CISO-as-a-Service Agreement

Download This Agreement
1. PARTIES
Domain Computer Services, Inc. for good and valid consideration agrees with you (hereinafter called “Customer”) to furnish
certain security advisory services known as CISO-as-a-Service (CISOaaS) as provided in this Agreement.
2. INTRODUCTION
WHEREAS, Domain Computer Services, Inc. is in the business of advising companies on computer and network related
security and risk.
WHEREAS, Customer desires that Domain Computer Services, Inc. provide guidance and advice on the information
security policies and risks in the Customer’s environment.
NOW, THEREFORE, in view of the covenants herein contained and the agreements hereunder taken, the parties hereto
agree to as follows:
3. PAYMENT
a. Initial Technology Audit Fee. There is a one-time assessment fee to establish a baseline for the customer’s current
information security risk profile and status prior to start of services. See your approved quote for details.
b. Set Monthly Fee. Payments shall be made based on a set monthly fee as described in your approved quote. Invoices shall
be processed and mailed on or about the 15th of each month by Domain Computer Services, Inc. for the following month’s
service. Payment for services rendered shall be paid and delivered upon receiving said invoices by Customer.
c. Travel. After initial install all support and guidance will be provided remotely. If onsite support is requested or required, travel
expenses and travel time will be charged to Customer outside of Monthly Fee. The exception is four quarterly onsite security
review meetings which are included in the Monthly Fee.
d. Interest. All payments are due within fifteen days of the date of invoice. Any payment not made in a timely manner shall bear
interest at the rate of one and one half (1.5%) percent per month or fraction thereof, from the date of delinquency until the
date of payment.
e. Sales and Use Taxes. Customer is responsible for the payment of any state or local, sales or use, or similar fees or taxes
arising as a result of the sale of tangible personal property, the provision of services, or both by Domain Computer Services,
Inc. to Customer under this Agreement. Domain Computer Services, Inc. may invoice Customer for such fees or taxes and
Customer shall promptly remit such fees or taxes to Domain Computer Services, Inc., as the collection agent, upon invoice.
The failure of Domain Computer Services, Inc. to invoice Customer for such fees or taxes and shall not relieve Customer
from the responsibility for the payment of such fees and taxes. Customer agrees to provide to Domain Computer Services,
Inc. proof of Customer’s payment of any such fees or taxes upon request.
4. CISO-as-a-Service (CISOaaS) – included services
The CISOaaS solution consists of the following components:
a. Assistance in designing and maintaining an Information Security program for the Customer
b. Assistance in evaluating and managing compliance requirements and risks
c. Templates for required policy and process documentation as needed for compliance requirements (HIPAA, PCI, SSAE16,
SOC, etc)
d. Unlimited remote support – on demand advice and guidance on management of the Information Security program as
needed
e. Quarterly Information Security and Compliance gap analysis reports
f. Quarterly internal and external vulnerability scans
g. Quarterly Onsite Meetings to review included Information Security and Compliance gap analysis reports
h. Optional – ongoing compliance validation/alerting – ONLY IF Customer signs up for optional 24/7 Network Monitoring
services
5. CUSTOMER COOPERATION
Customer shall provide reasonable access to its premises and network installations to enable Domain Computer Services,
Inc. the opportunity to provide the CISOaaS services. Customer acknowledges that since the network equipment is in their
physical control they must hold all responsibility for their care and well-being. This means protecting them from abuse when
possible and securing them from improper access or other physical threats. Network, server, or computer maintenance and
support is NOT covered under this service offering. Optional network monitoring is highly recommended to validate
compliance on an ongoing basis. Customer also agrees to assign one employee to be Liaison or contact person to Domain
Computer Services, Inc. in order to make communications between both parties effective.
Customer will not attempt to hire Domain Computer Services, Inc.’s employees or contractors directly as its own staff or refer
to any 3rd party for employment. If Domain Computer Services, Inc. staff are employed or utilized in any capacity by
Customer outside this agreement the damages due to Domain Computer Services, Inc. from Customer will be equivalent to
one year’s annual compensation for the Employee. Additional penalties and damages from Employee to Domain Computer
Services, Inc. may also be due.
