to obligations of confidentiality consistent with those set forth in Section 4. NetSPI will remain responsible for the performance by its subcontractors of any obligations under this Agreement.

1.4 Third Party Materials. Client acknowledges that, in delivering the ASM Services, NetSPI incorporates software and services provided by third parties, including open source software (collectively, “Third Party Materials”). Third Party Materials may be subject to additional terms and conditions, and Client agrees to be bound by such terms and conditions (provided that such terms will not impose additional fees on Client unless Client agrees to such additional fees in writing). Client agrees that NetSPI shall have no liability for Third Party Materials and that Third Party Materials are provided on an “AS IS” basis. 

1.5 Performance Standard. NetSPI will use commercially reasonable efforts to ensure that, during the Term: (a) the ASM Platform will substantially conform to the product documentation made available to Client (the “Documentation”) and (b) the ASM Services are reasonably available to Users during business hours. If the ASM Platform does not substantially conform to the Documentation or if ASM Services are unavailable, NetSPI shall use commercially reasonable efforts to resolve the issue promptly. NetSPI’s commercially reasonable efforts to resolve the issue as provided herein is Client’s sole and exclusive remedy and NetSPI’s sole obligation relating to the performance and availability of the ASM Platform, ASM Portal and/or the ASM Services. 

2. Client Responsibilities

2.1 General. NetSPI Reseller may act as a managed service provider for Client with respect to the ASM Services. If NetSPI Reseller acts as a managed service provider for Client, references to “Client” in this Section 2 shall also be interpreted as references to “NetSPI Reseller.” Client shall be solely responsible for its information technology infrastructure, whether operated by Client or third-party service providers, including computers, software, devices, applications, hardware, databases, electronic systems and networks (“Client Systems”). Client must maintain and ensure the presence and continued operation of the Client Systems necessary to access and use the ASM Platform and ASM Portal. Client must comply with any technical or operational requirements for the Client Systems related to use of the ASM Platform or ASM Portal (such as minimum system requirements), including hardware and connectively requirements, to the extent set forth in any Documentation provided by NetSPI. If the Client Systems fail to operate, Client must notify NetSPI of such failure immediately. Client acknowledges that NetSPI’s provision of the ASM Services may require NetSPI to access Client Systems and the Attack Surface and hereby consents to such access.

2.2 Credentials. Client will issue user credentials to its Users (including password and account name). Client is responsible for administering the credentials, and for the security and use of any access credentials by any of its Users. Client will be responsible for the compliance of all Users with any term of this Agreement. Client must notify NetSPI immediately if it becomes aware of any breach or unauthorized access to or unauthorized use of the ASM Platform or ASM Portal and cooperate with NetSPI in investigating and remediating such event.

2.3 Client Data. Client will be responsible for all information, data or other content that is collected or received by NetSPI from the Assets due to the operation of the ASM Services, including the original, client-specific content in the ASM Portal dashboard and any vulnerabilities of the Monitored Assets identified as part of the ASM Services (“Client Data”). For clarity, Client Data shall not include NetSPI templates or any NetSPI information provided in the ASM Portal or Client Reports. Client shall not provide NetSPI with access to any personal information, personally identifiable financial information, personal health information or any other sensitive information that subject to protection under applicable privacy laws.

2.4 Client Security. Client is solely responsible for taking any and all actions to protect its networks and systems (including without limitation, the Attack Surface and any Client Systems) in the event that the ASM Platform or ASM Portal provides an alert to a vulnerability on such networks and systems. Client is responsible for any actions it chooses to take or not take based on an alert, including remediation of any risks, exposures, or vulnerabilities identified in the alert. Client is responsible for communicating any risks, exposures, or vulnerabilities described in an alert or Report to its third-party system providers.

2.5 Restrictions on Use. Client shall not, and shall ensure that its Users do not: (a) license, sublicense, lease, sell, resell, copy, transfer, assign, distribute or otherwise commercially exploit or make available to any third party any portion of the ASM Platform or ASM Portal, except as expressly permitted under this Agreement; (b) modify or make derivative works based upon any portion of the ASM Platform or ASM Portal; (c) “frame” or “mirror” any content of the ASM Platform or ASM Portal on any other network, server or system; or (d) reverse engineer, decrypt, decompile, translate, or access any portion of the ASM Platform or the ASM Portal or attempt to discover the source code used in connection with the foregoing, (e) access the ASM Portal with the intent build a competitive product or service; or (f) remove, alter, deface, overprint or otherwise obscure any NetSPI patent, trademark, service mark, copyright or similar notice on any aspect of the ASM Platform or ASM Portal.

2.6 Suspension of ASM Services. NetSPI may suspend the ASM Services if NetSPI determines that Client or its Users are in breach of this Section 2 or if continued access may result in material harm to NetSPI, Client, Users or any other third party. NetSPI shall use reasonable efforts to notify Client in advance of any such suspension and will limit the suspension in duration and scope to the extent NetSPI determines is reasonably appropriate. Any such suspension shall be without liability to Client or any third party.

3. Fees

3.1 Fees and Payment. NetSPI Reseller shall be responsible for collecting the fees NetSPI Reseller charges to Client for the ASM Services, and for paying NetSPI the Fees listed in the Schedules to the Order Form (the “Fees”) in accordance with the payment terms set forth in the Order Form. In the event NetSPI Reseller fails to pay NetSPI the Fees in accordance with the terms of the Order Form, NetSPI shall, at its option, terminate Client’s access to the ASM Services and ASM Platform.

4. Confidentiality

4.1 General Duty. “Confidential Information” means information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”) identified by the Disclosing Party as “confidential” or “proprietary” or that under the circumstances ought reasonably to be treated as confidential or proprietary. The Receiving Party shall not, without the prior written consent of the Disclosing Party: (a) disclose such Confidential Information to any third person or entity other than in the proper course of performance under this Agreement except as permitted herein; or (b) use such Confidential Information for any purpose other than performance of its duties under this Agreement. The terms of this Agreement, Client Reports (except for Client Data contained therein), and all non-public information about the ASM Platform, the ASM Portal and the ASM Services are deemed NetSPI Confidential Information, and all Client Data is deemed to be Client Confidential Information. The confidentiality obligations of this Section do not apply to any information that the Receiving Party can demonstrate: (i) is or subsequently becomes available to the general public other than through a breach of this Agreement by the Receiving Party; (ii) is already known to the Receiving Party before disclosure by the Disclosing Party; (iii) is developed through the independent efforts of the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information; or (iv) the Receiving Party receives rightfully from third parties that are not subject to any restriction as to use or disclosure of the information.

