Common use of Project Terms Clause in Contracts

Project Terms. Customer Dependencies In addition to any other responsibilities or assumptions described in this Agreement, the Customer Dependencies are as follows and the Customer recognises that if it fails to comply with the following dependencies, Vodafone is relieved from performing or delivering the Service and may choose to suspend or terminate this Agreement: • Customer will perform and complete the responsibilities and assumptions set out in the Customer Prerequisites section prior to the Service Commencement Date. • Customer will make any decisions required of it promptly and without delay. • Customer is responsible for: (a) Customer’s use of the Service and Deliverables, (b) ensuring that the scope, as set out in this Agreement, meets Customer’s requirements, and (c) compliance with all Applicable Laws and regulations applicable to Customer in connection with its use of the Service and/or Deliverables. • Vodafone is performing the Service at Customer’s request and has no intention of committing any civil or criminal offence. The Customer acknowledges and agrees that, no act or omission arising out of or related to provision of the Service and/or Deliverables, or compliance with law, will be deemed to exceed the scope of any authorization or Consent obtained in connection with this Agreement. • Customer remains responsible for supervision and performance of other contractors, vendors or third parties engaged by Customer. • Customer agrees and authorizes Vodafone to do all acts as necessary for the performance of the Service, including: o access to Customer Property and physically connect, disconnect, install, update, upgrade, manage and operate equipment, tools and software on Customer Property; and o to the extent required to comply with law, or take such actions with respect to Customer Property required by law enforcement authorities or regulatory authorities. In such cases Vodafone shall use reasonable endeavours to notify Customer in advance, where it is permitted by such law enforcement and/or regulatory authorities to do so. • Customer agrees and authorizes Vodafone to retain for its business purposes any indicators of compromise, malware, anomalies or other metadata found as part of, or related to the performance of the Service (“Metadata”). Vodafone may analyse, copy, store, and use such Metadata in an aggregated, and de-identified manner. • Customer shall notify Vodafone of any applicable export control requirements related to Customer Property and obtaining any required licenses with respect to such Customer Property. • At the completion of the Service, Customer shall be responsible for the decommissioning of any virtual servers on which Network Sensors were deployed. In respect of hardware and software: • Any hardware or software, inclusive of the Scripts, provided by Vodafone (“Vodafone Hardware & Tools”) remains the property of Vodafone or its licensors and the Customer is not granted a license hereunder to use such Vodafone Hardware & Tools. Unless otherwise agreed by Vodafone and the Customer in writing, the Customer will not have access to such Vodafone Hardware & Tools other than to install such in accordance with Vodafone’s or its licensor’s instructions provided to Customer. The Customer shall remove all Vodafone Hardware & Tools from the Customer’s system at the end of term stated in the Order. • The Customer, or its personnel or contractors shall not interfere with or damage any Vodafone Hardware & Tools installed on the Customer’s network or Endpoints for purposes of the Service, or otherwise attempt to compromise such Vodafone Hardware & Tools. • Vodafone will only be able to perform services requiring use of Vodafone Hardware & Tools to be installed across networks, devices or endpoints or identify risks and/or threats that exist on those networks, devices or endpoints (i) upon which it is able to install the applicable device or tool and (ii) which respond as required or expected by the device or tool. Customer shall ensure that each network, device or Endpoint included in the Service is made available for the Vodafone Hardware & Tools installation and connected to Vodafone’s or Customer’s network at the time of installation. The Customer acknowledges and agrees that Vodafone may not identify risks and/or threats on those devices or tools for which proper installation of the Vodafone Hardware & Tools does not occur. • The Customer acknowledges and agrees that any Vodafone Hardware & Tools installed, updated or upgraded by Vodafone on Customer Property may (i) cause a device to automatically communicate with Vodafone’s servers to deliver the Service, and (ii) collect Personal Data that may be present on the device. The Customer may withdraw consent in respect of the installation of such Vodafone Hardware & Tools at any time by contacting Vodafone in advance and then removing the Vodafone Hardware & Tools. Indicators of Compromise (“IOCs”) Customer agrees that any IOCs, which are identified by Vodafone during the provision of the