Master Services Agreement

1. Parties

This Master Services Agreement (“MSA” or “Agreement”) is an agreement between Pivot Point Security, Inc. (“PPS”) with its principal office located at 1245 Whitehorse-Mercerville Road Suite 423, Hamilton, NJ 08619; and CLIENT, as defined in the Statement of Work (SOW).

2. Definitions

Capitalized terms used in this agreement shall have the meaning ascribed to them immediately below or elsewhere in the text of this Agreement.

2.1 “Deliverables” means the tangible items and information PPS shall deliver to CLIENT with respect to the Services, as more particularly set forth in the applicable SOW.

2.2 “Process” (and its conjugates, including without limitation “Processing”) means any operation or set of operations that is performed upon data, including without limitation any collection, recording, retention, organization, storage, adaptation, alteration, retrieval, consultation, blocking, erasure, use, disclosure, access, transfer, or destruction, whether or not by automatic or electronic means.

2.3 “Project” means the activities associated with a Service to be conducted pursuant to a Statement of Work.

2.4 “Receiving Party” means the party who receives, develops or otherwise obtains Confidential Information from or of the other party (“Disclosing Party”), whether such Confidential Information is obtained from the Disclosing Party or from the Disclosing Party’s employees, agents, representatives, consultants, clients, contractors or suppliers, is obtained or developed as a result of the Receiving Party’s access to the Disclosing Party’s facilities or information systems, or is obtained as a result of provision of the Services.

2.5 “System” means any information system, application, software, database, infrastructure, platform or network,

2.6 “Statement of Work” means any description of the Projects, tasks, deliverables, delivery schedule and compensation mutually agreed by the parties to be subject to the terms and conditions of this Agreement, as further described in Section 3, including without limitation, the Statement of Work. The Statement of Work may consist of multiple Projects.

2.7 Work Product” means any and all: (a) deliverables, whether delivered or not, works of authorship, test data, converted data, other data and databases, flowcharts, tables, derivative works, discoveries, inventions, know-how, findings, designs, machines, devices, apparatus, compositions, methods, processes and improvements of any of the foregoing, conceived, made, created, discovered or developed by PPS for the sole and exclusive purpose of CLIENT, whether alone or in conjunction with others, during the course of providing the Services and Deliverables; (b) any other documents, reports or materials of any kind that are prepared by PPS in performing the Services or that are derived from, are based upon or utilize in any way any Confidential Information or other proprietary information, data, materials or products of CLIENT, whether during the term or after termination of this MSA; and (c) all intellectual property rights in the foregoing.

3. Scope of Agreement

 

The Parties agree that the SOW shall be governed by the terms of this MSA, and that the terms of this MSA shall (with respect to the SOW) deemed by the parties to be effective from and after the effective date of such SOW. (“Effective Date”). In the event that Services shall include the license by CLIENT of any software solutions as set forth on the Statement of Work (OSCAR, Policy Automator, or Accelerated Risk Management), such use and license shall be governed by, and shall be subject to in all respects to, the terms of the PPS End User License Agreement available here, which terms are incorporated herein by refence. The term “Services” means the services provided by PPS hereunder or under any SOW, including design and installation of telecommunication and data processing and storage systems, technical support, education, maintenance, outsourcing, consulting or other such Services. (As used in this Agreement, the term “including” means “including without limitation.”)

4. Charges and Billing

 

4.1 CLIENT shall pay PPS for the Services at the rates and amounts set forth in the applicable SOW, without deduction, set-off or delay for any reason other than a disagreement by CLIENT as to the accuracy of PPS’ invoice or if PPS fails to deliver Services or Work Product in a manner consistent with the applicable SOW. CLIENT shall notify PPS of any such disagreement within twenty (20) days after receipt of the applicable invoice from PPS and prior to payment. PPS will cure the disputed Service/Work Product deficiencies within 10 days of written notification by CLIENT. Any portion of such invoice that is not disputed by CLIENT shall be paid within the time period set forth in Section 4.3 below. Upon the parties’ resolution of any disputed charge, CLIENT will pay PPS, the agreed upon amount.

4.2 CLIENT shall pay any sales, value-added and other similar taxes, and other similar charges relating to the sale, transfer of ownership, installation, license, use or provision of the Services, in each case as imposed by applicable law, that PPS must pay based on the Services (excluding those described in Section 15.2 below and those based on PPS’ net income) except to the extent a valid tax exemption certificate is provided by CLIENT to PPS prior to the delivery of the Services.

4.3 Payment is due within thirty (30) days after the date PPS furnishes an invoice, and CLIENT shall refer to the invoice number with payment. CLIENT shall reimburse PPS for all reasonable costs (including reasonable attorneys’ fees) associated with collecting delinquent accounts or dishonored payments. If suit is brought for breach of this Agreement, the prevailing party shall be entitled to recover from the non-prevailing party reasonable attorney’s fees and its costs and expenses in connection with the enforcement of this Agreement. Past due accounts will be assessed interest at the rate of 1% per month from the date said amounts were originally due until the date said amounts are paid.

