Legal Terms and Conditions for Mandiant Offerings
GENERAL TERMS APPLICABLE TO ALL OFFERINGS
Mandiant Advantage Solutions
- Mandiant Security Validation
- Mandiant Automated Defense
- Mandiant Attack Surface Management (fka Intrigue Software)
- Mandiant Threat Intelligence
Mandiant Managed Defense
Mandiant Expertise on Demand
Mandiant Professional Services
These terms and conditions (the “Agreement”) govern the purchase and use of Mandiant Offerings by the Customer listed on the Order or Statement of Work that incorporates this Agreement.
Structure and Order of Precedence. The General Terms Applicable to all Mandiant Offerings (“General Terms”) provide the terms under which the Customer may use Mandiant’s various Offerings. The specific rights for the Customer to use and receive Mandiant Solutions, Services, Support Services or Subscriptions or otherwise engage with specific Mandiant Offerings are set forth in the applicable ”Schedule." In the event of conflict between any of the General Terms and a Schedule, the Schedule will govern. Purchases of FireEye products, subscriptions, product support, and services related to FireEye products and subscriptions (collectively, “FireEye Offerings”) will be governed by the terms for such FireEye Offerings found at www.fireeye.com/company/legal, and Mandiant offers such FireEye Offerings as an authorized reseller or sales agent of FireEye. If you are authorized to resell or supply Mandiant under a Google Cloud partner or reseller program, then all references to Customer in this Agreement mean Partner or Reseller (as applicable).
If you have arrived at this page via a link provided during the process of installing or using your Mandiant Offering, you acknowledge that by proceeding with the installation or use of that Offering, you agree to be bound by this Agreement as it applies to that Offering. If this Agreement is considered an offer, acceptance is expressly limited to the terms of this Agreement. If you do not unconditionally agree to the foregoing, discontinue use immediately. If you proceed with use, you are representing and warranting that you are authorized to bind the Customer.
For Mandiant Solutions purchased by partners or resellers of Google Cloud Platform through the Google Cloud Marketplace, this Agreement supplements the agreement that authorizes the resale or supply of Google Cloud Platform (the “GCP Agreement”). Partners or resellers will include the terms of this Agreement, or terms substantially similar, in their Customer Agreement(s) (as defined in the GCP Agreement). For the purposes of the Mandiant Solutions, where there is conflict between the GCP Agreement and this Agreement, this Agreement will take precedence. For the avoidance of doubt, the Data Processing and Security Terms, TSS, TSS Guidelines, and SLAs, all as defined under the GCP Agreement, shall not apply to the Mandiant Solutions. Partner or Reseller benefits or discounts including Commit Drawdown and Program Discounts (as defined in the GCP Agreement) will apply to the Mandiant Solutions at Google’s discretion. Google shall be a third party beneficiary to this Agreement.
General Terms Applicable to all Mandiant Offerings
1. “Deliverables” means the written reports that are created specifically for Customer as a result of the Professional Services provided hereunder.
1.2 “Documentation” means the user manuals generally provided in writing by Mandiant to end users of the Solutions in electronic format, as amended from time to time by Mandiant.
1.3 “Mandiant” means (i) Mandiant, Inc., a Delaware corporation with its principal place of business at 11951 Freedom Drive, 6th Floor, Reston, Virginia, 20190 with respect to Offerings that are shipped to, deployed or rendered inside of North America (including the United States, Mexico, Canada and the Caribbean), Central America and South America (collectively, the “Americas”); or (ii) with respect to all Offerings that are shipped to, deployed or rendered outside of the Americas, Mandiant Ireland Limited, a company incorporated under the laws of Ireland with principal place of business at 2 Park Place, City Gate Park, Mahon, Cork, Ireland.
1.4 "Mandiant Materials" means all Mandiant proprietary materials, Deliverables, intellectual property related to Solutions or Services, (such as all rights in any software incorporated into a Solution or Service, copyrights, and patent, trade secret and trademark rights related to Offerings, and screens associated with Offerings), Documentation, any hardware and/or software used by Mandiant in performing Services or providing Solutions, Mandiant’s processes and methods (including any forensic investigation processes and methods), Indicators of Compromise, materials distributed by Mandiant during Training, and any Mandiant templates and/or forms, including report and presentation templates and forms. Mandiant Materials does not include Third Party Materials.
1.5 "Indicators of Compromise" or "Indicators" means specifications of anomalies, configurations, or other conditions that Mandiant can identify within an information technology infrastructure, used by Mandiant in performing Services and providing Solutions.
1.6 “Intellectual Property Rights” means copyrights (including, without limitation, the exclusive right to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted work), trademark rights (including, without limitation, trade names, trademarks, service marks, and trade dress), patent rights (including, without limitation, the exclusive right to make, use and sell), trade secrets, moral rights, right of publicity, authors’ rights, contract and licensing rights, goodwill and all other intellectual property rights as may exist now and/or hereafter come into existence and all renewals and extensions thereof, regardless of whether such rights arise under the law of the United States or any other state, country or jurisdiction.
1.7 “Offerings” means, collectively, Solutions, Training, Professional Services and Support Services.
1.8 “Order” means a written purchase order or similar ordering document, signed or submitted to Mandiant or its authorized reseller by Customer and approved by Mandiant, under which Customer agrees to purchase Offerings.
1.9 “Professional Services” means, collectively, those security consulting services provided by Mandiant under a Statement of Work and/or set forth on an Order, which may consist of services such as deployment, configuration or installation services; proactive security consulting such as penetration testing, vulnerability assessments or compromise assessments; or incident response or other remediative services.
1.10 "Service" or "Services" means the Professional Services, Support Services and Training.
1.11 "Statement of Work" or “SOW” means a mutually agreed-upon document between Mandiant and Customer, describing Professional Services, rates and timelines (if applicable) for those Professional Services, and incorporating this Agreement.
1.12 “Solution” or “Solution Subscription” means a service provided by Mandiant for a fixed term, under which Mandiant provides access to certain features, functionality, and/or information, as described in the applicable Schedule for each Solution Subscription attached to this Agreement.
1.13 “Support Services” means the Solution support and maintenance services provided by Mandiant with respect to each Solution, as described in the applicable Schedule for each Solution.
1.14 “Third Party Materials” means software or other components that are licensed to Mandiant by third parties for use in Mandiant’s Offerings.
1.15 “Training” means training in the use of Solutions, or on security-related topics in general, provided by Mandiant.
2. ORDERS AND STATEMENTS OF WORK.
2.1. Orders. Customer may purchase Offerings by submitting an Order. If accepted by Mandiant, the “Order Effective Date” will be the date of the Order. All Orders will be governed by this Agreement. For clarity, Mandiant will not be obligated toprovide any Services or Training or activate any Solution Subscriptions until Customer has issued a valid Order for those Offerings. Orders for Offerings will be invoiced by the relevant Mandiant entity as described above, regardless of the entity that issued the quote or the entity to whom an Order is addressed.
2.2. Statements of Work. Each Statement of Work will incorporate and be governed by this Agreement. The “Statement of Work Effective Date” will be the date both Customer and Mandiant have agreed to the Statement of Work, either by executing the Statement of Work or by issuing and accepting an Order for the Professional Services described on the Statement of Work. For clarity, Mandiant will not be obligated to perform any Professional Services until a SOW describing those Professional Services has been agreed by both parties or an Order listing those Professional Services has been accepted by Mandiant.
