Implementation Terms of Service

Implementation Services



1. Services
2. Services. MSC Security will provide Services, including Deliverables, to Customer in accordance with the Agreement, subject to Customer fulfilling its obligations under Section 2 (Cooperation).
3. Change orders. Any changes to a statement of work will require a written amendment signed by Customer and MSC Security. 
4. Personnel. MSC Security will determine which Personnel will perform the services. If Customer requests a change of Personnel and provides a reasonable and legal basis for such request, MSC Security will accommodate efforts to replace the assigned Personnel with alternative Personnel. 
5. Subcontracting. MSC Security may subcontract any of its obligations under the Statement of Work but will remain liable to the Customer for any sub-contracted obligations. 
6. Compliance with Customer’s Onsite Policies and Procedures. MSC Security Personnel performing services at Customer’s facilities will comply with Customer’s reasonable written onsite policies and procedures provided in advance to MSC Security. 
7. Customer Obligations
8. Cooperation. Customer will provide reasonable and timely cooperation in connection with MSC Security’s provision of the Services. MSC Security will not be liable for a delay caused by Customer’s failure to provide MSC Security with information, materials, consents or access to Customer facilities, networks, or systems required for MSC Security to perform the Services. If MSC Security informs customer of such failure and Customer does not cure the failure within 30 days, then: (a) MSC Security may terminate any incomplete Services and (b) in addition to any fees due under Section 7 (Effect on Payment), Customer will pay actual costs incurred by MSC Security for the canceled Services, provided MSC Security will make reasonable efforts to mitigate those costs, which will not exceed the Fees. 
9. Consents. Customer is responsible for any consents and notices required to permit Customer’s use and receipt of the Services.
10. No Personal Data. Customer acknowledges that MSC Security does not need to process Personal Data to perform Services. Customer will not provide MSC Security with access to Personal Data unless the parties have agreed in a separate agreement on the scope of work and any terms applicable to MSC Security processing of such Personal Data
11. Payment Terms.
12. Payment. Customer will pay all Fees for Services ordered under the Agreement. MSC Security will invoice Customer for the Fees. Customer will pay all invoiced amounts by the Payment Due Date. All payments are due in the currency described in the invoice. 
13. Taxes. MSC Security will itemize any invoiced Taxes. Customer will pay invoiced Taxes unless Customer provides a valid tax exemption certificate. Customer may withhold Taxes if Customer provides a valid receipt evidencing the taxes withheld. 
14. Invoice Disputes. Customer will submit any invoice disputes in good faith to finance@mscsecurity.io before the payment Due Date. If the parties determine that fees were incorrectly invoiced, MSC Security will issue a credit equal to the agreed amount
15. Overdue Payments.
16. Customer’s payment for Fees is overdue if MSC Security has not received it by the Payment Due Date. If Customer’s payment is overdue, except for amounts subject to Invoice Dispute submitted before the Payment Due Date, MSC Security may (i) charge interest on overdue amounts at 1.5% per month (or the highest rate permitted by law, if less) from the Payment Due Date until paid in full, and (ii) Suspend the Services or terminate the applicable Statement of Work. 
17. Customer will reimburse MSC Security for all reasonable expenses (including attorneys’ fees) incurred by MSC Security in collecting overdue payments except where such payments are due to MSC Security billing inaccuracies.
18. If payment remains delinquent for more than ninety (90) days, MSC Security may refer the outstanding balance to a third-party collection agency or pursue legal action to collect the unpaid amount. Any costs associated with such collection efforts, including but not limited to collection agency fees, attorney’s fees, and court costs, will be added to the outstanding balance and become payable by Customer.
19. Expenses. Customer will reimburse expenses: 
20. As specifically described in the Statement of Work; or
21. Up to the amounts specified as “expenses” in the statement of work that are actual, reasonable, and necessary. 
22. Intellectual Property.
23. Background IP. Customer owns all rights, title and interest in Customer’s Background IP. MSC Security owns all rights, title and interest in MSC Security’s Background IP. Customer grants MSC Security a license to use Customer’s Background IP to provide the services. (with a right to sublicense to MSC Security Affiliates and subcontractors). Except for the license rights under Sections 4 (MSC Security Technology) and 4 (Deliverables), neither party will acquire any right, title, or interest in or to the other party’s Background IP under this agreement. 