5. Ownership Rights and Restrictions

 

5.1 All templates, hardware tools and all pre-existing software tools developed by or for PPS either prior to or outside of the scope of the engagement contemplated by this Agreement shall remain the property of PPS. All hardware and software tools developed by or for PPS for the delivery of services to the client remains the property of PPS. PPS retains all ownership and intellectual property rights in pre-existing technology, information and know-how that may be employed in providing the Services and retains all rights in said pre-existing hardware tools, software tools, technology, information and know-how. CLIENT acknowledges and agrees that the Services provided under this Agreement may be related to CLIENT’s purchase of third-party hardware and software products (“Products”) that acquires under a separate order. Such third-party Products not developed or manufactured by PPS will be covered under the terms of sale or license of the developer or manufacturer of those Products.

5.2 PPS and CLIENT hereby acknowledge and agree that, upon the provision or creation by PPS of any Work Product under this Agreement, CLIENT, and its successors and assigns, shall be the sole and exclusive owner of any and all Work Product, including the Deliverables and all copies thereof, that PPS creates, conceives, or makes in connection with the Work Product (collectively, “Creations”), including all patents, copyrights, trade secrets, designs, and other intellectual property rights with respect thereto, and for this purpose, PPS hereby assigns, transfers, and conveys to CLIENT all right, title, and interest in and to such Creations, including all intellectual property rights related to such Creations, anywhere in the world.

5.3 All data and content provided by CLIENT, or by a CLIENT, member, participant, associate, or other affiliated party of CLIENT(“ Affiliate”), for use in connection with or as part of the Services, shall remain at all times the property of the party providing the data or content (either CLIENT or CLIENT Affiliate), and PPS shall not have any right to use such data or content for any purpose other than in furtherance of the Work being performed for CLIENT.

6. Cooperation

 

6.1 CLIENT agrees that where participation by its own staff is necessary for PPS to provide Services, assigned staff will possess the appropriate knowledge, skill, experience and authority for the tasks assigned to them and will be available at convenient times agreed upon by the parties for their participation in the Project. CLIENT agrees to designate a member of its staff to represent CLIENT on all facilities access, technical and staffing matters relating to Services.

6.2 CLIENT will provide a safe and suitable environment in which to perform Services, full and free use of data communication processing and telecom facilities necessary to perform the Services, and the right, under CLIENT’s licenses with third party licensors of software used by CLIENT that will be involved in PPS’ performance of Services, to use such software as CLIENT’s agent.

6.3 If CLIENT fails to provide the artifacts, access to personnel, or information necessary for PPS to provide Services, or does not respond to PPS requests to begin a Project to deliver Services as defined within the SOW within one year of the SOW date, PPS reserves the right to (a) modify pricing to reflect any changes in cost caused by the delay (b) modify the scope to reflect changes in frameworks or compliance standards, or (c) charge the CLIENT for the undeliverable Services.

6.4 CLIENT understands that the obligations set forth above are material terms under this MSA that will directly affect PPS’ ability to perform and complete the Services.

7. Warranties, Disclaimers and Exclusive Remedies

 

7.1 (a) Subject to the limitations contained in this Section 7, PPS warrants best efforts shall be taken to ensure the performance, availability and integrity of the Services and that the Services will conform, as to all material operational features, to PPS’ specifications and descriptions contained in the applicable SOW, and will be free of defects that materially affect CLIENT’s Systems’ performance. However, CLIENT acknowledges that software, if any to be provided in connection with the Services is of such complexity that it may have inherent defects and agrees that, if any deviations from those specifications exist, then it is PPS’ sole responsibility, and CLIENT’s exclusive remedy, upon notice by CLIENT to PPS, to use reasonable efforts promptly, at no additional charge to CLIENT, to eliminate any such deviations that come to CLIENT’s attention. PPS will, at CLIENT’s request during PPS’ normal working hours, make adjustments and repairs not caused in whole or in part by CLIENT’s action or inaction necessary to maintain any software installed by PPS in performing the Services in good working order at no charge to CLIENT. Notwithstanding the foregoing, CLIENT agrees that any software products provided to CLIENT under this Agreement that are neither manufactured nor designed by PPS will carry the warranty carried by the manufacturer, or developer, if any, and PPS makes no independent warranty with respect to such products.

(b) PPS represents and warrants that (i) PPS is a juridical person duly established, validly existing, and in good standing under the laws of the place of its incorporation and has full power, authority, and legal right to make and perform this Agreement; (ii) this Agreement constitutes the legal, valid, and binding obligation of PPS and is enforceable in accordance with its terms against PPS; (iii) PPS has all necessary rights needed to perform its obligations under this Agreement, to grant the rights granted hereunder, and to convey and assign the rights conveyed and assigned hereunder.

7.2 EACH PARTY’S ENTIRE LIABILITY FOR ANY DAMAGES CAUSED BY ANY DEFECT IN SERVICES, OR FOR OTHER CLAIMS ARISING IN CONNECTION WITH ANY SERVICE OR PERFORMANCE OR NON-PERFORMANCE OF OBLIGATIONS UNDER THIS AGREEMENT SHALL BE:

(a) FOR DEFECTS OR FAILURES OF SOFTWARE, THE REMEDY SET FORTH IN SECTION 7.1(A) ABOVE;

(b) FOR DAMAGES OTHER THAN SET FORTH IN SECTION 7.1(A) ABOVE AND NOT EXCLUDED UNDER THIS AGREEMENT, PROVEN DIRECT DAMAGES NOT TO EXCEED PER CLAIM AN AMOUNT EQUAL TO THE TOTAL PAYMENTS PAYABLE BY CLIENT FOR THE APPLICABLE SERVICE UNDER THE APPLICABLE SOW DURING THE TWELVE (12) MONTHS PRECEDING THE MONTH IN WHICH THE DAMAGE OCCURRED. THIS PROVISION SHALL NOT LIMIT CLIENT’S RESPONSIBILITY FOR THE PAYMENT OF ANY AND ALL PROPERLY DUE CHARGES UNDER THIS AGREEMENT.

