Docupace Security Services Agreement
This Docupace Security Services Agreement (the “Agreement”) contains the terms for use of the Security Services and is between Docupace Technologies, LLC, a California Limited Liability Company with offices at 2001 S. Barrington Ave, Suite 215, Los Angeles, CA 90025 (“Docupace”) and the party agreeing to the terms of this Agreement (“Customer”). By clicking an “Accept” or similar button and/or completing a registration process or otherwise using the Security Services (“Effective Date”), Customer agrees to be bound by the terms of this Agreement. Customer may not use or receive the benefits of the Security Services without agreeing to this Agreement first. If a written agreement regarding Customer’s use of the Security Services exists between and has been executed by both Docupace and Customer, the terms of that written agreement shall take precedence over this Agreement.
1.1 “Delegate” shall mean the named person authorized to make Security Services decisions on behalf of Customer.
1.2 “Documentation” means Docupace’s standard description of the security Services.
1.3 “Order” means the online registration form listing the Security Services purchased by Customer and corresponding assumptions, the fees, the term, Customer’s payment details, and related information.
1.4 “Security Services” includes the cyber security vulnerability assessment, remediation oversight, and ongoing monitoring services, or other security services and cloud-based software and repository tools as listed in the Order.
1.5 “Support Services” means Docupace’s customer support services, and includes online, email, and phone support to Customer throughout the term for questions related to cyber-security issues, concerns, or monitoring services.
2.1 License Grant. Subject to the terms and conditions of this Agreement, Docupace grants to Customer, a nonexclusive, nontransferable, nonsublicensable use of the Security Services tools and services in accordance with the Documentation, solely for Customer’s internal business purposes.
2.2 General Restrictions. Customer shall not use or copy the Security Services tools, processes or Documentation, or any portion thereof, except as expressly authorized in this Agreement. Without limiting the generality of the foregoing, Customer i) shall not sublicense, provide access to, or otherwise use the Security Services for the benefit of any customer or third party; ii) shall not transfer, assign, copy, modify, translate, or prepare derivative works based upon the Security Services; and iii) shall not reverse engineer, decompile, disassemble, unbundle the Security Services. Customer shall also be solely responsible for its Delegate. Customer shall be responsible for the confidentiality of and shall not disclose its user name(s) and password(s) to any other person. Customer shall notify Docupace at email@example.com upon a known unauthorized disclosure of its username(s) and password(s). Customer shall also be solely responsible for maintaining the necessary equipment to conduct and use the Security Services.
3.1 Support Services. Docupace shall provide support provided Customer is current on payment of the applicable Support Services and other fees due hereunder.
3.2 Professional Services. Docupace shall provide Customer with the professional services listed in the Order and subject to the fees thereunder and/or fees and additional terms in a statement of work (“SOW”) executed between the parties (“Services”).
3.3 Cooperation. Customer acknowledges that the timely provision of and access to its facilities and equipment; its assistance and cooperation from its personnel; and suitably configured computer products are essential to performance of any Security Services and that Docupace’s ability to complete any Security Services is dependent upon same. If the requirement(s), schedule, scope, specification(s), or related system environment(s) or architecture are changed by Customer, Docupace shall not be responsible for the change unless Customer and Docupace specifically consent to the change and additional charges, if any, in writing. The Customer will supply Docupace with all information required to perform the Security Services and the Customer hereby warrants all information provided is true, accurate and complete. The Customer further warrants that it owns or is authorized to represent the legal owners of the computer hardware, computer software and computer systems to be monitored and/or examined and is authorized to enter into binding legal agreements.
4. Fees and Payment
4.1 Fees. Customer shall pay Docupace the fees and schedule listed in the Order. For any payments due on a monthly basis and any renewal of the Security Services, such payments shall be invoiced in advance of the month/period for which the invoice is applicable to. All payments under this Agreement shall be due within thirty (30) days of the date of Docupace’s invoice for such payments. Late payment of fees payable to Docupace shall bear interest at the rate of 1.5% per month, or the maximum amount permitted by law, if less. Customer shall pay any attorneys’ fees, court costs, or other costs incurred in collection of delinquent undisputed amounts. Except as expressly provided in this Agreement, fees specified in the Order are non-refundable.
