CYBER SECURITY SERVICES AGREEMENT
Unified IT Pty Ltd (ABN 144 048 091) (Unified IT) of 507 12-14 Claremont Street, South Yarra, VIC 3141.
WHAT THIS AGREEMENT COVERS
- This Agreement covers:
- The core cyber security services that Unified IT will provide to the Customer (Schedule 1);
- The optional cyber security services that Unified IT will provide to the Customer upon request (Schedule 2);
- How costs will be charged by Unified IT for Services and paid by the Customer (Schedule 3); and
- The terms and conditions upon which Unified IT will provide services to the Customer.
- The following definitions apply in this agreement:
Core services means core cyber security services provided by Unified IT utilising the services of a third-party service provider as set out in Schedule 1.
Customer Data means the customer’s data or content that Unified IT obtains through the delivery of Services.
Confidential Information means all information (whether received before or after the date of this Agreement) that is the Intellectual Property of a Party; or is by its nature confidential or proprietary to a Party; or is provided by a Party to the other Party under this Agreement where the receiving Party knows or ought reasonably to know that the information is confidential or proprietary to that Party and includes all personal, commercial, financial, legal and technical information (whether written, oral or in other recorded or tangible form) disclosed by a Party to the other Party (or to or by their respective directors, officers, employees, financiers or advisers) in relation to the business and affairs of the disclosing Party or its clients and customers.
Cyber-Attacks means any and all unauthorised third-party attempts to access: the Customer’s IT systems or networks, Customer Data; or any third-party computer hacking, cyber-attacks, or cyber-threats directed to the Customer, along with any unauthorised use of the Customer Data by third-parties.
End Points means personal computer desktops, lap-tops, servers.
Fees means each and all of the fees payable for the Services specified in Schedule 3.
Intellectual Property means any copyright; registered or unregistered design, patent, trademark rights; trade, business, company or domain names; know-how, inventions, processes, trade secrets, confidential information; circuit layouts, databases or source codes; or similar rights in any part of the world, including any application, or right to apply, for registration of, and any improvements, enhancements or modifications of, the foregoing.
IT means information technology.
IT Hardware means: Laptops and workstation personal computers, IT servers and printers.
Optional services mean optional cyber security services provided by Unified IT utilising the services of a third-party service provider as set out in Schedule 2.
Party means a party who executes this agreement.
Services means the core services as set out in Schedule 1 and the optional services selected by the customer as located in Schedule 2 of this agreement.
Third Party Services means services provided by Cisco Systems or an equivalent third-party service provider retained by Unified IT on behalf of the customer to provide both the core services and optional services as set out in Schedule 1 and 2.
SERVICES TO BE PROVIDED
- Unified IT will provide services to the Customer in accordance with this Agreement. The services provided are the core services set out in Schedule 1 and the optional services that the Customer selects in Schedule 2.
- Further or additional work outside of the scope the Services is excluded.
TERM OF AGREEMENT
- This Agreement will commence on the date of execution of this agreement by the Parties (the Commencement Date).
- The term of this Agreement is 12 months from the Commencement Date.
- Schedules 1, 2 and 3 form part if this Agreement.
FEES, PAYMENT AND INVOICES
- In consideration of the provision of Services, the Customer will pay Unified IT the Fees on the terms set out in Schedule 3. All of the Fees are exclusive of GST and GST will be added and reflect in the invoices.
TERMINATION OF AGREEMENT
- Either Party may terminate this agreement by giving the other party 30 days’ written notice.
- Either Party may terminate this agreement if the other Party enters into a deed of arrangement or an order is made for it to be wound up, if an administrator, receiver or receiver/manager or a liquidator is appointed to the other Party pursuant to the Corporations Act 2001 (Cth); or if the other Party would be presumed to be insolvent by a court in any of the circumstances referred to in the Corporations Act 2001 (Cth).
- If this Agreement is terminated by the Customer for any reason, the Customer will pay within 30 days, the Fees due to the Unified IT and where relevant, the pro rata Fees for any Services provided by Unified IT up to the date of termination.
