Single Point Global Product-specific Attachment for Security Services

The following additional terms and conditions are applicable to Sales Orders for Single Point Global’s Security Service:

[Version 1.4]

DEFINITIONS

Capitalized terms not otherwise defined herein shall have the meaning ascribed to them in the General Terms and Conditions (“General Terms and Conditions”).

“Estimated Availability Date” means the target date for delivery of Service.

“Access Information” means information that alone or together with other information, can provide access to any portion of Your Account, including but not limited to, Your Account number, login names, passwords, credit card or other financial information, security questions and their respective answers, and any other similar information. For the avoidance of doubt, Your Access Information will include any similar information for each of Your Users.

“Account” means the account created with Single Point Global’s customer portal and billing system in connection with this Agreement that relates to Your purchase or subscription to and use of Services by You and Your Users.

“Applicable Law” means any applicable foreign, federal, state or other laws, rules, regulations or interpretations of relevant Governmental Authorities or self-regulatory bodies.

“AUP” means Acceptable Use Policy located at https://singlepointglobal.com/legal/acceptable-use-policy/

“Beta Offerings” means any portion of the Services offered on a “beta” basis, as designated by Single Point Global, including but not limited to, products, plans, services, and platforms.

“Data” means all data submitted by You or Your Users to Single Point Global in connection with the Services, including all content, material, IP and similar addresses, recordings, messages, software, Account Information and Account-related settings.

“Governmental Authority” means a government, regulatory organization, self-regulatory organization, court of competent jurisdiction or similar body.

“PHI” means Protected Health Information which is individually identifiable health information.

“Services”, for the purposes of this PSA means Single Point Global’s Security Consulting, Security Applications, Third-Party Service Security Operations Center support and provision of hosted applications, services, solutions, and other offerings (collectively, “Security Services”) that are made available by Single Point Global from time-to-time in its discretion and subscribed to, purchased by, or used by You pursuant to a Sales Order.

“Setup Fee(s)” means all setup fees related to the Services ordered pursuant to a Sales Order, as identified thereon, in accordance with Article 2.

“SPG” means Single Point Global, Inc.

“Third-Party Service” means any service or product offered by a party that is not Single Point Global including but not limited to software or service offerings from ProofPoint, KnowBe4, Zorus, Elk Analytics, Bitdefender, Elastic Search, and ID Agent.

“Total Contract Value” means the monthly grand total of Services on a Sales Order, excluding Setup Fees, multiplied by the Service Term.

“User” means any of Your employees, consultants or independent contractors to whom You grant permission to access the Services in accordance with Single Point Global’s entitlements procedures and this Agreement. “You” and “Your” means the individual or entity on whose behalf the Service is purchased.

“You” means the company identified on a Sales Order, and any of such company’s employees, consultants or independent contractors to whom the company grants permission to access the Services in accordance with Single Point Global’s access protocols and this Agreement. “You” and “Your” means the individual or entity on whose behalf this Agreement is accepted.

ARTICLE 1. SERVICES; SCOPE; ACCESS; SECURITY

1.1 Services. This PSA shall apply to SPG’s Security Services. A further description of the Services is set forth in Schedule A-1 hereto which is incorporated herein by reference.

1.2 Access to Services. Subject to and in accordance with the terms of this PSA, including any schedules, SPG grants You a non-exclusive, non-sublicensable, nontransferable, non-assignable, revocable license for the term set forth on the Sales Order to access and use the Services. Services may only be used by Your Users for internal business purposes only. You agree to comply with the terms and conditions of the Agreement, including this PSA, any schedules to the PSA, the AUP, and all applicable SPG procedures and policies that further define use of the Services. You acknowledge and agree that the actions or omissions of any of Your Users with respect to the Services will be deemed to be actions or omissions by You and that any breach by any of Your Users of the terms of this PSA, including any Schedule, will be deemed to be a breach by You.