Service, may be added to Vodafone’s proprietary IOC databases to improve its overall services offering, provided that any such IOCs will be stripped of any Confidential Information. General Assumptions & Dependencies The general assumptions & dependencies applicable for this Service are: • All work is carried out on a fixed fee basis. • There will be no changes to the scope of the Service, as set out in this Agreement. • The Service is not warranted to: • detect or identify all security or network threats to, or vulnerabilities of Customer’s networks or other facilities, assets, or operations; • prevent intrusions into or any damage to Customer’s networks or other facilities, assets, or operations; • return control of a Customer or third party system where unauthorized access or control has occurred; or • meet or help Customer meet any Applicable Law, industry standard or any other requirements including the Payment Card Industry Data Security Standard. It is Customer’s sole responsibility to provide appropriate and adequate security for its company, its assets, systems and employees. • Customer must promptly notify Vodafone of any changes to the information provided by Customer in the CED Questionnaire. • Vodafone may provide reasonable recommendations, advice or instructions on a particular course of action in the course of performing or as a result of the Service or in the Deliverables to be provided to Customer and if Customer chooses not to follow such reasonable recommendations, advice or instructions, Customer acknowledges that Vodafone shall not be responsible for any losses or claims made by the Customer that arise from Customer’s failure to follow such recommendations, advice or instructions. • While Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in a manner designed to mitigate and reduce the risk of damage to Customer Property, Customer acknowledges that there is inherent risk in the provision of the security Service in accordance with this Agreement which may lead to operational degradation, performance impact, breach of Customer policies or industry standards, or otherwise impair Customer Property (each a “Customer Damage” and together the “Customer Damages”) and, Vodafone will not be liable to the Customer or its respective employees or any third parties of the Customer for Customer Damages arising from the foregoing. To the extent possible, prior to commencing any provisioning of the Service, Vodafone shall identify and inform the Customer of any Customer Damage associated with the Service. • Customer agrees that Vodafone has the right to anonymise and aggregate Customer Data that will not in any way reveal the Customer Data as being attributable to the Customer with other data and leverage anonymous learnings and insights regarding use of the Service (the anonymised data, “Vodafone Insights Data”), and that Vodafone owns Vodafone Insights Data and may use Vodafone Insights Data during and after the term of this Agreement solely to develop, provide, and improve Vodafone products and services. • Customer agrees that Vodafone is not liable to Customer for Customer Damages provided that Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in accordance with the terms of this Agreement. • The Customer agrees that, to the extent permitted by Applicable Law, it shall not bring any claim against Vodafone or any Group Company, whether in tort or otherwise, in connection with the Service or otherwise in relation to the subject matter of this Agreement. • Customer acknowledges that, in providing the Service, Vodafone will access Customer Systems and data. Customer agrees that, in advance of the Agreement Start Date, it shall provide and maintain all necessary consents, permissions, notices and authorisations as that are necessary for Vodafone to perform the Service, including any of the foregoing from employees or third parties; valid consents from or notices to applicable data subjects; and authorisations from regulatory authorities, employee representative bodies or other applicable third parties (“Customer Consent”) in a timely manner as necessary for Vodafone to access and use such System and data to perform the Service under this Agreement, and/or to use any third-party System(s) or data that Vodafone may use or require access to in performing the Service. For purposes of this Clause, “System” means, as applicable, Customer’s or a third party’s computer environment, network, equipment, software and related services. • Vodafone shall perform the Service in line with the scope of the Service as set out in this Agreement, in accordance with Good Industry Practice, and in reliance on, and in line with, the Customer Consent. • Customer agrees to indemnify Vodafone on an unlimited basis to the extent the Customer fails to provide and maintain the Customer Consents. • Vodafone is not responsible for remedying any security issues, vulnerabilities or other problems discovered in the course of performing or as a result of the Service (where such Service is provided in accordance with the terms of this Agreement).

