Dell SecureWorks Master Services Agreement
THIS DELL SECUREWORKS MASTER SERVICES AGREEMENT (“MSA”) is entered into by and between Dell Marketing L.P. (“Dell”), SecureWorks Inc. (collectively, “SecureWorks”), or one of Dell’s Affiliates (as defined below) and the customer entity (the “Customer”) set forth in a Service Order or Statement of Work as of the Effective Date (as defined by the latest date in the signature blocks in a Service Order or Statement of Work). “Customer” may include Customer’s Affiliates approved by SecureWorks to receive Services (as defined in Section 1) under this MSA. As used herein, the term “Affiliates” with respect to a party means any entity that, directly or indirectly, through one or more intermediaries, controls, is controlled by or is under common control with such party. SecureWorks and Customer agree to the following terms and conditions:
During the Term (as defined in Section 3.1) and subject to the terms and conditions of this MSA, SecureWorks agrees to provide the Services and Customer agrees to purchase such Services. Specific terms and conditions relating to the managed security services (“MSS Services”) shall be set forth in the service order(s) (“Service Order(s)”) executed by the parties and specific terms and conditions relating to the consulting services (“Consulting Services”) shall be set forth in one or more statements of work (“Statement(s) of Work”) executed by the parties. The MSS Services and Consulting Services are hereinafter collectively referred to as the “Services.” The MSS Service(s) are described in one or more attachments to each Service Order and the performance by SecureWorks of the MSS Services shall be in accordance with such attachments (the “Service Level Agreements”), subject to the terms and conditions therein. For the purposes of either party’s Affiliates performing or purchasing Services hereunder pursuant to a Service Order and/or Statement of Work, references to SecureWorks and Customer herein shall be deemed references to such respective Affiliate(s).
Except for equipment purchased by Customer pursuant to a Service Order (“Customer purchased equipment”), Customer will return to SecureWorks any equipment or hardware provided by SecureWorks (“Equipment”) for Customer’s use during the Term of this MSA and the applicable Service Order and/or Statement of Work, upon the expiration or termination of the Term. If such Equipment is not returned by Customer, Customer will be responsible for the then-current replacement costs of such Equipment.
In the event of a conflict between the terms of the MSA and a Service Order and/or Statement of Work, the terms of these documents will be interpreted according to the following order of precedence: (1) Service Orders/Statements of Work and (2) the MSA.
2. Fees; Taxes; Invoicing and Payment.
2.1 Ordering with Local Affiliates. In the event that a Customer Affiliate with a location outside of the United States is purchasing Services under this MSA (“Customer International Affiliate”), such Customer International Affiliate shall enter into a Service Order and/or Statement of Work directly with the SecureWorks Affiliate local entity (“SecureWorks Local Entity”) for such Services. The SecureWorks Local Entity shall invoice the Customer International Affiliate, per the billing address provided by the Customer in the applicable local currency and the Customer International Affiliate shall make payments directly to the SecureWorks Local Entity. All references herein to SecureWorks and Customer shall be deemed reference to SecureWorks Local Entity and Customer International Affiliate, respectively. The terms and conditions of this MSA shall be incorporated by reference into the applicable Service Order and/or Statement of Work by and between the Customer International Affiliate and the SecureWorks Local Entity.
2.2 MSS Service Fees. SecureWorks’ fees for the MSS Services are set forth on each Service Order. For each Service Order, the MSS Services ordered will commence on the first day in which SecureWorks: (a) has established communication with the contracted customer device(s) and/or SecureWorks provided Equipment; and (b) has verified availability of Customer Data on the SecureWorks customer portal, (the “Service Commencement Date”), and SecureWorks may invoice Customer for such MSS Services on or after the Service Commencement Date. Customer may add or exchange certain MSS Services and/or devices at any time during any Term of this MSA. Customer will notify SecureWorks of its intention to add or exchange certain MSS Services and/or devices and SecureWorks will work with Customer to provide pricing to Customer for such adds and/or exchanges. In order for such Services and/or devices to be added to this MSA, Customer and SecureWorks shall execute a mutually agreed upon Service Order outlining the price, payment and Term for such MSS Services and/or devices.
If Customer orders Server/Network Infrastructure Monitoring, Security Information and Event Management, Managed and Monitored Firewall, Managed and Monitored Integrated Appliance, or Managed and Monitored Next Generation Firewall MSS Services pursuant to a Service Order, Customer shall be billed for the entire number of devices in the tier being purchased (as outlined in the applicable Service Order) upon the Service Commencement Date for the initial device. If there are any devices remaining to be integrated thereafter, Customer shall be responsible for initiating the integration of such devices via the SecureWorks network portal.
2.3 Consulting Service Fees. Customer agrees to pay SecureWorks for the Consulting Services in accordance with the applicable Statement of Work. The fees specified in any Statement of Work are the total fees and charges for the Consulting Services, but are subject to changes resulting from mutually agreed changes in the scope of Consulting Services to be provided pursuant to a Statement of Work change order executed by the parties.