1.3. Account Information and Ownership. You agree to maintain accurate Account information by providing updates to SPG promptly, but no later than ten (10) business days, when any of Your Account information requires change or updates, including any relevant Account contact information or employee headcount. Failure by You, for any reason, to respond within ten (10) business days to any inquiries made by SPG to determine the validity, completeness, or accuracy of information provided by You will constitute a material breach of the PSA. You acknowledge and agree, and expressly consent, that in the event of any dispute regarding access to or legal ownership of any SPG account or any portion thereof, including Your Account, SPG will resolve such dispute in its sole discretion. In addition, in the event of such a dispute, SPG may immediately suspend, alter or terminate any relevant account, including Your Account, or any portion thereof. You will reimburse SPG for any legal fees and other fees incurred with respect to any dispute, audit, and legal release of information to a Governmental Authority or anyone else required by law regarding control or ownership of Your Account or Your Data or the same of another SPG customer. You acknowledge and agree that (i) the legal owner of all Data on the Account is You, and not any individual User (except with respect to any such User’s personally identifiable information), including any Account contact registered with SPG, regardless of any administrative designation (e.g., Administrator, Billing Contact, Owner, etc.) and (ii) SPG may request any documentation it requires to establish ownership and rights to Your Account and any related Data; provided that any User with an administrative designation has the authority to bind You to any amendments, modifications or acknowledgements regarding this Agreement or otherwise relating to the Services.

1.4. Account Security and Activity. You acknowledge and agree that You are solely responsible for (i) maintaining the confidentiality and security of Your Access Information, and (ii) all activities that occur in connection with Your Account, whether initiated by You, by others on Your behalf or by any other means. You will notify SPG immediately of any unauthorized use of Your Account, Access Information or any other actual or potential breach of security. You acknowledge and agree that SPG will not be liable for any loss that You may incur as a result of any party using Your Access Information, either with or without Your knowledge and/or authorization. You further agree that You may be held liable for losses incurred by SPG, any SPG Party, or another party due to any party using Your Access Information. SPG strongly recommends that You keep Your Access Information in a secure location, take precautions to prevent others from accessing it and change it when necessary to maintain its confidentiality and security. SPG specifically disclaims all liability for any activity in Your Account, whether authorized by You or not.

ARTICLE 2. SETUP FEES

Once a Sales Order for Services has been fully executed by the Parties, SPG will invoice Customer for all Setup Fee(s) as identified on a Sales Order. Customer will pay the Setup Fee(s) within thirty (30) days of the invoice date unless a payment schedule is specified in the applicable Sales Order.

ARTICLE 3. PROVISIONING INTERVAL

Following full execution of a Sales Order, SPG shall notify Customer of the estimated availability date of the Services applicable to that Sales Order (“Estimated Availability Date”). SPG shall use commercially reasonable efforts to make available the Service on or before the Estimated Availability Date; provided, however, that SPG’s failure to provision by the Estimated Availability Date shall not constitute a breach of this PSA. If Services are provided prior to the official release of Services to Customer, it will be provided on a best efforts basis and is not subject to any of the SLAs set forth in Schedule A-2 of this PSA.

ARTICLE 4. SERVICE COMMENCEMENT DATE

SPG shall inform Customer when Services are available and performing (“Availability Notification”). Charges for Services shall begin to accrue as of the Service Commencement Date. The Service Commencement Date shall be earliest of: (A) the date on which Customer confirms receipt of and concurrence with the Availability Notification; (B) five (5) business days following the date of the Availability Notification; or (C) the date on which Customer first uses the Services.

ARTICLE 5. Billing, Onsite Visits, Term, and Termination Charges.

5.1. Billing. Billing guidelines and references are covered under our Master Service Agreement located at http://www.singlepointglobal.com/legal-terms-of-service/.