24. MSC Security Technology. MSC Security owns all rights, title, and interest in MSC Security Technology. To the extend MSC Security Technology is incorporated into Deliverables, MSC Security grants Customer a limited, worldwide, non-exclusive, perpetual, non-transferable license to use MSC Security Technology in connection with the Deliverables for Customer’s internal business purposes. 
25. Deliverables. MSC Security grants Customer a limited, worldwide, non-exlusive, perpetual, non-transferable license to use, reproduce and modify the Deliverables for Customer’s internal business purposes. 
26. Feedback. At its option, Customer may provide feedback and suggestions about the Services to MSC Security (“Feedback”). If Customer provides Feedback, then MSC Security and its affiliates may use that Feedback without restriction and without obligation to Customer. 
27. Confidentiality. 
28. Confidentiality Obligations. Subject to Section 5 (Disclosure of Confidential Information), the recipient will use the other party’s Confidential Information only to exercise its rights and fulfill its obligations under the Agreement. The recipient will use reasonable care to protect against disclosure of the other party’s Confidential Information to parties other than the recipient’s employees, Affiliates, agents, or professional advisors (“Delegates”) who need to know it and who have a legal obligation to keep it confidential. The recipient will ensure that its Delegates are also subject to the same non-disclosure and use obligations.
29. Disclosure of Confidential Information.
30. General. Regardless of any other provision in the Agreement, the recipient and its Delegates may disclose the other party’s Confidential Information (i) with the other party’s written consent or (ii) in accordance with a Legal Process request, subject to Section 5 (Legal Process Notification).
31. Legal Process Notification. The recipient will use commercially reasonable efforts to notify the other party before disclosing that party’s Confidential Information in accordance with Legal Process. Notice is not required before disclosure if the recipient is informed that (i) it is legally prohibited from giving notice or (ii) the Legal Process relates to exceptional circumstances involving danger of death or serious physical injury.
32. Opposition. The recipient will, and will ensure that its Delegates will, comply with the other party’s reasonable requests to oppose disclosure of its Confidential Information.
33. Marketing and Publicity. Each party may use the other party’s Brand Features in connection with the Agreement as permitted in the Agreement. Customer may state publicly that it is a MSC Security customer and display MSC Security Brand Features in accordance with the Trademark Guidelines. Customer and MSC Security will work together on an announcement of Customer being a MSC Security customer, which will take place on an agreed upon date within 6 months of the Effective Date. Additionally, with prior written consent, the parties may engage in joint marketing activities such as customer testimonials, press engagements, public speaking events, and analyst interviews. A party may revoke the other party’s right to use its Brand Features with 30 days’ written notice. Any use of a party’s Brand Features will inure to the benefit of the party holding Intellectual Property Rights to those Brand Features.
34. Warranties and Remedies. 
35. Mutual Warranty. Each party represents and warrants that it has full power and authority to enter into the Agreement.
36. MSC Security Warranty. MSC Security will perform the Services in a professional and workmanlike manner, in accordance with practices used by other service providers performing services similar to the Services. MSC Security will use Personnel with the requisite skills, experience, and qualifications to perform the Services. Any claim that MSC Security has breached this warranty will be made within 30 days after MSC Security has provided the Services, subject to applicable law.
37. Remedies. Subject to applicable law, MSC Security’s entire Liability and Customer’s sole remedy for MSC Security’s failure to provide Services that conform with Section 6 (MSC Security Warranty) will be for MSC Security to at its option: (1) use commercially reasonable efforts to re-provide the Services or (2) terminate the Statement of Work and refund any applicable Fees received for the nonconforming Services.
38. Disclaimer. Except as expressly provided for in the Agreement, to the fullest extent permitted by applicable law, MSC Security does not make any warranties of any kind, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular use, noninfringement, or error-free or uninterrupted use of the Services.