4.2 Additional Terms. Without limiting the foregoing, Client agrees that it will not disclose the Client Reports to any third party other than NetSPI Reseller or Client’s contractors who have a need to review it for the purpose of maintaining the security of the Client Systems and the Attack Surface, provided that, prior to such disclosure Client enters into a non-disclosure agreement with such contractor that is at least as protective of such Client Reports as the terms of this Section 4.

5. Intellectual Property

5.1 ASM Intellectual Property. As between NetSPI and Client, NetSPI owns all right, title and interest, including intellectual property rights, in the ASM Platform (including all Updates), the ASM Portal and the ASM Services, and in any appliances, methodologies, code, templates or report formats, tools, or policies provided through the ASM Platform, the ASM Portal or the ASM Services. Nothing in this Agreement transfers any ownership right, title or interest in or to the ASM Platform, the ASM Portal or the ASM Services or any component thereof to Client, except the limited rights and licenses specifically granted in Section 1 of this Agreement (and further subject to Client’s ownership of Client Data as described in Section 5.2).

5.2 Client Data. As between NetSPI and Client, Client owns all rights, title and interest in and to the Client Data, including all intellectual property rights thereto, subject to the rights and permissions specifically granted in the next sentence. Client grants NetSPI a limited, nonexclusive, worldwide license to use Client Data for the Term of this Agreement as necessary to provide the ASM Platform and ASM Portal. NetSPI may use statistical information concerning the existence of vulnerabilities and other security risks that is compiled as a result of the provision or use of the ASM Platform and ASM Portal (“Compiled Data”) for the purpose of analyzing security trends and patterns, provided that all Compiled Data has been de-identified by NetSPI to remove all references to any Client Data, Client Confidential Information or other information that would identify Client.

6. Representations and Warranties

6.1 Client Warranties. Client represents and warrants that it shall perform its obligations under this Agreement. Client further represents and warrants that (a) it has or will obtain the necessary rights and consents to provide NetSPI with access to Client Systems and the Attack Surface, including without limitation any consents required from third party vendors, subcontractors or service providers of Client, (b) it will not use the ASM Portal to send or store material containing computer code, files, scripts, agents or programs, and (c) it will comply with all applicable laws and regulations regarding the use of the ASM Platform or ASM Portal. Client shall provide NetSPI with access to Client Systems and the Attack Surface as may be necessary for the functioning of the ASM Platform. Client hereby acknowledges and agrees that the NetSPI Reseller has actual authority from the Client to act as the agent of Client for all matters related to the ASM Services including without limitation taking any action or providing any information that Client is required or permitted to take or provide hereunder, and that all acts of NetSPI Reseller in this regard are binding on Client.

6.2 NetSPI Representations and Warranties. NetSPI represents and warrants that (a) NetSPI shall perform its obligations under this Agreement and (b) NetSPI owns or holds sufficient rights to provide the ASM Services to Client.

6.3 Exclusions. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN SECTION 6.2, NETSPI DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE WITH RESPECT TO THE ASM PLATFORM, THE ASM PORTAL AND THE AMS SERVICES, INCLUDING BUT NOT LIMITED TO, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE AND WARRANTIES THAT MAY ARISE OUT OF COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OR TRADE PRACTICE.

7. Limitation of Liability

7.1 NETSPI’S TOTAL AGGREGATE LIABILITY TO CLIENT OR TO ANY THIRD PARTY FOR ALL LOSSES, DAMAGES, COSTS, CLAIMS, SUITS, CAUSES OF ACTION OR OTHER OBLIGATIONS OF ANY KIND COMBINED (“LOSS”) SHALL NOT EXCEED THE TOTAL AMOUNTS PAID BY CLIENT TO NETSPI FOR THE ASM SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE ACT OR OMISSION GIVING RISE TO THE LOSS.

7.2 IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INCIDENTAL, CONSEQUENTIAL, INDIRECT, OR PUNITIVE DAMAGES INCLUDING BUT NOT LIMITED TO LOSS OF BUSINESS, PROFITS OR OTHER ECONOMIC ADVANTAGE, COST OF REPLACEMENT GOODS, NETWORK OR SYSTEM DOWNTIME, LOSS OF DATA (INCLUDING ALTERATION, DESTRUCTION, DAMAGE, CORRUPTION OR RECOVERY OF DATA), OR BREACH OF DATA OR SYSTEM SECURITY, REGARDLESS OF WHETHER SUCH LIABILITY IS BASED ON BREACH OF CONTRACT, FAILURE OF ESSENTIAL PURPOSE, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, ARISING UNDER OR RELATING TO THIS AGREEMENT, REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE AND WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8. Termination

8.1 Termination for Cause. Either party may terminate this Agreement: (a) if the other party is in material breach or default of any obligation of this Agreement and such breach or default is not cured within thirty (30) days after written notice from the other party; (b) if the other party becomes insolvent, upon five (5) days written notice from the other party; or (c) if the other party files as a debtor under any bankruptcy, insolvency or liquidation law, whether domestic or foreign, or such a filing is made against such party and such involuntary filing is not dismissed within sixty (60) days of commencement thereof.

8.2 Additional Remedies. If Client breaches any of the terms of this Agreement then, without limiting its rights and remedies, NetSPI may immediately suspend Client’s and its Users’ access to the ASM Platform and the ASM Services upon written notice to Client (which may be provided by e-mail).

8.3 Surviving Provisions. All defined terms and Sections 2.5, 3, 4, 5, 6.3, 7, 8.3, 8.4, 9 and 10 shall survive the termination or expiration of this Agreement.

8.4 Effect of Termination. Upon termination or expiration of this Agreement NetSPI shall cease to provide the ASM Platform, the ASM Portal and the ASM Services.

9. Indemnification

9.1 NetSPI Indemnification. Subject to Client’s obligations in Section 9.2, NetSPI shall defend Client against any third-party claim, demand, suit or proceeding against Client alleging that the ASM Services or Client’s use thereof infringes or misappropriates and third party’s intellectual property rights and will indemnify Client against any damages, attorneys fees and costs finally awarded against Client or for amounts paid by Client under a settlement approved by NetSPI; provided that NetSPI will have no indemnity obligation, responsibility or liability to Client for any infringement or other claim, suit or demand based on: (a) use of the ASM Platform, the ASM Portal or the ASM Services in a manner not described in this Agreement or the Documentation; (b) modification to Client Data by any person or entity other than NetSPI; (c) the use or combination of the ASM Platform, the ASM Portal, the ASM Services or Client Data with products or services not supplied by NetSPI; or (d) information supplied by Client to NetSPI that is used as the basis for providing the ASM Platform or ASM Portal or scoping and updating the Attack Surface.