6. CONFIDENTIALITY
a. Domain Computer Services, Inc. agrees to keep in confidence and not disclose to others any sensitive or confidential
material of Customer, its’ marketing strategies or other trade secrets.
b. Customer and Domain Computer Services, Inc. shall take all reasonable precautions to maintain the confidentiality of the
Customer’s Technology System and data, but not less than that employed to protect its’ own proprietary information.
7. WARRANTIES AND DISCLAIMERS
DOMAIN COMPUTER SERVICES, INC. MAKES NO WARRANTIES OF ANY KIND, EXPRESSED OR IMPLIED ON ITS’
OWN REGARDING THE FUNCTIONALITY, RELIABILITY OR QUALITY OF HARDWARE, SOFTWARE OR SERVICES,
BUT INSTEAD RELIES ON THE WARRANTIES PROVIDED BY THE MANUFACTURER OF EACH PRODUCT.
8. LIMITATION OF LIABILITY AND REMEDIES
UNDER NO CIRCUMSTANCES SHALL DOMAIN COMPUTER SERVICES, INC. BE LIABLE FOR SPECIAL, INCIDENTAL,
OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOSS OF ANTICIPATED PROFITS, OR LOSS
RESULTING FROM BUSINESS DISRUPTION DUE TO ANY REASON, EVEN IF DOMAIN COMPUTER SERVICES, INC.
HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. RISK OF DATA LOSS, BUSINESS INTERRUPTION
OR LOSS REMAINS WITH CUSTOMER. THE MAXIMUM DAMAGES DUE ARE LIMITED TO THE FEE PAID FOR
SERVICES IN THE PREVIOUS 3 MONTHS.
THE STATED WARRANTIES AND THE COMMITMENTS SET FORTH HEREIN ARE IN LIEU OF ALL OTHER
OBLIGATIONS OR LIABILITIES ON THE PART OF DOMAIN COMPUTER SERVICES, INC. FOR DAMAGES OR OTHER
RELIEF, INCLUDING, BUT NOT LIMITED TO, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES THAT IN ANY
WAY ARISE OUT OF OR IN CONNECTION WITH THE USE AND/OR THE PERFORMANCE OF ANY SOFTWARE,
HARDWARE OR SERVICE.
9. DEFAULTS AND TERMINATION
a. Capital Events of Default
1. Domain Computer Services, Inc. shall be in default under this Agreement if any of the following occur:
(a) Domain Computer Services, Inc. becomes insolvent or is a party to any voluntary bankruptcy or
receivership proceeding, makes an assignment for a creditor, or there is any similar action that affects
the affairs or property of Domain Computer Services, Inc.;
(b) Domain Computer Services, Inc. is the subject of a petition or involuntary bankruptcy and such
petition is not removed within ninety (90) days;
(c) Domain Computer Services, Inc. fails to materially perform or comply with the terms and conditions of
this Agreement.
2. Customer shall be in default under this Agreement if any of the following occurs:
(a) Customer fails to make payment of any undisputed invoice within thirty (30) calendar days after it is
rendered;
(b) Customer fails to materially perform or comply with the terms and conditions of the Agreement.
b. The initial term of this Agreement will be for one year following the contract coverage start date of this Agreement per the
approved quote. This Agreement shall renew for additional one-month periods unless either party gives written notice of
non-renewal in the last month of the term. Early termination will require immediate payment of remaining monthly fees due
for term of agreement.
c. Termination of Notice. The party not in default may terminate this Agreement by written notice to the other party if the
other party has failed to cure a material default under this Agreement within thirty (30) days after receiving written notice
specifically stating forth such default. Upon termination, the terminating party shall have all rights under the Uniform
Commercial Code or otherwise, whether at law or in equity, that may be available to it. The election of one remedy shall not
exclude the election of another.
