DAVENPORT GROUP – SECUREWORKS CLIENT AGREEMENT
Subject to the terms and conditions in this Agreement, the Davenport Group (“Reseller”) has engaged with a customer (“Client”), which have their principal places of business located in the continental United States (the “Territory”), to contract services through SecureWorks (“SecureWorks”).
This Agreement may be updated from time to time by the Reseller and made available on the client portal located at https://davenportgroup.com/tc34ay62b-cp19/.
MSS Services Terms
1. Sublicense; Sublicense Restrictions
1.1 Except for equipment purchased by Client, Client will return to SecureWorks any equipment or hardware provided by Reseller or SecureWorks (“Equipment”) upon the expiration or termination of the Term. If such Equipment is not returned by Client, Client will be responsible for the then-current replacement costs of such Equipment. Reseller will provide to Client access and use of the software, in object code format only, necessary to receive the Services (the “Software”) and the applicable written directions and/or policies relating to the Services, which may be in paper or electronic format (the “Documentation” and collectively, with the Equipment and the Software, the “Products”), or a combination thereof, as required by the Client to receive the Services. Reseller grants Client a limited, nontransferable and nonexclusive license to access and use, during the Term, the Services and the Software, together with Documentation delivered to Client, subject to the following restrictions: (i) Client will use the Software, Services and/or the Documentation for Client’s internal security purposes only, and (ii) Client will not, for itself, any affiliate of Client or any third party (a) sell, rent, license, assign, distribute, or transfer any of the Software, Services, Equipment (as defined below) or any Documentation; (b) decipher, decompile, disassemble, reconstruct, translate, reverse engineer, or discover any source code of underlying ideas, algorithms, file formats, programming, or interoperability interfaces of any of the Products; (c) copy or virtualize any Products, except that Client may make a reasonable number of copies of the Documentation for backup purposes (provided Client reproduces on such copies all proprietary notices of SecureWorks or its suppliers); or (d) remove from any Product any language or designation indicating the confidential nature thereof or the proprietary rights of SecureWorks or its suppliers. Without limiting the foregoing, if and to the extent that Client is provided with, or otherwise purchases Equipment, (a) Client shall not, and shall have no authority or right to, virtualize the Equipment and/or the Software loaded on such Equipment; and (b) violation of the foregoing shall be deemed to be a material breach hereunder and shall invalidate all SLAs for Services being provided by and/or through such Equipment and/or Software. In addition, Client will not and will not permit third parties to, (I) use any Product to operate in or as a time-sharing, outsourcing, service bureau, hosting, application service provider or managed service provider environment; (II) alter or duplicate any aspect of any Product, except as expressly permitted under this Agreement; or (III) assign, transfer, distribute, or otherwise provide access to any of the Products to any third party or otherwise use any Product with or for the benefit of any third party.
This limited license shall automatically terminate upon the expiration or termination of this Client Agreement for any reason.
2. Client Responsibilities
2.1 Client will provide SecureWorks with the cooperation, access and detailed information reasonably necessary for SecureWorks to implement and deliver the Services, including (i) test time on Client’s computer systems and networks sufficient for SecureWorks to provide the Services and (ii) one employee who has substantial computer system and network and project management experience reasonably satisfactory to SecureWorks to act as project manager and as a liaison between Client and SecureWorks. SecureWorks will be excused from its failure to perform its obligation under this Agreement to the extent such failure is caused by Client’s delay or failure to perform its responsibilities under this Agreement.
2.2 If and to the extent that SecureWorks is providing managed or co-managed MSS Services hereunder, the obligations of SecureWorks to comply with the Service Level Agreements applicable to the MSS Services are dependent on SecureWorks’ ability to connect directly to the Client devices on the Client’s network through an authenticated server in SecureWorks’ secure operations center. If and to the extent that SecureWorks is required to connect to Client devices via Client’s VPN or other indirect or nonstandard means, then to the extent that SecureWorks is required to make adds, moves, or changes to or otherwise access such devices in connection with any incident response or help desk request, SecureWorks (i) can make no guarantees or give any assurances of compliance with the Service Level Agreements with respect thereto and (ii) shall have no responsibility or liability for any failure to perform or delay in performing its obligations or meeting its Service Level Agreements hereunder.
2.3 In providing the Vulnerability Assessment service (if purchased by Client), SecureWorks will take all reasonable precautions to minimize negative impact Client’s computer systems and network; however, Client acknowledges that performance of such service may temporarily degrade operation of Client’s computer systems and network. Client hereby releases SecureWorks from any and all losses, damages, expenses, or actions, which Client may incur in connection with the Vulnerability Assessment service.