2.4 Work on Customer Premises. If and to the extent that the Services require SecureWorks to be present at the Customer’s premises, SecureWorks shall communicate the same and Customer shall reimburse SecureWorks for all reasonable, actual out-of-pocket expenses, including, but not limited to, shipping, travel expense, hotel and meals, incurred in connection with the implementation, performance or delivery of the Services.
2.5 Additional Fees; Taxes. Customer shall be responsible, on behalf of itself and its Affiliate(s), for the payment of all taxes and fees assessed or imposed on the Services provided or the amounts charged under this MSA in any country or territory in which the Customer receives the benefit of the Services, including any sales, use, excise, value-added, or comparable taxes, but excluding taxes for which the Customer has provided a valid resale or exemption certificate. Should any payments become subject to withholding tax, the Customer will deduct these taxes from the amount owed and pay the taxes to the appropriate tax authority in accordance with applicable tax laws. Customer will promptly provide SecureWorks with receipts or documents evidencing these tax payments. SecureWorks shall not be liable for any withholding tax, penalty or interest due as a result of Customer’s failure to withhold any applicable tax.
2.6 Invoicing; Payment and Disputes. SecureWorks will invoice Customer in accordance with the payment terms set forth and detailed on the applicable Service Order or Statement of Work. All charges, fees, payments and amounts hereunder will be in United States dollars. Unless otherwise provided for in the applicable Service Order or Statement of Work, amounts due hereunder are payable within thirty (30) days from the date of the invoice (the “Invoice Due Date”). Customer shall have the right to reasonably and in good faith dispute any portion of any amount claimed by SecureWorks as payable prior to the Invoice Due Date, by timely paying any undisputed portion of the amount and providing SecureWorks, prior to the Invoice Due Date, written notice specifying the disputed amount and the basis for the dispute in reasonable detail.
2.7 Nonpayment. For invoices not paid within thirty (30) days of the Invoice Due Date, SecureWorks reserves the right to charge Customer a late fee of one and a half percent (1.5%) per month applied against undisputed overdue amounts, or the maximum rate permitted by law, whichever is less. In addition, SecureWorks, without waiving any other rights or remedies to which it may be entitled, shall have the right to suspend or terminate the Services until such payment is received and may decide not to accept additional orders from Customer and/or seek collection of all amounts due, including reasonable legal fees and costs of collections. SecureWorks shall have no liability to Customer for any such suspension or termination of Services, or non-acceptance of orders.
2.8 Purchases by Affiliates. Unless otherwise agreed in writing, any Affiliate who submits an order to SecureWorks for Services shall agree to abide by the terms of this MSA and Customer shall be liable for any failure to comply or other breach hereof by any such Affiliate. SecureWorks, in its sole discretion, may discontinue selling Services to any Affiliate or may require additional payment and/or credit conditions for such Affiliate.
2.9 Third-Party Product Purchases. If Customer is purchasing, or subsequently purchases, any third party products or services through SecureWorks under a Service Order or Statement of Work, then, as applicable, Customer will comply with the terms and conditions attached to that Service Order or Statement of Work relating to such third party product or service.
3. Term of Agreement; Service Orders and Statements of Work.
3.1 Term of MSA. The term of this MSA shall commence on the Effective Date and shall continue until all Service Orders and Statements of Work hereunder have expired or been terminated, or until this MSA is terminated pursuant to the provisions hereof (the “Term”).
3.2 Term of Service Orders/Statements of Work. The term for the applicable Services to be provided under this MSA will be set forth on the applicable Service Order and/or Statement of Work
4.1 Termination for Breach. Either party may terminate this MSA or any unexpired Service Order and/or Statement of Work in the event that the other party materially defaults in performing any obligation under this MSA and such default continues un-remedied for a period of thirty (30) days following written notice of default. If this MSA or any unexpired Service Order and/or Statement of Work is terminated for any reason other than SecureWorks’ breach, Customer agrees to pay to SecureWorks: (i) all unpaid Service fees as set forth on the Service Order and/or Statement of Work accrued or performed as of such termination date; plus (ii) for MSS Services only, liquidated damages equal to the MSS Service fees that will become due during the remaining term of the applicable Service Order(s). If Customer terminates this MSA or any unexpired Service Order and/or Statement or Work as a result of SecureWorks’ breach, then to the extent that Customer has prepaid any Service fees, SecureWorks shall refund to Customer such prepaid fees on a pro-rata basis to the extent such fees are attributable to the period after such termination date; provided, however, that Customer remains liable to pay to SecureWorks all unpaid Service fees as set forth in the Service Order and/or Statement of Work accrued as of, and attributable to the period prior to, such termination date.
4.2 Termination for Insolvency. This MSA will terminate, effective upon delivery of written notice by either party to the other party upon the following: (a) the institution of insolvency, receivership or bankruptcy proceedings or any other proceedings for the settlement of debts of the other party; (b) the making of an assignment for the benefit of creditors by the other party; or (c) the dissolution of the other party.
