MANAGED SECURITY SERVICE PROVIDER AGREEMENT



PLEASE READ THIS MANAGED SECURITY SERVICE PROVIDER LICENSE TERMS AND CONDITIONS (“MSSP LICENSE TERMS”) CAREFULLY BEFORE INSTALLING OR ACCESSING/USING THE SOFTWARE FOR THE PURPOSE OF PROVIDING SECURITY SERVICES TO YOUR CUSTOMERS/CLIENTS.  BY INSTALLING, ACCESSING, OR USING THE SOFTWARE, YOU ARE AGREEING TO BE BOUND BY THE TERMS OF THIS MSSP LICENSE TERMS.  IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE, DO NOT INSTALL, ACCESS, USE OR PROVIDE SERVICE USING THE SOFTWARE AND (IF APPLICABLE) RETURN THIS SOFTWARE TO THE PLACE WHERE YOU OBTAINED IT.



This Managed Security Service Provider License Terms And Conditions (MSSP License Terms) is a legal agreement between Shield Alliance (Licensor) and you (Licensee) for access, use and provide service to your Customers/Clients using the OhPhish Phishing Simulation OhPhish Reporter, OhPhish Quizzer ‘Mobile Applications and OhPhish Learning Management software (together referred to as “Software as a Service”) subject to the terms and conditions of this MSSP License Terms in addition to the terms and conditions of the EULA published at https://portal.ohphish.com/licence/eula.html (wherever applicable).



  1. Grant of License by Licensor:

Subject to the terms and conditions of this MSSP License Terms and/or payment of applicable license and/or subscription fees, Licensor hereby grants to Licensee a revocable, non-exclusive, non-transferable license (except as provided herein) to access and use the Software as a Service and provide security services to Licensee’s Customers/Clients using the Software as a Service but not for resale, unless Licensee is a legal and authorized Licensee of Licensor, pursuant to a contract executed by both parties stating Licensee is an authorized Licensee. The Software as a Service is licensed to you and not sold. Additional restrictions and/or terms on use of the Software as a Service may be specified in the applicable Order Form and the Licensee agrees to be bound by such additional restrictions and/or terms (if any). Licensee agrees and acknowledges that it shall abide by the relevant terms and conditions of the EULA for the purpose of access and using the Software as a Service.

In addition to the terms and conditions of the EULA, MSSP License Terms does not authorize the Licensee in any way to use and access the Software as a Service as a platform to launch fake cyber security attack campaigns, attack the system and/or abuse any person or entity and/or commit any fraudulent activities such as email fraud, spam mail fraud, access device fraud, identify theft, bank fraud, wire fraud, computer fraud and abuse, privacy protection, email fraud, spam etc. and/or infringe any third-party’s intellectual property rights and/or launching.

Subject to the terms and conditions of the MSSP License Terms and/or the EULA and/or payment of applicable license and/or subscription fees, Licensor grants a limited, revocable, non-exclusive, non-transferable license to use the Security Awareness Materials (“Security Awareness Materials”) and Security Awareness Campaigns (“Security Awareness Campaigns”) for Licensee’s own internal business use provided each user is an authorized managed end user in the Licensee’s organization. Security Awareness Training Materials will be provided under license in digital format only. Printing where allowed, and other costs are the responsibility of Licensee. Any attempt to sell, transfer, create derivative works from, broadcast or post on any external network or media is prohibited. Licensee is not permitted to broadcast or post the Security Awareness Materials and/or Security Awareness Campaigns on or through Licensee’s internal communications channels unless written permission is obtained from the Licensor.



  1. Description of Limitations:



Licensee shall not and shall not allow any third party, including (without limitation) Licensee’s Customers/Clients to (i) reverse engineer, modify, decompile, or disassemble, modify, adapt, translate, copy the Software as a Service either whole or in part and/or any associated documentation; (ii) remove or modify any proprietary marking or restrictive legends in the Software as a Service and/or its associated documentation; (iii) access the Software as a Service or use the documentation to build a competitive service or product, or copy any feature, function or graphic for competitive purposes; (iv) launch fake cyber security attack campaigns, attack the system and/or abuse any person or entity and/or commit any fraudulent activities such as email fraud, spam mail fraud, access device fraud, identify theft, bank fraud, wire fraud, computer fraud and abuse, privacy protection, email fraud, spam etc. and/or infringe any third-party’s intellectual property rights and/or launching. The Licensor reserves the right to terminate the use and access of such service without notice in the event of breach or threatened breach of this provision.