39. Term; Termination. 
40. Agreement Term. The Agreement will start on the Effective Date and continue until the expiration or termination of the Statement of Work.
41. Termination for Breach.
42. Termination of a Statement of Work. Either party may terminate a Statement of Work if the other party is in material breach of the Agreement and fails to cure that breach within 30 days after receipt of written notice.
43. Termination of the Agreement. Either party may terminate the Agreement if the other party: (i) is in material breach of the Agreement and fails to cure that breach within 30 days after receipt of written notice; (ii) ceases its business operations or to the extent permitted by applicable law, becomes subject to insolvency proceedings and such proceedings are not dismissed within 90 days; or (iii) an applicable law or government order prohibits the provision of the Services.
44. Effects of Termination. If the Agreement terminates or expires, then unless otherwise agreed in writing between the Parties, all Statements of Work also terminate or expire. The termination or expiration of one Statement of Work will not affect other Statements of Work. If an Statement of Work terminates or expires, then:
45. Effect on Services. The rights under the Agreement granted by one party to the other regarding the Services will cease immediately except as described in this Section 7 (Effects of Termination); and MSC Security will stop work on the Services and at Customer’s request provide any work-in-progress Deliverables to Customer;
46. Effect on Payment. Customer will pay for: (i) Services, including work-in-progress, performed before the effective date of termination or expiration and (ii) except as required by law, any remaining non-cancellable Fees. MSC Security will send Customer a final invoice for payment obligations under the Statement of Work.
47. Survival. The following Sections of the Agreement will survive expiration or termination of the Agreement: 3 (Payment Terms), 4 (Intellectual Property), 5 (Confidentiality), 6 (Remedies), 6 (Disclaimer), 7 (Effects of Termination), 8 (Indemnification), 9 (Liability), 11 (Miscellaneous), and 12 (Definitions).
48. Indemnification.
49. MSC Security Indemnification Obligations. MSC Security will defend Customer against Indemnified Liabilities in any Third-Party Legal Proceeding to the extent arising from an allegation that Customer’s use of MSC Security Indemnified Materials in accordance with the Agreement infringes the third party’s Intellectual Property Rights.
50. Customer Indemnification Obligations. Customer will defend MSC Security, its Personnel, and its Affiliates, and indemnify them against Indemnified Liabilities in any Third-Party Legal Proceeding to the extent arising from any Customer Indemnified Materials.
51. Indemnification Exclusions. Sections 8.1 (MSC Security Indemnification Obligations) and Section 8 (Customer Indemnification Obligations) will not apply to the extent the underlying allegation arises from:
52. the indemnified party’s breach of the Agreement; or
53. modifications to the MSC Security Indemnified Materials or Customer Indemnified Materials (as applicable) by anyone other than the indemnifying party; or
54. combination of the MSC Security Indemnified Materials or Customer Indemnified Materials (as applicable) with materials not provided by the indemnifying party under the Agreement; or
55. compliance with the indemnified party’s instructions, design or request for customized features.
56. Indemnification Conditions. Sections 8 (MSC Security Indemnification Obligations) and 8 (Customer Indemnification Obligations) are conditioned on the following:
57. The indemnified party will promptly notify the indemnifying party in writing of any allegation(s) that preceded the Third-Party Legal Proceeding and cooperate reasonably with the indemnifying party to resolve the allegation(s) and Third-Party Legal Proceeding. If breach of this Section 8 (a) prejudices the defense of the Third-Party Legal Proceeding, the indemnifying party’s obligations under Section 8 (MSC Security Indemnification Obligations) or 8 (Customer Indemnification Obligations) (as applicable) will be reduced in proportion to the prejudice.
58. The indemnified party will tender sole control of the indemnified portion of the Third-Party Legal Proceeding to the indemnifying party, subject to the following: (i) the indemnified party may appoint its own non-controlling counsel, at its own expense; and (ii) any settlement requiring the indemnified party to admit liability, pay money, or take (or refrain from taking) any action, will require the indemnified party’s prior written consent, not to be unreasonably withheld, conditioned, or delayed.