3. Intellectual Property Rights
3.1 Client represents and warrants that it has the necessary rights, power and authority to transmit Client Data (as defined below) to SecureWorks under this Agreement. As between Client and SecureWorks, Client will own all right, title and interest in and to any data provided by Client to SecureWorks and/or Client data accessed and used by or transmitted by Client to SecureWorks or SecureWorks Equipment in connection with SecureWorks’ provision of the MSS Services, including but not limited to Client Data included in any written or printed summaries, analyses or reports generated in connection with the Services (“Client Data”). During the Term, Client grants to SecureWorks a limited, non-exclusive license to use the Client Data solely for all reasonable and necessary purposes contemplated by this Agreement and for SecureWorks to perform the Services as contemplated hereunder. This Agreement does not transfer or convey to SecureWorks or any third party any right, title or interest in or to the Client Data or any associated intellectual property rights, but only a limited right of use revocable in accordance with this Agreement.
3.2 As between Client and SecureWorks, SecureWorks will own all right, title and interest in and to the Software, MSS Services, Products and Documentation. This Agreement does not transfer or convey to Client or any third party any right, title or interest in or to the Software, MSS Services, Products or Documentation or any associated intellectual property rights, but only a limited right of use revocable in accordance with this Agreement. SecureWorks will retain ownership of all copies of the Documentation. In addition, Client agrees that SecureWorks is the owner of all right, title and interest in all IP as well as all ideas, inventions, methods, processes, computer programs (including any source code, object code, enhancements and modifications), together with all files (including input and output materials), all documentation related to the foregoing, all media upon which any of the foregoing are located (including tapes, disks and other storage media) and other documentation or example of any of the foregoing, in each case, developed by SecureWorks in connection with the performance of any Services provided by SecureWorks before or after the date set forth above and Client hereby assigns to SecureWorks all right, title and interest in such copyrights and other proprietary rights; provided however, that such related material shall not include information or data belonging or pertaining to Client, as described in Section 3.1.
3.3 Upon termination of this Agreement, each party will, at the request of the other party and to the extent practicable, return, or upon the other party’s request, destroy, all copies of the other party’s intellectual property in such party’s possession, custody or control. For Equipment purchased by Client pursuant to the Service Order, Client shall erase, destroy and cease use of all Software located on such Equipment upon the expiration or termination of the Term.
4. THIRD PARTY BENEFICIARY.
SecureWorks shall be an intended third party beneficiary under this Agreement. Client will not use SecureWorks’ name (except internal use only), trademark, logos, or trade name without SecureWorks’ prior written consent.
5. LIMITED WARRANTY.
5.1 Limited Warranty. RESELLER WARRANTS THAT DURING THE TERM OF THIS AGREEMENT, THE SERVICE SHALL SUBSTANTIALLY CONFORM TO THE SERVICE LEVEL AGREEMENT CONFIGURATION AS IT MAY BE AMENDED FROM TIME TO TIME BY RESELLER IN ITS SOLE DISCRETION. CLIENT’S SOLE REMEDY FOR VIOLATION FOR SUCH SLAS SHALL BE THE SERVICE CREDITS, IF ANY SET FORTH THEREIN. RESELLER MAKES NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO PRODUCTS, BUT WILL PASS THROUGH WARRANTIES FROM THE APPLICABLE THIRD PARTY VENDOR, IF ANY. EXCEPT FOR THE FOREGOING LIMITED WARRANTY, ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTIES OF TITLE, NONINFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE OR MECHANTABILITY, ARE HEREBY EXCLUDED. EXCEPT AS EXPRESSLY SET FORTH IN THE FIRST SENTENCE OF THIS SECTION 5.1, RESELLER DOES NOT WARRANT THAT USE OR OPERATION OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT DEFECTS IN THE SOFTWARE OR EQUIPMENT WILL BE CORRECTED.
