Supplemental - Endpoint Protection Services
Where a Customer purchases Endpoint Protection Services from Trustack, these Supplemental Terms shall apply, in addition to those in the Agreement.
Interpretation
These additional definitions apply:
Authorised Users | those employees, agents and independent contractors of the Customer who are authorised by the Customer to use Endpoint Protection Services. |
Commencement Date | the date outlined in the Quotation. |
Initial Term | the initial term of the provision of Endpoint Protection Services as outlined in the Quotation. |
Endpoint Protection Services | the practice of securing endpoints or end-user devices such as desktops, laptops and mobile devices from being compromised by malware or evolving zero-day threats. Trustack provide these services either through a more traditional AV product (Avast) or next generation protection (WFaaS), details of which are outlined in the Quotation. |
Trend XDR | Trend Micro Extended Detection & Response. |
Support | the service level agreement outlined in Schedule 1. |
User Subscriptions | the user subscriptions purchased by the Customer which entitle Authorised Users to access and use Endpoint Protection Services. |
1.1 These Supplemental Terms commence on the Commencement Date and will continue for the Initial Term after which will automatically renew for each calendar month unless and until terminated by either party (Term).
1.2 After the Initial Term, either party may terminate these Supplemental Terms at any time, without cause, upon at least 30 (thirty) days written notice.
2.1 Subject to the Customer purchasing the User Subscriptions and these Supplemental Terms, Trustack hereby grants to the Customer a non-exclusive, non-transferable right, without the right to grant sublicences, to permit the Authorised Users to use Endpoint Protection Services during the Term solely for the Customer’s internal business operations.
2.2 In relation to the Authorised Users, the Customer undertakes that:
2.2.1 the maximum number of Authorised Users that it authorises to access and use Endpoint Protection Services shall not exceed the number of User Subscriptions it has purchased from time to time;
2.2.2 it will not allow or suffer any User Subscription to be used by more than one individual Authorised User unless it has been reassigned in its entirety to another individual Authorised User, in which case the prior Authorised User shall no longer have any right to access or use Endpoint Protection Services;
2.2.3 it shall maintain a written, up to date list of current Authorised Users and provide such list to Trustack within 5 (five) Business Days of Trustack’s written request at any time or times;
2.2.4 it shall permit Trustack or its designated auditor to audit Endpoint Protection Services in order to establish the name and password of each Authorised User and the Customer’s data processing facilities to audit compliance with these Supplemental Terms. Each such audit may be conducted no more than once per quarter, at Trustack’s expense, and this right shall be exercised with reasonable prior notice, in such a manner as not to substantially interfere with the Customer’s normal conduct of business; and
2.2.5 if any of the audits referred to above reveal that the Customer has underpaid any fees to Trustack, then without prejudice to Trustack’s other rights, the Customer shall pay to Trustack an amount equal to such underpayment within 10 (ten) Business Days of the date of the relevant audit.
2.3 The Customer may, from time to time during the Term, purchase additional User Subscriptions in excess of the number set out in the Quotation and Trustack shall grant access to Endpoint Protection Services to such additional Authorised Users in accordance with the provisions of these Supplemental Terms.
3. Services
3.1 Trustack shall, during the Term, provide Endpoint Protection Services to the Customer on and subject to these Supplemental Terms (including the Support).
3.2 If a Customer’s endpoints or end-user devices such as desktops, laptops and mobile devices are compromised by way of virus or MalWare, Trustack will provide 4 (four) hours of its reasonable effort to attempt to rectify the compromise. If the Customer requires more than 4 (four) hours of work, then this will be charged and be payable at the rates outlined to the Customer at the time. Any additional charges will be payable by invoice.
3.3 Where the Endpoint Protection Services being supplied to the Customer include Trend XDR, then notwithstanding the terms of the Agreement and these Supplemental Terms, the Customer acknowledges and agrees as follows:
3.3.1 Trend XDR monitors on a 24x7x365 monitoring basis;
3.3.2 Trend XDR operates on a proactive basis and may take action before the Customer is aware of a risk or threat being identified;
3.3.3 Trend XDR may remove files from the Customer network into a sandbox to which the Customer will not have access at any time;
3.3.4 Where Trend XDR acts in accordance with 3.3.3 then it will either clean and restore the relevant file or files or where the risk or threat is confirmed, then the file may be removed from the Customer network permanently
3.4 By signing these Supplemental Terms and the Agreement, the Customer consents to Trend XDR taking the action set out in paragraph 3.3 of these Supplemental Terms and further acknowledges and agrees that neither Trustack nor its software vendors, will have any liability whatsoever (whether directly or indirectly arising) to the Customer, in respect of the cleaning, restoration or deletion of any file affected in any way by paragraph 3.3.
3.5 Trustack excludes, as far as is permitted by law, all warranties of any kind, express or implied, with respect to Endpoint Protection Services.
3.6 As Trustack is not the provider of the software, the software vendor, in its sole discretion shall have the right from time to time to determine, change, or amend the products it provides. Trustack shall provide the Customer with reasonable notice should the software vendor announce any changes to its products.
3.7 While the software vendor uses commercially reasonable efforts to properly identify applications and files for detection, given the constantly changing nature and volume of malicious, fraudulent, and unwanted electronic content, the software vendor cannot and does not warrant or guarantee that its products will detect, block, or completely remove or clean any or all applications, routines, and files that are malicious, fraudulent, or that the Customer does not use or want.
4. Customer’s responsibilities
4.1 The Customer shall provide any information reasonably requested by Trustack from time-to-time and acknowledges that this information may be passed to the software vendor.
4.2 The Customer warrants that it is not a resident or citizen of any country currently embargoed by the EEA or U.S.
4.3 Trustack shall diligently and promptly download and install all updates made available to it by the software vendor.
4.4 Neither Trustack nor the software vendor shall be liable for any consequences of any failure to install the updates.
4.5 Where a software vendor discontinues any aspect of the Endpoint Protection Services, Trustack will work with the Customer to migrate the Customer away from any legacy aspects of the Endpoint Protection Services. The Customer agrees to work with Trustack with respect to this migration, and provide all reasonable assistance Trustack may require.
5. Charges and payment terms
5.1 Unless expressly agreed to the contrary, the Customer will be invoiced monthly in advance. All invoices are payable net 30 (thirty) days from receipt. All fees and charges are exclusive of VAT and any similar taxes, which will be applied in accordance with prevailing legislation in force at the tax point date.
5.2 Trustack shall be entitled to increase its fees, and the fees payable in respect of the additional User Subscriptions purchased under paragraph 2 and those additional fees for User Subscriptions shall be applied to the Customer’s next invoice.
5.3 Trustack shall give the Customer as much notice as reasonably practicable, but in any event, shall provide 7 (seven) days’ prior written notice of any rises in the charges for Endpoint Protection Services.
Schedule 1
Please note that the below are non-binding service levels targets. Failure to meet these targets shall not amount to breach of the Agreement, and neither Trustack nor the software vendor can be held liable whatsoever or howsoever arising for missed targets.
Priority | Incident Type | Target Response Time |
Priority 1 – Critical | The Endpoint Protection Services are unavailable, critical business systems are impacted due to failure and business cannot continue | 1 hour |
Priority 2 – High | An Endpoint Protection Services interruption affect one or more of the Customer’s users | 4 hours |
Priority 3 – Low | General education or ‘how to’ query. Cosmetic impairment or request for feature enhancement. | Next Business Day |