  1. Ownership of Software as a Service:



  1. LICENSEE DOES NOT OWN THE SOFTWARE AS A SERVICE, AND NOTHING IN THIS MSSP LICENSE TERMS TRANSFERS TO LICENSEE AND ITS CUSTOMERS TITLE TO ANY PORTION OF THE SOFTWARE AS A SERVICE AND/OR ANY REPORTS GENERATED USING THE SOFTWARE AS A SERVICE. LICENSORS OWN ALL COPYRIGHTS, TRADE SECRETS AND ANY OTHER INTELLECTUAL PROPERTY RIGHTS COMPRISING SOFTWARE AS A SERVICE AND/OR ANY REPORTS GENERATED USING THE SOFTWARE AS A SERVICE. LICENSEE MAY ACCESS AND USE THE SOFTWARE AS A SERVICE ONLY AS EXPRESSLY AUTHORIZED BY THIS MSSP LICENSE TERMS AND ONLY WHILE THIS MSSP LICENSE TERMS IS IN EFFECT. ANY COPYING, REPRODUCTION, MODIFICATION OR OTHER USE OF THE SOFTWARE AS A SERVICE NOT AUTHORIZED BY THIS MSSP LICENSE TERMS CONSTITUTES A BREACH OF THIS MSSP LICENSE TERMS AND UNLAWFUL INFRINGEMENT OF LICENSORS' PROPRIETARY RIGHTS. LICENSEE MUST SURRENDER ALL COPIES OF THE SOFTWARE AS A SERVICE WHEN THIS MSSP LICENSE TERMS CEASES TO BE IN EFFECT. NOTWITHSTANDING THE FOREGOING, THE LICENSOR MAY GRANT A PERPECTUAL AND SUB-LICENSABLE LICENSE TO LICENSEE TO USE THE REPORT GENERATED USING THE SOFTWARE AS A SERVICE.



  1. Trade-Secrets: The Software as a Service remains the valuable trade secret property of its Licensor. Aspects of the Software as a Service that are trade secrets include without limitation, the series of instructions or statements which comprise the computer programs, Security Awareness Materials, the systems design, modular program structure, system logic flow, file content, video and report formats, coding technique and routines, file handling and special search techniques, implementation of function keys, video screen and data entry handling, and report generation. Licensee shall not disclose or transfer any copy of any portion of any Software as a Service to any person, except as specifically permitted in this MSSP License Terms. Licensee shall not copy, disclose, or transfer the design of nor the trade secrets embodied in any portion of Software as a Service. Licensee shall not transfer or disclose any portion of Software as a Service to any person if Licensee has reason to believe that such person may attempt to learn, use or disclose the trade secrets embodied in the Software as a Service. Nothing in the agreement shall expand such rights of reproduction or translation beyond those rights that can be exercised without Licensor’s permission strictly in accordance with the laws governing this Agreement.



  1. Copyright: The Software as a Service, regardless of whether it bears notice of copyright, is a copyrighted work owned by Shield Alliance or its licensor and is subject to the appropriate copyright laws of those countries that have ratified the Universal Copyright Convention or the Berne Convention.



  1. Fees and Payment: Licensee is responsible for the payment of all applicable fees and applicable sales, use, withholding, VAT and other similar taxes. The fees and payment terms shall be provided in the applicable order form. Licensee shall keep track of all records of providing services to its Customers and/or Clients and clear all payments as and when charged. Licensee’s payment to Licensor shall not be contingent upon Licensee’s Customer/Client’s payment of applicable fees. Licensee shall be liable for all fees and taxes and/or late fees at the rate of ____% per month for any delay in the payment to the Licensor.



  1. Data Protection:

  1. Subject to the terms and conditions of this MSSP License Terms and the applicable terms of EULA, Licensee is granted a non-exclusive and non-transferable license to access and use the Software as a Service only for preparation of data and reports for Customer/Clients provided that the data processing is done by Licensee's personnel on Licensee's computers. The Software as a Service may not be used by third parties, nor may Licensee use the Software as a Service to process data for third parties other than Licensee’s Customers/Clients provided necessary express written consent has been obtained by the Licensee from such Customers/Clients.

  2. Licensee shall at all times abide by the Data Privacy Requirements as enunciated under General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and/or any other applicable data privacy or data protection laws in the relevant jurisdiction. The Data Privacy Requirements shall apply to Licensee’s use, access, possession and handling of Licensor’s and/or its Customer’s personal data (“Personal Data”). For the purposes of the Data Privacy Requirements, “Personal Data”, “Processing” and “Data Subject” will have the meaning given to these terms in accordance with General Data Protection Regulation (GDPR).