5.2 Remedies Limitation of Liability. CLIENT’S SOLE REMEDY FOR BREACH OF THE FOREGOING LIMITED WARRANTY SHALL BE, AT RESELLER’S OPTION, EITHER: (I) REFUND OF THE PURCHASE PRICE OF THE PURCHASED EQUIPMENT (ONLY UPON RETURN OF THE EQUIPMENT) AND REFUND OF THE PRORATED FEES FOR THE SERVICE PAID TO RESELLER; OR (II) REPAIR OR REPLACEMENT OF THE NON-CONFORMING EQUIPMENT AND/OR RE-PERFORMANCE OF THE NON-CONFORMING SERVICE. IN NO EVENT SHALL RESELLER OR ITS LICENSORS OR SUPPLIERS BE LIABLE FOR DAMAGES IN EXCESS OF THE FEES PAID FOR EQUIPMENT AND SERVICE IN THE SIX (6) MONTHS PERIOD IMMEDIATELY PRECEDING THE DATE OF THE EVENT WHICH GAVE RISE TO THE CLAIM.
5.3 Damages Exclusion. IN NO EVENT WILL RESELLER OR ITS LICENSORS OR SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS, EARNINGS OR BUSINESS OPPORTUNITY) ARISING OUT OF THE SUBJECT MATTER OF THIS AGREEMENT OR FOR LOSS OR CORRUPTION OF DATA, IRRESPECTIVE OF WHETHER RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION, IN THE AGGREGATE, APPLIES TO ALL CAUSES OF ACTION, INCLUDING WITHOUT LIMITATION, BREACH OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, STRICT LIABILITY, MISREPRESENTATIONS, AND OTHER TORTS. THE FEES HEREIN REFLECT, AND ARE SET IN RELIANCE UPON, THE LIMITATION OF DAMAGES SET FORTH IN THIS AGREEMENT.
Reseller and Client shall protect the Products (collectively “Confidential Information”) with at least the same degree of care it uses to protect its own confidential information, but not less than a reasonable degree of care. Reseller Client shall not use, disclose, provide, or permit any person to obtain any such Confidential Information in any form, except for employees, agents, or independent contractors whose access is required to carry out the purposes of this Agreement and who have agreed to be subject to the same restrictions as set forth herein. Violations of any provision of this Section shall be the basis for the immediate termination of this Agreement. Each party’s obligation as to the confidentiality of the Products shall survive termination of this Agreement.
7. GOVERNMENT RELATIONS.
Client hereby disclaims, waives and agrees not to assert any right to or claim of sovereign immunity (or other similar statutory, constitutional or other legal right to defense) in any suit, claim, litigation or other proceeding, whether at law, in equity or otherwise, brought by SecureWorks to enforce Client’s obligations under this Agreement.
If the Products are provided to US Federal Government agencies, other than the supporting Documentation, they are provided with LIMITED RIGHTS, as those terms are defined in the Federal Acquisition Regulation (FAR”) at FAR clauses 52.227-14 and 52.227-19. Use, duplication, or disclosure of restricted rights Products by the Federal Government is subject to the restrictions as set forth in subparagraph “(c)” of the Commercial Computer Software – Restricted Rights clause at FAR 52.227-19. In the event the sale is to a Department of Defense agency, the government’s rights in software, supporting documentation, and technical data are governed by the restrictions in the Technical Data Commercial Items clause at DFARS 252.227-7015 and DFARS 227.7202. In no event shall Client grant any higher tier contractor or the Federal Government rights in any SecureWorks Products greater than those set forth in this provision.
8. NATIONAL SECURITY MATTERS.
Client will not without fully complying with all applicable laws and regulations (including all United States laws and regulations with respect to export and/or re-export of encrypted technology and any applicable laws of the destination country regarding the same) export any Product. Client represents and warrants that neither it nor any affiliates or agents receiving Products is, (or at any time during the Term will be), any person, company, or entity identified in (c) (i) through (iv) below.
If and to the extent that Products are being provided to Client or its Affiliates located outside the United States of America, Client further agrees that; (a) Client shall bear all cost and expense (including but not limited to shipping, customs, license and other professional fees and expenses incurred by SecureWorks) in connection with such delivery of such Products outside the United States in compliance with the laws and regulations of the United States and the destination location related to the export or import of technical data and products produced from such data; (b) in the provision of the Services by SecureWorks, Client Data may be transferred outside of the country in which such Client location is situated and therefore become subject to the laws of the United States of America (e.g., the Patriot Act) or other jurisdictions, which laws may require disclosure under such applicable laws; (c) certain Products to be provided hereunder as well as certain transactions hereunder may be subject to United States anti-boycott, export control, sanctions laws, and any applicable foreign export and import laws or regulations consistent with U.S. law, including but not limited to laws which may penalize or prohibit (i) transactions involving persons, companies, or entities involved in activities related to the proliferation of nuclear, missile, or chemical/biological weapons, or missiles that deliver such weapons; (ii) transactions involving any person, company, or other entity appearing on any applicable list of prohibited parties maintained by the United States Government; (iii) transactions involving countries against which the United States maintains economic sanctions or embargos under statute, Executive Order, or regulations issued by the Office of Foreign Assets Control (“OFAC”), 31 C.F.R. Subtitle B, Chapter V, as amended from time-to-time; and (iv) transactions involving any person, company, or entity acting or purporting to act, directly or indirectly, on behalf of, or an entity owned or controlled by, any party identified in (i) through (iii) above; and (d) Client will comply with all such applicable laws and regulations described above and will require each affiliate and agent of Client to comply with the foregoing. If SecureWorks becomes aware of any violation or alleged violation of any of the foregoing requirements of clause (c) or (d) above, SecureWorks will have the right to terminate Client’s right to receive Services for cause without affording Client an opportunity to cure such non-compliance.