Project Terms. Customer Dependencies In addition to any other responsibilities or assumptions described in this Agreement, the Customer Dependencies are as follows and the Customer recognises that if it fails to comply with the following dependencies, Vodafone is relieved from performing or delivering the Service and may choose to suspend or terminate this Agreement: • Customer will perform and complete the responsibilities and assumptions set out in the Customer Prerequisites section prior to the Service Commencement Date. • Customer will make any decisions required of it promptly and without delay. • Customer is responsible for: (a) Customer’s use of the Service and Deliverables, (b) ensuring that the scope, as set out in this Agreement, meets Customer’s requirements, and (c) compliance with all Applicable Laws and regulations applicable to Customer in connection with its use of the Service and/or Deliverables. • Vodafone is performing the Service at Customer’s request and has no intention of committing any civil or criminal offence. The Customer acknowledges and agrees that, no act or omission arising out of or related to provision of the Service and/or Deliverables, or compliance with law, will be deemed to exceed the scope of any authorization or Consent obtained in connection with this Agreement. • Customer remains responsible for supervision and performance of other contractors, vendors or third parties engaged by Customer. • Customer agrees and authorizes Vodafone to do all acts as necessary for the performance of the Service, including: o access to Customer Property and physically connect, disconnect, install, update, upgrade, manage and operate equipment, tools and software on Customer Property; and o to the extent required to comply with law, or take such actions with respect to Customer Property required by law enforcement authorities or regulatory authorities. In such cases Vodafone shall use reasonable endeavours to notify Customer in advance, where it is permitted by such law enforcement and/or regulatory authorities to do so. • Customer agrees and authorizes Vodafone to retain for its business purposes any indicators of compromise, malware, anomalies or other metadata found as part of, or related to the performance of the Service (“Metadata”). Vodafone may analyse, copy, store, and use such Metadata in an aggregated, and de-identified manner. • Customer shall notify Vodafone of any applicable export control requirements related to Customer Property and obtaining any required licenses with respect to such Customer Property. • At the completion of the Service, Customer shall be responsible for the decommissioning of any virtual servers on which Network Sensors were deployed. In respect of hardware and software: • Any hardware or software, inclusive of the Scripts, provided by Vodafone (“Vodafone Hardware & Tools”) remains the property of Vodafone or its licensors and the Customer is not granted a license hereunder to use such Vodafone Hardware & Tools. Unless otherwise agreed by Vodafone and the Customer in writing, the Customer will not have access to such Vodafone Hardware & Tools other than to install such in accordance with Vodafone’s or its licensor’s instructions provided to Customer. The Customer shall remove all Vodafone Hardware & Tools from the Customer’s system at the end of term stated in the Order. • The Customer, or its personnel or contractors shall not interfere with or damage any Vodafone Hardware & Tools installed on the Customer’s network or Endpoints for purposes of the Service, or otherwise attempt to compromise such Vodafone Hardware & Tools. • Vodafone will only be able to perform services requiring use of Vodafone Hardware & Tools to be installed across networks, devices or endpoints or identify risks and/or threats that exist on those networks, devices or endpoints (i) upon which it is able to install the applicable device or tool and (ii) which respond as required or expected by the device or tool. Customer shall ensure that each network, device or Endpoint included in the Service is made available for the Vodafone Hardware & Tools installation and connected to Vodafone’s or Customer’s network at the time of installation. The Customer acknowledges and agrees that Vodafone may not identify risks and/or threats on those devices or tools for which proper installation of the Vodafone Hardware & Tools does not occur. • The Customer acknowledges and agrees that any Vodafone Hardware & Tools installed, updated or upgraded by Vodafone on Customer Property may (i) cause a device to automatically communicate with Vodafone’s servers to deliver the Service, and (ii) collect Personal Data that may be present on the device. The Customer may withdraw consent in respect of the installation of such Vodafone Hardware & Tools at any time by contacting Vodafone in advance and then removing the Vodafone Hardware & Tools. Indicators of Compromise (“IOCs”) Customer agrees that any IOCs, which are identified by Vodafone during the provision of the Service, may be added to Vodafone’s proprietary IOC databases to improve its overall services offering, provided that any such IOCs will be stripped of any Confidential Information. General Assumptions & Dependencies The general assumptions & dependencies applicable for this Service are: • All work is carried out on a fixed fee basis. • There will be no changes to the scope of