Cyber Security Services Addendum
This Cyber Security Services Addendum (this “Cyber SSA”) is entered into between Motorola Solutions, Inc., with offices at 500 W. Monroe Street, Suite 4400, Chicago, IL 60661 (“Motorola”) and the entity purchasing Products or Services (as defined below) from Motorola (“Customer”), and will be subject to, and governed by, the terms of the Master Customer Agreement ("MCA") entered into between the Parties, effective as of the earlier of (a) the first purchase of a Product or Service from Motorola, and (b) the date of the last signature on the first Ordering Document (as defined below) between the Parties (the “MCA”), and the applicable Addenda. Capitalized terms used in this Cyber SSA, but not defined herein, will have the meanings set forth in the MCA or the applicable Addenda.
If you are purchasing a Communication System on behalf of your employer or another entity, you warrant that: (a) you have authority to bind your employer or the applicable entity, as “Customer” to this Agreement; (b) you have read and understand this Agreement; and (c) on behalf of the Customer that you represent, you agree to this Agreement. If you do not have the legal authority to bind your employer or the applicable entity as Customer to this Agreement, please do not complete the purchase of Services or Products from Motorola.
1. Addendum. This Cyber SSA governs Customer’s purchase of (i) cyber security services, including Remote Security Update Service, Security Update Service, and Managed Detection & Response subscription services, among other subscription services, (ii) professional services, and/or (iii) retainer services (i.e., professional services when expressly purchased as a block of pre-paid hours for use, subject to expiration, within a specified period across certain offered service categories (“Retainer Services”), the nature and scope of which are more fully described in an Ordering Document and will form part of the Parties’ Agreement. Additional Addenda or other terms and conditions may apply to certain related products, software or services, where such terms are provided or presented to Customer.
2. Cyber Security Services.
2.1 Cyber Security Services often require active customer engagement. In addition to items or actions that may be set out in an applicable Ordering Document, Customer will assist, provide or perform items or actions as reasonably requested by Motorola in the course of performance and necessary to ensure timely and efficient performance of the Services. Customer will ensure that information Customer provides to Motorola in connection with receipt of Services is accurate and complete in all material respects.
2.2 Customer will make timely decisions and obtain any required management approvals that are reasonably necessary for Motorola to provide the products and Services and perform its other duties under any applicable ordering document and this Cyber SSA. Unless an applicable ordering document states otherwise, Motorola may rely upon and is not required to evaluate, confirm, reject, modify or provide advice concerning any assumptions or Customer information, decisions, or approvals. Cyber Security Services and Deliverables are limited by, among other things: nature of the security threats, the accuracy and completeness of information provided to Motorola; the level of effort utilized; and subjective judgments relating to relative risk and mitigation priorities which are inherent in any such services and may or may not be correct.
2.3 Customer shall take any actions necessary to mitigate risk to its operations and protect and preserve its computer systems, data environment, networks and Customer Data, including creation of operational workarounds, backups and redundancies. Customer shall inform Motorola in advance to the extent adequate backups and redundancies are not possible for certain elements of its systems or data. Customer acknowledges and agrees that Services may impact, disrupt or damage information systems, data environments, data or Customer Data. Motorola disclaims responsibility for costs in connection with any such disruptions of and/or damage to Customer’s or a third party’s information systems, equipment, voice transmissions, data and Customer Data, including, but not limited to, denial of access to a legitimate system user, automatic shut-down of information systems caused by intrusion detection software or hardware, or failure of the information system resulting from the provision or delivery of the Service
2.4 Inherent Limitations on Scope of Services. Because of the evolving, often malicious and often highly sophisticated nature of cyber security threats, as well as the evolving complexity and customization inherent in many customer computer system environments, among other things, the protections offered by Cyber Security Services are necessarily limited. Motorola does not represent that it will identify, fully recognize, discover or resolve all security events or threats, system vulnerabilities, malicious codes, files or malware, indicators of compromise or internal threats or concerns. Motorola does not guarantee that any recommendations it makes will be successful.
2.5 Motorola may modify Services and any related systems so long as their functionality (as described in the applicable Ordering Document) is not materially degraded. Documentation for the Services, if any, may be updated to reflect such modifications. For clarity, new features or enhancements that are added to any subscription Services may be subject to additional fees.
2.6 Delivery. During the applicable Term (as defined below), Motorola will provide to Customer the Cyber Security Services set forth in an Ordering Document, in accordance with the terms of the Agreement. Motorola will provide Customer advance notice (which may be provided electronically) of any planned downtime of subscription Services. Delivery of subscription Services will occur upon Customer’s receipt of credentials required for access to the subscription Services or upon Motorola otherwise providing access to the subscription Services platform. If agreed upon in an Ordering Document, Motorola will also provide services related to such subscription Services.