10. GOVERNING LAW
This Agreement shall be governed by and construed in accordance with the laws of the State of New Jersey.
11. ASSIGNMENTS
Neither this Agreement nor any rights hereunder may be assigned or otherwise transferred by either party, except to any
corporation controlled by or under common control with the assigning party, or in connection with the acquisition of, or the
sale of substantially all of, the assets of the business to which this Agreement pertains.
12. SEVERABILITY
If any provision or provisions of this Agreement shall be held to be invalid, illegal or unenforceable, the validity, legality and
unenforceability of the remaining provisions shall not in any way be affected or impaired thereby.
13. FORCE MAJEURE
Domain Computer Services, Inc. shall not be in default under this Agreement because of any failure to perform in
accordance with its’ terms and conditions if such failure arises from causes beyond its’ control, including, but not restricted
to, acts of God, acts of government, fires, floods, epidemics, quarantine, restrictions, strikes, embargoes, inability to secure
raw materials or transportation facilities, acts or omissions of carriers, or any and all causes beyond control of Domain
Computer Services, Inc.
14. MODIFICATIONS
This Agreement can only be modified by a written Agreement duly signed by authorized representatives of Domain
Computer Services, Inc. and Customer, and variances from or in addition to the terms and conditions of this Agreement in
any order or other writing from the Customer will be of no effect. Moreover, in order to avoid uncertainty, ambiguity and
misunderstandings in their relationships, Domain Computer Services, Inc. and Customer covenanted and agreed not to
enter into any oral agreement or understanding inconsistent or in conflict with this Agreement; and Domain Computer
Services, Inc. and Customer further covenant and agree that any oral communication allegedly or purportedly constituting
such an agreement or understanding shall be absolutely null, void and without effect.
15. NOTICES
Any notice given by either party hereto to the other party shall be in writing and shall be signed by the party giving notice.
Any notice or other document to be delivered to either party hereto by the other party shall be deemed delivered if mailed
postage prepaid to the party to who directed at the address of such party stated below for Domain Computer Services, Inc.
& for the Customer will be per the approved quote.
Domain Computer Services, Inc.
1 Corporate Drive
Cranbury, NJ 08512
16. VENUES AND JURISDICTION
Customer hereby (i) agrees that any litigation, action or proceeding arising out of or relating to this Agreement be instituted
in a state or federal court in the city and state of New Brunswick, New Jersey (ii) waives any objection which it might have
now or hereafter to venue of any such litigation, action or proceeding, (iii) irrevocably submits’ to the jurisdiction of any court
in such litigation, action or proceeding, and (iv) hereby waives any claim or defense to inconvenient form.
17. COUNTERPARTS
This Agreement may be executed simultaneously in several counterparts, each of which shall be deemed an original but
which together shall constitute one and the same original.
18. ENTIRE AGREEMENT
This Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof and
supersedes all prior contemporaneous written or oral agreements and representations between the parties with respect
thereto. This Agreement shall not be deemed to extinguish or mitigate any payments, which are owed to Domain Computer
Services, Inc. by Customer pursuant to the terms of any previous or other existing agreements between Domain Computer
Services, Inc. and Customer. Customer acknowledges that it has read this Agreement, understands it and agrees to be
bound by its’ terms and conditions.
19. COLLECTION
If it is necessary for Domain Computer Services, Inc. to employ attorneys for the collection of amounts payable hereunder,
all costs and expenses incident to such collection, including without limitation, reasonable fees of such attorneys, shall be
added to the amount payable hereunder and be collected as a part thereof.
20. CAPTIONS AND HEADINGS
The captions and headings are inserted in this Agreement for convenience only, and in no event be deemed to define, limit
or describe the scope or intent of this Agreement, or of any provision hereof, nor in any way affect the interpretation of this
Agreement.
21. EXECUTION
IN WITNESS WHEREOF, the parties have hereunto set their hands and seal this day per the approved quote