3. FEES AND PAYMENT.
3.1 Fees and Expenses. Customer agrees to purchase the Offerings for the prices set forth in each Order and/or Statement of Work, as applicable (“Fees”). If Customer purchases through a Mandiant partner (such as an authorized reseller or distributor, collectively, “Mandiant Partners”), all fees and other procurement and delivery terms shall be agreed between Customer and the applicable Mandiant Partner. Customer shall reimburse Mandiant for all expenses incurred so long as such expenses are directly attributable to the Services or Solutions performed for or provided to Customer. Mandiant will provide appropriate vouching documentation for all expenses exceeding $25.
3.2 Payment. If Customer purchases directly from Mandiant, Customer will make full payment in the currency specified in Mandiant’s invoice, without set-off and in immediately available funds, within thirty (30) days of the date of each invoice. All Fees are non-cancelable and non-refundable. All Fees described on an Order or in a Statement of Work will be fully invoiced in advance, unless otherwise agreed by Mandiant. Any partial fulfillment or activation by Mandiant may be invoiced or delivered individually. If any payment is more than fifteen (15) days late, Mandiant may, without limiting any remedies available to Mandiant, terminate the applicable Order or Statement of Work or suspend performance until payment is made current, and all payments then due will accelerate and become immediately due and payable. Customer will pay interest on all delinquent amounts at the lesser of 1.5% per month or the maximum rate permitted by applicable law.
3.3 Taxes. All Fees are exclusive of all present and future sales, use, excise, value added, goods and services, withholding and other taxes, and all customs duties and tariffs now or hereafter claimed or imposed by any governmental authority upon the Offerings which shall be invoiced to and paid by the Customer. If Customer is required by law to make any deduction or withholding on any payments due to Mandiant, Customer will notify Mandiant and will pay Mandiant any additional amounts necessary to ensure that the net amount Mandiant receives, after any deduction or withholding, equals the amount Mandiant would have received if no deduction or withholding had been required. Additionally, Customer will provide to Mandiant evidence, to the reasonable satisfaction of Mandiant, showing that the withheld or deducted amounts have been paid to the relevant governmental authority. For purposes of calculating sales and similar taxes, Mandiant will use the address set forth on the Order or Statement of Work, as applicable, as the jurisdiction to which Offerings and shipments are delivered unless Customer has otherwise notified Mandiant in writing as of the Order Effective Date or Statement of Work Effective Date, as applicable. Customer will provide tax exemption certificates or direct-pay letters to Mandiant on or before the Order Effective Date or Statement of Work Effective Date, as applicable.
3.4 Increases. Mandiant reserves the right to increase Fees at any time, although increases in Fees for Solutions or Support Services will not go into effect until the next Renewal Subscription Term or Renewal Support Term, as applicable.
3.5 Google Cloud Marketplace. Notwithstanding anything to the contrary in this Section 3, the following apply to purchases made through the Google Cloud Marketplace: (a) Direct Customers. Fees and payment for Mandiant Solutions purchased by Customer through the Google Cloud Marketplace will be included in Customer's invoice for Google Cloud Platform services. All invoicing and payment terms in the agreement under which Google has agreed to provide Mandiant Solutions to Customer will apply to purchases of the Mandiant Solutions from Google Cloud Marketplace. (b) Partners and Resellers. Fees and payment for Mandiant Solutions purchased by partners or resellers of Google Cloud Platform through the Google Cloud Marketplace will be as described in the agreement that authorizes the resale or supply of Mandiant Solutions under a Google Cloud partner or reseller program.
4. TITLE AND RISK OF LOSS; INSPECTION. All hardware, including hardware components of Offerings and any hardware provided for use with Solutions, is shipped FOB Origin from Mandiant’s designated manufacturing facility or point of origin, and title to such hardware and the risk of loss of or damage to the hardware shall pass to Customer at time of Mandiant’s delivery of such hardware to the carrier. Mandiant is authorized to designate a carrier pursuant to Mandiant’s standard shipping practices unless otherwise specified in writing by Customer. Customer must provide written notice to Mandiant within five (5) days of delivery of the Offerings of any non-conformity with the Order, e.g., delivery of the wrong Offering or incorrect quantities.
5. EVALUATION AND PREVIEW OFFERINGS; TRAINING.
5.1. Evaluations, Free Offerings, Preview Features, Beta Features. If Customer receives an Offering for evaluation purposes (“Evaluation Offerings”) then Customer may use the Evaluation Offerings for its own internal evaluation purposes for a period of up to thirty (30) days from the date of receipt of the Evaluation Offerings (the “Evaluation Period”). Customer and Mandiant may, upon mutual written agreement (including via email), extend the Evaluation Period. If the Evaluation Offering includes hardware components, Customer will return the hardware within ten (10) days of the end of the Evaluation Period, and if Customer does not return the hardware within this period, Customer shall be invoiced for the then-current list price for the applicable Evaluation Offering. Customer acknowledges that title to hardware components of Evaluation Offerings remains with Mandiant at all times, and that Evaluation Offerings may be used and/or refurbished units. Customer must delete all software and other components (including Documentation) related to the Evaluation Offering at the end of the Evaluation Period, and confirm those deletions in writing to Mandiant, or Customer will be invoiced for the then-current list price for the Evaluation Offering. If the Evaluation Offering is a Solution Subscription, Customer understands that Mandiant may disable access to the Solution Subscription automatically at the end of the Evaluation Period, without notice to Customer. Free offerings, preview features and beta features or products may be provided with respect to an existing Offering or on a stand-alone basis, for a limited time, at no additional charge but then licensed for an additional fee at a later date. All such free, preview and beta features or products are considered “Unpaid Offerings,” and Mandiant may discontinue providing such Unpaid Offerings at any time. EVALUATION OFFERINGS AND UNPAID OFFERINGS ARE PROVIDED “AS IS”, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, MANDIANT DISCLAIMS ALL WARRANTIES RELATING TO THE EVALUATION OFFERINGS AND FREE OFFERINGS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES AGAINST INFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY, ACCURACY, AND FITNESS FOR A PARTICULAR PURPOSE.
5.2. Training. Training delivery dates and location for such Training will be mutually agreed upon by the parties. If an Order does not specify such dates and/or locations, then the parties will mutually agree upon the dates and locations for Training. Customer must request rescheduling of private Training no less than two (2) weeks in advance of the scheduled start date, and any such rescheduled training must be held within one (1) year of the date of the Order on which the original Training was included. Mandiant will use reasonable efforts to reschedule the Training, subject to availability, and Customer will pay any expenses associated with the rescheduling, including any expenses associated with cancelling or changing travel plans. If Customer cancels attendance at a public Training class, Customer must notify Mandiant no later than two (2) weeks before the date of the public Training class. If Customer timely notifies Mandiant of the cancellation, Mandiant will issue Customer a credit for the amount paid for that public Training class, which Customer may apply toward another public Training class of the same duration held within one (1) year of the date of the Order on which the cancelled Training class was included. Customer may substitute a named attendee at a public Training class, but Customer will notify Mandiant in advance of any such substitution. Mandiant reserves the right to refuse admittance to public Training classes to any person, for any reason, and if Mandiant refuses admittance, Mandiant will refund the amount paid for that person’s attendance at the public Training class. Mandiant does not refund or credit Fees paid for attendees who do not attend Training or who leave before Training concludes. Mandiant reserves the right to cancel public Training classes for any reason. Training may not be recorded. All Training must be scheduled and conducted within one (1) year of the date of the applicable Order for that Training. On-demand Training must be completed within ninety (90) days of the date of purchase. Access credentials for on-demand Training may not be shared or otherwise transferred.