59. Remedies.
60. If MSC Security reasonably believes the Services or Deliverables might infringe a third party’s Intellectual Property Rights, then MSC Security may, at its sole option and expense: (i) procure the right for Customer to continue using the Services or Deliverables; (ii) modify the Services or Deliverables to make them non-infringing without materially reducing their functionality; or (iii) replace the Services or Deliverables with a non-infringing, functionally equivalent alternative.
61. If MSC Security does not believe the remedies in Section 8 (a) (Remedies) are commercially reasonable, then MSC Security may (i) terminate the impacted Services and Customer’s use of the impacted Deliverables and (ii) provide a pro-rated refund of any Fees paid for such Services or Deliverables.
62. Sole Rights and Obligations. Without affecting either party’s termination rights, and to the extent permitted by applicable law, this Section 8 (Indemnification) states the parties’ sole and exclusive remedy under the Agreement for any third party allegations of Intellectual Property Rights infringement covered by this Section 8 (Indemnification).
63. Liability.
64. Limited Liabilities.
65. To the extent permitted by applicable law and subject to Section 9 (Unlimited Liabilities), neither party will have any Liability arising out of or relating to the Agreement for any:
66. indirect, consequential, special, incidental, or punitive damages; or
67. lost revenues, profits, savings, or goodwill.
68. Each party’s total aggregate Liability for damages arising out of or relating to the Agreement is limited to the Fees Customer paid under the Statement of Work.
69. Unlimited Liabilities. Nothing in the Agreement excludes or limits either party’s Liability for:
70. death, personal injury, or tangible personal property damage resulting from its negligence or the negligence of its employees or agents;
71. its fraud or fraudulent misrepresentation;
72. its obligations under Section 8 (Indemnification);
73. its infringement of the other party’s Intellectual Property Rights;
74. its payment obligations under the Agreement; or
75. matters for which liability cannot be excluded or limited under applicable law.
76. Insurance
77. During the term of the Agreement, each party will maintain, at its own expense, appropriate insurance coverage applicable to performance of the party’s respective obligations under the Agreement, such as general commercial liability, worker’s compensation, automobile liability, and professional liability.
78. Force Majeure
79. A “Force Majeure Event” shall refer to any event beyond the reasonable control of the Parties which is unforeseeable or, if foreseeable, unavoidable and which has prevented, affected or delayed any Party’s performance of all or any part of its obligations hereunder, including without limitation, government actions or inactions, acts of God, strikes or labor disputes, war, hacker attack or any other similar event.
80. If Company is affected by a Force Majeure Event, then Company may suspend on a temporary basis its performance of its obligation(s) under this Agreement without incurring any liability due to such Force Majeure Event, until the effect of such Force Majeure Event has been eliminated; provided that Company shall exert its best efforts to minimize the adverse effect of such Force Majeure Event.
81. Neither party shall be liable for any failure of or delay in performance of its obligations under this Agreement to the extent such failure or delay is due to circumstances beyond its reasonable control, including, without limitation, acts of God, acts of a public enemy, pandemics, fires, floods, wars, civil disturbances, sabotage, accidents, insurrections, terrorism, blockades, embargoes, storms, explosions, labor disputes (whether or not the employees' demands are reasonable and within the party's power to satisfy), acts of any governmental body, failure or delay of third parties or governmental bodies from whom approvals, authorizations, licenses, franchises or permits must be obtained, or inability to obtain labor, materials, equipment, or transportation or illness of MSC Security’s technical staff (collectively referred to herein as "Force Majeure").  Each party shall use reasonable efforts to minimize the duration and consequences of any failure of or delay in performance resulting from a Force Majeure event.
82. In the event of a Force Majeure MSC Security is not required to have technicians work during periods or at places where their safety or health could be in jeopardy and in any event will not require technicians to go on site.   