7.3 SUBJECT TO THE FOREGOING SENTENCE, IN NO EVENT WILL EITHER PARTY, OR ITS AFFILIATES, BE LIABLE TO THE OTHER FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, RELIANCE OR SPECIAL DAMAGES, INCLUDING WITHOUT LIMITATION, INDIRECT OR CONSEQUENTIAL DAMAGES (INCLUDING LOSS OF USE, DATA, BUSINESS OR PROFITS, REVENUE, GOODWILL, ANTICIPATED SAVINGS), INCREASED COST OR FOR THE COST OF PROCURING SUBSTITUTE PRODUCTS OR SERVICES ARISING OUT OF THIS AGREEMENT, WHETHER BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), FAILURE OF A REMEDY TO ACCOMPLISH ITS PURPOSE, STRICT LIABILITY OR OTHERWISE, AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES

7.4 PPS SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING OUT OF OR RELATING TO: (I) INTEROPERABILITY, INTERACTION, ACCESS, OR INTERCONNECTION PROBLEMS WITH APPLICATIONS, EQUIPMENT, SERVICES, CONTENT OR NETWORKS PROVIDED BY CLIENT OR THIRD PARTIES; (II) SERVICE INTERRUPTIONS OR LOST OR ALTERED MESSAGES OR TRANSMISSIONS, EXCEPT AS OTHERWISE PROVIDED IN THE APPLICABLE SOW; OR (III) UNAUTHORIZED ACCESS TO, OR THEFT, ALTERATION, LOSS OR DESTRUCTION OF, CLIENT’S USERS’ OR THIRD PARTIES’ APPLICATIONS, CONTENT, DATA, PROGRAMS, INFORMATION, NETWORK OR SYSTEMS.

7.5 EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, PPS MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AND SPECIFICALLY DISCLAIMS ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NON-INFRINGEMENT OR ANY WARRANTY ARISING BY USAGE OF TRADE, COURSE OF DEALINGS OR COURSE OF PERFORMANCE. PPS DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE. EQUIPMENT PROVIDED BY PPS IN CONJUNCTION WITH ANY SERVICE IS PROVIDED ON AN ‘AS IS’ BASIS. PPS DOES NOT AUTHORIZE ANYONE TO MAKE A WARRANTY OF ANY KIND ON ITS BEHALF AND CLIENT SHOULD NOT RELY ON ANYONE MAKING SUCH STATEMENTS.

7.6 THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION 7 AND IN ANY SOW SHALL APPLY: (I) REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE; AND (II) WHETHER OR NOT DAMAGES WERE FORESEEABLE. THESE LIMITATIONS SHALL SURVIVE FAILURE OF ANY EXCLUSIVE REMEDIES PROVIDED IN THIS AGREEMENT.

7.7 THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION 7 AND IN ANY SOW SHALL NOT APPLY TO: (I) THE FRAUD, GROSS NEGLIGENCE OR WILLFUL MISCONDUCT OF A PARTY; (II) A PARTY’S GROSSLY NEGLIGENT OR INTENTIONAL ACTS GIVING RISE TO A BREACH OF ITS CONFIDENTIALITY OR NONDISCLOSURE OBLIGATIONS AS SET FORTH IN SECTION 11 BELOW; (III) A PARTY’S INDEMNIFICATION OBLIGATIONS AS SET FORTH IN SECTION 12 BELOW; AND (IV) PPS’ INTELLECTUAL PROPERTY INFRINGEMENT INDEMNIFICATION OBLIGATIONS AS SET FORTH IN SECTION 8 BELOW.

7.8 Certain Risk Limitations. Certain Services follow a defined sampling methodology, rather than being driven by a specific end result or deliverable. This sampling methodology aims to reduce cost while at the same time minimizing any detrimental impact on the accuracy and reliability of the results. Due to the inherent risks and limitations associated with this methodology, PPS cannot guarantee (i) the outcome of its testing, assessment, forensics, or remediation methods, or (ii) that all weaknesses, noncompliance issues or vulnerabilities will be discovered (clauses (i) and (ii) together, the “Risks and Limitations”) CLIENT acknowledges and accepts these Risks and Limitations.

7.9 Vulnerability Assessments.  In the event that the Services include vulnerability assessments, all intrusions effected by PPS as part of the Services will be limited solely to those necessary to perform the Services.

(a) The Services will not introduce or cause to be introduced into CLIENT’s systems and networks any self-replicating or non-self-replicating computer codes, commands, routines or like data or entries that perform an undesired activity (sometimes referred to in industry parlance as a “virus”). In such event, PPS will take all reasonable precautions to minimize the negative impact on CLIENT’s computer systems and network; however, CLIENT acknowledges that the performance of such service may temporarily degrade the operation of CLIENT’s computer systems and network. CLIENT hereby releases PPS from any and all losses, damages, expenses, or actions, which CLIENT may incur in connection with such vulnerability assessment aspects of the Services.