1. RIGHTS IN DATA AND WORKS
Client agrees that Reseller (or its subcontractor) is the owner of all right, title and interest in all computer programs, including any source code, object code, enhancements and modifications, all files, including input and output materials, all documentation related to such computer programs and files, all media upon which any such computer programs, files and documentation are located (including tapes, disks and other storage media) and related material developed in connection with the performance of any Services provided by Reseller (or its subcontractor) before or after the date set forth above; provided however, that such related material shall not include information or data belonging or pertaining to Client of affiliated entities, or it’s parties. In no way limiting the foregoing, Client agrees that all copyrights and other proprietary rights in computer programs, files, documentation, and related materials developed by Reseller (or its subcontractor) in connection with this Agreement are owned by Reseller (or its subcontractor) and Client hereby assigns to Reseller (or its subcontractor) all right, title and interest in such copyrights and other proprietary rights.
2. CERTAIN SERVICES.
Should a Statement of Work include security scanning, testing, assessment, forensics, or remediation Services (“Security Services”), Client understands that Reseller (or its subcontractor) may use various methods and software tools to probe network resources for security-related information and to detect actual or potential security flaws and vulnerabilities. Client authorizes Reseller (or its subcontractor) to perform such Security Services (and all such tasks and tests reasonably contemplated by or reasonably necessary to perform the Security Services or otherwise approved by Client from time to time) on network resources with the IP Addresses identified by Client. Client represents that, if Client does not own such network resources, it will have obtained consent and authorization from the applicable third party, in form and substance satisfactory to Reseller (or its subcontractor), to permit Reseller (or its subcontractor) to provide the Security Services. Reseller (or its subcontractor) shall perform Security Services during a timeframe mutually agreed upon with Client. The Security Services, such as penetration testing or vulnerability assessments, but will exclude intentional and deliberate Denial of Service Attacks. Furthermore, Client acknowledges that the Security Services described herein could possibly result in service interruptions or degradation regarding the Client’s systems and accepts those risks and consequences. Client hereby consents and authorizes Consultant to provide any or all the Security Services with respect to the Client’s systems. Client further acknowledges it is the Client’s responsibility to restore network computer systems to a secure configuration after Consultant testing.
Should a Statement of Work include compliance testing or assessment or other similar compliance advisory Services (“Compliance Services”), Client understands that, although Compliance Services may discuss or relate to legal issues, SecureWorks does not provide legal advice or services none of such Services shall be deemed, construed as or constitute legal advice and that Client is ultimately responsible for retaining its own legal counsel to provide legal advice, Furthermore, any written summaries or reports provided by Reseller (or its subcontractor) in connection with any Compliance Services shall not be deemed to be legal opinions and may not and should not be relied upon as proof, evidence or any guarantee or assurance as to Client’s legal or regulatory compliance.
The Client recognizes and agrees provides no warranty or guarantee of the outcome of its testing, assessment, forensics, or remediation methods and that all such methods have reliability limitations, that no method nor number of sampling locations can guarantee that a weaknesses, noncompliance issue or vulnerabilities will be discovered if evidence of the same is not encountered within the performance of the Services as authorized and that conclusions must of necessity be extrapolated from discrete, non-continuous data points. The Client further acknowledges and agrees that reliability of testing or other Services varies according to the sampling frequency and other Service variables selected by the Client and that factors other than reliability, including cost, have been considered in the Client’s selection of services. Certain methods although having inherent reliability limitations, are nevertheless selected for certain applications because of the relative level of reliability achieved at minimal cost. Client agrees that it has knowledgeably accepted these limitations and the risks attendant thereon and that Reseller (or its subcontractor) shall be considered to be at fault (but not necessarily liable) only to the extent that the services selected by the Client are not performed in accordance with, and subject to the limitations on, the warranties provided herein.