  3. Processing: In performing its obligations under the MSSP License Terms, if Licensee at any time undertakes Processing of Personal Data either for performance of security service for its Customer and/or on behalf of Licensor, Licensee shall process all Personal Data fairly and lawfully, respecting the Data Subject’s privacy, and in accordance with all data protection and privacy laws applicable to such Personal Data. Licensee shall further ensure that its Affiliates and sub-processors (if any) will process all Personal Data in the same manner. Licensee will not (i) obtain any rights to any Personal Data by virtue of complying with its obligations under MSSP License Terms or the Data Privacy Requirements; (ii) transfer or disclose any Personal Data (in whole or in part) to any third party, except as stipulated in the relevant Data Protection legislation; (iii) transfer, access, store any Personal Data outside of the country of originating country including via cloud services, without the explicit consent of the Licensor and/or Licensee’s Customers; and (iv) Process any Personal Data for its own benefit or for the benefit of any third party for whatsoever reason. Licensee shall keep the Personal Data confidential and secure.

  4. Third Parties & Sub-processors. Licensee may not subcontract work that relates to Personal Data under the Agreement unless with prior written consent of Licensor. Additionally, Licensee must provide a list of current sub-processors to Licensor in advance of any Processing. Such sub-processor list shall include the identities of those sub-processors and their country of location and have been consented to by Licensor. If Licensee decides at a later date to use sub-processors, Licensee must inform Licensor in writing prior to commencing use of sub-processor(s). Licensee must inform Licensor prior to any changes or replacements of sub-processors. Licensor has the right to object to such changes or replacements, and in such an event, Licensee shall not use or replace such sub-processor(s). All sub- processors should be contractually bound by the same data protection provisions as provided in these Data Privacy Requirements, including, but not limited to, the obligations of data privacy, confidentiality, information security and international transfers. Licensor shall be a third-party beneficiary to such relationships and Licensee will ensure that Licensor shall be granted the same rights as Licensee is granted in the contractual sections of Licensee’s contract with sub-processor (e.g., cooperation, notification, audit and inspection) vis-à-vis the sub-processor. Licensee will be held accountable and liable to its Customers/Clients, Licensor, its affiliates and their personnel (and their licensees) for any privacy violations or security breaches that occur as a result of the actions taken by a sub- processor.

  5. International Transfers. All transfers of Personal Data outside of the country of origination by Licensee (if any) will be in strict compliance with all applicable data protection laws. Where the Personal Data originates in the EU, transfers can only occur either to a country with adequate data protection laws or pursuant to Privacy Shield, the EU Standard Contractual Clauses, or Binding Corporate Rules. All transfers of Personal Data by Licensee will be done with the prior written consent of Licensor and/or Licensee’s Customer.

  6. Cooperation & Enquiries. Licensee will immediately inform Licensor if Licensee receives any inquiry, complaint or claim from any court, governmental official, third parties or individuals (including but not limited to the Data Subjects) and will provide Licensor support and cooperation in a timely manner in responding to any such request. Should Licensor, on the basis of applicable law, be obliged to provide access or information to a Data Subject about the Processing of Personal Data relating to him or her, Licensee will, without levying a fee, assist Licensor in providing such access or information.

  7. Privacy Violations, Security and Data Breach Incidents. Licensee will inform Licensor immediately if: (i) Licensee or its personnel infringe the applicable data protection or privacy laws or obligations under the Agreement, (ii) significant failures during the Processing occur, or (iii) third parties have unauthorized or unintended access to the Personal Data. The parties are aware that the applicable law may impose a duty to inform the competent authorities or affected Data Subjects in the event of the loss or unlawful disclosure of Personal Data or access to it. These incidents should therefore be notified by Licensee to Licensor immediately, regardless of their origin. This also applies to serious operational faults or where there is any suspicion of an infringement of provisions relating to the protection of Personal Data or other irregularities in the handling of Personal Data belonging to Licensor. In consultation with Licensor, Licensee must take appropriate measures to secure the Personal Data and limit any possible detrimental effect on the Data Subjects. Licensee must coordinate the messaging related to any privacy violation, security breach or data breach incident with Licensor prior to making any public disclosures.

  8. Return of Personal Data. Following termination of the Agreement, Licensee, at the sole discretion of Licensor, will return to Licensor or destroy and delete all Personal Data and other materials containing Personal Data from Licensor subject to Processing. Additionally, all Personal Data should be expunged from any computer, server, media or storage device, word processor or similar device into which it was stored or processed by Licensee or by its sub-processors. Licensee must certify in writing to Licensor that it has complied with the foregoing obligations. Further, Licensee shall at all times comply with Customer’s request to delete, remove or expunge the Personal Data.