(b) PPS does not warrant: (c) the operation of the Software Assessment tools will be error-free or uninterrupted; or (d) the Assessment will discover all open source or third-party code, potential license conflicts, errors and vulnerabilities that may reside in the Code Base. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, PPS, ITS PARENT, AFFILIATES, SUBSIDIARIES, EMPLOYEES, AGENTS, DISRIBUTORS, AND RESELLERS DISCLAIM ALL WARRANTIES, CONDITIONS AND REPRESENTATIONS, (WHETHER ORAL, WRITTEN, EXPRESS, IMPLIED OR STATUTORY), INCLUDING THOSE RELATED TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, ACCURACY OR COMPLETENESS OF RESULTS, CONFORMANCE WITH DESCRIPTION, AND NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, ANY IMPLIED WARRANTIES OR CONDITIONS ARISING OUT OF COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OR TRADE OR CUSTOM ARE EXPRESSLY EXCLUDED AND DISCLAIMED.

 

8. Claims of Infringement

 

8.1 If someone (“Claimant”) makes a claim against either CLIENT or PPS (“Recipient” which may refer to CLIENT or PPS depending upon which party received the Material), that any Work, Creation, information, design, specification, instruction, software, data, or material (collectively, “Material”) furnished by either CLIENT or PPS (“Provider” which may refer to CLIENT or PPS depending on which party provided the Material) infringes Claimant’s intellectual property rights; the Provider will indemnify, defend and hold harmless the Recipient against the claim, and expenses relating thereto, including attorneys’ fees and litigation costs. In connection with any such claim, Recipient shall:

(a) notify the Provider promptly in writing, not later than 30 days after the Recipient receives notice of the claim (or sooner if required by applicable law);

(b) give the Provider sole control of the defense and any settlement negotiations (provided that Provider shall not enter into any settlement admitting any liability of Recipient without Recipient’s prior written consent); and

(c) give the Provider the information, authority, and assistance the Provider reasonably needs to defend against or settle the claim.

8.2 If the Provider believes, or it is determined, that any of the Material may have violated a third party’s intellectual property rights, the Provider may at no cost to Recipient choose to either modify the Material to be non-infringing (without materially altering its utility or functionality) or obtain a license to allow for continued use, or if these alternatives are not commercially reasonable, the Provider may end the license for, and require return of, the applicable Material and refund any fees the Recipient may have paid for it and any unused, prepaid technical support or other fees CLIENT has paid for the license. If CLIENT is the Provider and such return materially affects PPS’ ability to meet its obligations under the relevant SOW, then PPS may, at its option and upon prior written notice, terminate the SOW. If PPS is the Provider, then CLIENT may, at its option and upon prior written notice, terminate the SOW. The Provider will not indemnify the Recipient to the extent the Recipient without Provider’s consent alters the Material or uses it outside the scope of use identified in the Provider’s user documentation or to the extent the Recipient without Provider’s consent uses a version of the Material that has been superseded, if the infringement claim could have been avoided by using an unaltered current version of the Material which was provided to the Recipient. The Provider will not indemnify the Recipient to the extent that an infringement claim is based upon any Material not furnished either by or on behalf of Provider or with Provider’s consent. PPS will not indemnify CLIENT to the extent that an infringement claim is based upon the

combination without Provider’s consent of any Material with any products or Services not provided by or on behalf of PPS or with PPS’ consent. This Section 8 provides the parties’ exclusive remedies for any infringement claims.

9. Technical Support

 

9.1 Technical support may include an annual contract for technical support Services CLIENT may have ordered. If ordered, annual technical support (including first year and all subsequent years) is provided under a SOW for such technical support. The technical support policies incorporated in this MSA are subject to change at PPS’ discretion; however, PPS will notify the thirty (30) days prior to any such change and will not materially reduce the level of Services provided for supported programs during the period for which fees for technical support have been paid.

9.2 PPS reserves the right to discontinue support for Systems or System components that are discontinued by the applicable manufacturer, or that due to age, obsolescence or condition create an unreasonable burden on maintenance and support. CLIENT will be given 120 days’ notice of a discontinuance of support when such decision is made by PPS. If the termination of support is based on manufacturer discontinuance, PPS will relay that information promptly to CLIENT. In either event, PPS will provide reasonable assistance to CLIENT in finding alternative support solutions.

9.3 If PPS (a) changes the technical support policies incorporated in this MSA, or (b) discontinues support for Systems or System components, in either case in such a manner as to materially adversely affect any of the Services, then CLIENT may at its option upon notice to PPS terminate either this Agreement, any SOW so affected or any Services so affected.

10. Termination of Agreement

10.1 This MSA remains active until either party terminates the agreement based on the provisions below.

10.2 This Agreement and/or any SOW, as the case may be, may be terminated by PPS or CLIENT, as the case may be, without liability of the terminating party under the following circumstances:

(a) by PPS if CLIENT fails to pay a past due balance for Services within thirty (30) days after CLIENT’s receipt of written notice from PPS of the past due balance;

(b) by CLIENT or PPS on five (5) days’ written notice to the other party (i) if the other party violates any applicable law, rule, regulation or policy of any governmental authority related to the Services; or (ii) if the other party makes a material misrepresentation in connection with ordering or delivery of Services; or (iii) if the other party engages in any fraudulent use of Services; or (iv) if a court or any governmental authority prohibits PPS from furnishing the Services;