9.2 Client Indemnification. Client shall indemnify, defend, and hold NetSPI harmless from and against any loss, liability, damage, settlement or expense (including attorneys’ fees and costs) incurred by NetSPI as a result of any third-party claim, demand, suit or proceeding against NetSPI based on or arising from: (a) Client’s breach of any term of this Agreement governing Client’s access to or use of the ASM Platform, the ASM Portal and/or the ASM Services; (b) Client’s failure to accurately describe elements of the Client Systems in any correspondence with NetSPI; and (c) Client or its personnel’s negligence, gross negligence or willful misconduct. In addition, and without limiting the foregoing, if NetSPI is required (in NetSPI’s sole determination) to serve as a witness in a trial, action or proceeding, to respond to subpoenas, or is made (or asked to) respond to discovery requests or otherwise participate in any trial, action or proceeding involving Client, its officers, directors, stockholders or creditors to which NetSPI is not a party, Client shall reimburse NetSPI upon written demand for all costs and expenses incurred or paid by NetSPI in connection therewith (including reasonable attorneys’ fees and expenses and a reasonable hourly rate for time committed by its personnel).

9.3 Procedure. The indemnity obligations set forth in this Section 9 are contingent upon (a) the indemnified party promptly notifying the indemnifying party in writing of the claim or suit, (b) the indemnifying party being allowed to control the defense and settlement of such claim or suit, and (c) the indemnified party reasonably cooperating with all requests of the indemnifying party (at the indemnifying party’s expenses) in the defense or settlement of such claim or suit. The indemnified party shall have the right, at its own expense, to participate in the defense of any action, suit or proceeding relating to such claim through counsel of its own choosing.

9.4 Infringement Remedies. If, in NetSPI’s opinion, the ASM Platform, ASM Portal or the ASM Services are likely to become the subject of a claim of intellectual property rights infringement or any such claim is threatened, NetSPI will have the option, at its discretion, to: (a) replace the ASM Platform, the ASM Portal and/or the ASM Services, or any portion thereof, with non-infringing items; (b) modify the ASM Platform, the ASM Portal or the ASM Services so that they are no longer infringing; (c) procure for Client the right to continue using the ASM Platform, the ASM Portal or the ASM Services at no additional cost to Client, (d) suspend the ASM Services, in whole or in part, or; (e) terminate this Agreement and refund Client an amount equal to the portion of prepaid Fees applicable to the remaining Term.

9.5 Sole Remedy. THIS SECTION 9 SETS FORTH CLIENT’S SOLE REMEDIES AND NETSPI’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL OR THREATENED OR ALLEGED CLAIMS THAT ANY SERVICES OR MATERIALS PROVIDED UNDER THIS AGREEMENT (INCLUDING THE ASM PLATFORM, THE ASM PORTAL OR THE ASM SERVICES) INFRINGES, MISAPPROPRIATES OR OTHERWISE VIOLATES ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.

10. Miscellaneous

10.1 Notices. Notices permitted or required to be given hereunder shall be deemed sufficient if given by registered or certified mail, postage prepaid, return receipt requested or by private courier service, addressed to the respective addresses of the parties as set forth on the Order Form or at such other addresses as the respective parties may hereafter designate by like notice. Notices so given shall be effective upon (a) receipt by the party to which notice is given, or (b) on the fifth (5th) day following mailing (other than email), whichever occurs first. Notices may be delivered to NetSPI by email to: legal@netspi.com and notices may be delivered to Client by email to the Client email address associated with the ASM Portal. Notices by email shall be effective on the business day following the date on which the email is sent unless the sender receives an automatic response or other indication that the email account is not then monitored.

10.2 Limitations Inherent to ASM. The ASM Platform and the ASM Services assess Monitored Assets of Client for exposure to the most common/likely weaknesses, vulnerabilities and exploits published in industry standards. As a result, a weakness, vulnerability or exploit may not be discovered by the ASM Platform and the ASM Services if it affects an out-of-scope Asset or is new, unknown or unlikely. Client acknowledges that use of the ASM Platform, the ASM Portal and the ASM Services are not legal advice or a guarantee or assurance of Client’s compliance with applicable laws, regulations, or standards. Although use of the ASM Platform, the ASM Portal or the ASM Services may assist Client in compliance efforts, Client (not NetSPI) is ultimately responsible for Client’s compliance requirements. The ASM Platform, the ASM Portal and the ASM Services are not managed services or similar monitoring solutions and NetSPI will not manage status or alerts that are generated by any Asset on the Attack Surface or any Client Systems. Additionally, the ASM Platform makes use of scanning technology to review Client’s Attack Surface. Client acknowledges that lost data or network/system downtime is an inherent risk of using Attack Surface scanning tools. Although NetSPI employs industry-standard measures to mitigate the impact of scanning, the unknown state or status of a Client network, system, or Attack Surface can lead to downtime when combined with scanning activity. Accordingly, NetSPI shall have no liability whatsoever related to lost data or downtime arising out of scanning activity.

10.3 Assignment. Neither party may assign this Agreement, in whole or in part, including by operation of law, without the express written consent of the other party, which shall not be unreasonably withheld, provided that NetSPI may assign this Agreement (a) to an affiliate and/or (b) to any entity that acquires all or substantially all of its capital stock or its assets connected to the business to which this Agreement relates, whether through purchase, merger, consolidation or otherwise.

10.4 Dispute Resolution; Applicable Law; Venue. In the event a dispute arises under this Agreement, the parties agree to use their respective best efforts to resolve the same amicably by mutual conference and agreement. If the parties are unable to resolve such dispute within ten (10) days following notice of the dispute, either party may seek any remedies available to it in law or equity. This Agreement shall be deemed to have been made in the State of Minnesota and shall be governed by and construed in accordance with the laws of the State of Minnesota, without regard to principles of conflicts of law. The parties mutually, expressly, irrevocably, and unconditionally waive trial by jury for any proceedings arising out of or relating to this Agreement. The parties irrevocably consent to the sole jurisdiction of the United States District Court located in St. Paul, Minnesota or the Minnesota state courts located in Ramsey County, Minnesota, as applicable under federal and state rules and jurisprudence relating to jurisdiction, for the resolution of any disputes between them.