6. INTELLECTUAL PROPERTY; LICENSE
6.1. Ownership of Mandiant Materials; Restrictions. All Intellectual Property Rights in Mandiant Materials, Solutions, Deliverables, Documentation, and Services belong exclusively to Mandiant and its licensors. Customer will not (and will not allow any third party to): (i) disassemble, decompile, reverse compile, reverse engineer or attempt to discover any source code or underlying ideas or algorithms of any Mandiant Materials (except to the limited extent that applicable law prohibits reverse engineering restrictions); (ii) sell, resell, distribute, sublicense or otherwise transfer, the Mandiant Materials, or make the functionality of the Mandiant Materials available to any other party through any means (unless otherwise Mandiant has provided prior written consent), (iii) without the express prior written consent of Mandiant, conduct any benchmarking or comparative study or analysis involving the Mandiant Materials (“Benchmarking”) for any reason or purpose except, to the limited extent absolutely necessary, to determine the suitability of Solutions to interoperate with Customer’s internal computer systems; (iv) disclose or publish to any third party any Benchmarking or any other information related thereto; (v) use the Mandiant Materials or any Benchmarking in connection with the development of products, services or subscriptions that compete with the Mandiant Materials; or (vi) reproduce, alter, modify or create derivatives of the Mandiant Materials. Between Customer and Mandiant, Mandiant shall retain all rights and title in and to any Indicators of Compromise Mandiant developed by or for Mandiant in the course of providing Solutions or performing Services. Mandiant may audit Customer’s use of Offerings to ensure compliance with the terms of this Agreement.
6.2. Deliverables License. Subject to payment of all applicable fees and subject to the terms of this Agreement, Customer shall have a perpetual, non-exclusive, nontransferable, right and license to (unless otherwise set forth in a Statement of Work) use, display and reproduce the Deliverables for its internal business purposes. Deliverables may not be shared with any third party other than law enforcement agencies.
6.3. Solutions License. Subject to Customer’s timely payment of applicable fees, and subject to the terms of this Agreement, Customer shall have a limited, non-exclusive, nontransferable, right and license to access and use the Solutions during the relevant Subscription Term for its internal business purposes as set forth in the applicable Schedule, and as set forth in any applicable service description related to the Solution. Customer will maintain the copyright notice and any other notices that appear on the Solutions, including any interfaces related to the Solutions.
7.1. Services and Solutions Warranty. Mandiant warrants to Customer that Services will be performed and Solutions will be provided in a professional manner in accordance with industry standards for like services and solutions, respectively. If Customer believes the warranty stated in this Section has been breached, Customer must notify Mandiant of the breach no later than thirty (30) days following the date of the breach, and Mandiant will promptly correct the affected Solution or re-perform the Services, at Mandiant’s expense. The warranties stated in this Section 7 and each Schedule shall not apply if the Offering has: (i) been subjected to abuse, misuse, neglect, negligence, accident, improper testing, improper installation, improper storage, improper handling or use contrary to any instructions issued by Mandiant; (ii) been repaired or altered by persons other than Mandiant; (iii) not been installed, operated, repaired and maintained in accordance with the Documentation; or (iv) been used with any third party software or hardware which has not been previously approved in writing by Mandiant. If during the applicable warranty period: (a) Mandiant is notified promptly in writing upon discovery of any error in a Solution, including a detailed description of such alleged error; (b) if applicable, such Solution is returned, transportation charges prepaid, to Mandiant’s designated manufacturing facility in accordance with Mandiant’s then-current return procedures, as set forth by Mandiant from time to time; and (c) Mandiant’s inspections and tests determine that the Solution contains errors and has not been subjected to any of the conditions set forth in 7.1(i)-(iv) above, then, as Customer’s sole remedy and Mandiant’s sole obligation under the foregoing warranty, Mandiant shall, at Mandiant’s option, repair (or correct the error, as applicable) or replace without charge such Solution. Any Solution that has either been repaired or replaced under this warranty shall have warranty coverage for the remaining warranty period. Replacement parts used in the repair of a Product may be new or equivalent to new.
7.2. Solutions Warranty. Mandiant warrants to Customer the Solution Subscriptions will be provided in a professional manner in accordance with industry standards for similar subscriptions. If Customer believes the warranty stated in this Section has been breached, Customer must notify Mandiant of the breach no later than thirty (30) days following the date the warranty was allegedly breached, and Mandiant will promptly correct the non-conformity, at Mandiant’s expense.
7.3. Remedies Exclusive. Except for any Service Level Credits described in applicable Schedules, the remedies stated in Sections 7.1-7.3 above are the sole remedies, and Mandiant’s sole obligation, with respect to Products, Subscriptions and Services that fail to comply with the foregoing warranties.
7.4. Disclaimer of Warranties. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH HEREIN, ALL SOLUTIONS, MANDIANT MATERIALS, DELIVERABLES AND SERVICES ARE PROVIDED ON AN “AS IS” BASIS WITHOUT ANY WARRANTY WHATSOEVER. MANDIANT AND ITS SUPPLIERS EXPRESSLY DISCLAIM, TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, ALL WARRANTIES, EXPRESS, IMPLIED AND STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, NONINFRINGEMENT, OR ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE. MANDIANT ALSO MAKES NO WARRANTY REGARDING NONINTERRUPTION OF USE OR FREEDOM FROM BUGS, AND MAKES NO WARRANTY THAT SOLUTIONS, MANDIANT MATERIALS, DELIVERABLES, SERVICES OR SUBSCRIPTIONS WILL BE ERROR-FREE.
8. INFRINGEMENT INDEMNITY.
8.1. Indemnity. Mandiant shall defend Customer, and its officers, directors and employees, against any third party action alleging that the Mandiant Materials infringes a valid U.S. patent or copyright issued as of the date of delivery or performance, as applicable, and Mandiant shall pay all settlements entered into, and all final judgments and costs (including reasonable attorneys’ fees) finally awarded against such party in connection with such action. If the Mandiant Materials, or parts thereof, become, or in Mandiant’s opinion may become, the subject of an infringement claim, Mandiant may, at its option: (i) procure for Customer the right to continue using the applicable Mandiant Materials; (ii) modify or replace such Mandiant Materials with a substantially equivalent non-infringing Mandiant Materials; or (iii) require the return of such Mandiant Materials or cease providing affected Solution Subscriptions, Deliverables or Services, and refund to Customer a portion of any pre-paid Fees for Solution Subscriptions, pro rated for any unused Subscription Term, and with respect to Services, any pre-paid Fees for Services that have not been delivered. THIS SECTION 8.1 STATES THE ENTIRE LIABILITY OF MANDIANT AND CUSTOMER’S SOLE REMEDY WITH RESPECT TO ANY INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS BY THE OFFERINGS, MANDIANT MATERIALS, OR DELIVERABLES.
8.2. Exceptions. Mandiant shall have no indemnification obligations with respect to any action arising out of: (i) the use of any Solution Subscription, Deliverable, or Service, or any part thereof, in combination with software or other products not supplied by Mandiant; (ii) any modification of the Solution Subscriptions, Deliverables, or Services not performed or expressly authorized by Mandiant; or (iii) the use of any the Solution Subscriptions, Deliverables, or Services other than in accordance with this Agreement and applicable Documentation.
8.3. Indemnification Process. The indemnification obligations shall be subject to Customer: (i) notifying Mandiant within ten (10) days of receiving notice of any threat or claim in writing of such action; (ii) giving Mandiant exclusive control and authority over the defense or settlement of such action; (iii) not entering into any settlement or compromise of any such action without Mandiant’s prior written consent; and (iv) providing reasonable assistance requested by Mandiant.
9. LIMITATION OF LIABILITY.
9.1. Consequential Damages Waiver. EXCEPT FOR LIABILITY ARISING UNDER THE INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 8 (INFRINGEMENT INDEMNITY), IN NO EVENT WILL MANDIANT BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO ANY LOST PROFITS AND LOST SAVINGS, HOWEVER CAUSED, WHETHER FOR BREACH OR REPUDIATION OF CONTRACT, TORT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE, WHETHER OR NOT MANDIANT WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.