(c) by either party if the other party fails to cure a material breach (other than a payment breach described in (a) above or a Service/Work Product service level breach described in Section 4.1 of this Agreement within ten (10) days after the breaching party’s receipt of written notice of said breach from the non-breaching party;

(d) by CLIENT or PPS immediately upon receipt of written notice by the other party if such other party: (i) becomes insolvent; or (ii) is involved in a liquidation or termination of its business; or (iii) files a bankruptcy petition or has an involuntary bankruptcy petition filed against it (if not dismissed within 30 days of filing); or (iv) makes in an assignment for the benefit of its creditors;

(e) as provided for and in accordance with (i) Section 8.2 above and (ii) Section 16.10 below;

10.3 PPS and CLIENT each as non-breaching party agrees to extend the 10-day cure period described in Section 10(c) hereof by an additional period of days determined by it in its sole reasonable discretion, provided (a) the breach at issue is not reasonably capable of cure within said thirty day period, (b) the breaching party diligently commenced efforts to cure the breach promptly upon receipt of the non-breaching party’s notice of the breach and (c) the breaching party diligently continued its efforts to cure the breach throughout said thirty day period.

10.4 Unless sooner terminated as provided for in this Section 10, this Agreement will terminate when all the obligations under each outstanding SOW have been completed, or the non-terminating party has received notice of proper termination of this Agreement from the terminating party.

10.5 If CLIENT’s right to terminate arises under a SOW, then CLIENT may at its option terminate either (a) the SOW as to which CLIENT’s termination right arose, (b) any or all of the other then-outstanding SOWs, or (c) this Agreement. Any termination of this Agreement automatically terminates all remaining then-outstanding SOWs. However, termination of all then-outstanding SOWs will not terminate this Agreement, unless a termination notice as described in Section 9.3 has been received by the non-terminating party.

10.6 With regard to all of the termination rights set forth above, if a party has such a termination right, then said party may at its option, in lieu of exercising said termination right, and upon notice to the other party, instead suspend its performance under this Agreement for a period communicated to the other party as part of said notice and not to exceed 30 days (“Suspension Period”), with said Suspension Period to automatically terminate at such time as the termination right which gave rise to the Suspension Period ceases to exist, due either to cure or otherwise.

10.7 Upon termination, all rights and obligations of the parties under this Agreement or the applicable SOW will immediately cease and terminate, except for the rights and obligations which survive termination pursuant to Section 16.7 below. If CLIENT has terminated this Agreement or a SOW pursuant to this Section 10, PPS shall terminate all work and deliver to CLIENT all Work Product completed or in progress at the time of the termination, CLIENT shall pay compensation for Work that has been performed and/or delivered, and all reimbursable expenses. To the extent that CLIENT pays PPS for any Work performed, such amounts shall be discounted to account for any incompletion or imperfections, and shall in no event exceed the total fees payable for such Deliverables under the applicable SOW. Upon notice of termination, PPS shall immediately cease development of (and not tamper with) the applicable Deliverables except to the extent otherwise directed by CLIENT. Upon CLIENT’s request, within ten (10) days of such notice, PPS shall deliver to CLIENT, in an electronic storage media and format reasonably acceptable to CLIENT, all Deliverables under development.

10.8 In the event of any termination pursuant to this Section 10, CLIENT may at its sole option complete any and all Deliverables as to which this Agreement or any applicable SOW is terminated by or through its own resources or third party contractors or consultants.

11. Nondisclosure

11.1 Each party acknowledges that the other party owns valuable intellectual property, trade secrets and other Confidential Information and may license same from others. “Confidential Information” shall mean information that is acknowledged by the party owning or licensing it to be a valuable, special, or unique asset of said party as Disclosing Party, the disclosure of which may be materially damaging to said party as Disclosing Party, or that otherwise would be logically considered confidential or proprietary to said party as Disclosing Party. Confidential Information shall include, but is not limited to, all non-public information relating to the Disclosing Party’s business, product or service plans, designs, costs, prices, suppliers, data, finances, marketing plans, business opportunities, personnel, formulas, designs, prototypes, business methods, techniques, Processes, procedures, programs, codes, research, development and know-how. In addition, Confidential Information of CLIENT includes the Deliverables, and interim Work Product developed by PPS in connection with the Work. PPS agrees that all Confidential Information from time to time known, disclosed, divulged, communicated, furnished, or otherwise made available to PPS is solely for the purpose of enabling PPS to perform and discharge its duties and responsibilities hereunder.

