Project Terms. Service Assumptions & Customer Dependencies In addition to any other responsibilities or assumptions described in this Agreement, the Customer Dependencies are as follows and the Customer recognises that if it fails to comply with the following dependencies, Vodafone is relieved from performing or delivering the Service and may choose to suspend or terminate this Agreement: 1. Customer shall perform and complete the responsibilities and assumptions set out in the Customer Prerequisites section prior to the Service Commencement Date. 2. Customer is solely responsible for implementing a process to ensure that if Customer’s IT Team detects Vodafone’s activities under the Service, such detection will be escalated to Customer’s senior management, or such other knowledgeable Customer personnel, who can intervene prior to such activity being reported outside of Customer’s organisation (e.g. to law enforcement) or, if such activity is reported outside of Customer’s organisation, Customer will promptly clarify that Vodafone was acting with Customer’s full knowledge and consent. 3. Decisions to be made by the Customer must be made promptly and without delay. 4. Customer shall be responsible for delivering all communications internal to Customer regarding the Service, including communications intended to inform Customer employees and personnel about the Service, any impact it may have on Customer employees and personnel, and any training necessary to impacted Customer employees and personnel. 5. Customer must be aware of and acknowledge the risks associated with the Service and must have taken the necessary pre-testing steps (e.g. data backup, internal communications etc.) to help minimize these risks. 6. Customer shall provide an accurate and complete list of email addresses together with names and department/roles of the Targeted Employees in a timely manner, and such other information as may be reasonably required and notified by Vodafone, and shall immediately notify Vodafone if it learns that any information previously provided to Vodafone is materially inaccurate or incomplete. 7. Customer will consent to and authorize Vodafone to access the Customer Property and perform the Service as described in this Agreement. 8. Customer is solely responsible for obtaining any such consents (including copyright for websites to be cloned as part of the Service), permissions or licenses or providing such notices (including from third-parties and Customer employees) necessary for Vodafone to perform its obligations under this Agreement. 9. Any other Customer responsibility that the parties mutually agree upon in writing in the Customer Phishing Awareness Request Form. 10. Customer will provide to Vodafone a sample structure of its typical company email communications and network access to Customer’s company portal (such that Vodafone can obtain a screenshot to replicate the company portal) or any other landing page suitable for phishing email attacks. General Assumptions & Dependencies The general assumptions & dependencies applicable for this Service are: • All work is carried out on a fixed fee basis. • There will be no changes to the scope of the Service, as set out in this Agreement. • The Service is not warranted to: • detect or identify all security or network threats to, or vulnerabilities of Customer’s networks or other facilities, assets, or operations; • prevent intrusions into or any damage to Customer’s networks or other facilities, assets, or operations; • return control of a Customer or third party system where unauthorized access or control has occurred; or • meet or help Customer meet any Applicable Law, industry standard or any other requirements including the Payment Card Industry Data Security Standard. It is Customer’s sole responsibility to provide appropriate and adequate security for its company, its assets, systems and employees. • Customer must promptly notify Vodafone of any changes to the information provided by Customer in the Customer Phishing Awareness Request Form. • Vodafone may provide reasonable recommendations, advice or instructions on a particular course of action in the course of performing or as a result of the Service or in the Deliverables to be provided to Customer and if Customer chooses not to follow such reasonable recommendations, advice or instructions, Customer acknowledges that Vodafone shall not be responsible for any losses or claims made by the Customer that arise from Customer’s failure to follow such recommendations, advice or instructions. • While Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in a manner designed to mitigate and reduce the risk of damage to Customer Property, Customer acknowledges that there is inherent risk in the provision of the security Service in accordance with this Agreement which may lead to operational degradation, performance impact, breach of Customer policies or industry standards, or otherwise impair Customer Property (each a “Customer Damage” and together the “Customer Damages”) and, Vodafone will not be liable to the Customer or its respective employees or any third parties of the Customer for Customer Damages arising from the foregoing. To the extent possible, prior to commencing any provisioning of the Service, Vodafone shall identify and inform the Customer of any Customer Damage associated with the Service. • Customer agrees that Vodafone has the right to anonymise and aggregate Customer Data that will not in any way reveal the Customer Data as being attributable to the Customer with other data and leverage anonymous learnings and insights regarding use of the Service (the anonymised data, “Vodafone Insights Data”), and that Vodafone owns Vodafone Insights Data and may use Vodafone Insights Data during and after the term of this Agreement solely to develop, provide, and improve Vodafone