10.5 Entire Agreement. This Agreement constitutes the entire agreement between NetSPI and Client regarding its subject matter, and merges all prior and contemporaneous communications with respect to the subject matter hereof and thereof, other than any separate non-disclosure or similar confidentiality agreement entered into between the parties. The terms on any purchase order or other form submitted by Client shall not apply to this Agreement. Neither party shall be bound by any definition, condition, provision, representation, warranty, covenant or promise other than as expressly stated in this Agreement.

10.6 Export Control. Client shall at its own expense obtain and maintain any approvals, consents, licenses or other authorizations necessary to the performance of this Agreement. Client will not use, import or export any portion of the ASM Platform or ASM Portal in violation of United States or other applicable import or export law. Client confirms that if Client acquires any deliverables, documentation, or services under this Agreement that are subject to the export control laws and regulations of the United States, it will not export or re-export them, directly or indirectly, either to (a) any countries that are embargoed under U.S. export restrictions; or (b) any end-user whom Client knows or has reason to know is on a denied person’s list.

10.7 Severability; Waiver. If any provision of this Agreement proves to be or becomes invalid or unenforceable under any applicable law, then such provision shall be deemed modified to the extent necessary in order to render such provision valid and enforceable in the manner that best advances the spirit of this Agreement; if such provision may not be so saved, it shall be severed and the remainder of this Agreement shall remain in full force and effect. No waiver of any provision of this Agreement or the breach thereof shall be effective unless made in writing and signed by an authorized representative of the waiving party.

10.8 Independent Contractor. NetSPI is an independent contractor, and nothing in this Agreement shall be construed as creating a partnership, joint venture or any other equivalent relationship between Client and NetSPI.

10.9 Non-Solicitation. Unless otherwise agreed to by NetSPI in writing, during the term of this Agreement and for a period of twelve (12) months following the expiration or termination of this Agreement, Client shall not directly or indirectly, solicit or induce for employment any employee of NetSPI. A general advertisement or notice of a job listing shall not be construed as a solicitation or inducement for purposes of this Section.

10.10 Force Majeure. Neither party shall be liable to the other for any loss or damage attributable to, and neither party shall deemed to be in default hereunder as a result of, any failure or delay in performance (other than the payment of amounts due under this Agreement) caused by force majeure. For purposes of this Agreement, the term “force majeure” shall include strike, lockout, earthquake, hurricane, flood, fire, epidemic, pandemic or other acts of God or nature, war, rebellion, civil disorders, piracy, acts of civil or military authorities, widespread electrical or telecommunications failures (including successful attacks on the Internet infrastructure), and any other causes beyond the reasonable control of the party whose performance is affected. Both parties shall use all reasonable efforts to minimize the consequences of force majeure.

10.11 No Third Party Beneficiaries. Except as provided in Section 9, nothing in this Agreement, whether express or implied, will confer upon any person or entity, other than the parties, their successors and permitted assigns, any legal or equitable right whatsoever to enforce any provision of this Agreement.

NetSPI PTaaS Terms and Conditions

1. The person that accesses, uses, or otherwise engages with the NetSPI PTaaS Services, as well as the entity that employs such person or retains such person as a contractor (“Client”) is purchasing PTaaS on a subscription basis for the entire term of the proposal, quotation or Statement(s) of Work (collectively, the “SOW”) between Client and the entity reselling NetSPI Services (also referred to as the “Service Period”). All Services that are described in the SOW must be scheduled and performed during the Service Period. If all Services listed in the SOW are not performed during the Service Period, no credits are given for paid but unused Services.

2. Any meeting to review results or reports (including preliminary results or reports) must be held no later than 45 days from NetSPI’s delivery of such results or reports to Client. NetSPI may charge Client on a time and materials basis for preparation and attendance at meetings held after this 45-day period.

NetSPI Terms Applicable to The NetSPI Platform

1. Definitions:

  • “The NetSPI Platform” means NetSPI’s proprietary software as a service application in the version and release made available to Client.
  • “NetSPI Database” means NetSPI’s proprietary database of vulnerability and exploit research which may be made available to Client in conjunction with The NetSPI Platform.
  • “Track” means the component of The NetSPI Platform through which Client’s users access and manage reports that are provided as Deliverables.

2. NetSPI hereby grants Client a limited, non-exclusive, non-transferable worldwide right to access and use The NetSPI Platform solely for the purpose of receiving Services enabled by The NetSPI Platform and reviewing Deliverables available through The NetSPI Platform, for the duration of the Service Period. This right to use The NetSPI Platform shall be considered part of the Services, and subject to the same terms that apply to Services.

3. Client may only access and use The NetSPI Platform through the third-party cloud environment denoted by NetSPI using credentials supplied by NetSPI. NetSPI will set up Client users based on the functional roles each user will play, and each user will be extended single user access to each of the modules that are applicable to their specific roles. Client shall be solely responsible for ensuring that its own systems are operating in a manner that permits The NetSPI Platform to be available to its authorized users.

4. Client shall not (a) license, sublicense, lease, sell, resell, copy, transfer, assign, distribute or otherwise commercially exploit or make available to any third party (other than as set forth below) any portion of The NetSPI Platform; (b) modify or make derivative works of The NetSPI Platform; (c) “frame” or “mirror” The NetSPI Platform (including the NetSPI Database) on any other server or device; or (d) reverse engineer, decrypt, decompile, translate, or access any portion of The NetSPI Platform or attempt to discover the source code of The NetSPI Platform in order to (i) build a competitive product or service, (ii) build a product using similar ideas, features, functions or graphics, or (iii) copy any ideas, features, functions or graphics. Client will not and will not allow its users to tamper with The NetSPI Platform or take any activity intended to bypass, modify, defeat or circumvent any security or access control features of The NetSPI Platform.

