Invicti Managed Security Services Provider Addendum

In addition to any other terms and conditions applicable to Customer’s purchase of the Invicti Solution, these Managed Security Services Provider terms (“Addendum”) shall apply if Customer purchases an MSSP license from Invicti, as identified on an applicable Order Form. This Addendum shall be incorporated as part of the Subscription Services Agreement (“SSA”) referenced in the Order Form between Customer and Invicti, provided that if there is a conflict between this Addendum and the terms of the SSA, this Addendum shall prevail. Capitalized terms used herein but not otherwise defined shall have the meaning ascribed to them in the SSA.

1. DEFINITIONS

Client” means a person or entity that acquires the MSSP Services from Customer for its internal business use only and not for distribution or resale.

Marks” means the Invicti trademarks, trade names, or service marks.

MSSP Services” means services provided by Customer to its Client(s) relating in any way to the use of the Invicti Solution which shall include remote monitoring and alerting, management of software, vulnerability scanning, validation, and remediation.

2. INVICTI SOLUTION.

2.1. License Grant. Subject to Customer’s compliance with the terms and conditions of the Agreement, including payment of all applicable fees, Invicti hereby grants to Customer for the sole purpose of providing MSSP Services to its Clients a limited, non-sublicensable, non-exclusive, non-transferable, worldwide license, solely during the Subscription Term, as applicable and as set forth in the Order Form, to:

(A)    either:

(i)       install, execute, and use, or permit Users to install, execute, and use, in object code form only, the Software on Customer and/or Client infrastructure; or

(ii)       access and use the Cloud Service; and

(B)    reproduce and use a reasonable number of copies of the Documentation for use with the Invicti Solution.

3. SUPPLEMENTARY CUSTOMER RESPONSIBILITIES.

3.1. Client Equipment. Customer may install the Software on its Client’s equipment under the License in section 2.1(A)(i) provided that Customer ensures that (i) it notifies Invicti in writing prior to any such engagement; (ii) such use is subject to the restrictions and limitations contained in the Agreement, including export control law; (iii) each Client cooperates with Invicti during any compliance review that may be conducted by Invicti or designated agent; and (iv) after the earlier of (a) completion of any MSSP Services engagement with a Client or (b) expiry/termination of Customer’s Subscription, Customer shall promptly remove any Software installed on its Client’s computer equipment or require the Client to do the same.

3.2. Client Scanning Consent. Customer warrants, represents and undertakes that it has, and will continue to have, full permission and acceptance from Client to scan Targets owned by or leased by its Client(s).

3.3. Information; Audits. Customer will keep and maintain commercially reasonable written records and accounts regarding Customer’s use and distribution of the Product(s) and compliance with the Agreement. Invicti, or a certified public accountant designated by Invicti, shall have the right, upon ten days’ written notice to Customer, to conduct an inspection and audit of all relevant facilities and records of Customer. Such audit shall be conducted during regular business hours at Customer’s offices (or it’s Client’s where the Software is installed in accordance with section 3.1) and in such a manner so as not to interfere with Customer’s (or Client’s where relevant) normal business activities. In no event shall audits be conducted hereunder more frequently than once every six months. The audit shall be conducted at Invicti’s expense; provided, however, that if the audit reveals that Customer has failed to comply with any material term of the Agreement, Customer shall pay all reasonable costs and expenses incurred by Invicti in conducting the audit.

4. ADDITIONAL RESTRICTIONS. Except as expressly set forth in the Agreement, and to the maximum extent permitted by applicable law, Customer will not (and will not allow any third party to): (i) permit its Clients to use or have direct access to the Invicti Solution; (ii) distribute or resell the Invicti Solution to any third party, including its Clients; (iii) describe itself as agent or representative of Invicti except as expressly authorized by the Agreement; (iv) hold itself out, or permit any person to hold it out, as being authorized to bind Invicti in any way nor do any act which might reasonably create the impression that it is so authorized; (v) use any advertising, promotional, or selling materials in relation to the Invicti Solution, except those supplied or approved by Invicti; (vi) engage in any conduct which in the opinion of Invicti is prejudicial to business or to the marketing of the Invicti Solution generally; (vii) make or give any promises, warranties, guarantees, or representations concerning the Invicti Solution other than those contained in the Agreement; or (viii) use the Invicti Solution to scan any unauthorized Targets outside of those detailed in section 3.2 (including those of any third party). Customer’s failure to comply with any sub-section (viii), will constitute a material breach of the Agreement incapable of remedy and entitle Invicti to immediately terminate the Agreement without notice in addition to any other remedy available at law or equity.