5.2. Onsite Visits. SPG Services are provided on a remote basis only and is primarily operated out of our support operations center in Ashburn, Virginia. Services does not include onsite visits. Unless a different rate is stated on the Sales Order, all onsite service requests are billed at three hundred ($300.00) dollars per employee per hour. SPG makes no guarantee that any work performed as part of our Services will reach a resolution. Customer is responsible for onsite visit invoice(s) whether resolution is achieved or not. All onsite requests must be scheduled by calling 703-348-0087 or an email request submitted to our support system at support@singlepointglobal.com.

5.3. Term. The charges set forth or referenced in each Sales Order have been extended to Customer in reliance on the Service Term set forth therein. To the extent that a Service Term has not been expressly set forth in a Sales Order, the minimum Service Term for Services is thirty-six (36) months.

(a) Automatic Renewal. Each Sales Order for the Services will renew automatically at the end of the then-current Service Term for a Renewal Term equal to the original term set forth in the Sales Order unless either Party provides notice of non-renewal to the other Party at least ninety (90) days prior to the end of then-current Service Term, or is otherwise terminated in accordance with this PSA by either You or SPG.

5.4. Termination Charges. In the event that You terminate a service under Services or all Services are terminated following the signing of a Sales Order but prior to the Service Commencement Date, Customer shall pay Termination Charges in the sum of $4,000 dollars for the expenses incurred by SPG in installing or preparing to install the Service or all Setup fees (whichever is greater), plus 50% of the Total Contract Value of the Sales Order. In the event Customer terminates Service following SPG’s acceptance of the applicable Sales Order, but prior to the end of the applicable Service Term, Customer shall pay Termination Charges equal to 100% of the monthly recurring charges remaining through the end of the Service Term plus 100% of any remaining, unpaid Setup Fees.

(a) Refunds/Fees for Termination by You. Fees for non-recurring Services, such as Setup Fees, will not be refunded. Any fees previously waived, discounts, or rebates applied may be reinstated if You terminate the account during the Service Term or if You breach this PSA, including any Sales Order.

ARTICLE 6. USE OF THE SERVICES.

6.1. Internal Use. You will only use the Services for Your own internal business, non-residential and non-personal use. You acknowledge and agree that except with respect to Users, You will not allow any third party, including Your vendors and service providers, to access or use the Services unless such third party is allowed access for the purpose of providing authorized customer support services.

6.2. Restricted Activities. You will not (A) use any Service for any purpose outside the Service’s intended scope, features, and function set, (B) use any Service for third-party training, (C) use any Service as an application service provider or service bureau, unless You have entered into a separate written agreement with SPG to provide such services, (D) use any Service for timesharing or rental, (E) use any Service to design software, products, services, or other materials with similar or competitive functionality for any purpose, including distribution to third parties, (F) except with respect to Your Data, duplicate any portion of the Services or display, distribute, publish, or otherwise disclose any Service; (G) use any of the Services to interface with any other service or application that is outside the scope of intended use; (H) decompile, disassemble, or otherwise reverse engineer any portion of the Services; (I) make any modification or interface to any Service that is not specifically authorized by SPG without prior written consent of SPG; (J) resell or sublicense any portion of the Services, and any purported resale or sublicense will be void; and (K) store, maintain, or use on or through the Service any “Protected Health Information” or “PHI” as those terms are defined in the Health Insurance Portability and Accountability Act of 1996 and the rules and regulations promulgated thereunder, as each may be amended from time to time, unless a formal business associate agreement has been executed between SPG and You. You may not access the Services for purposes of monitoring their performance, availability, or functionality, or for any other benchmarking or competitive purposes, without SPG’s prior written consent. You may not, without SPG’s prior written consent, access the Services if You are a direct competitor of SPG.

