Common use of Project Terms Clause in Contracts

Project Terms. Customer Dependencies In addition to any other responsibilities or assumptions described in this Agreement, the Customer Dependencies are as follows and the Customer recognises that if it fails to comply with the following dependencies, Vodafone is relieved from performing or delivering the Service and may choose to suspend or terminate this Agreement: • Customer Property, systems, materials. o the Customer is solely responsible for ensuring the availability of the Customer personnel and resources for the duration of the Service and as necessary for Vodafone’s performance of the Service, including (unless otherwise agreed in writing to form part of Vodafone’s scope) the timely provision of information, access to systems, delivery of systems and logs, "out of band" communications systems, forensic imaging, data restoration, and backup of Customer systems. o if Vodafone is required to use Customer tools during an engagement, the Customer is responsible for enabling Vodafone to have appropriate access to Customer-owned tools, including any necessary licenses. o to the extent applicable, the Customer is responsible for ensuring that the Customer tools to be used as part of the Service are sufficient and appropriate to meet the Customer’s security requirements. o the Customer will make any decisions required of it promptly and without delay and Vodafone shall be entitled to rely on all such decisions and approvals. o the Customer shall provide necessary support (including, for example, providing invite letters where necessary) for obtaining any required visas and/or travel authorisations; • Hardware and software. o if Vodafone and Customer determine that the installation of hardware and software will be necessary to gain additional visibility into Customer systems and networks, Vodafone will install servers on and/or will set up capacity in Vodafone or its vendor's cloud-based environment and connect to Customer’s network in order to collect endpoint, network and log data, and will provide Customer with the hardware and software components required to be installed on Customer’s network and endpoint devices. Customer will: ▪ obtain any certificates (or modify any certificates) required to enable installation of the devices or software on any network, device or endpoint; ▪ perform testing on each of its classes of devices to determine and/or confirm that the software agents do not affect reliability or availability of the devices include consent; and ▪ install the software agents on the agreed upon number of the Customer’s endpoint devices and its network in accordance with Vodafone’s instructions and to remove the devices or software at the end of the engagement. o If using Endgame, Customer shall acknowledge and agree that use of Endgame software/products (“Endgame”) as part of the Service are subject to the additional terms and conditions set forth in Appendix 1. Customer acknowledges that the Vodafone data collection tool, to the extent Vodafone provides such tool for use in data collection, includes open source software (OSQuery) and Customer’s licenses to such is subject also to the applicable OSS license located at OSQuery. o Customer will ensure that each network, device or endpoint included in the target scope or otherwise identified by Vodafone is made available for the software installation, is connected to Customer’s network at the time of installation, and has the software properly installed. • Where Vodafone determines that a particular third-party software is not suitable for the purposes of the Service, Vodafone may use an alternative technology or method where available, with the Customer’s consent. • The Customer Dependencies for Vodafone’s response to a Customer’s cyber incident, which shall be provided by Customer during the initial triage call, are as follows: o Customer shall provide the contact details of Customer’s point of contact to initiate the Incident Response; and o Customer shall provide remote access to Customer’s Environment and Customer’s support staff for deploying Vodafone (or third party) incident response tools. • The Customer shall notify Vodafone of any applicable export control requirements related to Customer Property made available to Vodafone, and shall provide all assistance that Vodafone reasonably requires in order to obtain any required licenses with respect to such Customer Property to comply with International Trade Control Laws. • Customer remains responsible for supervision and performance of other contractors, vendors or third parties engaged by Customer. • Any hardware or software provided by Vodafone for installation on Customer Property remains the property of Vodafone or its licensors. Customer will not have access to such hardware or software. Customer shall not use, copy, modify, or distribute the hardware or software and may not reverse assemble, reverse engineer, reverse compile, or otherwise translate such hardware or software in any manner except to the extent that applicable law specifically prohibits such restrictions. All such hardware or software must be removed at the end of a Service. If using Endgame, Customer acknowledges and agrees that use of Endgame software/products (“Endgame”) as part of the Service are subject to the additional terms and conditions set forth in Appendix 1. • The Customer, and its respective personnel or contractors shall not interfere with or damage any hardware or software installed on Customer’s network or endpoint devices for purposes of the