9.2. Limitation of Monetary Damages. EXCEPT FOR LIABILITY ARISING UNDER THE INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 8 (INFRINGEMENT INDEMNITY), AND NOTWITHSTANDING ANY OTHER PROVISIONS OF THIS AGREEMENT OR ANY ORDER OR STATEMENT OF WORK, MANDIANT’S TOTAL LIABILITY ARISING OUT OF THIS AGREEMENT, THE OFFERINGS, THE MANDIANT MATERIALS AND DELIVERABLES SHALL BE LIMITED TO THE TOTAL AMOUNTS RECEIVED BY MANDIANT FOR THE RELEVANT OFFERINGS DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE FIRST OCCURRENCE OF THE EVENTS GIVING RISE TO SUCH LIABILITY.
9.3. Applicability. THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN WILL APPLY ONLY TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, AND NOTHING HEREIN PURPORTS TO LIMIT EITHER PARTY’S LIABILITY IN A MANNER THAT WOULD BE UNENFORCEABLE OR VOID AS AGAINST PUBLIC POLICY IN THE APPLICABLE JURISDICTION.
10. COMPLIANCE WITH LAW; U.S. GOVERNMENT RESTRICTED RIGHTS.
10.1. Compliance with Law. Each party will comply with all laws and regulations applicable to it with respect to the Offerings, including all export control regulations and restrictions that may apply to the Offerings. Customer will not export any Mandiant Materials to any countries embargoed by the United States (currently including Cuba, Iran, North Korea, Sudan and Syria). Each Party acknowledges that it is familiar with and will comply with the provisions of the U.S. Foreign Corrupt Practices Act ("the FCPA") and the U.K. Bribery Act of 2010 (“UKBA”), as applicable, and each party agrees that no action it takes will constitute a bribe, influence payment, kickback, or other payment that violates the FCPA, the UKBA, or any other applicable anticorruption or anti-bribery law.
10.2. U.S. Government Restricted Rights. The Offerings, Deliverables and Documentation are “commercial items”, “commercial computer software” and “commercial computer software documentation,” pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable. All Offerings and Mandiant Materials are and were developed solely at private expense. Any use, modification, reproduction, release, performance, display or disclosure of the Offerings, Mandiant Materials and Documentation by the United States Government shall be governed solely by this Agreement and shall be prohibited except to the extent expressly permitted by this Agreement.
11. CONFIDENTIAL INFORMATION.
11.1. Confidential Information. “Confidential Information” means the non-public information that is exchanged between the parties, provided that such information is: (i) identified as confidential at the time of disclosure by the disclosing party (“Discloser”); or (ii) disclosed under circumstances that would indicate to a reasonable person that the information should be treated as confidential by the party receiving such information (“Recipient”). The terms of any commercial transaction between the parties (including pricing related to the Offerings) shall be considered Confidential Information.
11.2. Maintenance of Confidentiality. Each party agrees that it shall: (i) take reasonable measures to protect the Confidential Information by using the same degree of care, but no less than a reasonable degree of care, to prevent the unauthorized use, dissemination or publication of the Confidential Information as the Recipient uses to protect its own confidential information of a like nature; (ii) limit disclosure to those persons within Recipient’s organization with a need to know and who have previously agreed in writing, prior to receipt of Confidential Information either as a condition of their employment or in order to obtain the Confidential Information, to obligations similar to the provisions hereof; (iii) not copy, reverse engineer, disassemble, create any works from, or decompile any prototypes, software or other tangible objects which embody the other party's Confidential Information and/or which are provided to the party hereunder; and (iv) comply with, and obtain all required authorizations arising from, all U.S. and other applicable export control laws or regulations. Confidential Information shall not be used or reproduced in any form except as required to accomplish the purposes and intent of an Order or Statement of Work. Any reproduction of Confidential Information shall be the property of Discloser and shall contain all notices of confidentiality contained on the original Confidential Information.
11.3. Exceptions. The parties agree that the foregoing shall not apply to any information that Recipient can evidence: (i) is or becomes publicly known and made generally available through no improper action or inaction of Recipient; (ii) was already in its possession or known by it prior to disclosure by Discloser to Recipient; (iii) is independently developed by Recipient without use of or reference to any Confidential Information; or (iv) was rightfully disclosed to it by, or obtained from, a third party. Recipient may make disclosures required by law or court order provided that Recipient: (a) uses diligent efforts to limit disclosure and to obtain, if possible, confidential treatment or a protective order; (b) has given prompt advance notice to Discloser of such required disclosure; and (c) has allowed Discloser to participate in the proceedings.
11.4. Injunctive Relief. Each party will retain all right, title and interest to such party’s Confidential Information. The parties acknowledge that a violation of the Recipient’s obligations with respect to Confidential Information may cause irreparable harm to the Discloser for which a remedy at law would be inadequate. Therefore, in addition to all remedies available at law, Discloser shall be entitled to seek an injunction or other equitable remedies in all legal proceedings in the event of any threatened or actual violation of any or all of the provisions hereof.
11.5. Return of Confidential Information. Within thirty (30) days after the date when all Orders and SOWs have expired or been terminated, or after any request for return of Confidential Information, each party will return to the other party or destroy all of such other party’s Confidential Information, in accordance with its own standard procedures and policies, and, upon request, provide such other party with an officer’s certificate attesting to such return and/or destruction, as appropriate. Notwithstanding the foregoing, each party may retain additional copies of, or computer records or files containing, the Confidential Information of the other party that have been created by that party’s electronic archiving and back-up procedures, to the extent created and retained in a manner consistent with the Receiving Party's standard procedures.
11.6. Privacy. If Mandiant is a data processor under this Agreement, and in accordance with applicable data protection laws, including but not limited to the EU General Data Protection Regulation (GDPR), Mandiant agrees that it will:
11.6.1 process personal data controlled by Customer when authorized by the Customer and in compliance with this Agreement and will not use or process the personal data for purposes other than those permitted by the Customer, anticipated by the Documentation for the Offerings, or for the purpose of research and development of Mandiant’s Offerings;
11.6.2 adopt and maintain appropriate (including organizational and technical) security measures in processing Customer’s personal data in order to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of such data, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing;
11.6.3 take all reasonable steps to ensure that (i) persons employed by it, and (ii) other persons engaged at its place of work, are aware of and comply with applicable data privacy laws and regulations;
11.6.4 provide Customer access to a list of current sub-processors that may handle personal data at Mandiant’s direction.
11.6.5 Mandiant may process or otherwise transfer any personal information in or to any country outside of the country of origination, including such countries with less restrictive data protection laws, to the extent necessary for the provision of the Offerings. If required and where applicable, Mandiant will enter into mutually agreed-upon country-specific data transfer mechanisms, and Mandiant has entered into the EU Standard Contractual Clauses as approved by the European Commission, to help ensure an adequate level of data protection for any personal data that will be processed or transferred. Mandiant does not react to Do Not Track signals because there is no standard for how those signals are sent; and
11.6.6 Customer agrees it is responsible for obtaining any applicable consents from data subjects for Customer’s use of Mandiant to process Customer’s data.
12. TERM AND TERMINATION.
12.1. Term. This Agreement will become effective on the Effective Date and will continue in effect for a period of one (1) year (the “Initial Term” of the Agreement). This Agreement will renew for additional periods of one (1) year each (each, a “Renewal Term” and together with the Initial Term, the “Term” of this Agreement) unless either party notifies the other of its intent not to renew this Agreement by giving the other party notice of non-renewal no later than sixty (60) days prior to the end of the then-current Term. The term of each Order will be as set forth below or in the applicable Schedule, and the term of each SOW will be as set forth in the applicable SOW.