6.3. Applicable Law. You acknowledge and agree that access and use of the Services may be restricted or limited as a result of Applicable Laws and that You will not use, or allow the use of the Services in contravention of, and will comply with, any Applicable Law. You represent that You and Your Users are not named on any Governmental Authority list of persons or entities prohibited from receiving exports, and (ii) You will not permit Users to access or use Services in violation of any export embargo, prohibition or restriction. You acknowledge and agree that that it is Your sole responsibility to use the Services and ensure that your Users use the Services in a lawful manner.

ARTICLE 7. YOUR DATA; FEEDBACK.

7.1. Submission of Your Data. Any Data You provide to SPG in connection with the Services must comply with SPG’s AUP. Any Data You provide to SPG in connection with the Services shall not be PHI, unless a formal business associate agreement has been executed between SPG and You. Attempting to place or transmit, or requesting placement or transmission, of Data that does not comply with the AUP or is PHI will be a material breach of this Agreement. SPG may, in its sole discretion, reject or remove Data that You have used or attempted to use with respect to the Services. You represent and warrant that any Data uploaded or otherwise made available to the Services by or through You will be free of any and all malicious code, including without limitation, disabling devices, drop dead devices, time bombs, trap doors, trojan horses, worms, computer viruses and mechanisms that may disable or negatively impact the Services or SPG’s servers. You further represent and warrant to SPG that You have the right to use any patented, copyrighted, trademarked, proprietary or other material in connection with Data that You use, post, or otherwise transfer or transmit with respect to the Services, and SPG’s use of any such material in connection with Data will not infringe a third party’s intellectual property rights.

7.2. Public Disclosure of Data. You are solely responsible for ensuring that You do not accidentally make any private Data publicly available. Any Data made public may be publicly accessible through the internet and may be crawled and indexed by search engines or other third parties. By making any Data publicly available on any of the Services You affirm that You have the consent, authorization or permission, as the case may be from every person who may claim any rights in such Data to make such Data available in such manner.

7.3. Data Takedown. By making any Data publicly available in the manner aforementioned, You expressly agree that SPG will have the right to block access to or remove such Data made available by You, if SPG receives complaints, inquiries or notices concerning any illegality or infringement of rights in such Data. You expressly consent to determination of questions of illegality or infringement of rights in such Data by the agent designated by SPG for this purpose.

7.4. Filtering. SPG may employ various filtering methods to reduce unwanted content, such as SPAM e-mail, from reaching Your SPG Account. You acknowledge and agree that such methods may prevent legitimate content from reaching Your Account and that SPG will not be liable therefor.

7.5. Control. SPG is not obligated to exercise control over the content of information, including Your Data, passing through SPG’s Services, systems, or network, except any controls expressly provided in this PSA.

7.6. Feedback. Any feedback, suggestions, testimonials, endorsements, information or materials conveyed to SPG by You or Your Users in connection with the Services shall be collectively deemed “Feedback.” You agree to grant and hereby grant to SPG a non-exclusive, perpetual, irrevocable, royalty free, worldwide license (with the right to grant and authorize sublicenses) to make, have made, use, import, offer for sale, sell, reproduce, distribute, modify, adapt, prepare derivative works of, display, perform, and otherwise exploit such Feedback without restriction; provided that any use of such Feedback by SPG will not identify You or Your User as the source of such Feedback.

ARTICLE 8. BETA OFFERINGS.

The applicable SLA does not apply to any beta offerings made available by SPG (“Beta Offerings”). Notwithstanding anything else set forth in this Agreement, SPG does not make any representations or warranties regarding any Beta Offering or the integrity of any data stored in connection with any Beta Offering. You are strongly discouraged from using any Beta Offering in connection with sensitive data. SPG may, in its sole discretion, change or terminate any Beta Offering without notice and does not represent or warrant the result of any such action. SPG may, in SPG’s sole discretion, convert any Beta Offering to a paid service upon notice to You. To avoid incurring increased charges following such a conversion, You must terminate (i) the individual converted service (if possible) by contacting SPG as directed in the conversion notice, or (ii) if You subscribe to no other services under Your Account, the entire Account, pursuant to Article 6 of this PSA.