- Each Party to this Agreement agrees and acknowledges to the other Party that:
- The Confidential information of each Party is secret and confidential to that Party;
- The disclosure of any Confidential Information by one Party does confer a proprietary interest in that Confidential Information on the receiving Party;
- Each Party must not without the prior written consent of the other Party, use, disclose, publish, produce, reproduce or permit the disclosure or publication of the Confidential Information of the other Party to any person, other than in accordance with this Agreement or without the other Party’s prior written consent;
- Each Party may only use the other Party’s Confidential Information for the purpose of either providing or obtaining the benefit of the Services (as the case may be);
- At the termination of this Agreement, each Party must return to the other Party all of the other Party’s Confidential Information and erase and destroy any records that contain the other Party’s Confidential Information;
- Each Party must immediately and in writing notify the other Party of a breach of this Clause; and
- The terms of this Clause do not apply to any part of the Confidential Information that a Party is required disclose under a legally binding order or direction of a Court.
- The Customer owns all Intellectual Property rights in the Customer Data. Nothing in this Agreement transfers any ownership rights in the Customer Data to Unified IT. Unified IT acknowledges that it does not store or have the ability to store, modify, download or change any Customer Data when providing the Services under this Agreement, save for the monthly cyber security reports which are generated and sent to the customer on a monthly basis or as agreed.
LIMITATION OF LIABILITY
- The Customer acknowledges that it is not possible to prevent all unauthorised Cyber-Attacks, and that the cyber security protection services provided to the Customer through the Third-Party Services provider is a risk mitigation measure that seeks to detect, prevent and / or minimise the impact of Cyber-Attacks on the Customer.
- The Customer acknowledges and agrees that Unified IT does not guarantee that the Third-Party Services provided to mitigate the risk of Cyber-Attacks will succeed in preventing all such attacks, that Cyber-Attacks may occur during the period of the provision of the Third-Party Services, which may cause loss and damage to the Customer.
- The Customer indemnifies Unified IT from all liability at law, including under the laws of defamation, tort, contract, or otherwise in respect of any loss, damage, or injury (including any loss of data) arising out of or in connection with its use of the Third-Party Services, to the extent that that any loss, damage or injury arises from Cyber-Attacks.
- The Customer indemnifies Unified IT against any claim arising from or relating to Unified IT complying with directions, approvals or instructions provided by the Customer.
- The customer acknowledges that Unified IT will review its existing IT infrastructure and operational systems related to cyber security such as: endpoints, firewall/s, router/s, switch/s, wireless access points etc and advise the customer whether such hardware can support the cyber security systems provided under this agreement. In the event that Unified IT identifies any deficiencies in the customer’s existing IT infrastructure and / or operational systems, Unified IT will advise the customer of any hardware that needs to be replaced in order to enable the provision of services and / or maximise the effectiveness of such services. The customer indemnifies Unified IT from all liability at law, including under the laws of defamation, tort, contract, or otherwise in respect of any loss, damage, or injury (including any loss of data) arising from the Customer’s failure to follow Unified IT’s reasonable recommendations concerning any required updates to IT infrastructure and operational systems that is required to support the effective operation of the Third-Party Services.
- To the extent that warranties or conditions implied by the Australian Consumer Law or similar legislation can be excluded, the liability of Unified IT for breach of any such warranty or condition is limited to the replacement or repair of the goods or, in the case of the Services, to the resupply of those services.
- Each section of this Agreement is separate and severable from the other sections in this Agreement. If any section is found to be invalid or unenforceable, it shall be removed and the remainder of this Agreement will remain in force. Any variation of a term of this Agreement must be in writing and signed by the Parties.
- A reference to a Party in this Agreement includes a reference to that party or person, its employees and officers, its successors, substitutes (including, but not limited to, a party or person taking by novation), executors, administrators and permitted assignees.
- The Schedules attached to this Agreement form part of this Agreement.
- The laws of Victoria apply to this Agreement and the parties agree to the exclusive jurisdiction of the Victorian Courts.
- The rights arising out of or under this Agreement are not assignable by a Party to a third party without prior written consent being provided by the other Party.