12.1.1 Support Services. Support Services will begin on or shortly after the Order Effective Date (as determined by Mandiant) and will continue in effect for the period of time stated in the Order (“Initial Support Term”). Unless otherwise stated on the Order, the Support Services will automatically renew for additional periods of one (1) year each (each, a “Renewal Support Term” and together with the Initial Support Term, the “Support Term”), unless either party notifies the other of its intention not to renew Support Services at least sixty (60) days prior to the expiration of the then-current Support Term. Customer may terminate Support at any time, for convenience, on thirty (30) days’ written notice to Mandiant. If Customer terminates Support Services for convenience before the end of the then-current Support Term, Customer will pay any remaining fees owing for the remainder of the then-current Support Term within thirty (30) days of the effective date of termination.
12.1.2 Solution Subscriptions. The term of each Solution Subscription will begin on or shortly after the Order Effective Date (as determined by Mandiant) and will continue in effect for the period of time stated in the Order (“Initial Subscription Term”). Unless otherwise stated on the Order, the Subscription will automatically renew after its Initial Subscription Term for additional periods of one (1) year each (each, a “Renewal Subscription Term” and together with the Initial Subscription Term, the “Subscription Term”), unless either party notifies the other of its intention not to renew that Solution Subscription at least sixty (60) days prior to the expiration of the then-current Subscription Term. Customer may terminate a Solution Subscription at any time, for convenience, on thirty (30) days’ written notice to Mandiant. If Customer terminates a Solution Subscription for convenience before the end of the then-current Subscription Term, Customer will pay any remaining fees owing for the remainder of the then-current Subscription Term within thirty (30) days of the effective date of termination.
12.1.3 Professional Services; Statements of Work. Professional Services described on an Order will be provided at mutually agreed-upon times, and will continue until complete, unless otherwise terminated as set forth herein. The term of each SOW will be as set forth in that SOW. If no term is expressed in an SOW, then the term of that SOW will begin on the SOW Effective Date and continue until the Professional Services described in that SOW are complete or the SOW is earlier terminated as set forth herein. Unless otherwise stated in a SOW, Customer may terminate a SOW at any time for convenience by giving Mandiant at least thirty (30) days’ written notice of its intent to terminate the SOW. If Customer terminates an SOW for convenience as set forth in this Section, Customer will pay any amounts owing for Professional Services and Deliverables provided under that SOW up to and including the date of termination. Customer may request that Mandiant suspend performing Professional Services during the term of a Statement of Work, and Mandiant will suspend such Professional Services within 24 hours of Customer’s request. Customer acknowledges that any such suspension will not affect Customer’s obligation to pay fees for Professional Services rendered through the date of suspension, and that resumption of Professional Services may be delayed if Mandiant redeploys personnel to other engagements during the period of suspension.
12.2. Termination for Material Breach. Either party may terminate any Order or any SOW upon written notice of a material breach of the applicable Order or SOW by the other party as provided below, subject to a thirty (30) day cure period (“Cure Period”). If the breaching party has failed to cure the breach within the Cure Period after the receipt by the breaching party of written notice of such breach, the non-breaching party may give a second notice to the breaching party terminating the applicable Order or SOW. Termination of any particular Order or SOW under this Section will not be deemed a termination of any other Order or SOW, unless the notice of termination states that another Order or SOW is also terminated. Notwithstanding the foregoing, the Cure Period applicable to a breach by Customer of any payment obligations under any Order or any SOW will be fifteen (15) days. Notwithstanding the foregoing, this Agreement shall terminate automatically in the event Customer has breached any license restriction and, in Mandiant’s determination, that breach cannot be adequately cured within the Cure Period.
12.3. Effect of Termination. Termination or expiration of any Order or SOW will not be deemed a termination or expiration of any other Orders or SOWs in effect as of the date of termination or expiration, and this Agreement will continue to govern and be effective as to those outstanding Orders and SOWs until those Orders and SOWs have expired or terminated by their own terms or as set forth herein. The provisions of Section 3 (Payment), Section 6 (Intellectual Property), Section 7.5 (Disclaimer of Warranties), 9 (Limitation of Liability), 10 (Compliance with Law; U.S. Government Restricted Rights), 11 (Confidential Information), and 13 (Miscellaneous), and all accrued payment obligations, shall survive the termination of all Orders and SOWs and the relationship between Mandiant and Customer.
13.1. Assignment. Customer may not assign any Order or Statement of Work, or any rights or obligations thereunder, in whole or in part, without Mandiant’s prior written consent, and any such assignment or transfer shall be null and void. Mandiant shall have the right to assign all or part of an Order or Statement of Work without Customer’s approval. Subject to the foregoing, each Order and Statement of Work shall be binding on and inure to the benefit of the parties’ respective successors and permitted assigns.
13.2. Entire Agreement. This Agreement along with any Order, Statement of Work and the Schedules attached hereto is the entire agreement of the parties with respect to the Offerings and supersedes all previous or contemporaneous communications, representations, proposals, commitments, understandings and agreements, whether written or oral, between the parties regarding the subject matter thereof. Mandiant does not accept, expressly or impliedly and Mandiant hereby rejects and deems deleted any additional or different terms or conditions that Customer presents, including, but not limited to, any terms or conditions contained or referenced in any order, acceptance, acknowledgement, or other document, or established by trade usage or prior course of dealing. This Agreement may be amended only in writing signed by authorized representatives of both parties.
13.3. Force Majeure. Neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to events which are beyond the reasonable control of the parties, such as strikes, blockade, war, terrorism, riots, natural disasters, refusal of license by the government or other governmental agencies, in so far as such an event prevents or delays the affected party from fulfilling its obligations and such party is not able to prevent or remove the force majeure at reasonable cost.
13.4. Governing Law. This Agreement shall be deemed to have been made in, and shall be construed pursuant to the laws of the State of California and the United States without regard to conflicts of laws provisions thereof, and without regard to the United Nations Convention on the International Sale of Goods or the Uniform Computer Information Transactions Act. Any legal suit, action or proceeding arising out of or relating to the Offerings, the Mandiant Materials, this Agreement, an Order or a Statement of Work will be commenced exclusively in a federal court in the Northern District of California or in state court in Santa Clara County, California, and each party hereto irrevocably submits to the jurisdiction and venue of any such court in any such suit, action or proceeding.
13.5. Independent Contractors. The parties are independent contractors. Nothing in these Terms, any Order or any Statement of Work shall be construed to create a partnership, joint venture or agency relationship between the parties. Customer shall make no representations or warranties on behalf of Mandiant.
13.6. Language. This Agreement and each Order and Statement of Work are in the English language only, which shall be controlling in all respects. All communications, notices, and Documentation to be furnished hereunder shall be in the English language only.
13.7. Notices. All notices required to be sent hereunder shall be in writing, addressed to receiving party’s current business contact, if known, with a cc: to the General Counsel/Legal Department of the receiving party, and sent to the party’s address as listed in this Agreement, or as updated by either party by written notice. Notices shall be effective upon receipt and shall be deemed to be received as follows: (i) if personally delivered by courier, when delivered; or (ii) if mailed by first class mail, or the local equivalent, on the fifth business day after posting with the proper address.
13.8. Severability. If any provision of this Agreement is held to be illegal, invalid or unenforceable under the laws of any jurisdiction, the provision will be enforced to the maximum extent permissible so as to effect the intent of the parties, and the remaining provisions of this Agreement will remain in full force and effect.