Service, or otherwise attempt to compromise such hardware or software. Vodafone may remove, or request Customer to promptly have returned, any physical devices installed on Customer’s premises, systems or networks, or any software in the Customer devices (including Customer devices not connected to the Customer’s network at the conclusion of the Service). • The Customer agrees that any software installed, updated or upgraded by Vodafone on Customer Property may (i) cause a device to automatically communicate with Vodafone’s servers to deliver the Service, (ii) affect preferences or data stored on the device, and (iii) collect Personal Data that may be present on the device. Customer may withdraw consent in respect of the installation of such software at any time by contacting Vodafone. General Assumptions & Dependencies The general assumptions & dependencies applicable for this Service are: • All work is carried out on a retainer basis. • There will be no changes to the scope of the Service, as set out in this Agreement. • The Service is not warranted to: • detect or identify all security or network threats to, or vulnerabilities of Customer’s networks or other facilities, assets, or operations; • prevent intrusions into or any damage to Customer’s networks or other facilities, assets, or operations; • return control of a Customer or third party system where unauthorized access or control has occurred; or • meet or help Customer meet any Applicable Law, industry standard or any other requirements including the Payment Card Industry Data Security Standard. It is Customer’s sole responsibility to provide appropriate and adequate security for its company, its assets, systems and employees. • Vodafone may provide reasonable recommendations, advice or instructions on a particular course of action in the course of performing or as a result of the Service or in the Deliverables to be provided to Customer and if Customer chooses not to follow such reasonable recommendations, advice or instructions, Customer acknowledges that Vodafone shall not be responsible for any losses or claims made by the Customer that arise from Customer’s failure to follow such recommendations, advice or instructions. • While Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in a manner designed to mitigate and reduce the risk of damage to Customer Property, Customer acknowledges that there is inherent risk in the provision of the security Service in accordance with this Agreement which may lead to operational degradation, performance impact, breach of Customer policies or industry standards, or otherwise impair Customer Property (each a “Customer Damage” and together the “Customer Damages”) and, Vodafone will not be liable to the Customer or its respective employees or any third parties of the Customer for Customer Damages arising from the foregoing. To the extent possible, prior to commencing any provisioning of the Service, Vodafone shall identify and inform the Customer of any Customer Damage associated with the Service. • Customer agrees that Vodafone has the right to anonymise and aggregate Customer Data that will not in any way reveal the Customer Data as being attributable to the Customer with other data and leverage anonymous learnings and insights regarding use of the Service (the anonymised data, “Vodafone Insights Data”), and that Vodafone owns Vodafone Insights Data and may use Vodafone Insights Data during and after the term of this Agreement solely to develop, provide, and improve Vodafone products and services. • Customer agrees that Vodafone is not liable to Customer for Customer Damages provided that Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in accordance with the terms of this Agreement. • The Customer agrees that, to the extent permitted by Applicable Law, it shall not bring any claim against Vodafone or any Group Company, whether in tort or otherwise, in connection with the Service or otherwise in relation to the subject matter of this Agreement. • Customer acknowledges that, in providing the Service, Vodafone will access Customer Systems and data. Customer agrees that, in advance of the Agreement Start Date, it shall provide and maintain all necessary consents, permissions, notices and authorisations as that are necessary for Vodafone to perform the Service, including any of the foregoing from employees or third parties; valid consents from or notices to applicable data subjects; and authorisations from regulatory authorities, employee representative bodies or other applicable third parties (“Customer Consent”) in a timely manner as necessary for Vodafone to access and use such System and data to perform the Service under this Agreement, and/or to use any third-party System(s) or data that Vodafone may use or require access to in performing the Service. For purposes of this Clause, “System” means, as applicable, Customer’s or a third party’s computer environment, network, equipment, software and related services. • Vodafone shall perform the Service in line with the scope of the Service as set out in this Agreement, in accordance with Good Industry Practice, and in reliance on, and in line with, the Customer Consent. • Customer agrees to indemnify Vodafone on an unlimited basis to the extent the Customer fails to provide and maintain the Customer Consents. • Vodafone is not responsible for remedying any security issues, vulnerabilities or other problems discovered in the course of performing or as a result of the Service (where such Service is provided in accordance with the terms of this Agreement).