5. ADDITIONAL INVICTI OBLIGATIONS. Invicti agrees to: (i) provide Customer, without charge, online access to Documentation, Support, Marks, and any other information or assistance reasonably required for the success of the business; and (ii) provide Customer with such additional web-based sales training as reasonably requested by Customer and agreed by Invicti in writing.

6. CLIENT PRICING. Customer will independently set the pricing for its MSSP Services. Customer bears all risk of non-payment by Clients and is solely responsible for all its costs and expenses. Unless otherwise agreed in writing, Customer agrees not to post any Invicti-provided price list on its website even if such price list is displayed publicly on the Invicti website. Customer may not terminate the Agreement or receive any refunds due to non-payment by a Client.

7. TARGET REAPPROPRIATION. Once every three months beginning on the Effective Date (“Contract Quarter“), Customer may re-allocate its licenses to new scan Targets, up to 100% of the licensed Targets procured under this Order Form.

8. ADDITIONAL USAGE.

8.1. If, during any Contract Quarter, Customer uses additional Targets beyond those that it has procured under an Order Form (“Overages“), Customer may notify Invicti within 30 days of the end of such Contract Quarter (“Notification Period”) that it wishes to:

(A)    procure such additional Targets in accordance with the terms set out in section 8.2 below; or

(B)    treat such Targets as Overages, in accordance with the terms set out in section 8.3 below.

8.2. In the event of Option (A), the parties shall enter into an additional Order Form. Any additional Targets shall be charged from the start of the Contract Quarter in which they were first used and priced on a pro-rata basis at the same per Target rate as the original Order Form. If Customer fails to use any additional Targets within the relevant Subscription Term, then such Targets shall be deemed forfeited, with no refund due. All additional Order Forms shall be coterminous with the Subscription Term of the original Order Form.

8.3. In the event of Option (B), Invicti shall invoice Customer for the Overages during the Contract Quarter at the rate in accordance with the calculation formula set out below or as otherwise specified in the Order Form. Customer shall timely pay such fees in respect of Overages (“Overage Fees”) within 30 days from the date of the invoice.

The Overage Fees shall be calculated as set out below:

(A) First, the Price per Target per Contract Quarter shall be calculated as follows:

(i) The total amount of license fees charged for the Invicti Solution (excluding any discounts) will be divided by the number of Targets procured by Customer, to identify the Price per Target;

(ii) The Price per Target shall be divided by the number of Contract Quarters during the whole term (that is to say, a 2-year Term will have eight (8) Contract Quarters, hence the Price per Target will be divided by 8, to identify the Price per Target per Contract Quarter;

(B) Separately, the applicable “Billable Units”, (as defined below) shall be calculated as follows:

The Customer will be billed for the sum of all Overages from the date of first use thereof until the end of the respective Contract Quarter (a “Billable Unit”). For the avoidance of doubt, this will be applied for every additional Target (ie. every Overage) individually. Billable Units shall be calculated as follows:

(i) An Overage added on first day of that Contract Quarter → Contributes 1 Billable Unit;

(ii) An Overage added mid-way through that Contract Quarter → Contributes 0.5 Billable Unit;

(iii) An Overage added 1st day of 3rd month of that Contract Quarter → Contributes 0.33 Billable Unit.

(c) Finally, the Overage Fees due per Overage shall be calculated by multiplying the Billable Unit (in (B) above) with the Price per Target per Contract Quarter (in (A) above).

8.4. If Customer fails to notify Invicti as to which option it wishes to pursue within the Notification Period, Invicti shall be entitled to invoice Customer for the overage amount due in accordance with section 8.3 above and Customer shall be obligated to pay such amount.

8.5. Any Overages may be deleted by the Customer within a thirty (30) day window immediately prior to the end of any Contract Quarter. The parties agree that such deletion shall be the sole responsibility of the Customer and any Overage/s not so deleted within the stated time-period shall be charged in the next and any subsequent Contract Quarters in accordance with section 8.3 above, until so deleted.

9. SURVIVAL. In addition to section 8.5(C) of the SSA, the following provisions of this Addendum shall survive termination of the Agreement: 3.1(iv), 3.3, 4, 6, and 8.