13.9. Third Party Rights. Other than as expressly set out in this Agreement, this Agreement does not create any rights for any person who is not a party to it and no person who is not a party to this Agreement may enforce any of its terms or rely on any exclusion or limitation contained in it.
13.10. Waiver. The waiver of a breach of any provision of this Agreement shall not constitute a waiver of any other provision or any subsequent breach.
13.11. Equal Opportunity. Mandiant is committed to the provisions outlined in the Equal Opportunity Clauses of Executive Order 11246, the Rehabilitation Act of 1973, the Vietnam Era Veterans Readjustment Act of 1974, the Jobs for Veterans Act of 2003, as well as any other regulations pertaining to these orders.
SCHEDULE: MANDIANT ADVANTAGE SOLUTIONS
MANDIANT SECURITY VALIDATION, MANDIANT VALIDATION ON DEMAND, MANDIANT AUTOMATED DEFENSE, MANDIANT ATTACK SURFACE MANAGEMENT
In addition to the Agreement, which governs this Schedule, the following terms govern the Mandiant Advantage Solutions, including the Mandiant Security Validation Solution, including any software-based, and cloud implementations, and including the Validation on Demand Solution (each, “Security Validation” or a “Security Validation Solution”), the Mandiant Attack Surface Management Solution (fka Intrigue Software)(the “Mandiant ASM Solution”), and the Mandiant Automated Defense Solution (fka Respond Software) (the “Automated Defense Solution”) (collectively, “Mandiant Advantage Solutions”).
1. License and Restrictions. Subject to the terms hereof, payment of all fees, and any applicable user/use limitations, Mandiant grants Customer a personal, non-sublicensable, nonexclusive, right to use the Mandiant Advantage Solutions (excluding Web Services related to the Security Validation Solution, which are licensed pursuant to Section 4), in accordance with the Agreement and this Schedule, and as set forth in the Documentation for the Mandiant Advantage Solutions, solely for Customer’s internal business purposes. Customer will maintain the copyright notice and any other notices that appear on the Mandiant Advantage Solutions, including any interfaces related to the Mandiant Advantage Solutions. All Mandiant Advantage Solutions, including software, are licensed, not sold, for a fixed term, and are not perpetually licensed.
(a) Mandiant Security Validation Solutions. The Security Validation Solutions shall only be used up to the purchased license entitlement, as set forth on the Order, for which Customer has paid the applicable fees. Customers purchasing the Validation on Demand version of the Security Validation Solution are licensed to use one (1) actor to conduct one (1) assessment, as set forth in the Documentation, and such use must occur within one (1) year from the date of the Order for the Validation on Demand Security Validation Solution. The term of the license shall begin on or shortly after the Order Effective Date (as determined by Mandiant) and will continue in effect for the period of time stated in the Order.
(b) Mandiant Automated Defense. Customers purchasing the Automated Defense Solution may use the Solution in accordance with the Documentation for the Solution, during the Solution Subscription Term solely for the purpose of analyzing the Customer’s data and rendering reports of the results of such analysis to Customer. Service levels for the Mandiant Automated Defense Portal are as set forth on the Mandiant Service Levels page.
(c) Mandiant Attack Surface Management. Customers purchasing the Mandiant ASM Solution may use the Solution in accordance with the Documentation for the Solution, during the Solution Subscription Term, for the purpose of assessing the security of Customer’s internet-facing assets. The Mandiant ASM Solution is licensed up to the purchased licensed entitlements, as set forth on the Order.
2. Security Content. The Security Validation Solutions may include access to certain defined files, URLs, IP addresses, file hashes, commands, network traffic samples and other artifacts that can be malicious and/or represent real attacker behavior (“Security Content”). Security Content is obtained from a variety of sources. Mandiant grants to Customer a limited, non-transferable, as-is, non-exclusive license to use the Security Content solely in connection with the Security Validation Solution and for no other purpose. MANDIANT MAKES NO REPRESENTATIONS OR WARRANTIES WITH REGARD TO THE SECURITY CONTENT AND DOES NOT GUARANTEE OR WARRANT THAT THE SECURITY CONTENT WILL COVER ALL POSSIBLE CONDITIONS, ENVIRONMENTS OR CONTROLS. SECURITY CONTENT IS OBTAINED FROM A VARIETY OF SOURCES, WHICH MAY INCLUDE KNOWN THREAT ACTORS. Any Security Content obtained or licensed from a third party and furnished through Mandiant or which Customer procures on its own will be deemed Third Party Materials under this Agreement. Mandiant may make available an exchange (the “Exchange”) through which Customer may obtain, download, or access certain Security Content furnished by third parties, including other Mandiant customers. In addition, Customer, itself, may elect to participate in the Exchange by electing to upload Security Content that it creates or procures. Use of the Exchange is entirely voluntary and subject to the Exchange terms and conditions as well as any specific terms and conditions of the third parties furnishing the Security Content. Any Security Content obtained through the Exchange will be deemed Third Party Materials under this Agreement. TO THE MAXIMUM EXTENT ALLOWED BY LAW, MANDIANT AND ITS LICENSORS WILL NOT BE LIABLE FOR ANY LOSSES, LIABILITIES, DAMAGES, JUDGMENTS, OR OTHER COSTS WITH RESPECT TO THE SECURITY CONTENT, WHETHER ARISING BY CONTRACT, TORT OR OTHERWISE. CUSTOMER ASSUMES ALL RISK ASSOCIATED WITH USE OF THE SECURITY CONTENT, AND ACKNOWLEDGES THAT MANDIANT HAS NO OBLIGATION TO ENSURE SECURITY CONTENT WILL OPERATE AS INTENDED. CUSTOMER UNDERSTANDS THAT SECURITY CONTENT INCLUDES LIVE MALWARE, INCLUDING RANSOMWARE, AND THAT USE OF THE SECURITY CONTENT IN WAYS NOT STRICTLY DESCRIBED IN THE DOCUMENTATION MAY CAUSE DAMAGE TO CUSTOMER’S ENVIRONMENT.
3. Web Services. Mandiant may provide access to certain Web-based or other online content (the "Web Services"), including intelligence offerings, and in some cases such Web Services will be subject to additional fees. Mandiant grants Customer a non-exclusive, non-transferable license to use the Web Services solely in connection with its use of the associated Solution. Customer grants to Mandiant a perpetual, irrevocable, worldwide, paid-up, non-exclusive license and right to reproduce, modify, create derivative works from, publish, distribute, sell, sub-license, transmit, publicly display and provide access to any information or data submitted by Customer through the Web Services, for purposes of enhancing Mandiant’s products and services, so long as (i) Mandiant ensures that any Customer Confidential Information is removed from such content, and (ii) Mandiant’s use of such content does not in any way identify Customer or its employees or in any other way allow a third party to identify Customer as the source of the content.
4. Support. Subject to Customer’s payment in full of all associated fees for Support Services, Mandiant shall provide Support Services for the Mandiant Advantage Solutions as set forth on the Mandiant Support Programs Page, as may be updated by Mandiant in its discretion.
MANDIANT MANAGED SOLUTIONS
(INCLUDES MANDIANT MANAGED DEFENSE, MANDIANT RANSOMWARE DEFENSE VALIDATION, MANDIANT BREACH ANALYTICS, MANDIANT ALERT INVESTIGATION & PRIORITIZATION, MANDIANT MANAGED CYBER OPERATIONS, MANDIANT MANAGED VALIDATION, MANDIANT MANAGED XDR)
In addition to the Agreement, which governs this Schedule, the following terms govern managed versions of Mandiant Solutions, including Managed Defense, Mandiant Managed Validation, Mandiant Ransomware Defense Validation, Mandiant Managed Cyber Operations, Mandiant Managed XDR, and Mandiant Breach Analytics, and Mandiant Alert Investigation & Prioritization (each, a “Managed Solution”).