4.2 Scope of Services. The scope of the engagement is based on the information provided by the Customer and is contained in the Order. If the environment is found to be materially different from the information disclosed in the Order, the Customer will be notified of the potential impact to the agreed upon services and deliverables and fees. If necessary, a change order to this Agreement will be executed prior to any addition work being performed by Docupace.
4.3 Taxes and other Fees. Customer shall pay any and all applicable taxes and duties imposed as a result of Customer’s use of the Security Services, Support Services, and/or any professional services, except for taxes based on Docupace’s income. All payments or reimbursements under this Agreement shall be made free and clear and without deduction for any and all present and future taxes, levies, imposts, duties, VAT charges, or fines imposed by any federal, state, or local government or foreign government. The amounts received by Docupace, after the provision for any withholding required by any country or any tax specified in the foregoing sentence, will be equal to the amounts specified in the Order.
5.1 Confidentiality. Both parties may, in connection with this Agreement, disclose to the other party Confidential Information. Confidential Information shall include, but not be limited to, information related to the Security Services, Documentation, past, present or future research, development or business affairs, any proprietary products, materials or methodologies, the terms of this Agreement, or any other information that provides the disclosing party with a competitive advantage. Confidential Information, if disclosed or provided in tangible form, shall be clearly and conspicuously identified as confidential or proprietary, and if orally or visually disclosed, shall be identified as confidential or proprietary in nature at the time of disclosure. The receiving party shall protect the disclosing party’s Confidential Information with the same degree of care that it regularly uses to protect its own Confidential Information from unauthorized use or disclosure, but in no event less than a reasonable degree of care. Confidential Information shall not be provided or disclosed to anyone except those employees or contractors of the receiving party with a need to know under this Agreement. No warranties or rights or licenses under patents, trademarks or copyrights are granted or implied by any disclosure of Confidential Information. Confidential Information and any and all authorized copies thereof shall remain the property of the disclosing party. Notwithstanding any provision contained in this Agreement, neither party shall be required to maintain in confidence any of the following: (i) information that, at the time of disclosure to the receiving party, is in the public domain; (ii) information that, after disclosure, becomes part of the public domain without restriction, except by breach of this Agreement; (iii) information that was in the receiving party’s possession at the time of disclosure, and which was not acquired, directly or indirectly, from the disclosing party; (iv) information that the receiving party can demonstrate resulted from its own research and development, independent of disclosure from the disclosing party; (v) information that the receiving party receives from third parties, provided such information was not obtained by such third parties from the disclosing party on a confidential basis; or (vi) information that is produced in compliance with applicable law or a court order, provided the other party is given reasonable notice of such law or order and an opportunity to attempt to preclude or limit such production.
5.2 Publicity. Docupace may disclose Customer as a customer in sales presentations, other press releases, product brochures, and other marketing material. Customer may disclose Docupace as part of the overall promotion of its technology package to financial advisers and prospective financial advisers.
6. Intellectual Property Rights
Customer acknowledges that Docupace and its licensors, retain all intellectual property rights and title (including any patent, copyright, trademark, trade secret, and other rights) in and to all of Docupace’s and their confidential information, trade secrets or other proprietary information, products, and the ideas, concepts, techniques, inventions, processes, Security Services, Documentation, or works of authorship developed, comprising, embodied in, or practiced in connection with the Security Services, Support Services, and/or professional services provided by Docupace hereunder (“Docupace Intellectual Property”). Docupace Intellectual Property includes all derivatives developed or created by Docupace or its personnel or contractors during the course of performing any professional services and/or Security Services and/or Support Services for Customer. Customer does not acquire any rights, express or implied, in the Docupace Intellectual Property or in any modifications, enhancements, localizations, extensions or derivative works thereto, or in any materials provided hereunder. Docupace acknowledges that Customer retains ownership of all data provided and/or uploaded into the Security Services by the Customer or its Delegates.