ARTICLE 9. THIRD-PARTY SERVICES.

SPG may link to or offer Third-Party Services on SPG’s Website or otherwise through the Services. Any purchase, enabling, or engagement of Third-Party Services, including but not limited to implementation, customization, consulting services, services, and any exchange of Data between You and any Third-Party Service, without SPG’s written consent, is solely between You and the applicable Third-Party Service provider and is subject to the terms and conditions of such Third-Party Service provider. SPG is not responsible or liable for such Third-Party Services or any losses or issues that result as Your use of such services. If You purchase, enable or engage any Third-Party Service for use in connection with the Services, You acknowledge that SPG may allow providers of those Third-Party Services to access Your Data used in connection with the Services as required for the interoperation of such Third-Party Services with the Services, and as further described in our Privacy Policy, available at https://singlepointglobal.com/privacy-policy/. You represent and warrant that Your use of any Third-Party Service signifies Your independent consent to the access and use of Your Data by the Third-Party Service provider, and that such consent, use, and access is outside of SPG’s control. SPG will not be responsible or liable for any disclosure, modification or deletion of Data resulting from any such access by Third-Party Service providers.

ARTICLE 10. HARDWARE, EQUIPMENT, AND SOFTWARE.

Unless purchased from SPG or one of its affiliates pursuant to a separate written agreement, You are responsible for and must provide all hardware, software, services and other components necessary to access and use the Services. SPG makes no representations, warranties, or assurances that third party hardware, software, services and other components will be compatible with any Service. SPG reserves the right to change or upgrade any equipment or software that it uses to provide the Services without notice to You. SPG will install security patches, updates, upgrades and service packs (“Updates”) as it determines in its sole discretion, and reserves the right, but not the obligation, to roll back any Updates. Updates may change system behavior and functionality and as such may negatively affect the Services used by You. SPG cannot foresee nor be responsible or liable for service disruption or changes in functionality or performance due to Updates. SPG is not responsible or liable for issues that may arise from incompatibilities between Your Data and use of the Services and any Update or hardware or software change or configuration, regardless of whether discretionary or requested.

ARTICLE 11. TECHNICAL SPECIFICATIONS; SERVICE LEVEL AGREEMENT

The technical specifications applicable to the Service are set forth in Schedule A-1 hereto. The service level agreement applicable to the Service is set forth in a Schedule A-2 hereto.

SCHEDULE A-1
SERVICE DESCRIPTIONS AND TECHNICAL SPECIFICATIONS SINGLE POINT GLOBAL CLOUD SERVICES

SPG’s Security Services (for purposes of this Schedule A-1) will be provided in accordance with the service descriptions, technical specifications set forth below:

Service Descriptions

1. ProofPoint Essentials Email Security. – https://www.proofpoint.com/us/products/email-protection/essentials
2. KnowBe4 Platinum Sec Awareness Training. – https://www.knowbe4.com/security-awareness-training-features/
3. Tenable.IO Vulnerability Scanning. – https://www.tenable.com/products/tenable-io
4. Bitdefender Antivirus & Disk Encryption – https://www.bitdefender.com/business/service-providers-products/cloud-security-msp.html
5. EasyDEMARC Premium. – https://easydmarc.com/
6. ID Agent Dark Web Monitoring. – https://www.idagent.com/products/dark-web-monitoring/msp/
7. Zorus Web Filtering – https://zorustech.com/
8. Elk Analytics SOC/SEIM – https://elkanalytics.com/

SCHEDULE A-2
SERVICE LEVEL AGREEMENTS

ProofPoint – https://www.proofpoint.com/sites/default/files/30427798_proofpoint_essentials_sla_-_pfpt_august_08152015.pdf

KnowBe4 – https://www.knowbe4.com/terms

Tenable.IO – https://static.tenable.com/prod_docs/Service_Level_Agreement.pdf

Bitdefender – https://www.bitdefender.com/support/gravityzone-cloud-uptime-sla-2447.html

EasyDEMARC – https://easydmarc.com/blog/terms-of-service/

ID Agent – No SLA

Zorus Web Filtering – No SLA

Elk Analytics –

1.1 The ELK Analytics Platform will be available 100% of the time over each calendar quarter of the Term, as measured by Security SMEs (“SLA”).