1. Managed Solutions. Mandiant will provide Customer with the most current version of the Managed Solution service description (“Service Description”). The Service Description will contain an up-to-date description of the entitlements and support available through each Managed Solution. Customer acknowledges that Mandiant may update the Service Descriptions from time to time, and that the most current version of the Service Description will apply to the Managed Solution. During the Subscription Term, Mandiant will provide the Managed Solution as set forth in the Service Description, according to the volume of entitlements or licenses purchased by Customer as set forth in the Subscription Order. All services Customer requests that are not described in the Service Description will be performed at mutually agreed upon rates as set forth in Statements of Work. If the number of entitlements or licenses exceeds the purchased volume reflected in the Subscription Order, Mandiant will notify Customer in writing, and will issue an invoice for the next higher count at Mandiant’s then-current rates pro-rated for the remaining portion of the then-current Subscription Term.
2. Reseller and Partner Purchases. If Customer receives the Managed Solution via a Mandiant authorized services or support partner (a “Partner”), Customer agrees that the Managed Solution and any output of the Managed Solution, including reports, may be delivered to Customer through the Partner. Notwithstanding any other confidentiality obligations between the parties, Customer authorizes Mandiant to disclose information related to the Managed Solution and Customer Data to Partner.
3. Customer Responsibilities. Customer acknowledges and agrees that Mandiant’s ability to successfully deliver the Managed Solution is dependent on the Customer’s ability to meet its responsibilities as outlined herein.
3.1 Mandiant will have no liability for any failure to deliver the Managed Solution that may arise due to Customer’s refusal or failure to perform its responsibilities.
a) Installation Requirements. Customer will be responsible for the following: (i) providing network architecture diagrams, physical, and logical access to Customer’s environment for the sole purpose of deploying and configuring any Managed Solution supported technology (as may be defined in the Service Description); (ii) upgrading pre-existing technology to the minimum software version as referenced within the Service Description; (iii) providing confirmation that all technology within the Customer’s environment has been successfully configured and connected to their network according to the individual product’s System Administration Guide and the configurations supported as noted in the relevant product’s support terms; (iv) providing the ability to establish a persistent connection to the Customer’s network within the designated port range corresponding to the country from which the Managed Solution will be delivered.
b) Compromised Systems. Customer recognizes that Managed Solutions are not an alternative to an incident response engagement for an environment that is compromised prior to the start of the Managed Solution Subscription.
c) Credential Security. Customer will be responsible for the following: (i) providing accurate information to Mandiant for provisioning access to (and removal of) Customer personnel access to any portals associated with the Managed Solution; (ii) implementing and adhering to strong password standards; (iii) providing accurate information to Mandiant for domain whitelisting; and (iv) reporting any security issues related to the Managed Solution (including any available portals) to Mandiant immediately.
d) Network Segment Exclusion: Customer must notify Mandiant if specific network segments will not require Managed Defense monitoring. Customer must provide detailed information regarding the specific network segment range when possible. Examples: guest networks, testing environments, etc.
e) Remediating Known Compromises. Customer must make a reasonable effort to remediate any known compromises reported by Mandiant or third party vendors. Mandiant may choose to suppress alerts generated by known compromised systems until such time the compromise is remediated.
f) Time and Date Settings. Customers purchasing a Managed Defense the Nights and Weekends Subscription must ensure that all Managed Defense Supported Technology has accurate time and date settings, to help ensure that Nights and Weekends Supported Alerts are accurately categorized. Mandiant will not be responsible for reporting on Alerts generated by Managed Defense Supported Technology that does not have up to date time and date settings.
3.2. Exclusions. Notwithstanding anything else contained in this Agreement to the contrary, Mandiant shall have no obligation or responsibility to provide the Managed Solutions for (i) Solutions that the Customer (or Mandiant or another third party on Customer’s behalf) has configured with a one-way feed of FireEye’s Dynamic Threat Intelligence (DTI) Content Feed; (ii) products or solutions that have been declared end of support or that are not currently supported; (iii) products or solutions that have no active support in place; (iv) products or solutions for which updates have not been applied; (v) products or solutions that have not been installed and deployed; or (vi) products or solutions that are misconfigured or incorrectly deployed, which prevents the Managed Solution from monitoring. Customer acknowledges that to facilitate Mandiant’s efficient performance of the Managed Solutions, Mandiant may control some features and functionality of the underlying products and solutions, including by applying updates, and such features or functionality may not be available for Customer’s independent use during the Subscription Term of the Managed Solution.
3.3. Portal Access. For some Managed Solutions, monitoring and alert reports will be provided via an online portal ("Managed Solution Portal"), and Mandiant will provide login credentials to the Customer to enable access to the Managed Solution Portal. Service levels for the Managed Solution Portal, if any, are as set forth on Mandiant's Service Levels page.
SCHEDULE: MANDIANT ADVANTAGE
MANDIANT THREAT INTELLIGENCE SUBSCRIPTIONS
In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern Mandiant Threat Intelligence Subscriptions (each, an “Intelligence Subscription”). Mandiant will provide the Intelligence Subscription(s) purchased by the Customer, as shown on the Order.
1. Intelligence Subscriptions
Mandiant will provide Customer with the most current version of the Mandiant Intelligence service description (“Service Description”). The Service Description will contain an up-to-date listing of the entitlements and support available through each Intelligence Subscription. Customer acknowledges that Mandiant may update the Service Description from time to time, and that the most current version of the Service Description will apply to the Intelligence Subscription.
2. License; Access to Intelligence Subscription and Content.
2.1. Grant of Limited License. During the Subscription Term , Mandiant grants to Customer in accordance with the terms of this Agreement and Intelligence Subscription(s) purchased, a limited, worldwide, revocable, non-exclusive, non-transferable, non-assignable, non-sublicensable royalty-free right and license to use Intelligence Subscription to access Mandiant Intelligence for Customer’s internal use only. Certain features of some Intelligence Subscriptions may provide access to third party data, some of which may be collected from underground forums or other websites. Customer acknowledges and agrees that its use of any such data is solely for the purpose of its own internal security investigations and for research to secure its own networks. All access methods and content is Mandiant Material and Mandiant Confidential Information as defined in the Agreement. Customer will not interfere with, restrict or inhibit any other customer from using the Mandiant Intelligence Subscriptions or content or disrupt any services offered by Mandiant through any medium. Mandiant does not warrant that any content made available through the Subscription will continue to be available throughout the entire Subscription Term, and Mandiant may, in its discretion, remove content from time to time.
2.2. Limitations. The Intelligence Subscription(s) and services can be used only by Customer employees who have a need to know within Customer’s organization, typically defined as a person or group that has a direct role in securing information system or networks. Use of the Access Methods and access to the Intelligence Subscription(s) and the Content by Customer’s End Users is provided through access keys or login credentials. Access keys and login credentials may not be shared between End Users. Customer may not establish group accounts. Mandiant reserves the right to discontinue offering particular Access Methods or to modify the Access Methods at any time in its sole discretion. Mandiant reserves the right to limit the number and/or frequency of requests for Content made through the Access Methods in its sole discretion. Customer will not exceed any usage limits established by Mandiant. In addition to any other rights under this Agreement, Mandiant may utilize technical measures to prevent over-usage or to stop usage of any Access Methods or any Application after any usage limitations are exceeded.
2.3. Customer Submissions. Customer agrees that certain information and data that will be provided by Customer to Mandiant through the Intelligence Subscription(s), such as malware submitted for analysis, is not owned by Customer. Such submissions may be used, aggregated, analyzed and shared by Mandiant to enhance the products and services Mandiant provides to its customers.