7. Warranty; Warranty Disclaimer
7.1 Warranty. Docupace warrants that: (i) performance of the Security Services called for by this Agreement does not and shall not violate any applicable law, rule, or regulation or any contracts with third parties; (ii) the materials to be prepared, produced or developed for Customer do not and shall not violate any third-party rights in any U.S. patent, trademark, copyright, trade secret, or similar right; and (iii) Docupace is the lawful owner or licensee of any software programs or other materials not provided by Customer and used by Docupace in the performance of the Security Services called for in this Agreement.
7.2 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED OTHERWISE IN THIS AGREEMENT AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SECURITY SERVICES ARE PROVIDED “AS IS” AND DOCUPACE DOES NOT MAKE ANY WARRANTIES WHATSOEVER, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, WITH RESPECT TO THE SECURITY SERVICES PROVIDED UNDER THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS. ALL SUCH WARRANTIES ARE HEREBY EXPRESSLY DISCLAIMED. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, DOCUPACE DOES NOT WARRANT THAT (I) THE SECURITY SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR (II) THE SECURITY SERVICES WILL BE ERROR FREE AND/OR OPERATE WITHOUT INTERRUPTION. Customer understands computer, network, and Internet security are continually growing and changing fields and this Security Service does not guarantee the Customer’s systems are secure from every form of attack. No security testing is 100% infallible. Customer understands and accepts that it is impossible to test the various systems (hardware, software and network) which may have vulnerabilities which are not known at the time of testing or for the mathematical universe of all possible inputs/outputs for each software or hardware component in use. Further, security breaches can and frequently do come from internal sources whose activity is not a function of system configuration, auditing or monitoring.
Limitation of Liability. IN NO EVENT SHALL DOCUPACE BE LIABLE TO CUSTOMER (OR ANY OTHER THIRD PARTY) FOR ANY CONSEQUENTIAL, EXEMPLARY, PUNITIVE, INCIDENTAL, INDIRECT OR SPECIAL DAMAGES OR COSTS HOWSOEVER ARISING OUT OF OR RELATED TO THIS AGREEMENT, UNDER ANY THEORY OF LIABILITY, WHETHER OR NOT EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR COSTS. EXCEPT FOR A BREACH OF SECTION 5, DOCUPACE’S AGGREGATE LIABILITY TO CUSTOMER UNDER THIS AGREEMENT SHALL NOT EXCEED FEES PAID BY CUSTOMER TO DOCUPACE UNDER THIS AGREEMENT.
8.1 Indemnification. Each party at its own expense shall indemnify, defend and hold the other party free and harmless from any and all claims, damages, losses, costs, actions and expenses, including reasonable attorney’s and experts’ fees (“Indemnity Condition”) arising from any claim or contention (a) arising under this Agreement or (b) the breach of warranties, representations and obligations under this Agreement. Without limiting the generality of the foregoing, Docupace, at its own expense shall indemnify, defend and hold Customer free and harmless, against any claim that the Security Services infringe any U.S. patent, Berne Convention copyright or misappropriates any third party’s trade secret.
a) Defense. Each party shall (1) give prompt written notice of any such claim, suit, expense or the like in accordance with the provisions of Section 11.1, (2) permit the other party to control and direct the defense or settlement of any such claim, suit or the like, provided, however that (a) the other party shall not enter into any settlement agreement that would result in any admission by a party or payment by the party without such party’s prior written consent and (b) such party may at its election participate in the defense of such claim, suit or the like through separate counsel at its own expense, and (C) provides the other party all reasonable assistance (at the expense of such party) in connection with the defense or settlement of any such claim or suit.