11.2 Except as specifically required to perform the Work during the term of this Agreement or any applicable SOW (in the case of PPS’ disclosure of Confidential Information) or as specifically directed by the Disclosing Party, each party agrees that it will not at any time during or after the term of this Agreement or any applicable SOW disclose any Confidential Information of the other party to any person, and that upon termination of this Agreement or at any earlier time upon the Disclosing Party’s demand it will turn over to the Disclosing Party without cost and in an orderly and expeditious manner all documents, papers and other matter in its possession or under its control that contain or relate to such Confidential Information, including copies, extracts, summaries and portions thereof, on whatever media rendered. Confidential Information of the Disclosing Party will be held and protected by the Receiving Party in strict confidence. In no event will the Receiving Party use the Confidential Information of the Disclosing Party for its own benefit or that of any other person. In the event of any disclosure or loss of, or inability to account for, any Confidential Information of the Disclosing Party, the Receiving Party will promptly, at its own expense: (i) notify the Disclosing Party in writing, (ii) take such actions as may be necessary or reasonable requested by the Disclosing Party to minimize any violation of the terms of this Section 11, and (iii) cooperate with the Disclosing Party to minimize any violation and any damage resulting therefrom. The Receiving Party will use at least the same degree of care in maintaining the confidentiality of the Confidential Information of the Disclosing Party, as the Receiving Party uses with respect to its own proprietary or Confidential Information of a similar nature, and in no event less than reasonable care. Confidential Information of the Disclosing Party will remain the Disclosing Party’s property, and nothing in this Agreement grants or confers any ownership rights in or license to any of that information to the Receiving Party, except for those limited licenses set forth herein. The Receiving Party will take all reasonable steps to ensure that the Receiving Party and its subcontractors, and their personnel, comply with this provision. Such steps shall include limiting disclosure to those employees, contractors and agents of the Receiving Party and its subcontractors who need to know the Disclosing Party’s Confidential Information to perform their duties and then only to the extent necessary and with an understanding of their obligations with respect to such Confidential Information. Notwithstanding the obligations above, the Receiving Party shall not have any obligation to protect Confidential Information of the Disclosing Party that the Receiving Party can demonstrate (a) is or becomes publicly known through no act or fault of the Receiving Party; (b) is developed independently by the Receiving Party without access to or knowledge of the Disclosing Party’s Confidential Information; (c) is already known by the Receiving Party when disclosed by the Disclosing Party to the Receiving Party, if the Receiving Party does not then have a duty to maintain its confidentiality; or (d) is rightfully obtained by the Receiving Party from a third party (other than a subcontractor) not obligated to preserve its confidentiality who did not receive the material or information directly or indirectly from the Disclosing Party. The Receiving Party also may disclose the Disclosing Party’s Confidential Information to the extent required by a court or other governmental authority, provided that the Receiving Party (i) gives the Disclosing Party reasonable prior written notice of the court or other governmental authority demand and the proposed disclosure in response thereto; (ii) uses reasonable efforts to resist disclosing said Confidential Information; (iii) cooperates with the Disclosing Party’s request to obtain a protective order or otherwise limit the disclosure; and (iv) as soon as reasonably possible, provides a letter from its counsel confirming that said Confidential Information is, in fact, required to be disclosed. Promptly upon the expiration or termination of this Agreement and at any other time upon the Disclosing Party’s request, the Receiving Party will, at the Disclosing Party’s direction either (A) return Disclosing Party’s Confidential Information in the Receiving Party’s possession or control, or at the Disclosing Party’s option (B) destroy all of such Confidential Information in the Receiving Party’s possession or control and certify to such destruction in writing. The foregoing notwithstanding, PPS shall have the right to retain certain information regarding its Services as is reasonably necessary for its record retention purposes, and otherwise as shall be required by applicable law, legal process, or governmental request, or to enforce or defend PPS’s rights or carry out its obligations.

11.3 The obligations in this Section 11 shall apply while this Agreement remains in effect and for five (5) years after its termination, except to the extent that Confidential Information rises to the level of a “trade secret” (as defined by applicable law and as reasonably determined by the Disclosing Party), in which case the obligations of this Section 11 with respect to such trade secrets shall remain in effect for the greater of (a) the period this Agreement remains in effect and for a period of five (5) years thereafter or (b) for so long as such information retains its status as a trade secret under applicable law.

11.4 (a) PPS acknowledges that the goodwill of CLIENT, and the compliance of CLIENT with certain regulatory requirements, depends, among other things, upon CLIENT maintaining the confidentiality of its Confidential Information and that the unauthorized disclosure of Confidential Information would irreparably injure CLIENT in a manner that could not be adequately compensated by monetary damages. Accordingly, PPS irrevocably consents to the entry of injunctive relief against the breach or threatened breach of PPS’ duty of non-disclosure set forth in Section 11.2 without the necessity of posting bond in addition to any other legal remedies which may be available. PPS acknowledges and agrees that the covenants contained herein are necessary for the protection of the legitimate business interests of CLIENT and are reasonable in scope and content.

(b) CLIENT acknowledges that the goodwill of PPS depends, among other things, upon PPS maintaining the confidentiality of its Confidential Information and that the unauthorized disclosure of PPS Confidential Information would irreparably injure PPS in a manner that could not be adequately compensated by monetary damages. Accordingly, CLIENT irrevocably consents to the entry of injunctive relief against the breach or threatened breach of CLIENT’s duty of non-disclosure set forth in Section 11.2 without the necessity of posting bond in addition to any other legal remedies which may be available. CLIENT acknowledges and agrees that the covenants contained herein are necessary for the protection of the legitimate business interests of PPS and are reasonable in scope and content.