the Service, as set out in this Agreement. • The Service is not warranted to: • detect or identify all security or network threats to, or vulnerabilities of Customer’s networks or other facilities, assets, or operations; • prevent intrusions into or any damage to Customer’s networks or other facilities, assets, or operations; • return control of a Customer or third party system where unauthorized access or control has occurred; or • meet or help Customer meet any Applicable Law, industry standard or any other requirements including the Payment Card Industry Data Security Standard. It is Customer’s sole responsibility to provide appropriate and adequate security for its company, its assets, systems and employees. • Customer must promptly notify Vodafone of any changes to the information provided by Customer in the CED Questionnaire. • Vodafone may provide reasonable recommendations, advice or instructions on a particular course of action in the course of performing or as a result of the Service or in the Deliverables to be provided to Customer and if Customer chooses not to follow such reasonable recommendations, advice or instructions, Customer acknowledges that Vodafone shall not be responsible for any losses or claims made by the Customer that arise from Customer’s failure to follow such recommendations, advice or instructions. • While Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in a manner designed to mitigate and reduce the risk of damage to Customer Property, Customer acknowledges that there is inherent risk in the provision of the security Service in accordance with this Agreement which may lead to operational degradation, performance impact, breach of Customer policies or industry standards, or otherwise impair Customer Property (each a “Customer Damage” and together the “Customer Damages”) and, Vodafone will not be liable to the Customer or its respective employees or any third parties of the Customer for Customer Damages arising from the foregoing. To the extent possible, prior to commencing any provisioning of the Service, Vodafone shall identify and inform the Customer of any Customer Damage associated with the Service. • Customer agrees that Vodafone has the right to anonymise and aggregate Customer Data that will not in any way reveal the Customer Data as being attributable to the Customer with other data and leverage anonymous learnings and insights regarding use of the Service (the anonymised data, “Vodafone Insights Data”), and that Vodafone owns Vodafone Insights Data and may use Vodafone Insights Data during and after the term of this Agreement solely to develop, provide, and improve Vodafone products and services. • Customer agrees that Vodafone is not liable to Customer for Customer Damages provided that Vodafone will use reasonable care to carry out the Service in line with Good Industry Practice and in accordance with the terms of this Agreement. • The Customer agrees that, to the extent permitted by Applicable Law, it shall not bring any claim against Vodafone or any Group Company, whether in tort or otherwise, in connection with the Service or otherwise in relation to the subject matter of this Agreement. • Customer acknowledges that, in providing the Service, Vodafone will access Customer Systems and data. Customer agrees that, in advance of the Agreement Start Date, it shall provide and maintain all necessary consents, permissions, notices and authorisations as that are necessary for Vodafone to perform the Service, including any of the foregoing from employees or third parties; valid consents from or notices to applicable data subjects; and authorisations from regulatory authorities, employee representative bodies or other applicable third parties (“Customer Consent”) in a timely manner as necessary for Vodafone to access and use such System and data to perform the Service under this Agreement, and/or to use any third-party System(s) or data that Vodafone may use or require access to in performing the Service. For purposes of this Clause, “System” means, as applicable, Customer’s or a third party’s computer environment, network, equipment, software and related services. • Customer agrees to provide and maintain the Customer Consents. • Vodafone shall perform the Service in line with the scope of the Service as set out in this Agreement, in accordance with Good Industry Practice, and in reliance on, and in line with, the Customer Consent. • Customer agrees to indemnify Vodafone on an unlimited basis to the extent the Customer fails to provide and maintain the Customer Consents. • Vodafone is not responsible for remedying any security issues, vulnerabilities or other problems discovered in the course of performing or as a result of the Service (where such Service is provided in accordance with the terms of this Agreement).. • In providing the Service, Vodafone has no intention of committing any civil or criminal offences. • Customer acknowledges and agrees that, no act or omission of Vodafone arising out of or related to Vodafone’s provision of the Services will be deemed to exceed the authorisation as set out in this Agreement, provided that Vodafone has provided the Services in accordance with this Agreement and in line with the relevant agreed scope of services with the Customer and/or the applicable Order. • Customer must promptly notify Vodafone of any changes to Validation Information. • Customer agrees