b) Options. If the Security Services are, or in Docupace’s opinion is likely to be, held to be infringing, Docupace, at its expense and in its sole discretion, may: (i) procure the right to allow Customer to continue to use the Security Services; or (ii) modify or replace the Security Services or infringing portions thereof to become non-infringing. If neither (i) nor (ii) is available or commercially feasible, Docupace shall have the right to terminate Customer’s right to use the affected portion of the Security Services and Customer shall be entitled to recover the fees paid by Customer for that portion of the Security Services, as applicable, prorated over a three year period from the Effective Date.
c) Exclusion. Notwithstanding the foregoing, Docupace shall have no obligation to indemnify Customer under this Section 9.1 to the extent any claim of intellectual property infringement is based upon or arising out of (i) any unauthorized modification or alteration to the Security Services made by Customer, in the event such infringement would have been avoided but for such modification or alteration, (ii) Customer’s continuance of allegedly infringing activity after being notified to stop using the Security Services, (iii) Customer’s failure to use corrections or enhancements made available by Docupace, and/or (iv) use of the Security Services not in accordance with the applicable Documentation or outside the scope of the license granted under this Agreement.
8.2 Sole Remedy. The foregoing remedies constitute Customer’s sole and exclusive remedies, and Docupace’s entire liability, with respect to intellectual property infringement.
9. Term and Termination
9.1 Term. This Agreement shall commence as of the Effective Date and shall continue for one year (“Initial Term”). The Agreement shall then extend for additional one year periods (“Renewal Term”) at fees not to exceed the Fees stated in the Order corresponding to such period, plus an increase not to exceed fifteen percent (15%) on an annual basis, unless either party notifies the other party in writing at least ninety (90) days prior to the end of the Initial Term or applicable Renewal Term of its non-renewal of the Agreement.
9.2 Termination. This Agreement may be terminated by either party as follows:
a) upon thirty (30) days prior notice for any material default or breach of any of the material terms and conditions of this Agreement by the other party, unless the defaulting party has cured such failure or default within such 30-day period; or
b) immediately upon notice, if (i) the other party is subject to a bankruptcy proceeding, whether voluntary or involuntary, which is not dismissed within sixty (60) days or makes an assignment for the benefit of creditors, or if a receiver, liquidation, administrator or trustee is appointed for such party’s affairs is initiated and not dismissed within sixty (60) days or (ii) the other party is dissolved.
9.3 Effect of Termination. Upon termination of this Agreement for any reason, the provisions of Sections 4-6, 7.2, 8, 9, 10.3, and 11 shall survive. Upon termination of this Agreement, Customer shall immediately pay Docupace all outstanding fees due under this Agreement and shall promptly return to Docupace, or, at Docupace’s option, destroy, all copies, in any medium, of the Security Services and all Confidential Information of Docupace.
10. General Provisions
10.1 Notices. Unless otherwise provided in this Agreement, all notices under this Agreement shall be in writing and notices from Docupace shall be sent by email to the e-mail address on file with Docupace and notices sent by Customer shall be sent by express delivery service to Docupace addressed to the address specified on the first page of this Agreement. Notices shall be effective on the date of delivery in the case of delivery by email or on the date the notice is delivered to the applicable address in the case of delivery by express overnight service.
10.2 Force Majeure. A party will not be deemed to have materially breached this Agreement to the extent that performance of its obligations (except payment obligations) or attempts to cure any breach are delayed or prevented by reason of any act of God, act of government, shortage of materials or supplies, strike, labor dispute or walkout, or any other cause beyond the reasonable control of a party; provided that the party whose performance is delayed or prevented resumes performance of its obligations as soon as practicable.
10.3 No Assignment. Neither party shall assign, transfer or pledge this Agreement, or any interest or rights of any kind herein, without the prior written consent of the other party, except in connection with a merger, reorganization or sale of all or substantially all of the business or equity interest of Docupace. Subject to the foregoing, this Agreement shall be binding upon and inure to the benefit of the parties and their successors and assigns.