SCHEDULE: MANDIANT SOLUTIONS
MANDIANT EXPERTISE ON DEMAND SUBSCRIPTION
In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the Mandiant Expertise On Demand Subscription (“Expertise On Demand” or “Expertise On Demand Subscription”).
1. Expertise On-Demand Services. Expertise On-Demand Services. Mandiant will provide Customer with the most current version of the Expertise On-Demand service description (“Service Description”). The Service Description will contain an up-to-date listing of the services available through the Expertise On-Demand Subscription (“Expertise on Demand Services”). Customer may order any of the Expertise on Demand Services described in the Service Description during the twelve (12) month period beginning on the Order Effective Date (the “Covered Period”), as set forth in this Schedule. Each Expertise on Demand Service will draw down the number of Expertise on Demand Units listed for that Expertise on Demand Service in the Service Description. Customer shall make each request for Expertise on Demand Services in writing through one of the communication channels described in the Service Description, and Mandiant will, after receiving the written request, confirm receipt, and schedule a planning and coordination call if necessary. All Expertise on Demand Services must commence within the Covered Period, and must be requested within the time frames set forth in the Service Description to allow for scheduling so that Expertise on Demand Services may commence prior to the end of the Covered Period. Customer acknowledges that Mandiant may update the Service Description from time to time, and that the most current version of the Service Description (including listings of Expertise on Demand Services and Unit values) will apply to the Expertise on Demand Services, subject to the following: Mandiant will notify Customer at least twelve (12) months in advance of discontinuing any Expertise on Demand Service or increasing the number of Expertise on Demand Units required for any Expertise on Demand Service.
2. Incident Response Retainer. Mandiant (through its division Mandiant) agrees to provide incident response services (“Incident Response Services”) during the Covered Period, as set forth in the Service Description. During the Covered Period Mandiant will provide Incident Response Services as requested by Customer in the following areas:
- Computer security incident response support.
- Forensics, log and advanced malware analysis.
- Advanced threat actor response support.
- Advanced threat/incident remediation assistance.
Shortly after the Order Effective Date, Customer will receive a welcome letter that describes the Mandiant Incident Response Services process, 24/7 contact information and email address for requesting Incident Response Services. Customer is provided access to Mandiant’s toll-free hotline, which is available 24 hours a day and 7 days a week.
3. Deliverables. Deliverables for each Expertise On Demand Service and the Incident Response Services will be as described in the Service Description.
4. Units. In consideration for the Expertise On Demand Services, Customer will pay the fixed fee as set forth on the Order (the “Package Fixed Fee”), which will entitle Customer to the number of Expertise On Demand Units (“Units”) set forth on the Order (“Unit Package”). The total Package Fixed Fee will be invoiced on or about the Order Effective Date. Customer may purchase additional Units (“Additional Units”) during the Covered Period. Additional Units may be used only within the Covered Period, and are non-cancelable and non-refundable. Units may not be used for any Service or Solution Subscription other than the Expertise On Demand Services as described in the Service Description. Any technology fees and expenses will be invoiced separately as set forth in the Service Description.
SCHEDULE: MANDIANT PROFESSIONAL SERVICES
In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern Mandiant Professional Services:
1. Deliverables. Subject to Customer’s timely payment of applicable fees, and subject to the Agreement and each applicable SOW, Customer shall have a perpetual, non-exclusive, nontransferable, right and license to use, display and reproduce the Deliverables for its internal business purposes. Deliverables may not be shared with any third party other than law enforcement agencies. In no event may Deliverables be used for sales or marketing activities.
2. Customer-Owned Property. Customer is and will remain, at all times, the sole and exclusive owner of the Customer-Owned Property (including, without limitation, any modification, compilation, derivative work of, and all intellectual property and proprietary rights contained in or pertaining thereto). Mandiant will return or destroy all Customer-Owned Property upon the termination or expiration of the applicable SOW or Order. “Customer-Owned Property” means any technology, software, algorithms, formulas, techniques or know-how and other tangible and intangible items that were owned by Customer, or developed by or for Customer prior to the SOW Effective Date that are provided by Customer to Mandiant for incorporation into or used in connection with the development of the Deliverables or performance of Professional Services.
3. Customer Responsibilities. If the Services require the installation and use of Mandiant equipment or software, Customer will facilitate the installation and shall provide physical space, electrical power, Internet connectivity and physical access as reasonably determined and communicated by Mandiant.
4. Litigation Expenses. If Mandiant is required by applicable law, legal process or government action to produce information, documents or personnel as witnesses with respect to the Professional Services or this Agreement, such as by responding to one or more subpoenas, Customer shall reimburse Mandiant for any time and expenses (including without limitation reasonable external and internal legal costs) incurred to respond to the request, unless Mandiant is itself a party to the proceeding or the subject of the investigation.
SCHEDULE: MANDIANT ACADEMY
In addition to the General Terms Applicable to all Offerings, which govern this Schedule, the following terms govern the Mandiant Academy programs and certifications (“Mandiant Academy”).
- Program Requirements. Individuals (“Candidates”) may purchase individual Training courses as part of the Mandiant Academy Training and certification programs. Candidates must abide by Mandiant Academy program guidelines and policies (collectively, “Mandiant Academy Program Requirements”) at all times, including the terms and conditions set forth in this Agreement. References to “Customer” in the General Terms Applicable to all Offerings will be deemed references to “Candidates” with respect to Mandiant Academy programs.
All Access Pass. Candidates purchasing a Mandiant Academy Learning Pass (“Learning Pass”) may attend an unlimited number of Mandiant-hosted per-seat public courses during the period of time described in the Order (“Learning Pass Term”), subject to the following restrictions:
(a) Terms applicable to Training in the Agreement apply;
(b) Candidates using a Learning Pass may only register to attend one (1) training course within a 24-hour period;
(c) Candidates must register for courses during the Learning Pass Term;
(d) Training courses with fewer than five (5) attendees may be cancelled by Mandiant in its sole discretion; and
(e) Training classes are subject to availability.
- Use of Logos. Candidates who successfully complete all required Training courses as outlined in the Mandiant Academy Program Requirements, will be entitled to use the applicable “Mandiant Certified” logos (each, a “Certification Logo”) on business cards, letterhead, marketing collateral, social media profiles, and resumes to designate certification (collectively, “Candidate Collateral”). Candidates may only use the Certification Logo(s) corresponding to the Mandiant Academy program they have successfully completed.
- Candidates may not modify Certification Logos in any way, such as by changing colors, design elements, or wording, including translations. Candidates may not remove any trademark legends (such as ™) from any Certification Logos. Candidates may re-size Certification Logos as necessary, provided that such re-sizing does not render any textual elements illegible.
- Certification Logos may not appear larger or more prominently in Candidate Collateral than other branding elements. Certification Logos may not be used as part of or in combination with any trademarks or other branding elements of the Candidate or the Candidate’s employer or affiliated companies, in any way that would appear as if the Certification Logos are part of such other trademarks or branding elements.
- Candidates may not use Certification Logos in any way that would suggest or imply i) that the Candidate is employed by or formerly employed by Mandiant or any of its affiliates; ii) that Mandiant is a partner to or otherwise affiliated with any company with which Candidate is employed or otherwise engaged; or iii) that Candidate is otherwise associated with Mandiant or its affiliates.
- Mandiant reserves the right to inspect Candidate Collateral to ensure compliance with these terms. And the Mandiant Academy Program Requirements.
- To renew and maintain certification, Candidates must complete all renewal or re-certification requirements and pay all attendant fees, as outlined in the Mandiant Academy Program Requirements.