Project Terms. Customer Dependencies In addition to any other responsibilities or assumptions described in this Agreement, the Customer Dependencies are as follows and the Customer recognises that if it fails to comply with the following dependencies, Vodafone is relieved from performing or delivering the Service and may choose to suspend or terminate this Agreement: • Customer Property, systems, materials. o the Customer is solely responsible for ensuring the availability of the Customer personnel and resources for the duration of the Service and as necessary for Vodafone’s performance of the Service, including (unless otherwise agreed in writing to form part of Vodafone’s scope) the timely provision of information, access to systems, delivery of systems and logs, "out of band" communications systems, forensic imaging, data restoration, and backup of Customer systems. o if Vodafone is required to use Customer tools during an engagement, the Customer is responsible for enabling Vodafone to have appropriate access to Customer-owned tools, including any necessary licenses. o to the extent applicable, the Customer is responsible for ensuring that the Customer tools to be used as part of the Service are sufficient and appropriate to meet the Customer’s security requirements. o the Customer will make any decisions required of it promptly and without delay and Vodafone shall be entitled to rely on all such decisions and approvals. o the Customer shall provide necessary support (including, for example, providing invite letters where necessary) for obtaining any required visas and/or travel authorisations; • Hardware and software. o if Vodafone and Customer determine that the installation of hardware and software will be necessary to gain additional visibility into Customer systems and networks, Vodafone will install servers on and/or will set up capacity in Vodafone or its vendor's cloud-based environment and connect to Customer’s network in order to collect endpoint, network and log data, and will provide Customer with the hardware and software components required to be installed on Customer’s network and endpoint devices. Customer will: ▪ obtain any certificates (or modify any certificates) required to enable installation of the devices or software on any network, device or endpoint; ▪ perform testing on each of its classes of devices to determine and/or confirm that the software agents do not affect reliability or availability of the devices include consent; and ▪ install the software agents on the agreed upon number of the Customer’s endpoint devices and its network in accordance with Vodafone’s instructions and to remove the devices or software at the end of the engagement. o If using Endgame, Customer shall acknowledge and agree that use of Endgame software/products (“Endgame”) as part of the Service are subject to the additional terms and conditions set forth in Appendix 1. Customer acknowledges that the Vodafone data collection tool, to the extent Vodafone provides such tool for use in data collection, includes open source software (OSQuery) and Customer’s licenses to such is subject also to the applicable OSS license located at OSQuery. o Customer will ensure that each network, device or endpoint included in the target scope or otherwise identified by Vodafone is made available for the software installation, is connected to Customer’s network at the time of installation, and has the software properly installed. • Where Vodafone determines that a particular third-party software is not suitable for the purposes of the Service, Vodafone may use an alternative technology or method where available, with the Customer’s consent. • The Customer Dependencies for Vodafone’s response to a Customer’s cyber incident, which shall be provided by Customer during the initial triage call, are as follows: o Customer shall provide the contact details of Customer’s point of contact to initiate the Incident Response; and o Customer shall provide remote access to Customer’s Environment and Customer’s support staff for deploying Vodafone (or third party) incident response tools. • The Customer shall notify Vodafone of any applicable export control requirements related to Customer Property made available to Vodafone, and shall provide all assistance that Vodafone reasonably requires in order to obtain any required licenses with respect to such Customer Property to comply with International Trade Control Laws. • Customer remains responsible for supervision and performance of other contractors, vendors or third parties engaged by Customer▇▇▇▇▇▇▇▇. • Any hardware or software provided by Vodafone for installation on Customer Property remains the property of Vodafone or its licensors. Customer will not have access to such hardware or software. Customer shall not use, copy, modify, or distribute the hardware or software and may not reverse assemble, reverse engineer, reverse compile, or otherwise translate such hardware or software in any manner except to the extent that applicable law specifically prohibits such restrictions. All such hardware or software must be removed at the end of a Service. If using Endgame, Customer acknowledges and agrees that use of Endgame software/products (“Endgame”) as part of the Service are subject to the additional terms and conditions set forth in Appendix 1. • The Customer, and its respective personnel or contractors shall not interfere with or damage any hardware or software installed on Customer’s network or endpoint devices for purposes of the Service, or otherwise