12. Indemnification for Certain Third-Party Claims. Each party shall indemnify, defend and hold harmless the other party against any and all claims by third parties, and expenses relating thereto, including reasonable attorneys’ fees and litigation costs, with respect to (a) any damage to personal property, personal injury or death caused by such party’s actions, and (b) any actual breach of such party’s expressed obligations set forth in this Agreement or any SOW. In addition, PPS shall indemnify, defend and hold harmless CLIENT against any and all claims by third parties, and expenses relating thereto, including reasonable attorney’s fees and litigation costs, with respect to (c) a demand for the payment of compensation, benefits or salary asserted by an employee of PPS or any of its subcontractors, and (d) PPS’ violation of any law applicable to PPS or its provision of Services hereunder or under any SOW. With respect to the indemnification obligation hereinabove set forth: (i) the indemnified party will notify the indemnifying party in writing promptly upon learning of any claim or suit for which indemnification may be sought hereunder, provided that failure to do so shall not affect the indemnity except to the extent the indemnifying party is prejudiced thereby; (ii) the indemnifying party shall have control of the defense or settlement provided that the indemnified party shall have the right to participate in such defense or settlement with counsel of its own selection and at its sole expense, and provided further that the indemnifying party shall not enter into any settlement admitting any liability of the indemnified party without the indemnified party’s prior written consent; and (iii) the indemnified party shall reasonably cooperate with the defense, at the indemnifying party’s expense.

13. Non- Solicitation of Employees

During the term of the Agreement and for a period of 18 months thereafter, neither party will solicit for employment any employee or contractor of the other who was directly involved in the performance of any Services. A general advertisement or a request for employment initiated exclusively by the employee is not considered a solicitation. In the event either party violates this provision and subsequently retains an employee of the other, the party in breach will pay to the other a fee equal to fifty percent (50%) of the salary provided to that employee by the party in breach of this provision.

14. Export

Export laws and regulations of the United States and other export laws and regulations may apply to software, technical information and/or products provided to CLIENT under this MSA. CLIENT agrees to comply with all such export laws and regulations (including “deemed export” and “deemed re-export” regulations). CLIENT agrees that no such software, technical information and/or products will be exported, directly or indirectly, in violation of these laws, or will be used for any purpose prohibited by these laws including, without limitation, nuclear, chemical, or biological weapons proliferation.

15. PPS Personnel

15.1 PPS will appoint for each SOW a qualified member of its staff to act as project manager (the “PPS Project Manager”), whose duties shall be to act as liaison between CLIENT and PPS. The PPS Project Manager and other staff working on the Project shall be identified in the applicable SOW.

15.2 All Services shall be performed under the general oversight, review and evaluation of PPS. PPS shall be fully and solely responsible for: (a) the compensation and performance of all of its employees and subcontractors hereunder; (b) the filing of any and all returns and reports; and (c) the withholding and/or payment of all applicable federal, state and local wage taxes, and employment related taxes, including, but not limited to, income taxes, gross receipt taxes, taxes measured by gross income, Social Security taxes and unemployment taxes for PPS, PPS’ employees and any other agents or subcontractors employed by PPS to perform under this Agreement. PPS shall reimburse CLIENT for any taxes not withheld or paid by PPS in accordance with this Section, as well as reasonable attorney’s fees, penalties and interest which CLIENT may incur due to PPS’ failure to make such withholdings or payments.

15.3 CLIENT may, in its reasonable discretion, request the substitution of other personnel or dismissal from performance of Services under this Agreement of any subcontractor and any personnel of PPS or its subcontractors for any reason satisfactory to CLIENT, effective upon written notice from CLIENT to PPS. For purposes of clarification, CLIENT shall have no right to require PPS or its subcontractors to dismiss any of their employees from employment, only from performance of Services under this Agreement.

15.4 PPS shall not subcontract any portion of the Services without CLIENT’s prior written consent in each instance, such consent not to be unreasonably withheld, conditioned or delayed. PPS shall at all times remain fully responsible and liable for the actions of its subcontractors. Nothing contained in any agreement between PPS and any subcontractor shall bind CLIENT. PPS shall obtain and maintain in effect written agreements with each of its employees, agents and subcontractors who perform any Services hereunder. Such agreements shall contain terms sufficient for PPS to comply with all provisions of this Agreement. Without limiting the foregoing, PPS warrants that it has enforceable written agreements with all of its employees and subcontractors who shall be involved in any Project under this Agreement (a) assigning to PPS (including the right for PPS to assign to CLIENT) ownership of all patents, copyrights and other intellectual property rights created in the course of their employment or engagement, and (b) obligating such employees or subcontractors to protect and not to use or disclose any Confidential Information of CLIENT under terms sufficient for PPS to comply with its confidentiality obligations in this Agreement.

15.5 PPS shall comply with such reasonable CLIENT background check and security procedures as CLIENT shall make available to PPS.

16. General Provisions

16.1 Entire Agreement; Modifications in Writing

CLIENT and PPS agree that this MSA, together with all applicable SOWs and Amendments, if any, is the complete agreement for the Services ordered by CLIENT, and that this Agreement supersedes all prior or contemporaneous agreements or representations, written or oral, regarding such Services. It is expressly agreed that the terms of this Agreement and any Amendment supersede the terms in any purchase order or other non-PPS ordering document, and no terms included in any such purchase order or other non-PPS ordering document shall apply to the Services ordered. Any ambiguity, inconsistency or other conflict between this Agreement and any SOW shall be resolved in favor of the SOW. Neither this Agreement nor any SOW or Amendment may be modified in the former case, or entered into or modified in the latter case, and the rights and restrictions under either may not be altered or waived, except in a writing signed by authorized representatives of CLIENT and PPS.

16.2 No Waiver. No failure by either party to enforce any of the rights hereunder shall constitute a waiver of such right(s).