NetSPI Breach and Attack Simulation Terms and Conditions

The person that accesses, uses, or otherwise engages with The NetSPI Platform (defined below), as well as the entity that employs such person or retains such person as a contractor (collectively, the “Client”), accepts and agrees to be bound by these NetSPI Platform Terms and Conditions. Client further agrees that any services related to use of The NetSPI Platform are being provided to Client by a reseller of NetSPI services (“NetSPI Reseller”), and Client hereby acknowledges and agrees that such reseller has actual authority from the Client to act as the agent of Client for all matters related to The NetSPI Platform. These Terms and Conditions (these “Terms”) are part of and incorporated into The NetSPI Platform Subscription Agreement by and between NetSPI, LLC (“NetSPI”) and the NetSPI Reseller or Client that has executed an Order Form or SOW (collectively, “Order Form”) to The NetSPI Platform Subscription Agreement (“Client”).  The “Agreement” consists of the Order Form, including the Schedules attached thereto, and these Terms.  Capitalized terms not defined herein have the meanings given to them in the Order Form and the Schedules attached to the Order Form.  References to Sections in these terms mean the corresponding Section in these Terms, unless otherwise provided.  In the event of a conflict, the Agreement will be interpreted in the following order of precedence: the Order Form, then the Schedules and then these Terms.

1. The NetSPI Platform

1.1 The NetSPI Platform Services. During the Term (as defined below) and subject to the terms and conditions of this Agreement, NetSPI (a) shall host and maintain The NetSPI Platform portal on a NetSPI cloud instance in the United States or Canada and permit Client to access Client’s instance to The NetSPI Platform portal as described in this Agreement; (b) provide Client with the BAS Agent as described in the Order Form, subject to the license described in 1.2 below, for purposes of using the The NetSPI Platform; and (c) provide the Services, if any, described in the Order Form related to the use of the The NetSPI Platform.

1.2 Rights of Access/License. During the Term, NetSPI grants Client: (a) a limited, non-exclusive, non-transferable United States license to remotely access The NetSPI Platform solely by using the BAS Agent as described in in this Agreement; (b) a limited, non-exclusive, non-transferable United States license to install and use the BAS Agent on Client’s network as described in the Order Form for the purpose of accessing The NetSPI Platform, and; (c) a limited, non-exclusive, non-transferable worldwide right to access and use the data showing the results of Client’s use of The NetSPI Platform solely via the The NetSPI Platform portal for the sole purpose of learning adversary simulation and detection methods applicable to the tested environment, and  incorporating such data into changes to the tested environment for Client’s internal use. NetSPI grants Client no rights to the high-level architecture, training methods, know-how, methodologies, or any tangible or intangible item related to The NetSPI Platform other than the results data derived from Client’s use of The NetSPI Platform as described in subsection (c) of the previous sentence.

1.3 Subcontractors. NetSPI may engage subcontractors to provide The NetSPI Platform Services under this Agreement, provided that such subcontractors shall be subject to obligations of confidentiality consistent with those set forth in Section 4.  NetSPI will remain responsible for the performance by its subcontractors of any obligations under this Agreement.

1.4 Third Party Materials. Client acknowledges that, in delivering The NetSPI Platform Services, NetSPI incorporates software and services provided by third parties, including open source software (collectively, “Third Party Materials”).  Third Party Materials may be subject to additional terms and conditions, and Client agrees to be bound by such terms and conditions (provided that such terms will not impose additional fees on Client unless Client agrees to such additional fees in writing).  Client agrees that NetSPI shall have no liability for Third Party Materials and that Third Party Materials are provided on an “AS IS” basis.

1.5 Performance Standard. NetSPI will use commercially reasonable efforts to ensure that, during the Term: (a) The NetSPI Platform will substantially conform to the product documentation made available to Client (the “Documentation”) and (b) The NetSPI Platform is reasonably available to Users during business hours.  If The NetSPI Platform does not substantially conform to the Documentation or if The NetSPI Platform is unavailable, NetSPI shall use commercially reasonable efforts to resolve the issue promptly. NetSPI’s commercially reasonable efforts to resolve the issue as provided herein is Client’s sole and exclusive remedy and NetSPI’s sole obligation relating to the performance and availability of The NetSPI Platform.

2. Client Responsibilities

2.1 General. NetSPI Reseller may act as a managed service provider for Client with respect to the ASM Services. If NetSPI Reseller acts as a managed service provider for Client, references to “Client” in this Section 2 shall also be interpreted as references to “NetSPI Reseller.” Client shall be solely responsible for its information technology infrastructure, whether operated by Client or third-party service providers, including computers, software, devices, applications, hardware, databases, electronic systems and networks (“Client Systems”).  Client must maintain and ensure the presence and continued operation of the Client Systems necessary to access and use The NetSPI Platform.  Client must comply with any technical or operational requirements for the Client Systems related to use of The NetSPI Platform (such as minimum system requirements), including hardware and connectivity requirements, to the extent set forth in any Documentation provided by NetSPI.  If the Client Systems fail to operate, Client must notify NetSPI of such failure immediately.  Client acknowledges that NetSPI’s provision of The NetSPI Platform may require NetSPI to access Client Systems and the Client’s instance of The NetSPI Platform and hereby consents to such access. Client may only access and use The NetSPI Platform within a NetSPI instance of a third party provider’s cloud environment located in the United States or Canada using credentials supplied by NetSPI. NetSPI makes no representation, warranty or service level concerning availability, uptime, response time, or any other characteristic of the third party provider’s cloud environment on which The NetSPI Platform is hosted. 

2.2 Credentials. Client will issue user credentials to its Users (including password and account name). Client is responsible for administering the credentials, and for the security and use of any access credentials by any of its Users.  Client will be responsible for the compliance of all Users with any term of this Agreement.  Client must notify NetSPI immediately if it becomes aware of any breach or unauthorized access to or unauthorized use of The NetSPI Platform and cooperate with NetSPI in investigating and remediating such event.

2.3 Client Data. Client will be responsible for all data showing the results of Client’s operation of The NetSPI Platform, including any vulnerabilities identified as part of Client’s use of The NetSPI Platform (“Client Data”). For clarity, Client Data shall not include NetSPI templates or any NetSPI information provided to Client or any other items described in Section 5.1 below.  Client shall not provide NetSPI with access to any personal information, personally identifiable financial information, personal health information or any other sensitive information that subject to protection under applicable privacy laws.

2.4 Client Security. Client is solely responsible for taking any and all actions to protect its networks and systems (including without limitation, any Client Systems) in the event of a vulnerability detected on such networks and systems.  Client is responsible for any actions it chooses to take or not take based on an alert or detection, including remediation of any risks, exposures, or vulnerabilities identified in the alert.  Client is responsible for communicating any risks, exposures, or vulnerabilities described in an alert or output of The NetSPI Platform to its third-party system providers.