products and services. • Customer agrees that Vodafone is not liable to Customer for Customer Damages provided that Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in accordance with the terms of this Agreement. • The Customer agrees that, to the extent permitted by Applicable Law, it shall not bring any claim against Vodafone or any Group Company, whether in tort or otherwise, in connection with the Service or otherwise in relation to the subject matter of this Agreement. • Customer acknowledges that, in providing the Service, Vodafone will access Customer Systems and data. Customer agrees that, in advance of the Agreement Start Date, it shall provide and maintain all necessary consents, permissions, notices and authorisations as that are necessary for Vodafone to perform the Service, including any of the foregoing from employees or third parties; valid consents from or notices to applicable data subjects; and authorisations from regulatory authorities, employee representative bodies or other applicable third parties (“Customer Consent”) in a timely manner as necessary for Vodafone to access and use such System and data to perform the Service under this Agreement, and/or to use any third-party System(s) or data that Vodafone may use or require access to in performing the Service. For purposes of this Clause, “System” means, as applicable, Customer’s or a third party’s computer environment, network, equipment, software and related services. • Vodafone shall perform the Service in line with the scope of the Service as set out in this Agreement, in accordance with Good Industry Practice, and in reliance on, and in line with, the Customer Consent. • Customer agrees to indemnify Vodafone on an unlimited basis to the extent the Customer fails to provide and maintain the Customer Consents. Vodafone is not responsible for remedying any security issues, vulnerabilities or other problems discovered in the course of performing or as a result of the Service (where such Service is provided in accordance with the terms of this Agreement).
Appears in 2 contracts
Sources: Professional Services, Professional Services Agreement
Project Terms. Service Assumptions & Customer Dependencies In addition to any other responsibilities or assumptions described in this Agreement, the Customer Dependencies are as follows and the Customer recognises that if it fails to comply with the following dependencies, Vodafone is relieved from performing or delivering the Service and may choose to suspend or terminate this Agreement: 1. Customer shall perform and complete the responsibilities and assumptions set out in the Customer Prerequisites section prior to the Service Commencement Date. 2. Customer is solely responsible for implementing a process to ensure that if Customer’s IT Team detects Vodafone’s activities under the Service, such detection will be escalated to Customer’s senior management, or such other knowledgeable Customer personnel, who can intervene prior to such activity being reported outside of Customer’s organisation (e.g. to law enforcement) or, if such activity is reported outside of Customer’s organisation, Customer will promptly clarify that Vodafone was acting with Customer’s full knowledge and consent. 3. Decisions to be made by the Customer must be made promptly and without delay. 4. Customer shall be responsible for delivering all communications internal to Customer regarding the Service, including communications intended to inform Customer employees and personnel about the Service, any impact it may have on Customer employees and personnel, and any training necessary to impacted Customer employees and personnel. 5. Customer must be aware of and acknowledge the risks associated with the Service and must have taken the necessary pre-testing steps (e.g. data backup, internal communications etc.) to help minimize these risks. 6. Customer shall provide an accurate and complete list of email addresses together with names and department/roles of the Targeted Employees in a timely manner, and such other information as may be reasonably required and notified by Vodafone, and shall immediately notify Vodafone if it learns that any information previously provided to Vodafone is materially inaccurate or incomplete. 7. Customer will consent to and authorize Vodafone to access the Customer Property and perform the Service as described in this Agreement. 8. Customer is solely responsible for obtaining any such consents (including copyright for websites to be cloned as part of the Service), permissions or licenses or providing such notices (including from third-parties and Customer employees) necessary for Vodafone to perform its obligations under this Agreement. 9. Any other Customer responsibility that the parties mutually agree upon in writing in the Customer Phishing Awareness Request Form. 10. Customer will provide to Vodafone a sample structure of its typical company email communications and network access to Customer’s company portal (such that Vodafone can obtain a screenshot to replicate the company portal) or any other landing page suitable for phishing email attacks. General Assumptions & Dependencies The general assumptions & dependencies applicable for this Service are: • All work is carried out on a fixed fee basis. • There will be no changes to the scope of the Service, as set out in this Agreement. • The Service is not warranted to: • detect or identify all security or network threats to, or vulnerabilities of Customer’s networks or other facilities, assets, or operations; • prevent intrusions into or any damage to Customer’s networks or other facilities, assets, or operations; • return control of a Customer or third party system where unauthorized access or control has occurred; or • meet or help Customer meet any Applicable Law, industry standard or any other requirements including