4.3 Effects of Termination. Termination or expiration of a Service Order or Statement of Work shall not be construed, by implication or otherwise, to constitute termination of this MSA or any other existing Service Order and/or Statement of Work. In the event that this MSA is terminated, any open Service Orders or Statements of Works shall also terminate.
This Section 4 shall survive any expiration or termination of this MSA.
5. MSS Service Software; Restrictions.
SecureWorks will provide to Customer all user IDs, tokens, passwords, access, use of the software (in object code format only), and digital signatures necessary to receive the MSS Services (the “Software”) and the applicable written directions and/or policies relating to the MSS Services, which may be in paper or electronic format (the “Documentation” and collectively, with the MSS Services, Equipment and the Software, the “Products”), or a combination thereof, as required by the Customer to receive the MSS Services. SecureWorks grants Customer a limited, nontransferable, royalty-free and nonexclusive license to access and use, and for Customer’s Affiliates to access and use, during the Term, the Products delivered to Customer, subject to the restrictions set forth below.
Customer (i) will use the Software, Services, Equipment and/or the Documentation for its internal security purposes, or for the internal security purposes of Customer’s Affiliates purchasing Services hereunder and (ii) will not, for itself, any Affiliate of Customer or any third party: (a) sell, rent, license, assign, distribute, or transfer any of the Products; (b) decipher, decompile, disassemble, reconstruct, translate, reverse engineer, or discover any source code of the Software; (c) copy any Software or Documentation, except that Customer may make a reasonable number of copies of the Documentation for its internal use (provided Customer reproduces on such copies all proprietary notices of SecureWorks or its suppliers); or (d) remove from any Software, Documentation or Equipment any language or designation indicating the confidential nature thereof or the proprietary rights of SecureWorks or its suppliers. In addition, Customer will not, and will not permit third parties to, (I) use any Software or Equipment on a time-sharing, outsourcing, service bureau, hosting, application service provider or managed service provider basis; (II) alter any aspect of any Software or Equipment; or (III) except as permitted under Section 14.1, assign, transfer, distribute, or otherwise provide access to any of the Products to any third party or otherwise use any Product with or for the benefit of any third party.
This Section 5 shall survive any expiration or termination of this MSA.
6. Proprietary Rights.
6.1 Customer’s Proprietary Rights. Customer represents and warrants that it has the necessary rights, power and authority to transmit Customer Data (as defined below) to SecureWorks under this MSA. As between Customer and SecureWorks, Customer will own all right, title and interest in and to (i) any data provided by Customer to SecureWorks and/or Customer data accessed or used by SecureWorks or transmitted by Customer to SecureWorks or SecureWorks Equipment in connection with SecureWorks’ provision of the Services, including, but not limited to, Customer data included in any written or printed summaries, analyses or reports generated in connection with the Services (“Customer Data”), (ii) all intellectual property, including patents, copyrights, trademarks, trade secrets and other proprietary information (“IP”) of Customer that may be made available to SecureWorks in the course of providing Services under this MSA, and (iii) all confidential or proprietary information of Customer or Customer Affiliates, including, but not limited to, Customer Data, Customer Reports (as defined in Section 6.3), and other Customer files, documentation and related materials, in each case under this clause (iii), obtained by SecureWorks in connection with this MSA.
During the Term, Customer grants to SecureWorks a limited, non-exclusive license to use the Customer Data solely for the purposes contemplated by this MSA and for SecureWorks to perform the Services as contemplated hereunder. This MSA does not transfer or convey to SecureWorks or any third party any right, title or interest in or to the Customer Data or any associated IP rights, but only a limited right of use as granted in and revocable in accordance with this MSA.
6.2 SecureWorks’ Proprietary Rights. As between Customer and SecureWorks, SecureWorks will own all right, title and interest in and to the Software, Equipment and Documentation. This MSA does not transfer or convey to Customer or any third party any right, title or interest in or to the Software, Equipment or Documentation or any associated IP rights, but only a limited right of use as granted in and revocable in accordance with this MSA. SecureWorks will retain ownership of all copies of the Documentation. SecureWorks agrees to transfer all right, title and interest to any Customer equipment (not including any SecureWorks IP loaded onto such equipment) purchased by Customer pursuant to a Service Order. In addition, except as set forth in Sections 6.1 and 6.3, Customer agrees that SecureWorks is the owner of all right, title and interest in all IP in any work, including, but not limited to, all inventions, methods, processes, and computer programs including any source code or object code, (and any enhancements and modifications made thereto) contained within the Services and/or Products, collectively, the “Works”), developed by SecureWorks in connection with the performance of the Services hereunder and of general applicability across SecureWorks’ customer base, and Customer hereby assigns to SecureWorks all right, title and interest in any copyrights that Customer may have in and to such Work; provided, however, that such Work shall not include information or data belonging, referencing, or pertaining to Customer or Customer Affiliates. Without limiting the foregoing, SecureWorks will own all right, title and interest in all IP in any advisory data, threat data, vulnerability data, analyses, summaries, bulletins and information made available to Customer in SecureWorks’ provision of its Counter Threat Intelligence Services. During the Term, SecureWorks grants to Customer a limited, non-exclusive license to use such Works solely to receive the Services hereunder for Customer’s or Customer’s Affiliate’s internal security purposes only.