2.5 Restrictions on Use. Client shall not, and shall ensure that its Users do not: (a) license, sublicense, lease, sell, resell, copy, transfer, assign, distribute or otherwise commercially exploit or make available to any third party any portion of The NetSPI Platform, except as expressly permitted under this Agreement; (b) modify or make derivative works based upon any portion of The NetSPI Platform; (c) ”frame” or “mirror” any content of The NetSPI Platform on any other network, server or system; or (d) reverse engineer, decrypt, decompile, translate, or access any portion of The NetSPI Platform or attempt to discover the source code used in connection with the foregoing, (e) access The NetSPI Platform, or use the Client Data or the knowledge learned in use of The NetSPI Platform, in order to create any product or service, including without limitation any adversary simulation software or service or any product or service that would compete with any product or services of NetSPI; or (f) remove, alter, deface, overprint or otherwise obscure any NetSPI patent, trademark, service mark, copyright or similar notice on any aspect of The NetSPI Platform.

2.6 Suspension of The NetSPI Platform Services. NetSPI may suspend the Client’s access to and use of The NetSPI Platform if NetSPI determines that Client or its Users are in breach of this Section 2 or if continued access may result in material harm to NetSPI, Client, Users or any other third party.  NetSPI shall use reasonable efforts to notify Client in advance of any such suspension and will limit the suspension in duration and scope to the extent NetSPI determines is reasonably appropriate.  Any such suspension shall be without liability to Client or any third party.

3. Fees

3.1 Fees and Payment. NetSPI Reseller shall be responsible for collecting the fees NetSPI Reseller charges to Client for The NetSPI Platform, and for paying NetSPI the Fees listed in the Schedules to the Order Form (the “Fees”) in accordance with the payment terms set forth in the Order Form. In the event NetSPI Reseller fails to pay NetSPI the Fees in accordance with the terms of the Order Form, NetSPI shall, at its option, terminate Client’s access to The NetSPI Platform.

4. Confidentiality

4.1 General Duty. “Confidential Information” means information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”) identified by the Disclosing Party as “confidential” or “proprietary” or that under the circumstances ought reasonably to be treated as confidential or proprietary.  The Receiving Party shall not, without the prior written consent of the Disclosing Party: (a) disclose such Confidential Information to any third person or entity other than in the proper course of performance under this Agreement except as permitted herein; or (b) use such Confidential Information for any purpose other than performance of its duties under this Agreement.  The terms of this Agreement, reports generated (if any) by NetSPI (“Client Reports”) (except for Client Data contained therein), and all non-public information about The NetSPI Platform are deemed NetSPI Confidential Information, and all Client Data is deemed to be Client Confidential Information.  The confidentiality obligations of this Section do not apply to any information that the Receiving Party can demonstrate:  (i) is or subsequently becomes available to the general public other than through a breach of this Agreement by the Receiving Party; (ii) is already known to the Receiving Party before disclosure by the Disclosing Party; (iii) is developed through the independent efforts of the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information; or (iv) the Receiving Party receives rightfully from third parties that are not subject to any restriction as to use or disclosure of the information.

4.2 Additional Terms. Without limiting the foregoing, Client agrees that it will not disclose the Client Reports to any third party other than NetSPI Reseller or Client’s contractors who have a need to review it for the purpose of maintaining the security of Client’s network (including without limitation the Client Systems), provided that, prior to such disclosure Client enters into a non-disclosure agreement with such contractor that is at least as protective of such Client Reports as the terms of this Section 4.

5. Intellectual Property

5.1 The NetSPI Platform Intellectual Property. As between NetSPI and Client, NetSPI owns all right, title and interest, including intellectual property rights, in The NetSPI Platform (including without limitation all improvements, modifications, updates and enhancements thereto, collectively the “Updates”), and in any appliances, methodologies, code, templates or report formats, tools, policies, high level architecture, training methods, know-how, or any other tangible or intangible items that are part of or made available through The NetSPI Platform. Nothing in this Agreement transfers any ownership right, title or interest in or to The NetSPI Platform or any component thereof to Client, except the limited rights and licenses specifically granted in Section 1.2 of this Agreement and Client’s ownership of Client Data as described in Section 5.2.

5.2 Client Data. As between NetSPI and Client, Client owns all rights, title and interest in and to the Client Data, including all intellectual property rights thereto, subject to the rights and permissions specifically granted in the next sentence.  Client grants NetSPI a limited, nonexclusive, worldwide license to use Client Data for the Term of this Agreement as necessary to provide The NetSPI Platform.  NetSPI may use statistical information concerning the existence of vulnerabilities and other security risks that is compiled as a result of the provision or use of The NetSPI Platform (“Compiled Data”) for the purpose of analyzing security trends and patterns, provided that all Compiled Data has been de-identified by NetSPI to remove all references to any Client Data, Client Confidential Information or other information that would identify Client.

6. Representations and Warranties

6.1 Client Warranties. Client represents and warrants that it has the full legal power and authority to enter into and perform its obligations under this Agreement.  Client further represents and warrants that (a) it has or will obtain the necessary rights and consents to provide NetSPI with access to Client Systems, including without limitation any consents required from third party vendors, subcontractors or service providers of Client, (b) it will not use The NetSPI Platform to send or store material containing computer code, files, scripts, agents or programs, and (c) it will comply with all applicable laws and regulations regarding the use of The NetSPI Platform.  Client shall provide NetSPI with access to Client Systems and the Client’s instance of The NetSPI Platform as may be necessary for the functioning of The NetSPI Platform.

6.2 NetSPI Representations and Warranties. NetSPI represents and warrants that (a) NetSPI has the full legal power and authority to enter into and perform its obligations under this Agreement and (b) NetSPI owns or holds sufficient rights to provide The NetSPI Platform Services to Client.

6.3 Exclusions. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN SECTION 6.2, NETSPI DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE WITH RESPECT TO THE NETSPI PLATFORM, INCLUDING BUT NOT LIMITED TO, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE AND WARRANTIES THAT MAY ARISE OUT OF COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OR TRADE PRACTICE.