2.7 User Credentials. If applicable, Motorola will provide Customer with administrative user credentials for the subscription Services, and Customer will ensure such administrative user credentials are accessed and used only by Customer’s employees with training on their proper use. Customer will protect, and will cause its Authorized Users to protect, the confidentiality and security of all user credentials, including any administrative user credentials, and maintain user credential validity, including by updating passwords. Customer will be liable for any use of the subscription Services through such user credential (including through any administrative user credentials), including any changes made to the subscription Services or issues or user impact arising therefrom. To the extent Motorola provides Services to Customer in order to help resolve issues resulting from changes made to the subscription Services through user credentials, including through any administrative user credentials, or issues otherwise created by Authorized Users, such Services will be billed to Customer on a time and materials basis, and Customer will pay all invoices in accordance with the payment terms of the MCA.
2.8 Beta or Proof of Concept Services. If Motorola makes any beta version of its Services (“Beta Service”) available to Customer, or provides Customer a trial period or proof of concept period (or other demonstration) of the Services at reduced or no charge (“Proof of Concept” or “POC” Service), Customer may choose to use such Beta or POC Service at its own discretion, provided, however, that Customer will use the Beta or POC Service solely for purposes of Customer’s evaluation of such Beta or POC Service, and for no other purpose. Customer acknowledges and agrees that all Beta or POC Services are offered “as-is” and without any representations or warranties or other commitments or protections from Motorola. Motorola will determine the duration of the evaluation period for any Beta or POC Service, in its sole discretion, and Motorola may discontinue any Beta or POC Service at any time. Customer acknowledges that Beta Services, by their nature, have not been fully tested and may contain defects or deficiencies. Notwithstanding any other provision of this Agreement, to the extent a future paid Service has been agreed upon subject to and contingent on the Customer’s evaluation of a Proof of Concept Service, Customer may cancel such future paid Service as specified in the Ordering Document or, if not specified, within a reasonable time before the paid Service is initiated.
3. Subscription Cyber Security Services License and Restrictions.
3.1 Subscription Cyber Security Services License. Subject to Customer’s and its Authorized Users’ compliance with the Agreement, Motorola hereby grants Customer and its Authorized Users a limited, non-transferable, non-sublicenseable, and non-exclusive license to use the subscription Services identified in an Ordering Document, if any, and the associated Documentation, solely for Customer’s internal business purposes. The foregoing license grant will be limited to use in the territory and to the number of licenses set forth in an Ordering Document (if applicable), and will continue for the applicable Subscription Term. Customer may access, and use the subscription Services only in Customer’s owned or controlled facilities, including any authorized mobile sites; provided, however, that, if applicable, Authorized Users using authorized mobile or handheld devices may also log into and access the subscription Services remotely from any location. No custom development work will be performed under this CYBER SSA.
3.2 End User Licenses. Motorola may use, engage, resell, or otherwise interface with third-party software, hardware or services providers (such as, for example, third-party end point detection and response providers) and other sub-processors, who in turn may engage additional sub-processors to process personal data and other Customer Data. Customer agrees that such third-party software or services providers, sub-processors or their respective sub-processors may process and use personal and other Customer Data in accordance with and subject to their own respective licenses or terms and in accordance with applicable law. Customer authorizes and will provide and obtain all required notices and consents, if any, and comply with other applicable legal requirements, if any, with respect to such collection and use of personal data and other Customer Data by Motorola, and its subcontractors, sub-processors and/or third-party software, hardware or services providers. Notwithstanding any provision to the contrary, to the extent the use or performance of certain Services is governed by any separate license, data requirement, EULA, privacy statement, or other applicable agreement, including terms governing third-party software, hardware or services, including open source software, Customer will comply, and ensure its Authorized Users comply, with any such agreements or terms, which shall govern any such Services.
3.3 Customer Restrictions. Customers and Authorized Users will comply with the applicable Documentation and the copyright laws of the United States and all other relevant jurisdictions (including the copyright laws where Customer uses the Services) in connection with their use of the Services. Customer will not, and will not allow others including the Authorized Users, to make the Services available for use by unauthorized third parties, including via a commercial rental or sharing arrangement; reverse engineer, disassemble, or reprogram software used to provide the Services or any portion thereof to a human-readable form; modify, create derivative works of, or merge the Services or software used to provide the Services with other software; copy, reproduce, distribute, lend, or lease the Services or Documentation for or to any third party; take any action that would cause the Services, software used to provide the Services, or Documentation to be placed in the public domain; use the Services to compete with Motorola; remove, alter, or obscure, any copyright or other notice; share user credentials (including among Authorized Users); use the Services to store or transmit malicious code; or attempt to gain unauthorized access to the Services or its related systems or networks.