- This Agreement sets out all the express terms of the Agreement between the Parties and supersedes all prior discussions, negotiations, understandings and agreements. No Party has relied on any statement by any other Party not expressly included in this Agreement.
- Each party must pay its own costs and expenses in respect of the negotiation, preparation and execution of this Agreement.
SCOPE OF CYBER SECURITY CORE SERVICES
Unified IT shall provide to the Customer the following Core Third Party Services to the customer:
Email monitoring protection
- Email Anti-Spam Filtering – Proactive 24/7 email filtering to assist in blocking unsolicited emails.
- Email Malware Filtering – Proactive 24/7 email filtering to assist in blocking malicious software that is designed to disrupt, damage or gain unauthorised access to the customer’s IT environment.
- Advanced Malware Protection
The installation of Advanced Malware Protection for End Points that is designed to block known malware.
End point monitoring protection
- Domain Name Services (DNS) Monitoring and Management
Website monitoring, filtering and blocking for endpoints to restrict the customer’s access to known malicious or unauthorised websites.
- Proactive Alerting
Proactive 24/7 email alert systems implemented to alert Unified IT to specified malware events and file downloads containing malicious disposition encountered within the customer’s IT environment.
- The provision of a monthly report concerning cyber-security-related activity in the customer’s IT environment to include malware, phishing, a list of the most requested domains within the customer’s organization during the selected time period to include security category.
Offsite customer support
- Unlimited Offsite Cyber Security Support
Unlimited Cyber Security assistance and support by cyber security analysts during business hours, Monday to Friday between the hours of 8:30am – 5:30pm within the Timeframes set out in clause 8 below, excluding weekends and public holidays.
Cyber Security assistance and support means:
- Offsite assistance and support from one of our Cyber Security team members via 1300 120 698 or email [email protected] (Response and resolution times will be in accordance with the SLA agreement);
- Proactive 24/7 offsite monitoring of the customers’ IT operational systems;
- Monitoring and support of the customer’s existing operational IT systems and infrastructure related to Cyber security;
- Recommendations as to the infrastructure additions and / or changes that need to be made to support the Cyber Security software systems.
- Timeframes – Core Services shall be provided by Unified IT to the Customer in accordance with the timeframes set out in Table 1.
Table 1: Timeframes for Providing Service.
|Nature of Defect/Fault ||Description ||Service Level (Standard or Express service levels) ||Response Time (Business Hours) |
8:30am – 5:30pm AEST Mon-Fri
|Critical ||Services restricted or unavailable to all users on network ||Priority 1 ||< 1 hour |
|Urgent ||Outage or restriction affecting multiple users (>10%) ||Priority 2 ||< 2 hours |
|Routine ||Outage or restriction affecting few users (<10%) ||Priority 3 ||< 4 hours |
No optional services are available.
FEES PAYABLE TO UNIFIED IT BY THE CUSTOMER
- The fees payable by the Customer to Unified IT will be calculated on a monthly basis using the product and price signed up for in this proposal.
- Unified IT will issue monthly tax invoices to the Customer for the Services in advance of the Services being provided to the Customer for that month. Any tax invoice issued by Unified IT for the Fees must be paid by the Customer within 14 days. Each tax invoice is a final account for the services rendered on that account.
- If any tax invoice issued by Unified IT remains unpaid by the Customer beyond 14 days, the Customer acknowledges that Unified IT is entitled to cease preforming the Services without notice until such time as the outstanding tax invoice is paid in full.
- Unified IT may charge the Customer interest if it issues an invoice to the Customer and the invoice is not paid after 14 days. The rate of interest payable will be equal to the Cash Rate Target specified by the Reserve Bank of Australia, as at the date the account was rendered, increased by 2 percentage points.
- The number of Customer end users/devices under this agreement are based on current situation. Unified IT will increase its fees in the event that the Customer increases the number of users/devices.
- The monthly fee for each additional user will be as per the product table
- Unified IT may increase the Fees to reflect increases in the Consumer Price Index (CPI) on providing 30 days’ Notice to the Customer. Unified will not increase the Fees by more than 3% during the Term of the Agreement to reflect any increase in CPI.