In the event that Security SMEs does not meet the SLA, Customer may, subject to the terms and conditions herein, claim a credit as follows (“Credit”).

1.2 The SLA is subject to the Exclusions set forth below and Customer is not eligible for Credit per calendar quarter exceeding one (1) month of the Monthly Recurring Fee. Receipt of a Credit is Customer’s sole and exclusive remedy for Security SMEs failure to meet the SLA.

1.3 Unavailability of the Services due to any of the following shall not be considered a violation of the SLA (“Exclusions”):

1.4 “Unavailability of the Services due to: (1) Customer’s misuse of the Services through commission of abuse, application programming or non-performance thereof; (ii) negligent or unlawful acts by Customer or Customer’s agents or its suppliers; (iii) unavailability of Customer’s network, including those resulting from telecommunications, equipment, software or other technology failures (other than those that are under Security SMEs control); (IV) problems or delays associated with third party networks or networks outside the Security SMEs platform; (v) Force Majeure Events or denial-of-service attacks or similar malicious attacks on the ELK Analytics Platform.

1.5 Unavailability of the Services due to suspension or termination of the Services by Security SMEs in accordance with the terms of this Agreement.

1.6 Unavailability of the Services if Customer’s devices are not properly configured to utilize all Security SME platform locations which are provided by Security SMEs.

1.7 Unavailability of the Services due to platform maintenance. Security SMEs maintenance on the ELK Analytics Platform will be communicated to Customer at least seventy-two (72) hours in advance. Notice of platform maintenance will be provided to Customer’s with portal access by email or notification via the portal interface.

1.8 For tickets properly opened in the support portal, Enterprise Support for the ELK Analytics Platform shall meet the following average response times based on the level of severity as provided below (“Average Ticket Response Time SLA”):

If Security SMEs fails to meet the Average Ticket Response Time SLA for one (1) or more of the areas above, the Customer may claim a credit equal to one (1) week of the Monthly Recurring Fee. The Average Response Time SLA is subject to a maximum credit per calendar quarter equal to one (1) week’s ELK Analytics Platform fees. Receipt of a Credit is Customer’s sole and exclusive remedy for Security SMEs failure to meet the Average Ticket Response Time SLA.

1.9 For SOC Services and SOC EDR Services, Security SMEs shall investigate alerts identified by the ELK Analytics Platform and the ELK Analytics EDR Platform based on the level of severity, as defined by Security SMEs SOC in the support ticket classification, as provided below (“Average Time To Response SLA”):

If Security SMEs fails to achieve the Average Time To Response SLA for one (1) or more of the areas above, the Customer may claim a credit equal to one (1) week on the Monthly Recurring Fee. The average time to investigate SLA has a maximum credit per calendar quarter equal to one (1) week’s ELK Analytics Platform fees. Receipt of a Credit is Customer’s sole and exclusive remedy for Security SMEs failure to meet the Average Time To Response SLA

1.10 To receive any of the credits set forth above, the Customer must submit a claim for such credit within ten (10) days following the end of the calendar quarter in which the SLA was not met for an applicable ELK Analytics Platform, by contacting Security SMEs at billing@singlepointglobal.com. The submission must include a description of the downtime and identify the duration of the downtime. Security SMEs reserves the right to deny the SLA claim for a credit if the Customer does not qualify. The service credit remedy set forth in this SLA is the sole and exclusive remedy for the unavailability of any applicable ELK Analytics Platform and/or any failure by Security SMEs to meet the SLAs set forth herein.