  9. Licensee acknowledges that Licensee shall indemnify, defend and hold Licensor and/or its affiliates, subsidiaries, officers, directors, agents, representatives, employees and third-party licensors harmless from any and all claims, liabilities, losses, expenses or demands, including reasonable legal fees, based on, arising from Licensee’s actual or threatened breach of this provision.



  1. Warranty:



EXCEPT THE EXPRESS WARRANTY AS PROVIDED IN THE APPLICABE EULA, LICENSOR MAKES NO REPRESENTATIONS OR WARRANTIES OR CONDITIONS OF ANY KIND CONCERNING THE SOFTWARE AS A SERVICE OR THEIR USE, ACCURACY AND FUNCTION AND SHALL NOT BE LIABLE IN ANY MANNER FOR ANY REPRESENTATION OR WARRANTY OR CONDITION OF ANY KIND WHETHER EXPRESS OR IMPLIED OR COLLATERAL OR WHETHER ARISING BY OPERATION OF LAW OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OR CONDITION OF MERCHANTABLE QUALITY OR FITNESS FOR A PARTICULAR PURPOSE OR THAT THE SOFTWARE AS A SERVICE WILL BE ERROR-FREE.



THE LICENSEE SHALL NOT BE AUTHORIZED TO MAKE ANY WARRANTY, GUARANTEE, REPRESENTATION OR CONDITION, WHETHER WRITTEN OR ORAL, TO ITS CUSTOMERS AND/OR CLIENTS, ON BEHALF OF LICENSOR.



  1. Licensee Indemnification: Licensee shall indemnify, defend and hold Licensor as well as its affiliates, subsidiaries, officers, directors, agents, representatives, employees and third-party licensors harmless from any and all claims, liabilities, losses, expenses or demands, including reasonable legal fees, based on, arising from, or otherwise related to (a) Licensee’s breach or violation of any of the provisions of this MSSP License Terms; (b) Licensee’s access or use of the Software as a Service, including but not limited to the hosted platform, any of the information, materials, or any other services made available on or through the Software as a Service, in violation of the MSSP License Terms; (c) any infringement or misappropriation by Licensee of any intellectual property or other rights of Licensor or any third party; (d) any threat, attack or abuse of the Software as a Service due to unauthorized use of the Software as a Service; or (e) any negligence or willful misconduct by Licensee.



  1. Limitation of Liability:  Licensor shall not be liable to Licensee and its Customers, or any other person or entity claiming through Licensee any loss of profit, income, savings, or any other consequential, incidental, special, punitive, direct and indirect damage, whether arising in contract, tort, warranty, or otherwise.  These limitations will apply regardless of the essential purpose of any limited remedy. Under no circumstances shall Licensor’s aggregate liability to Licensee, or any person or entity claiming through Licensee, exceed the financial amount actually paid by Licensee to Licensor for the Software as a Service.





  1. Notification of Unauthorized Possession or Use: Licensee shall notify Licensor immediately of any unauthorized possession, use, or copying, by any person, of any portion of the Software as a Service. In each case in which such unauthorized activity is related to the activities of Licensee, Licensee shall take all reasonable steps to terminate such unauthorized activity. Further, Licensee assumes full responsibility of such unauthorized possession, use, or copying of the Software as a Service.



  1. Export Laws: Licensee may not use or otherwise export or re-export the Software except as authorized by United States law and the laws of the jurisdiction in which the Licensor’s Software was obtained.  In particular, but without limitation, the Licensor’s Software may not be exported or re-exported (a) into (or to a national or resident of) any U.S. embargoed countries (currently Cuba, Iran, Libya, North Korea, Sudan, and Syria) or (b) to anyone on the U.S. Treasury Department's list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List.  By using the Licensor’s Software, you represent and warrant that you are not located in, under control of, or a national or resident of any such country or on any such list.



  1. Governing Law. This MSSP License Terms shall be deemed to have been made in Hong Kong, and shall be construed and enforced in accordance with, and the validity and performance hereof shall be governed by the laws of the Hong Kong, without reference to principles of conflict of laws thereof. Judicial proceedings regarding any matter arising under the terms of this MSSP License Terms shall be brought solely in the Courts of the Hong Kong.



  1. Assignment: The Licensee shall not transfer its right to access and use the Software as a Service to any third party.



  1. Entire Agreement: The terms of EULA (wherever applicable) and the terms and conditions of the MSSP License Terms constitutes the entire agreement between the parties with respect to the use of the Licensor’s Software as a Service licensed hereunder and supersedes all prior or contemporaneous understandings regarding such subject matter.  No amendment to or modification of this License will be binding unless in writing and signed by Licensor. The parties hereto confirm that they have requested that this License and all related documents be drafted in English.