6.3 Customer Reports. Customer shall own all right, title and interest in and to any written summaries, reports, analyses, and findings or other information or documentation prepared exclusively for Customer in connection with the Consulting Services (the “Customer Reports”). The provision by Customer of any Customer Report or any information therein to any unaffiliated third party shall not entitle such third party to rely on the Customer Report or the contents thereof in any manner or for any purpose whatsoever, and SecureWorks specifically disclaims all liability for any damages whatsoever (whether foreseen or unforeseen, direct, indirect, consequential, incidental, special, exemplary or punitive) arising from or related to reliance by any third party on any Customer Report or any contents thereof.
6.4 Return of Proprietary Information. Upon termination of this MSA, each party will, at the request of the other party and to the extent practicable, return, or upon the other party’s request, destroy, all copies of the other party’s IP and/or Confidential Information, including any Customer Data, in such party’s possession, custody or control. For Customer purchased equipment, Customer shall erase, destroy and cease use of all Software located on such Customer purchased equipment upon the expiration or termination of the Term.
This Section 6 shall survive any expiration or termination of this MSA.
7. Customer Responsibilities.
7.1 Cooperation. Customer acknowledges that SecureWorks’ performance and delivery of the Services are contingent upon: (A) Customer providing safe and hazard-free access to its personnel, facilities, equipment, hardware, network and information as deemed reasonably necessary for SecureWorks to perform or implement the Services, and (B) Customer’s timely decision-making, providing the requested information and granting of approvals or permissions. Customer will promptly obtain and provide to SecureWorks any required licenses, approvals or consents necessary for SecureWorks’ performance of the Services. SecureWorks will be excused from its failure to perform its obligations under this MSA to the extent such failure is caused solely by Customer’s delay in performing or failure to perform its responsibilities under this MSA.
7.2 Connecting to Managed Devices. If and to the extent that SecureWorks is providing managed or co-managed MSS Services hereunder, the obligations of SecureWorks to comply with the Service Level Agreements applicable to the MSS Services are dependent on SecureWorks’ ability to connect directly to the Customer devices on the Customer’s network through an authenticated server in SecureWorks’ secure operations center. If and to the extent that SecureWorks is required to connect to Customer devices via a non-standard means, such as Customer’s VPN or other indirect connection, then, to the extent that SecureWorks’ provision of MSS Services requires access to such managed or co-managed devices in connection with any incident response or help desk request, SecureWorks (i) can make no guarantees or give any assurances of compliance with the Service Level Agreements with respect thereto, and (ii) shall have no responsibility or liability for any failure to perform or delay in performing its obligations or meeting its Service Level Agreements hereunder to the extent such failure or delay is caused by such indirect access.
In the performance of the Services, Customer and SecureWorks may have access to or be exposed to information of the other party not generally known to the public, including, but not limited to software, product plans, marketing and sales information, customer lists, “know-how,” or trade secrets which may be designated as being confidential or which, under the circumstances surrounding disclosure, ought to be treated as confidential (collectively, “Confidential Information”). Confidential Information may not be shared with third parties unless such disclosure is to personnel of SecureWorks or Customer, including employees, agents and subcontractors, on a “need-to-know” basis in connection with its performance of this MSA, so long as such personnel have agreed to treat such Confidential Information under terms at least as restrictive as those herein. Each party agrees to take the necessary precautions to maintain the confidentiality of Confidential Information by using at least the same degree of care as such party employs with respect to its own Confidential Information of a like-kind nature, but in no case less than a commercially reasonable standard of care to maintain confidentiality. The foregoing shall not include information, which, (A) was known by one party prior to its receipt from the other or is or becomes public knowledge without the fault of the recipient, (B) is received by the recipient from a source other than a party to this MSA, (C) is independently developed by a party without causing a breach of the terms hereunder, or (D) a party is required to disclose in response to an order by a court or governmental agency, provided that advance notice of the disclosure is provided to other party. The obligations with respect to Confidential Information shall continue for three (3) years from the date of disclosure.
In the event that SecureWorks is exposed to any Customer or Customer client non-public personal information (“NPPI”) while performing the Services hereunder, SecureWorks agrees to maintain the confidentiality of and protect such NPPI in accordance with the Gramm-Leach-Bliley Act of 1999, the Fair Credit Reporting Act, the Health Insurance Portability and Accountability Act (“HIPAA”) and all other regulations applicable to the Services being performed hereunder. SecureWorks will, upon request, provide Customer with a copy of SecureWorks’ current third-party audit report on service organizations (based on SAS 70/ SSAE 16 Type 2 or its successor standard). Customer acknowledges that all such reports constitute Confidential Information of SecureWorks hereunder.