83. Miscellaneous
84. Notices. MSC Security will provide notice to Customer under the Agreement by sending an email to the Notification Email Address. Customer will provide notice to MSC Security by sending an email to legal@mscsecurity.io. Notice will be treated as received when the email is sent. Customer is responsible for keeping its Notification Email Address current throughout the Term.
85. Emails. The parties may use emails to satisfy written approval and consent requirements under the Agreement.
86. Assignment. Neither party may assign the Agreement without the written consent of the other, except MSC Security may assign the Agreement to an Affiliate where: (a) the Affiliate will be responsible for MSC Security’s obligations under the Agreement; and (b) MSC Security has notified the Customer of the assignment. Any other attempt to assign is void.
87. Change of Control. If a party experiences a change of Control other than an internal restructuring or reorganization: (a) that party will give written notice to the other party within 30 days after the change of Control; and (b) the other party may immediately terminate the Agreement any time within 30 days after it receives that written notice.
88. Force Majeure. Neither party will be liable for failure or delay in performance of its obligations to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, terrorism, riots, or war.
89. No Agency. The Agreement does not create any agency, partnership, or joint venture between the parties or the relationship of employer and employee between: (a) the parties, or (b) one party and the other party’s Personnel.
90. No Waiver. Neither party will be treated as having waived any rights by not exercising (or delaying the exercise of) any rights under the Agreement.
91. Severability. If any part of the Agreement is invalid, illegal or unenforceable, the rest of the Agreement will remain in effect.
92. No Third-Party Beneficiaries. The Agreement does not confer any benefits on any third party unless it expressly states that it does.
93. Equitable Relief. Nothing in the Agreement will limit either party’s ability to seek equitable relief.
94. Governing Law. All claims arising out of or relating to the Agreement or the Services will be governed by California law, excluding that state’s conflict of laws rules, and will be litigated exclusively in the federal or state courts of Contra Costa County, California; the parties consent to personal jurisdiction in those courts.
95. Amendments. Except as specifically described otherwise in the Agreement, any amendment to the Agreement will be in writing, expressly state that it is amending the Agreement, and be signed by both parties.
96. Updates. MSC Security may update the terms of the Agreement from time to time. The terms of the updated Agreement will apply only to Statements of Work signed by Customer and MSC Security after MSC Security posts the updated Agreement to a publicly available URL.
97. Independent Development. Nothing in the Agreement will be construed to limit or restrict either party from independently developing, providing, or acquiring any materials, services, products, programs or technology that are similar to the subject of the Agreement, provided that the party does not violate its obligations under the Agreement in doing so.
98. Entire Agreement. The Agreement states all terms agreed between the parties, and supersedes any prior or contemporaneous agreements between the parties relating to the subject matter of the Agreement. In entering into the Agreement, neither party has relied on, and neither party will have any right or remedy based on, any statement, representation or warranty (whether made negligently or innocently), except those expressly described in the Agreement. Nothing in the Agreement grants any right for Customer to use materials, products or services that are made available to MSC Security customers under a separate license or agreement.
99. Conflicting Terms. If there is a conflict among the documents that make up the Agreement, then the documents will control in the following order: the applicable Statement of Work and the Agreement.
100. Conflicting Languages. If the Agreement is translated into any other language, and there is a discrepancy between the English text and the translated text, the English text will control.
101. Counterparts. The parties may execute the Agreement in counterparts, including facsimile, PDF, and other electronic copies, which taken together will constitute one instrument.
102. Electronic Signatures. The parties consent to electronic signatures.
103. Headers. Headings and captions used in the Agreement are for reference purposes only and will not have any effect on the interpretation of the Agreement.
104. Interpretation. This Agreement shall be construed as if drafted jointly by the parties hereto. In the event an ambiguity or question of intent or interpretation arises, no presumption or burden of proof shall arise favoring or disfavoring any party by virtue of the authorship of any provisions of this Agreement.
105. Definitions.
106. “Affiliates” shall mean any entity or individual that, directly or indirectly, controls or is controlled by a party, or any entity or individual which controls or is under common control of others together with such party. For purposes of this paragraph, “control” shall mean the ownership of 50% or more of the voting power of an entity.