7. Limitation of Liability

7.1 NETSPI’S TOTAL AGGREGATE LIABILITY TO CLIENT OR TO ANY THIRD PARTY FOR ALL LOSSES, DAMAGES, COSTS, CLAIMS, SUITS, CAUSES OF ACTION OR OTHER OBLIGATIONS OF ANY KIND COMBINED (“LOSS”) SHALL NOT EXCEED THE TOTAL AMOUNTS PAID BY CLIENT TO NETSPI FOR THE NETSPI PLATFORM SUBSCRIPTION IN THE TWELVE (12) MONTHS PRECEDING THE ACT OR OMISSION GIVING RISE TO THE LOSS.

7.2 IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INCIDENTAL, CONSEQUENTIAL, INDIRECT, OR PUNITIVE DAMAGES INCLUDING BUT NOT LIMITED TO LOSS OF BUSINESS, PROFITS OR OTHER ECONOMIC ADVANTAGE, COST OF REPLACEMENT GOODS, NETWORK OR SYSTEM DOWNTIME, LOSS OF DATA (INCLUDING ALTERATION, DESTRUCTION, DAMAGE, CORRUPTION OR RECOVERY OF DATA), OR BREACH OF DATA OR SYSTEM SECURITY, REGARDLESS OF WHETHER SUCH LIABILITY IS BASED ON BREACH OF CONTRACT, FAILURE OF ESSENTIAL PURPOSE, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, ARISING UNDER OR RELATING TO THIS AGREEMENT, REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE AND WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8. Termination

8.1 Termination for Cause. Either party may terminate this Agreement:  (a) if the other party is in material breach or default of any obligation of this Agreement and such breach or default is not cured within thirty (30) days after written notice from the other party; (b) if the other party becomes insolvent, upon five (5) days written notice from the other party; or (c) if the other party files as a debtor under any bankruptcy, insolvency or liquidation law, whether domestic or foreign, or such a filing is made against such party and such involuntary filing is not dismissed within sixty (60) days of commencement thereof.

8.2 Additional Remedies. If Client breaches any of the terms of this Agreement then, without limiting its rights and remedies, NetSPI may immediately suspend Client’s and its Users’ access to The NetSPI Platform upon written notice to Client (which may be provided by e-mail).

8.3 Surviving Provisions. All defined terms and Sections 2.5, 3, 4, 5, 6.3, 7, 8.3, 8.4, 9 and 10 shall survive the termination or expiration of this Agreement.

9. Indemnification

9.1 NetSPI Indemnification. Subject to Client’s obligations in Section 9.2, NetSPI shall defend Client against any third-party claim, demand, suit or proceeding against Client alleging that The NetSPI Platform or Client’s use thereof in the manner permitted by the Agreement infringes or misappropriates and third party’s intellectual property rights and will indemnify Client against any damages, attorneys fees and costs finally awarded against Client or for amounts paid by Client under a settlement approved by NetSPI; provided that NetSPI will have no indemnity obligation, responsibility or liability to Client for any infringement or other claim, suit or demand based on:  (a) use of The NetSPI Platform in a manner not described in this Agreement or the Documentation; (b) modification to Client Data by any person or entity other than NetSPI; (c) the use or combination of The NetSPI Platform or Client Data with products or services not supplied by NetSPI; or (d) information supplied by Client to NetSPI that is used as the basis for providing The NetSPI Platform.

9.2 Client Indemnification. Client shall indemnify, defend, and hold NetSPI harmless from and against any loss, liability, damage, settlement or expense (including attorneys’ fees and costs) incurred by NetSPI as a result of any third-party claim, demand, suit or proceeding against NetSPI based on or arising from:  (a) Client’s breach of any term of this Agreement governing Client’s access to or use of The NetSPI Platform; (b) Client’s failure to accurately describe elements of the Client Systems in any correspondence with NetSPI; and (c) Client or its personnel’s negligence, gross negligence or willful misconduct.  In addition, and without limiting the foregoing, if NetSPI is required (in NetSPI’s sole determination) to serve as a witness in a trial, action or proceeding, to respond to subpoenas, or is made (or asked to) respond to discovery requests or otherwise participate in any trial, action or proceeding involving Client, its officers, directors, stockholders or creditors to which NetSPI is not a party, Client shall reimburse NetSPI upon written demand for all costs and expenses incurred or paid by NetSPI in connection therewith (including reasonable attorneys’ fees and expenses and a reasonable hourly rate for time committed by its personnel).

9.3 Procedure. The indemnity obligations set forth in this Section 9 are contingent upon (a) the indemnified party promptly notifying the indemnifying party in writing of the claim or suit, (b) the indemnifying party being allowed to control the defense and settlement of such claim or suit, and (c) the indemnified party reasonably cooperating with all requests of the indemnifying party (at the indemnifying party’s expenses) in the defense or settlement of such claim or suit.  The indemnified party shall have the right, at its own expense, to participate in the defense of any action, suit or proceeding relating to such claim through counsel of its own choosing.

9.4 Infringement Remedies. If, in NetSPI’s opinion, The NetSPI Platform is likely to become the subject of a claim of intellectual property rights infringement or any such claim is threatened, NetSPI will have the option, at its discretion, to: (a) replace The NetSPI Platform, or any portion thereof, with non-infringing items; (b) modify The NetSPI Platform so that it is no longer infringing; (c) procure for Client the right to continue using The NetSPI Platform at no additional cost to Client, (d) suspend the Client’s access to and use of The NetSPI Platform, in whole or in part, or; (e) terminate this Agreement and refund Client an amount equal to the portion of prepaid Fees applicable to the remaining Term.

9.5 Sole Remedy. THIS SECTION 9 SETS FORTH CLIENT’S SOLE REMEDIES AND NETSPI’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL OR THREATENED OR ALLEGED CLAIMS THAT ANY SERVICES OR MATERIALS PROVIDED UNDER THIS AGREEMENT (INCLUDING THE NETSPI PLATFORM) INFRINGES, MISAPPROPRIATES OR OTHERWISE VIOLATES ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.

10. Miscellaneous

10.1 Notices. Notices permitted or required to be given hereunder shall be deemed sufficient if given by registered or certified mail, postage prepaid, return receipt requested or by private courier service, addressed to the respective addresses of the parties as set forth on the Order Form or at such other addresses as the respective parties may hereafter designate by like notice.  Notices so given shall be effective upon (a) receipt by the party to which notice is given, or (b) on the fifth (5th) day following mailing (other than email), whichever occurs first.  Notices may be delivered to NetSPI by email to: legal@netspi.com.  Notices by email shall be effective on the business day following the date on which the email is sent unless the sender receives an automatic response or other indication that the email account is not then monitored.