the Payment Card Industry Data Security Standard. It is Customer’s sole responsibility to provide appropriate and adequate security for its company, its assets, systems and employees. • Customer must promptly notify Vodafone of any changes to the information provided by Customer in the Customer Phishing Awareness Request Form. • Vodafone may provide reasonable recommendations, advice or instructions on a particular course of action in the course of performing or as a result of the Service or in the Deliverables to be provided to Customer and if Customer chooses not to follow such reasonable recommendations, advice or instructions, Customer acknowledges that Vodafone shall not be responsible for any losses or claims made by the Customer that arise from Customer’s failure to follow such recommendations, advice or instructions. • While Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in a manner designed to mitigate and reduce the risk of damage to Customer Property, Customer acknowledges that there is inherent risk in the provision of the security Service in accordance with this Agreement which may lead to operational degradation, performance impact, breach of Customer policies or industry standards, or otherwise impair Customer Property (each a “Customer Damage” and together the “Customer Damages”) and, Vodafone will not be liable to the Customer or its respective employees or any third parties of the Customer for Customer Damages arising from the foregoing. To the extent possible, prior to commencing any provisioning of the Service, Vodafone shall identify and inform the Customer of any Customer Damage associated with the Service. • Customer agrees that Vodafone has the right to anonymise and aggregate Customer Data that will not in any way reveal the Customer Data as being attributable to the Customer with other data and leverage anonymous learnings and insights regarding use of the Service (the anonymised data, “Vodafone Insights Data”), and that Vodafone owns Vodafone Insights Data and may use Vodafone Insights Data during and after the term of this Agreement solely to develop, provide, and improve Vodafone products and services. • Customer agrees that Vodafone is not liable to Customer for Customer Damages provided that Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in accordance with the terms of this Agreement. • The Customer agrees that, to the extent permitted by Applicable Law, it shall not bring any claim against Vodafone or any Group Company, whether in tort or otherwise, in connection with the Service or otherwise in relation to the subject matter of this Agreement. • Customer acknowledges that, in providing the Service, Vodafone will access Customer Systems and data. Customer agrees that, in advance of the Agreement Start Date, it shall provide and maintain all necessary consents, permissions, notices and authorisations as that are necessary for Vodafone to perform the Service, including any of the foregoing from employees or third parties; valid consents from or notices to applicable data subjects; and authorisations from regulatory authorities, employee representative bodies or other applicable third parties (“Customer Consent”) in a timely manner as necessary for Vodafone to access and use such System and data to perform the Service under this Agreement, and/or to use any third-party System(s) or data that Vodafone may use or require access to in performing the Service. For purposes of this Clause, “System” means, as applicable, Customer’s or a third party’s computer environment, network, equipment, software and related services. • Customer agrees to provide and maintain the Customer Consents • Vodafone shall perform the Service in line with the scope of the Service as set out in this Agreement, in accordance with Good Industry Practice, and in reliance on, and in line with, the Customer Consent. • Customer agrees to indemnify Vodafone on an unlimited basis to the extent the Customer fails to provide and maintain the Customer Consents. • Vodafone is not responsible for remedying any security issues, vulnerabilities or other problems discovered in the course of performing or as a result of the Service (where such Service is provided in accordance with the terms of this Agreement). • In providing the Service, Vodafone has no intention of committing any civil or criminal offences. • Customer acknowledges and agrees that, no act or omission of Vodafone arising out of or related to Vodafone’s provision of the Services will be deemed to exceed the authorisation as set out in this Agreement, provided that Vodafone has provided the Services in accordance with this Agreement and in line with the relevant agreed scope of services with the Customer and/or the applicable Order. • Customer must promptly notify Vodafone of any changes to Validation Information. • Customer agrees and authorises Vodafone, to retain any indicators of compromise, malware, anomalies, or other metadata found as part of, or related to the performance of the Service (“Metadata”) only for the purposes of gathering and compiling security event log data to look at trends, and real or potential security threats and improving Vodafone’s security services. Vodafone may analyse, copy, store, and use such Metadata provided that such Metadata is compiled or combined in an aggregated, anonymised or pseudonymised, de- identified manner that will not in any way reveal the Metadata as being attributable to the Customer. • To the extent permitted by Applicable Law, the Customer agrees that it shall not bring any claim against Accenture or any Accenture Group Company (or any other third party acting on behalf of Vodafone in providing the Service), whether in tort or otherwise, in connection with the Service or otherwise in relation to the subject matter of this Agreement. • The Customer is responsible for: (i) ensuring that the Customers’ use of the Service and associated Deliverables is in accordance with the terms of this Agreement; (ii) ensuring that the scope of the Service to be provided to the Customer meets the Customer’s requirements; and (iii) Customer’s compliance with all Applicable Laws and regulations applicable to Customer in connection with the use of the Service and/or Deliverables. • The Customer agrees to and authorises that Vodafone may, as necessary in performance of the Service: (i) access Customer Property and physically connect, disconnect, install, update, upgrade, manage and operate equipment, tools and software on Customer Property; and (ii) to the extent required to comply with Applicable Laws, take such actions with respect to Customer Property required by law enforcement authorities or regulatory authorities. Materials and Software • Vodafone may use certain third-party software products (“Third-Party Software”) in its provision of the Service. The Customer agrees and acknowledges that Customer will not be provided access to these products. Any output directly from the Third-Party Software that is used by Vodafone in connection with the provision of the Service to the Customer without further input from Vodafone is being provided on an “as-is” basis and is excluded from any warranties set out in this Agreement. • Vodafone reserves the right to: (i) change the hosting provider used to host any proprietary or Third- Party Software used for the provision of the Service; and (ii) change any Third-Party Software it uses to provide the Service to Customer, provided that such changes do not materially impact the Service. • With regard to any Third-Party Software provided as part of the Service, the Customer agrees not to, directly or indirectly do any of the following: (i) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code or underlying ideas or algorithms of the Third-Party Software; (ii) modify, translate, or create derivative works based on any element of the Third-Party Software or any related documentation; (iii) rent, lease, distribute, sell, resell, assign, or otherwise transfer its rights to use the Third-Party Software; (iv) use the Third-Party Software for any purpose other than the performance of the Service in accordance with this Agreement; (v) remove any proprietary notices from Third-Party Software or related materials furnished or made available to Customer; and/or (vi) permit any third party to access the Third-Party Software. • Vodafone may additionally utilize custom-developed software, scripts, exploits, and other technologies (“Custom Products”) in its provision of the Service. Such technologies may be deployed on Customer systems during the provision of the Service. Any such technologies remain Vodafone intellectual property, and Vodafone retains all corresponding rights to these technologies. Vodafone shall not be obligated to provide Customer with copies of, access to, or a license for such technologies. Acceptance Testing There is no acceptance testing applicable to this SOW unless specifically mentioned in the “Project and Services” section. Out of scope statement The following are not in scope for the Service: • any provision of any information that could identify specific Customer employees as having failed to identify any phishing activities; • any provision of services involving the collection of physical evidence, collection of evidence for admission in court including for criminal or civil litigation purposes, provision of evidence lockers, or ‘chain of custody’ collection of evidence; • any provision of expert testimony or litigation assistance or support services; • any provision of services involving retaliatory actions, hacking back or attribution that would breach Applicable Laws; • any implementation of suggested remediation activities unless agreed to by Vodafone and addressed under separate terms and conditions; • any installation of software, unless agreed by Vodafone and expressly consented to and authorized by Customer in writing, and which may require additional terms and conditions to be agreed; • any intentional interception of communications between Customer and a third-party, or between two or more third-parties, which is not authorized or directed by Customer as part of the Service. For the purposes of this paragraph, interception means intentionally modifying or interfering with Customer’s systems or the operation of such systems, or intentionally monitoring transmissions made by means of Customer’s system, such that some or all of the contents of the communications are made available to Vodafone while such contents are being transmitted. If unintentional interception does occur, Vodafone shall promptly after becoming aware inform Customer; • any provision of a regulated service. Vodafone is not licensed or certified in any country, state, or province as a public accountant, auditor, legal advisor, or private investigator, and is not being retained to provide any accounting services, accounting guidance, audit or internal control advisory services, tax or legal advice or investigatory services that would require a license; • any targeted investigation of any individuals. For the avoidance of doubt, Vodafone may in the course of providing the Service, identify the internet profile (IP address, geographic location, potential aliases/usernames) of potential threat actor(s) or individual(s) involved in a perceived security threat, but the Service does not include any targeted investigation into such individual(s); and any incident response services/activities. The services detailed in this SOW shall be provided remotely and constitute Vodafone’s complete scope of work and all other services (and the provision of services onsite) are out of scope.
Appears in 1 contract
Sources: Professional Services Agreement