SecureWorks shall maintain information security policies and procedures for NPPI, consistent with prevailing United States industry standards.
9. Limited Warranty and Limitation of Liability; High-Risk Disclaimer; Consulting Services Disclaimer.
9.1 Limited Warranty. SECUREWORKS WARRANTS THAT THE SERVICES WILL BE PERFORMED IN A GOOD AND WORKMANLIKE MANNER. EXCEPT AS EXPRESSLY STATED IN THE PRECEDING SENTENCE, SECUREWORKS (INCLUDING ITS AFFILIATES, SUBCONTRACTORS AND AGENTS) AND EACH OF THEIR RESPECTIVE EMPLOYEES, DIRECTORS AND OFFICERS (COLLECTIVELY, THE "SECUREWORKS PARTY(IES)") MAKES NO EXPRESS OR IMPLIED WARRANTIES WITH RESPECT TO ANY OF THE PRODUCTS, SERVICES OR CUSTOMER REPORTS, INCLUDING BUT NOT LIMITED TO, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, PERFORMANCE, SUITABILITY OR NON-INFRINGEMENT, OR ANY WARRANTY RELATING TO THIRD-PARTY PRODUCTS OR THIRD-PARTY SERVICES.
9.2 Limitation of Liability.
9.2.1 NEITHER THE SECUREWORKS PARTIES NOR CUSTOMER WILL BE LIABLE FOR ANY INCIDENTAL, INDIRECT, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF OR IN CONNECTION WITH THE SERVICES PROVIDED BY SECUREWORKS HEREUNDER. NEITHER PARTY SHALL HAVE LIABILITY FOR THE FOLLOWING, WHETHER DIRECT OR INDIRECT: (A) LOSS OF REVENUE, INCOME, PROFIT, OR SAVINGS, (B) LOST OR CORRUPTED DATA OR SOFTWARE, LOSS OF USE OF SYSTEM(S) OR NETWORK, OR THE RECOVERY OF SUCH, (C) LOSS OF BUSINESS OPPORTUNITY, (D) BUSINESS INTERRUPTION OR DOWNTIME, OR (E) SECUREWORKS’ PRODUCTS, SERVICES OR THIRD-PARTY PRODUCTS NOT BEING AVAILABLE FOR USE BY CUSTOMER.
9.2.2 SECUREWORKS’ AGGREGATE LIABILITY (WHETHER IN CONTRACT, TORT OR OTHERWISE) FOR ALL CLAIMS OF LIABILITY ARISING OUT OF, OR IN CONNECTION WITH ANY SERVICE PROVIDED PURSUANT TO THIS MSA SHALL NOT EXCEED: (A) THE AMOUNTS PAID BY CUSTOMER FOR THE SPECIFIC SERVICE(S) GIVING RISE TO SUCH CLAIM DURING THE PRIOR TWELVE (12) MONTH PERIOD WITH RESPECT TO THE MSS SERVICES; AND (B) THE AMOUNT OF THE STATEMENT OF WORK THAT IS THE SOURCE OF SUCH LIABILITY, WITH RESPECT TO THE CONSULTING SERVICES.
EACH PARTY ACKNOWLEDGES THAT THESE LIMITATIONS APPLY EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR THE REMEDIES FAIL OF THEIR ESSENTIAL PURPOSE AND THAT, WITHOUT THESE LIMITATIONS, THE FEE FOR THE SERVICES PROVIDED HEREUNDER WOULD BE HIGHER.
9.2.3 The foregoing limitations, exclusions and disclaimers shall apply, regardless of whether the claim for such damages is based in contract, warranty, strict liability, negligence, tort or otherwise. Insofar as applicable law prohibits any limitation herein, the parties agree that such limitation will be automatically modified, but only to the extent so as to make the limitation permitted to the fullest extent possible under such law. The parties agree that the limitations on liabilities set forth herein are agreed allocations of risk constituting in part the consideration for SecureWorks’ sale of Services and/or Products to Customer, and such limitations will apply notwithstanding the failure of essential purpose of any limited remedy and even if a party has been advised of the possibility of such liabilities.
9.2.4 Certain Consulting Services that SecureWorks performs for its customers follow a defined methodology, rather than being driven by a specific end result or deliverable. Due to this inherent property of these certain Consulting Services, SecureWorks cannot guarantee the outcome of its testing, assessment, forensics, or remediation methods as all such methods have reliability limitations including, but not limited to, (i) results produced differing from initial customer expectation, (ii) missing certain compliance gaps and (iii) missing certain security gaps. SecureWorks cannot guarantee that a weakness, noncompliance issue or vulnerability will be discovered if evidence of such is not encountered during the performance of the contracted engagement. SecureWorks uses a sampling methodology which attempts to reduce the cost to its customers while minimizing the impact to the accuracy and reliability of the results. Customer acknowledges and accepts that limitations and inherent risks exist from approaches used by SecureWorks to deliver the Consulting Services. Depending on the type of Consulting Services being purchased by Customer pursuant to a Statement of Work, if applicable, Appendix A will apply.