10.2 Limitations Inherent to The NetSPI Platform. The NetSPI Platform assesses exposure to the most common/likely weaknesses, vulnerabilities and exploits published in industry standards.  As a result, a weakness, vulnerability or exploit may not be discovered by The NetSPI Platform if it is new, unknown or unlikely.  Client acknowledges that use of The NetSPI Platform is not legal advice or a guarantee or assurance of Client’s compliance with applicable laws, regulations, or standards.  Although use of The NetSPI Platform may assist Client in compliance efforts, Client (not NetSPI) is ultimately responsible for Client’s compliance requirements.  The NetSPI Platform is not a managed service offering or similar monitoring solution and NetSPI will not manage status or alerts that are generated on the Client’s instance of The NetSPI Platform or any Client Systems. Additionally, The NetSPI Platform may make use of port scanning and automated attack scenario technology to review and test Client environments. Client acknowledges that lost data or network/system downtime is an inherent risk of using The NetSPI Platform tools and technology. Although NetSPI employs industry-standard measures to mitigate the impact of such tools and technology, the unknown state or status of a Client network, system, or use case can lead to downtime when combined with use of such tools or technology. Accordingly, NetSPI shall have no liability whatsoever related to lost data or downtime arising out of use of The NetSPI Platform.

10.3 Assignment. Neither party may assign this Agreement, in whole or in part, including by operation of law, without the express written consent of the other party, which shall not be unreasonably withheld, provided that NetSPI may assign this Agreement (a) to an affiliate and/or (b) to any entity that acquires all or substantially all of its capital stock or its assets connected to the business to which this Agreement relates, whether through purchase, merger, consolidation or otherwise.

10.4 Dispute Resolution; Applicable Law; Venue. In the event a dispute arises under this Agreement, the parties agree to use their respective best efforts to resolve the same amicably by mutual conference and agreement.  If the parties are unable to resolve such dispute within ten (10) days following notice of the dispute, either party may seek any remedies available to it in law or equity.  This Agreement shall be deemed to have been made in the State of Minnesota and shall be governed by and construed in accordance with the laws of the State of Minnesota, without regard to principles of conflicts of law.  The parties mutually, expressly, irrevocably, and unconditionally waive trial by jury for any proceedings arising out of or relating to this Agreement.  The parties irrevocably consent to the sole jurisdiction of the United States District Court located in St. Paul, Minnesota or the Minnesota state courts located in Ramsey County, Minnesota, as applicable under federal and state rules and jurisprudence relating to jurisdiction, for the resolution of any disputes between them.

10.5 Entire Agreement. This Agreement constitutes the entire agreement between NetSPI and Client regarding its subject matter, and merges all prior and contemporaneous communications with respect to the subject matter hereof and thereof, other than any separate non-disclosure or similar confidentiality agreement entered into between the parties.  The terms on any purchase order or other form submitted by Client shall not apply to this Agreement.  Neither party shall be bound by any definition, condition, provision, representation, warranty, covenant or promise other than as expressly stated in this Agreement.

10.6 Export Control. Client shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using The NetSPI Platform and related Services. Without limiting the foregoing, Client represents and warrants that (a) it will not use The NetSPI Platform in or from, nor is it under the control of the government of, Cuba, Iran, North Korea, Syria, and certain disputed regions of Ukraine (i.e., Crimea and the so-called Donetsk and Luhansk People’s Republics) or any country to which the United States has prohibited export; (b) it will not download or otherwise export or reexport the BAS Agent or Client Data or associated documentation, directly or indirectly, to any country to which the United States has prohibited export or to citizens, nationals or residents of those countries; (c) it is not listed on the United States Department of Treasury lists of Specially Designated Nationals, Specially Designated Terrorists, and Specially Designated Narcotic Traffickers, or the United States Department of Commerce Table of Denial Orders, nor will it permit any other individual or entity appearing on such lists to access or use The NetSPI Platform; (d) it will not allow The NetSPI Platform or Client Data to be used for any purposes prohibited by United States law, including, without limitation, for the development, design, manufacture or production of nuclear, chemical or biological weapons of mass destruction; and (e) The NetSPI Platform or Client Data will not be used to affect the confidentiality, integrity, or availability of information or information systems, without authorization by the owner, operator, or administrator of the information system.

10.7 Severability; Waiver. If any provision of this Agreement proves to be or becomes invalid or unenforceable under any applicable law, then such provision shall be deemed modified to the extent necessary in order to render such provision valid and enforceable in the manner that best advances the spirit of this Agreement; if such provision may not be so saved, it shall be severed and the remainder of this Agreement shall remain in full force and effect.  No waiver of any provision of this Agreement or the breach thereof shall be effective unless made in writing and signed by an authorized representative of the waiving party.

10.8 Independent Contractor. NetSPI is an independent contractor, and nothing in this Agreement shall be construed as creating a partnership, joint venture or any other equivalent relationship between Client and NetSPI.

10.9 Non-Solicitation. Unless otherwise agreed to by NetSPI in writing, during the term of this Agreement and for a period of twelve (12) months following the expiration or termination of this Agreement, Client shall not directly or indirectly, solicit or induce for employment any employee of NetSPI.  A general advertisement or notice of a job listing shall not be construed as a solicitation or inducement for purposes of this Section.

10.10 Force Majeure. Neither party shall be liable to the other for any loss or damage attributable to, and neither party shall deemed to be in default hereunder as a result of, any failure or delay in performance (other than the payment of amounts due under this Agreement) caused by force majeure.  For purposes of this Agreement, the term “force majeure” shall include strike, lockout, earthquake, hurricane, flood, fire, epidemic, pandemic or other acts of God or nature, war, rebellion, civil disorders, piracy, acts of civil or military authorities, widespread electrical or telecommunications failures (including successful attacks on the Internet infrastructure), and any other causes beyond the reasonable control of the party whose performance is affected.  Both parties shall use all reasonable efforts to minimize the consequences of force majeure.

10.11 No Third Party Beneficiaries. Except as provided in Section 9, nothing in this Agreement, whether express or implied, will confer upon any person or entity, other than the parties, their successors and permitted assigns, any legal or equitable right whatsoever to enforce any provision of this Agreement.

10.12 Counterparts. This Agreement may be executed in two or more counterparts, and each such counterpart shall be deemed an original hereof.  Facsimile or PDF signature pages shall be deemed original counterparts.