attempt to compromise such hardware or software. Vodafone may remove, or request Customer to promptly have returned, any physical devices installed on Customer’s premises, systems or networks, or any software in the Customer devices (including Customer devices not connected to the Customer’s network at the conclusion of the Service). • The Customer agrees that any software installed, updated or upgraded by Vodafone on Customer Property may (i) cause a device to automatically communicate with Vodafone’s servers to deliver the Service, (ii) affect preferences or data stored on the device, and (iii) collect Personal Data that may be present on the device. Customer may withdraw consent in respect of the installation of such software at any time by contacting Vodafone. General Assumptions & Dependencies The general assumptions & dependencies applicable for this Service are: • All work is carried out on a retainer basis. • There will be no changes to the scope of the Service, as set out in this Agreement. • The Service is not warranted to: • detect or identify all security or network threats to, or vulnerabilities of Customer’s networks or other facilities, assets, or operations; • prevent intrusions into or any damage to Customer’s networks or other facilities, assets, or operations; • return control of a Customer or third party system where unauthorized access or control has occurred; or • meet or help Customer meet any Applicable Law, industry standard or any other requirements including the Payment Card Industry Data Security Standard. It is Customer’s sole responsibility to provide appropriate and adequate security for its company, its assets, systems and employees. • Vodafone may provide reasonable recommendations, advice or instructions on a particular course of action in the course of performing or as a result of the Service or in the Deliverables to be provided to Customer and if Customer chooses not to follow such reasonable recommendations, advice or instructions, Customer acknowledges that Vodafone shall not be responsible for any losses or claims made by the Customer that arise from Customer’s failure to follow such recommendations, advice or instructions. • While Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in a manner designed to mitigate and reduce the risk of damage to Customer Property, Customer acknowledges that there is inherent risk in the provision of the security Service in accordance with this Agreement which may lead to operational degradation, performance impact, breach of Customer policies or industry standards, or otherwise impair Customer Property (each a “Customer Damage” and together the “Customer Damages”) and, Vodafone will not be liable to the Customer or its respective employees or any third parties of the Customer for Customer Damages arising from the foregoing. To the extent possible, prior to commencing any provisioning of the Service, Vodafone shall identify and inform the Customer of any Customer Damage associated with the Service. • Customer agrees that Vodafone has the right to anonymise and aggregate Customer Data that will not in any way reveal the Customer Data as being attributable to the Customer with other data and leverage anonymous learnings and insights regarding use of the Service (the anonymised data, “Vodafone Insights Data”), and that Vodafone owns Vodafone Insights Data and may use Vodafone Insights Data during and after the term of this Agreement solely to develop, provide, and improve Vodafone products and services. • Customer agrees that Vodafone is not liable to Customer for Customer Damages provided that Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in accordance with the terms of this Agreement. • The Customer agrees that, to the extent permitted by Applicable Law, it shall not bring any claim against Vodafone or any Group Company, whether in tort or otherwise, in connection with the Service or otherwise in relation to the subject matter of this Agreement. • Customer acknowledges that, in providing the Service, Vodafone will access Customer Systems and data. Customer agrees that, in advance of the Agreement Start Date, it shall provide and maintain all necessary consents, permissions, notices and authorisations as that are necessary for Vodafone to perform the Service, including any of the foregoing from employees or third parties; valid consents from or notices to applicable data subjects; and authorisations from regulatory authorities, employee representative bodies or other applicable third parties (“Customer Consent”) in a timely manner as necessary for Vodafone to access and use such System and data to perform the Service under this Agreement, and/or to use any third-party System(s) or data that Vodafone may use or require access to in performing the Service. For purposes of this Clause, “System” means, as applicable, Customer’s or a third party’s computer environment, network, equipment, software and related services. • Vodafone shall perform the Service in line with the scope of the Service as set out in this Agreement, in accordance with Good Industry Practice, and in reliance on, and in line with, the Customer Consent. • Customer agrees to indemnify Vodafone on an unlimited basis to the extent the Customer fails to provide and maintain the Customer Consents. • Vodafone is not responsible for remedying any security issues, vulnerabilities or other problems discovered in the course of performing or as a result of the Service (where such Service is provided in accordance with the terms of this Agreement).