107. “Intellectual Property Rights” shall mean all and any patents, trademarks, service marks, company names, registered designs, copyrights and intellectual property rights or industrial property rights in any other form in any place around the world, including applications for such right, regardless whether such right has been registered or is registrable, and all business secrets, confidential or secret techniques and information, technical know-how and any other intangible rights and assets.
108. “Permits” shall mean all necessary approvals, authorizations, permits and agreements required for Client’s initiation and successive operation of the Business, which are issued by the license-issuing authorities or signed with the license-issuing authorities, including but not limited to regulatory or administrative approvals issued by the government and other permits for operation of the Business.
109. “Technology” shall mean any discovery, invention, development, technical information, data, know-how, skill, technique, system, software, formula, experimental result, design, statistics, record, substance and/or material, regardless whether in writing or in word, carried by the carrier or media in whatever form and whether visible or invisible.
110. Unless the context clearly indicates a contrary intent, the terms used on individuals herein shall mean the same to companies and non-company entities.
111. Except as otherwise provided, the terms “Section”, “Paragraph”, and “Schedule” shall mean respectively the Sections and Paragraphs hereof and Schedules attached hereto.
112. The titles and subtitles contained herein shall make no influence on the interpretation of this Agreement, which are specified only for convenience.
113. Service Level Agreements
114. The SLAs are detailed in the relevant sections for Security Services and Software Development Services and will be monitored on an ongoing basis. These SLAs represent our commitment to the performance and availability of our services as described herein.
115. MSC Security will perform planned maintenance to ensure the continued availability and security of services. Scheduled maintenance will be communicated to Customer with at least 24 hours notice, and will be conducted outside of normal business hours unless otherwise agreed upon.
116. In the event of an emergency, MSC Security reserves the right to perform maintenance as needed to protect the integrity of the systems or customer data. Notification will be provided as soon as practicable in such cases.
117. The SLAs do not apply to any unavailability, suspension, or termination of services caused by circumstances beyond MSC Security's reasonable control, including but not limited to, acts of God, natural disasters, war, government actions, civil unrest, and technical failures beyond our control.
118. The SLA does not apply to any issues caused by third-party services, products, or failures in connectivity that are not controlled by MSC Security.
119. MSC Security reserves the right to modify the terms of the SLA at any time, with notice provided to Customer at least 7 days prior to the changes taking effect. Continued use of services after the effective date of such changes constitutes acceptance of the modified SLA terms.
120. Security Service Level Agreement (SLA)
121. Incident Response Time. The time to acknowledge and respond to security incidents or breaches. 
122. Critical Incidents (e.g., data breaches, system compromises): 1 hour response time.
123. High Severity Incidents (e.g., malware, unauthorized access): 4 hours response time.
124. Medium Severity Events (e.g., policy violations, suspicious activity): 8 hours response time.
125. Low Severity Incidents (e.g., non-critical vulnerabilities): 24 hours response time. 
126. Vulnerability Management. Identification, prioritization, and remediation of security vulnerabilities. 
127. Critical Vulnerabilities: Patch or mitigation within 24 hours of discovery.
128. High Risk Vulnerabilities: Patch or mitigation within 72 hours.
129. Medium Risk Vulnerabilities: Patch or mitigation within 7 business days. 
130. Low Risk Vulnerabilities: Patch or mitigation within 30 days. 
131. Software Development Service Level Agreement (SLA)
132. Response time to Development Requests. The time to acknowledge and respond to requests for new features, changes, or bug fixes. 
133. Critical Issues (e.g., production outage, system down): Acknowledge within 1 hour, work on resolution immediately. 
134. High Priority Bugs (e.g., core functionality broken): Acknowledge within 4 hours, fix within 24 hours. 
135. Medium Priority Bugs (e.g., non-critical issues): Acknowledge within 24 hours, fix within 5 business days. 
136. Low Priority Bugs/Requests (e.g., cosmetic issues, minor enhancements): Acknowledge within 48 hours, schedule within 10 business days.