Furthermore, Client agrees that any written summaries, analyses or reports provided by Reseller (or its subcontractor) in connection with the Services (“Client Reports”) are solely for the use of Client and its officers, directors and employees (collectively with the Client, the “Client Entities”), “Aside from Client Entities, Client Reports may be provided only to parties who are under contract with the Client to provide products or services to the systems of the Client, provided that such parties shall keep the contents of Client Reports confidential and shall not disclose this report or the information herein to others. The provision of any Client report or any information therein to the parties other than Client Entities shall not entitle such parties to rely on any Client Report or the contents thereof in any manner or for any purpose whatsoever, and Reseller (or its subcontractor) Inc. specifically disclaims all liability for any damages whatsoever (whether foreseen or unforeseen, direct, indirect, consequential, incidental, special, exemplary or punitive) arising from or related to provision of such any such Client Report to such parties.
a. Warranties. Reseller warrants that all Services provided under this Agreement will be performed in a workmanlike manner by its subcontractor and in compliance with the requirements and specifications included in the applicable Statement of Work.
Reseller further represents and warrants that it (or its subcontractor) is under no present obligations or restrictions, which will conflict with or prevent it from performing any of the Services, called for by this Agreement.
CLIENT’S EXCLUSIVE REMEDY FOR BREACH OF ANY WARRANTY HEREUNDER SHALL BE LIMITED TO, REPERFORMANCE OF THE SERVICE OR RETURN OF THE PURCHASE PRICE.
b. Disclaimer of Any Other Warranties. EXCEPT AS OTHERWISE EXPRESSLY PROVIDED IN THIS AGREEMENT, THE SERVICES AND SERVICE PRODUCTS PROVIDED BY RESELLER (OR ITS SUBCONTRACTOR) HEREUNDER ARE PROVIDED “AS IS” WITHOUT ANY WARRANTY AS TO THEIR PERFORMANCE, ACCURACY, OR FREEDOM FROM ERROR, OR AS TO ANY RESULTS GENERATED THROUGH THEIR USE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE.
4. LIMITATION OF LIABILITY
a. Consequential Damages Excluded. The parties will not be liable to each other for indirect, special, incidental, exemplary, punitive or consequential damages (including, without limitation, lost profits, revenue, anticipated savings, or damages for loss of data or other business information) arising from or related to this Agreement or any Statement of Work, regardless of the cause of action and even if the other party has been notified of the possibility of such damages.
b. Limitation of Liability. Under no circumstances will Reseller’s (or its subcontractor’s) aggregate liability to Client for any claim exceed the amounts paid by Client to Reseller under the Statement of Work that is the source of liability.
5. NO HIRING OR CONTRACTING WITHOUT PRIOR CONSENT
Reseller and Client acknowledge each party provides to the other party a valuable service by identifying and assigning personnel for work. Each party further acknowledges that the other party would receive substantial additional value, and would be deprived of the benefits of its work force, if either party were to directly hire or contract with personnel or subcontractors after they have been introduced to either party. Without the prior written consent of the other party, neither shall recruit, hire, or contract with any personnel (including staff, associates and subcontractors) of the other party (or, in the case of Reseller, or of its subcontractors) who are or have been assigned to perform work until one (1) year after the completion of the last Statement of Work in effect between the parties.
Client shall protect Confidential Information (as defined below) with at least the same degree of care it uses to protect its own confidential information, but not less than a reasonable degree of care. Client shall not use, disclose, provide, or permit any person to obtain any such Confidential Information in any form, except for employees, agents, or independent contractors whose access is required to carry out the purposes of this Agreement and who have agreed to be subject to the same restrictions as set forth herein. Violations of any provision of this Section shall be the basis for the immediate termination of this Agreement. Client’s obligation as to the confidentiality shall survive termination of this Agreement. “Confidential Information” means all information relating to the business or affairs of Reseller (and its subcontractor) and the Services, including but not limited to, technical or non-technical data, software (whether in object or source code form), formulas, tools, patterns, plans, compilations, programs, devices, methods, techniques, drawings, processes, financial data, Further, Confidential Information includes information that a reasonable person would determine to be proprietary or confidential when taking into consideration its nature and the circumstances under which it is disclosed.