This Section 9 shall survive any expiration or termination of this MSA.
SecureWorks shall defend, indemnify and hold harmless Customer from any third-party claim or action that the Products, Services or any Customer Reports (excluding Third-Party Products) prepared or produced by SecureWorks and delivered pursuant to this MSA infringe or misappropriate any third party’s patent, copyright, trade secret, or other intellectual property rights enforceable in the country(ies) in which the Products, Services or any Customer Reports are performed or prepared for Customer by SecureWorks (“Indemnified Claims”). If a claim of infringement or misappropriation under this Section 10 occurs, or if SecureWorks determines that a claim is likely to occur, SecureWorks shall, at its option: (A) obtain a right for Customer to continue using such Product, Service or Customer Reports; (B) modify such Product, Service or Customer Report to make it non-infringing; (C) replace such Product, Service or Customer Report with a non-infringing equivalent; or (D) refund any pre-paid fees for the allegedly infringing Product, Services or Customer Report that have not been performed. Notwithstanding the foregoing, SecureWorks shall have no obligation under this Section for any claim resulting or arising from (A) modifications of the Products, Services or Customer Reports that were not performed by or on behalf of SecureWorks; or (B) the combination, operation or use of the Product, Service or Customer Reports in connection with a third-party product or service (the combination of which causes the infringement).
Customer shall defend, indemnify and hold SecureWorks harmless from, any third-party claim or action ; (i) alleging that the Customer Data infringes a United States copyright or misappropriates any trade secrets enforceable under the laws of the United States or was improperly provided to SecureWorks in violation of Customer’s privacy policies or applicable laws (or regulations promulgated thereunder), (ii) alleging that the Customer is using the Products, Services and/or Customer Reports in a manner prohibited under this MSA, or (iii) relating to tax liabilities that are the Customer’s responsibility pursuant to Section 2.5.
THE PROVISIONS OF THIS SECTION 10 STATE THE SOLE AND EXCLUSIVE OBLIGATIONS OF EITHER PARTY FOR INTELLECTUAL PROPERTY RIGHTS INFRINGEMENT OR MISAPPROPRIATION.
Each party agrees to indemnify and hold harmless the other party from any third-party claim or action for personal bodily injuries, including death, resulting from the indemnifying party’s gross negligence or willful misconduct resulting from the Services (excluding Third-Party Products) provided hereunder. This section states each party’s exclusive remedies for any third-party claim or action, and nothing in this MSA or elsewhere will obligate either party to provide any greater indemnity to the other.
This Section 10 shall survive any expiration or termination of this MSA.
Each party, at its own expense, will comply with all applicable laws, orders and regulations of any governmental authority with jurisdiction over its activities in connection with this MSA. Each party will furnish to the other party any information required to enable the other party to comply with applicable laws and regulations related to the Products. SecureWorks and Customer acknowledge that Products licensed or sold under this MSA are subject to the export control laws and regulations of the United States or those of other countries from which they were supplied and in which they are used and agrees to abide by those laws and regulations.
Each party agrees to indemnify, defend and hold the other harmless from any claims, demands or causes of action against the other due to the indemnifying party’s violation or alleged violation of the applicable export laws, regulations and orders.
This Section 11 shall survive any expiration or termination of this MSA.
12. Additional National Security Obligations. In the provision of the Services by SecureWorks to Customer facilities located outside of the United States, Customer Data may be transferred outside of the country in which such Customer location is situated and therefore become subject to the laws of the United States of America (e.g. the Bank Secrecy Act) or other jurisdictions, which laws may require governmental disclosure thereunder.
In addition, certain Services or Products to be provided hereunder as well as certain transactions hereunder may be subject to United States anti-boycott, export control, sanctions laws, and any applicable foreign export and import laws or regulations consistent with U.S. law, including, but not limited to, laws which may penalize or prohibit (i) transactions involving persons, companies, or entities involved in activities related to the proliferation of nuclear, missile, or chemical/biological weapons, or missiles that deliver such weapons; (ii) transactions involving any person, company, or other entity appearing on any applicable list of prohibited parties maintained by the United States Government; (iii) transactions involving countries against which the United States maintains economic sanctions or embargos under statute, Executive Order, or regulations issued by the Office of Foreign Assets Control (“OFAC”), 31 C.F.R. Subtitle B, Chapter V, as amended from time-to-time; and (iv) transactions involving any person, company, or entity acting or purporting to act, directly or indirectly, on behalf of, or an entity owned or controlled by, any party identified in (i) through (iii) above. Customer represents and warrants (x) that neither it nor any Affiliates or agents receiving Products is, (or at any time during the Term will be), any person, company, or entity described above and (y) that it will comply with all such applicable laws and regulations described above and will require each Affiliate and agent of Customer receiving the Products to comply with the foregoing. If SecureWorks becomes aware of any violation or alleged violation of any of the foregoing requirements of clause (x) or (y) above, SecureWorks will have the right to terminate Customer’s right to receive the Products and Services for cause without affording Customer an opportunity to cure such non-compliance.