and authorises Vodafone, to retain any indicators of compromise, malware, anomalies, or other metadata found as part of, or related to the performance of the Service (“Metadata”) only for the purposes of gathering and compiling security event log data to look at trends, and real or potential security threats and improving Vodafone’s security services. Vodafone may analyse, copy, store, and use such Metadata provided that such Metadata is compiled or combined in an aggregated, anonymised or pseudonymised, de- identified manner that will not in any way reveal the Metadata as being attributable to the Customer. • To the extent permitted by Applicable Law, the Customer agrees that it shall not bring any claim against Accenture or any Accenture Group Company (or any other third party acting on behalf of Vodafone in providing the Service), whether in tort or otherwise, in connection with the Service or otherwise in relation to the subject matter of this Agreement. • The Customer is responsible for: (i) ensuring that the Customers’ use of the Service and associated Deliverables is in accordance with the terms of this Agreement; (ii) ensuring that the scope of the Service to be provided to the Customer meets the Customer’s requirements; and (iii) Customer’s compliance with all Applicable Laws and regulations applicable to Customer in connection with the use of the Service and/or Deliverables. • The Customer agrees to and authorises that Vodafone may, as necessary in performance of the Service: (i) access Customer Property and physically connect, disconnect, install, update, upgrade, manage and operate equipment, tools and software on Customer Property; and (ii) to the extent required to comply with Applicable Laws, take such actions with respect to Customer Property required by law enforcement authorities or regulatory authorities. Materials and Software • Vodafone may use certain third-party software products (“Third-Party Software”) in its provision of the Service. The Customer agrees and acknowledges that Customer will not be provided access to these products. Any output directly from the Third-Party Software that is used by Vodafone in connection with the provision of the Service to the Customer without further input from Vodafone is being provided on an “as-is” basis and is excluded from any warranties set out in this Agreement. • Vodafone reserves the right to: (i) change the hosting provider used to host any proprietary or Third- Party Software used for the provision of the Service; and (ii) change any Third-Party Software it uses to provide the Service to Customer, provided that such changes do not materially impact the Service. • With regard to any Third-Party Software provided as part of the Service, the Customer agrees not to, directly or indirectly do any of the following: (i) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code or underlying ideas or algorithms of the Third-Party Software; (ii) modify, translate, or create derivative works based on any element of the Third-Party Software or any related documentation; (iii) rent, lease, distribute, sell, resell, assign, or otherwise transfer its rights to use the Third-Party Software; (iv) use the Third-Party Software for any purpose other than the performance of the Service in accordance with this Agreement; (v) remove any proprietary notices from Third-Party Software or related materials furnished or made available to Customer; and/or (vi) permit any third party to access the Third-Party Software. • Vodafone may additionally utilize custom-developed software, scripts, exploits, and other technologies (“Custom Products”) in its provision of the Service. Such technologies may be deployed on Customer systems during the provision of the Service. Any such technologies remain Vodafone intellectual property, and Vodafone retains all corresponding rights to these technologies. Vodafone shall not be obligated to provide Customer with copies of, access to, or a license for such technologies. Acceptance Testing There is no acceptance testing applicable to this SOW unless specifically mentioned in the “Project and Services” section. Out of scope statement The following are not in scope for the Service: • Review and analysis of data that is not Repository Data and data outside of the Environment. Vodafone will not make any enquiries in relation to, and is not responsible for reporting on, any documents or matters other than the Repository Data. • Expert testimony or litigation assistance or support services • Provision of any regulated service. Vodafone is not licensed or certified in any country, state, or province as a public accountant, auditor or legal advisor, or private investigator and is not being retained to provide accounting services, accounting guidance, audit or internal control advisory services, tax or legal advice or investigatory services that would require a license. • Data collection for Endpoints or networks not addressed by the deployed Scripts or Network Sensors. • Remediation activities and/or mitigation efforts resulting from the identification of a cyber risk or hygiene issue unless agreed under a separate contract with Vodafone. • Quality assurance or review of any implementation of mitigations or recommendations made by Vodafone in the course of providing the Service. • Any intentional interception of communications between Customer and a third party or between t