10.4 Independent Contractors. In performing this Agreement, each of the parties will operate as, and have the status of, an independent contractor. This Agreement does not create any agency, employment, partnership, joint venture, franchise or other similar or special relationship between the parties. Neither party will have the right or authority to assume or create any obligations or to make any representations, warranties, or commitments on behalf of the other party or its affiliates, whether express or implied, or to bind the other party or its affiliates in any respect whatsoever.
10.5 Government Use. Portions of the Security Services are deemed to be “commercial computer software” and/or “commercial computer software documentation” pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable. Any use, duplication, modification, or disclosure by the United States Government is subject to the restrictions set forth in these clauses and shall be governed by this Agreement to the maximum extent permitted by law.
10.6 Choice of Law; Choice of Forum. This Agreement shall be governed by and construed in accordance with, the laws of the State of California, without giving effect to its conflicts of law principles. The parties agree that the UN Convention on Contracts for the International Sale of Goods does not apply to this Agreement. The parties agree that jurisdiction and venue for any matter arising out of or pertaining to this Agreement shall only be in Los Angeles County.
10.7 Injunctive Relief. Customer acknowledges and agrees that any breach of this Agreement relating to Docupace’s intellectual property rights in the Security Services or Support Services would cause irreparable harm to Docupace for which recovery of money damages would be inadequate. Therefore, in addition to any and all remedies available to Docupace at law or in equity, Docupace shall be entitled to obtain injunctive relief to protect its intellectual property rights hereunder.
10.8 Severability. If any provision of this Agreement is determined by a court of competent jurisdiction to be invalid, illegal or otherwise unenforceable in any respect, the validity, legality and enforceability of the remaining provisions contained herein shall not, in any way, be affected or impaired thereby.
10.9 Entire Agreement. This Agreement, all Orders, and any documents referenced herein constitute the entire agreement of the parties concerning its subject matter and supersedes any and all prior or contemporaneous, written or oral, negotiations, correspondence, understandings and agreements between the parties respecting the subject matter of this Agreement. Any additional terms in any Customer purchase order or other ordering document are expressly rejected by Docupace.
The purpose of the Vulnerability Assessment is to identify potential vulnerable systems on your internal network and network perimeter. Your technical controls will be assessed for weaknesses that may allow unauthorized access to sensitive information. Accessible Wireless Access Points will be scanned and reviewed for appropriate security configurations.
We will deploy a Vulnerability Assessment Device on your network. The Internal Vulnerability Assessment will be conducted remotely through this device. The External Vulnerability Assessment will be conducted from the Internet.
Our methodology has been developed over time with similarly sized firms and follows industry recognized best practices. We use a variety of proprietary and open source tools as well as manual techniques to discover vulnerable systems and weak technical controls.
During an Assessment we will:
• Review the anti-virus status of the computers and scan for viruses and threats
• Review the encryption status of the computers
• Create a hardware and software inventory, identifying potentially dangerous applications
• Create a network map, including wireless access points
• Review of firewall and wireless access point rules
• Review the patch level of your operating system and key applications
• Scan of public facing IP range for exposed ports
• Evaluation of the current back up strategy
• Comparison of findings to security and financial services best practices
• Create an assessment report and identify gaps that require remediation, including the recommended action to close those gaps.
Upon completion of the Assessment, a final report will be provided to the Customer, including a summary of remediation items and recommendations. Docupace will facilitate the prioritization of remediation items and best practice recommendations to resolve any outstanding items based on the Customers unique business situation. Docupace will provide oversight, monitoring, and will measure
the closure of remediation items. Upon request, Docupace will provide an estimate for providing the services needed to remediate outstanding issues. Docupace will provide a weekly status report to the Customer on the status of the items identified for remediation.
Upon completion of the assessment, and based on the inventory of hardware, software, and servers, Docupace will provide ongoing monitoring, including:
• Status of anti-virus protection
• Capture of server logs
• Encryption status
• Status of wireless ports
• Security Patch Status
These reports and statuses will be written to the Customers online secure document storage for review by the Delegate and by Docupace. Any unusual results will be reported to the Delegate upon discovery.