This Section 12 shall survive any expiration or termination of this MSA.
13. Government Sales. If and to the extent, Customer is, or intends to supply any SecureWorks Products or Services (either directly or through other higher-tier contractors) to or use any Products or Services in providing products or services to, a Federal Government Entity, the following Restricted Rights provision shall apply.
Restricted Rights: SecureWorks Products and Services, other than the supporting Documentation, provided to Federal Government agencies are provided with LIMITED RIGHTS, as those terms are defined in the Federal Acquisition Regulation (“FAR”) at FAR clauses 52.227-14 and 52.227-19. Use, duplication, or disclosure of restricted rights Products by the Federal Government is subject to the restrictions as set forth in subparagraph “(c)” of the Commercial Computer Software - Restricted Rights clause at FAR 52.227-19. In the event the sale is to a Department of Defense agency, the government’s rights in software, supporting documentation, and technical data are governed by the restrictions in the Technical Data Commercial Items clause at DFARS 252.227-7015 and DFARS 227.7202. In no event shall Customer grant any higher tier contractor or the Federal Government rights in any SecureWorks Products greater than those set forth in this provision.
Customer represents and warrants that it is not a national, provincial, Federal, state, county or municipal government or any governmental agency, department, subdivision, instrumentality, body, corporation or other arm or extension thereof of any of the foregoing and, in executing and delivering this MSA and receiving the Products and Services hereunder, is not acting under the authority or color of authority of any of the foregoing.
This Section 13 shall survive any expiration or termination of this MSA.
14. Important Additional Terms.
14.1 Independent Contractor Relationship; MSA Assignment; Subcontracting. The parties are independent contractors. Neither party will have any rights, power or authority to act or create an obligation, express or implied, on behalf of another party except as specified in this MSA. Neither party will use the other party’s name (except internal use only), trademark, logos, or trade name without the prior written consent of the other party. SecureWorks has the right to assign, subcontract or delegate in whole or in part this MSA, or any rights, duties, obligations or liabilities under this MSA, by operation of law or otherwise, provided that SecureWorks shall remain responsible for the performance of Services under this MSA. Otherwise, neither party may assign this MSA without the permission of the other party.
14.2 Entire Agreement; Severability; Section Headings. This MSA and the Service Orders and/or Statements of Work are the entire agreement between SecureWorks and Customer with respect to its subject matter and supersede all prior oral and written understandings, agreements, communications, and Customer terms and conditions attached to a purchase order or agreements, including, but not limited to, any security or privacy agreements executed by the parties. No amendment to or modification of this MSA, in whole or in part, will be valid or binding unless it is in writing and executed by authorized representatives of both parties provided, however that the Service Level Agreements may be amended from time to time by SecureWorks, as reasonably necessary, in its reasonable discretion as long as such amendments (a) will have no material adverse impact on the Services, Service Levels or Service Credits currently being provided to Customer by SecureWorks; and (b) are being effected with respect to all similarly situated SecureWorks customers. If any provision of this MSA is void or unenforceable, the remainder of this MSA will remain in full force and effect. Section headings are for reference only and shall not affect the meaning or interpretation of this MSA.
14.3 Force Majeure. Neither party shall be liable to the other party for any failure to perform any of its obligations (except payment obligations) under this MSA during any period in which such performance is delayed by circumstances beyond its reasonable control including, but not limited to, fire, flood, war, embargo, strike, riot or the intervention of any governmental authority (a “Force Majeure”). In such event, however, the delayed party must promptly provide the other party with written notice of the Force Majeure. The delayed party’s time for performance will be excused for the duration of the Force Majeure, but if the Force Majeure events lasts longer than thirty (30) days, the other party may immediately terminate the applicable Service Order and/or Statement of Work by giving written notice to the delayed party.
14.4 Notices. Notices to SecureWorks under this MSA must be in writing and sent by postage prepaid first-class mail or receipted courier service at the address below or to such other address (incl. facsimile or electronic) as specified in writing and will be effective upon receipt.
One Concourse Parkway, Suite 500
Atlanta, GA 30328
This Section 14.4 shall apply for formal contract notices only and shall not limit the parties’ ability to communicate via electronic mail or other methods as agreed to by the parties for routine communications.