16.3 Assignment. This Agreement may not be assigned by the CLIENT or PPS without the prior written consent of the other party. Neither PPS nor CLIENT will unreasonably withhold, condition or delay its consent to a proposed assignment. Notwithstanding the foregoing, either party may upon prior notice to the other party assign this Agreement to a parent company (if applicable), or to any entity controlled by, controlling or under common control with it, or if all or substantially all of party’s assets, shares or equity are transferred. The terms of this Agreement shall be binding upon any permitted assignee.

16.4 Severability. If any term, condition or provision in this Agreement is found to be invalid, unlawful or unenforceable to any extent, the parties shall negotiate in good faith to agree to such amendments that will preserve, as far as possible, the intentions expressed in this Agreement. If the parties fail to agree on such amendments, such invalid term, condition or provision will be severed from the remaining terms, conditions and provisions, which shall continue to be valid and enforceable to the fullest extent permitted by law.

16.5 Dispute Resolution. Whenever either Party desires to institute legal proceedings against the other concerning the Agreement, it shall provide written notice to that effect to such other Party. The Party providing such notice shall refrain from instituting said legal proceedings for a period of 30 days following the date of provision of such notice. During such period, the Parties shall attempt in good faith to amicably resolve their dispute by negotiation among their executive officers and PPS shall continue to provide the Services if requested by CLIENT. This Section 16.5 shall not prohibit either Party from seeking, at any time, equitable relief. If PPS continues to provide Services at the request of CLIENT, the parties will agree in good faith the value of such Services and CLIENT will be obligated to pay for such Services.

16.6 Document Retention. All Client documents, information, reports and deliverables stored in the Pivot Point Security portal will be maintained for two years from the last modify date of a document at which time the data will be purged from our systems. The Client is responsible for downloading all reports, data, information and deliverables they want to maintain.

16.7 Applicable Law; Venue. This Agreement shall be governed by, and construed in accordance with, the law of the State of New Jersey applicable to agreements made and to be performed wholly within such state. Any suit, action, or other proceeding arising in connection with this Agreement (each a “Proceeding”) shall be brought in the courts of the State of New Jersey or of the United States of America venued in New Jersey and the parties hereby irrevocably submit to the jurisdiction of each such court. The parties further irrevocable consent to the service of Process in any Proceeding by mailing by registered or certified mail, postage prepaid, to the party’s address provided pursuant to Section 16.6 and, without limitation of the foregoing, the parties agree not to claim and hereby irrevocably waive any and all rights they may have to contest the validity of service of Process. The parties further irrevocably waive any objection they may have now or hereafter to the laying of venue of any Proceeding brought in any such court, and hereby further irrevocably waive any claim that any Proceeding brought in any such court has been brought in an inconvenient forum.

16.8 Notice. Any notice, demand, or request which may be permitted, required, or desired to be given in connection with this Agreement shall be given in writing and directed to CLIENT or PPS, as appropriate.

Except for service of Process which shall be made in accordance with the provisions of Section 15.5, notices shall be deemed properly delivered (a) if personally delivered; (b) if delivered by overnight courier; or (c) on the fifth business day following deposit in the United States Mail, by registered or certified mail, return receipt requested, postage prepaid and addressed as set forth herein. Any party may change its address for the purpose of receiving notice under this Agreement by giving written notice of such change to the other party at least fifteen days prior to the intended effective date of such change.

16.9 Survival of Obligations. The provisions of Sections 5, 7, 8, 11, 12, 13, 14, and 16 of this Agreement shall survive any expiration or termination of this Agreement.

16.10 Relationship of Parties. This Agreement creates an independent contractor relationship between the parties, and neither party’s employees or contractors shall be considered employees, contractors, partners or agents of the other party (except as provided in Paragraph 6.2).

16.11 Force Majeure. Neither party shall be liable, nor shall any credit allowance or other remedy be extended, for any failure of performance or equipment due to causes beyond such party’s reasonable control (including acts of God, fires, floods, explosions, riots, wars, hurricane, sabotage terrorism, vandalism. accident, restraint of government, governmental acts, injunctions, labor strikes, and other like events that are beyond the reasonable anticipation and control of the party). In the event PPS is unable to deliver Services as a result of such a failure, CLIENT shall not be obligated to pay PPS for the affected Services for so long as PPS is unable to deliver such Services; provided, that the term of the applicable SOW respecting such Services shall be extended for a period of time equal to the period of time that CLIENT was not required to pay for the affected Services; and provided further, that if such failure continues for at least thirty days, then this Agreement or the SOW pursuant to which the Services at issue were to have been delivered, at CLIENT’s option, may be terminated by CLIENT immediately upon receipt of written notice by PPS.

16.12 Period to Bring Claims. No action arising out of any breach or claimed breach of this Agreement or transactions contemplated by this Agreement may be brought by either party more than one (1) year after the cause of action has accrued. For purposes of this Agreement, a cause of action will be deemed to have accrued when a party knew or reasonably should have known of the breach or claimed breach.

16.13 Nondiscrimination. PPS covenants that it will not discriminate against any employee or applicant for employment because of race, color, religion, sex, national origin, or ancestry.

16.14 UCITA Not to Apply. The Uniform Computer Information Transactions Act does not apply to this Agreement.

16.15 Section Headings. Section headings are for the convenience of the parties only and shall not be used to alter or amend any provision of this Agreement or any SOW.

16.16 Construction. The preparation of this Agreement has been a joint effort of the parties. This Agreement shall not, solely as a matter of judicial construction, be construed more severely against one of the parties than the other.

Updated: November 10, 2022