14.5 Governing Law, Forum and Language. THE PARTIES AGREE THAT THE MSA, ANY SALES THEREUNDER, OR ANY CLAIM, DISPUTE OR CONTROVERSY (WHETHER IN CONTRACT, TORT, OR OTHERWISE, WHETHER PREEXISTING, PRESENT OR FUTURE, AND INCLUDING STATUTORY, COMMON LAW, AND EQUITABLE CLAIMS) BETWEEN CUSTOMER AND SECUREWORKS ARISING FROM OR RELATING TO THIS MSA, ITS INTERPRETATION, OR THE BREACH, TERMINATION OR VALIDITY THEREOF, THE RELATIONSHIPS WHICH RESULT FROM THIS MSA OR ANY RELATED PURCHASE SHALL BE GOVERNED BY THE LAWS OF THE STATE OF TEXAS, WITHOUT REGARD TO CONFLICTS OF LAW.
The parties agree that any and all claims, causes of action or disputes (regardless of theory) arising out of or relating to the MSA shall be brought exclusively in the courts located in Travis County, Texas. Customer and SecureWorks agree to submit to the personal jurisdiction of the courts located within Travis County, Texas, and agree to waive any and all objections to the exercise of jurisdiction over the parties by such courts and to venue in such courts.
This MSA will be interpreted and construed in accordance with the English language.
14.6 Dispute Resolution. The Parties will attempt to resolve any claim, or dispute or controversy (whether in contract, tort or otherwise) arising out of or relating to this MSA or any related purchase hereunder (a “Dispute”) through face-to-face negotiation with persons fully authorized to resolve the Dispute or through mediation utilizing a mutually agreeable mediator, rather than through litigation. The existence or results of any negotiation or mediation will be treated as confidential. Notwithstanding the foregoing, either party will have the right to obtain from a court of competent jurisdiction a temporary restraining order, preliminary injunction or other equitable relief to preserve the status quo, prevent irreparable harm, avoid the expiration of any applicable limitations period, or preserve a superior position with respect to other creditors, although the merits of the underlying Dispute will be resolved in accordance with this paragraph. In the event the parties are unable to resolve the Dispute within thirty (30) days of notice of the Dispute to the other party, the parties shall be free to pursue all remedies available at law or equity.
14.7 Limitation Period. Neither party may institute any action in any form arising out of this MSA more than two (2) years after the cause of action has arisen, or in the case of nonpayment, more than two (2) years from the date of last payment.
Applicable to Security Services. Should a Statement of Work include security scanning, testing, assessment, forensics, or remediation Services (“Security Services”), Customer understands that SecureWorks may use various methods and software tools to probe network resources for security-related information and to detect actual or potential security flaws and vulnerabilities. Customer authorizes SecureWorks to perform such Security Services (and all such tasks and tests reasonably contemplated by or reasonably necessary to perform the Security Services or otherwise approved by Customer from time to time) on network resources with the IP Addresses identified by Customer. Customer represents that, if Customer does not own such network resources, it will have obtained consent and authorization from the applicable third party to permit SecureWorks to provide the Security Services. SecureWorks shall perform Security Services during a timeframe mutually agreed upon with Customer. The Security Services, such as penetration testing or vulnerability assessments, may also entail buffer overflows, fat pings, operating system specific exploits, and attacks specific to custom coded applications but will exclude intentional and deliberate DOS (“Denial of Service”) attacks. Furthermore, Customer acknowledges that the Security Services described herein could possibly result in service interruptions or degradation regarding the Customer’s systems and accepts those risks and consequences. Customer hereby consents and authorizes SecureWorks to provide any or all of the Security Services with respect to the Customer’s systems. Customer further acknowledges that it is the Customer’s responsibility to restore network computer systems to a secure configuration after SecureWorks’ testing.
Applicable to Compliance Consulting Services. Should a Statement of Work include compliance testing or assessment or other similar compliance advisory Services (“Compliance Services”), Customer understands that, although SecureWorks' Compliance Services may discuss or relate to legal issues, SecureWorks does not provide legal advice or services, none of such Services shall be deemed, construed as or constitute legal advice and that Customer is ultimately responsible for retaining its own legal counsel to provide legal advice. Furthermore, the Customer Reports provided by SecureWorks in connection with any Compliance Services shall not be deemed to be legal opinions and may not and should not be relied upon as proof, evidence or any guarantee or assurance as to Customer’s legal or regulatory compliance.
Applicable to Payment Card Industry Compliance Consulting Services. Should a Statement of Work include payment Card industry (“PCI”) compliance auditing, testing or assessment or other similar PCI compliance advisory Consulting Services (“PCI Compliance Services”), Customer understands that SecureWorks' PCI Compliance Services do not constitute any guarantee or assurance that security of Customer’s systems, networks and assets cannot be breached or are not at risk. These PCI Compliance Services are an assessment, as of a particular date, of whether Customer’s systems, networks and assets, and any compensating controls meet the applicable PCI standards. Mere compliance with PCI standards may not be sufficient to eliminate all risks of a security breach of Customer’s systems, networks and assets. Furthermore, SecureWorks is not responsible for updating its reports and assessments, or enquiring as to the occurrence or absence of such, in light of subsequent changes to Customer’s systems, networks and assets after the date of SecureWorks’ final report, absent a signed Statement of Work expressly requiring the same.