4.1 Term. The term of this CYBER SSA will commence upon the either (a) the Effective Date of the MCA, if this CYBER SSA is attached to the MCA as of such Effective Date, or (b) the CYBER SSA Date set forth on the signature page below, if this CYBER SSA is executed after the MCA Effective Date. Unless earlier terminated in accordance with the terms of the Agreement, the term of this CYBER SSA will continue until the later of (a) the expiration or termination of all Subscription Terms, or (b) the last applicable Service Completion Date under this CYBER SSA.
4.2 Order Periods. Non-recurring or non-subscription Services described in an Ordering Document will be deemed complete upon Motorola’s performance of all Services listed in such Ordering Document (“Service Completion Date”). The duration of Customer’s subscription to its initial order of subscription Services, if any, will commence upon delivery of such subscription Services and will continue for a twelve (12) month period or such longer period identified in an Ordering Document (the “Initial Subscription Period”). Following the Initial Subscription Period, Customer’s subscription to the subscription Services will automatically renew for additional twelve (12) month periods (each, a “Renewal Subscription Year”), unless either Party notifies the other Party of its intent not to renew at least sixty (60) days before the conclusion of the then-current Subscription Term. (The Initial Subscription Period and each Renewal Subscription Year will each be referred to herein as a “Subscription Term”.) Motorola may increase fees prior to any Renewal Subscription Year. In such case, Motorola will notify Customer of such proposed increase no later than sixty (60) days prior to commencement of such Renewal Subscription Year. Unless otherwise specified in the applicable Ordering Document, if Customer orders any additional subscription Services under this CYBER SSA during an in-process Subscription Term, the subscription for each new subscription Service will (a) commence upon delivery of such subscription Service, and continue until the conclusion of Customer’s then-current Subscription Term (a “Partial Subscription Year”), and (b) automatically renew for Renewal Subscription Years thereafter, unless either Party notifies the other Party of its intent not to renew at least sixty (60) days before the conclusion of the then-current Subscription Term. Thus, unless otherwise specified in the applicable Ordering Document, the Subscription Terms for all subscription Services hereunder will be synchronized.
4.3 Termination. Motorola may terminate this Cyber SSA (or any Addendum or Ordering Documents hereunder), or suspend delivery of Services, immediately upon notice to Customer if (a) Customer breaches Section 3 – Subscription Cyber Services License and Restrictions of this CYBER SSA, or any other provision related to Services license scope or restrictions set forth in an Addendum or Ordering Document, or (b) it determines that Customer’s use of the Services poses, or may pose, a security or other risk or adverse impact to any Services, Motorola, Motorola’s systems, or any third party (including other Motorola customers). Customer acknowledges that Motorola made a considerable investment of resources in the development, marketing, and distribution of the Services and Documentation, and that Customer’s breach of the Agreement will result in irreparable harm to Motorola for which monetary damages would be inadequate. If Customer breaches this Agreement, in addition to termination, Motorola will be entitled to all available remedies at law or in equity (including immediate injunctive relief).
4.4 Wind Down of Subscription Cyber Services. In addition to the termination rights in the MCA, Motorola may terminate any Ordering Document and Subscription Term, in whole or in part, in the event Motorola plans to cease offering the applicable subscription Services to customers. To the extent Equipment is purchased on an installment basis, any early termination of the installment period will cause the outstanding balance to become immediately due.
5.1 Payment. Unless otherwise agreed, an Ordering Document shall set out an agreed upon price and/or fee schedule applicable to the Services ordered. The parties acknowledge that pricing is dependent on the full term or subscription periods specified in any such Ordering Document. Unless otherwise provided in an Ordering Document, Customer will prepay an annual subscription Fee set forth in an Ordering Document for each subscription Service, before the commencement of each Subscription Term. For any Partial Subscription Year, the applicable annual subscription Fee will be prorated based on the number of months in the Partial Subscription Year. The annual subscription Fee for subscription Services may include certain one-time Fees, such as start-up fees, license fees, or other fees set forth in an Ordering Document. Motorola will have the right to suspend the Services if Customer fails to make any payments when due.
5.2 Customer Data. For avoidance of doubt, so long as not specifically identifying the Customer, “Customer Data,” as defined in the MCA, shall not include, and Motorola shall be free to use, share and leverage security threat intelligence and mitigation data generally, including without limitation, third party threat vectors and IP addresses, file hash information, domain names, malware signatures and information, information obtained from third party sources, indicators of compromise, and tactics, techniques, and procedures used, learned or developed in the course of providing Services.
5.3 License True-Up. If applicable, Motorola will have the right to conduct an audit of total user licenses credentialed by Customer for any subscription Services during a Subscription Term, and Customer will cooperate with such audit. If Motorola determines that Customer’s usage of the subscription Services during the applicable Subscription Term exceeded the total number of licenses purchased by Customer, Motorola may invoice Customer for the additional licenses used by Customer, pro-rated for each additional license from the date such license was activated, and Customer will pay such invoice in accordance with the payment terms in the MCA.
5.4 Future Regulatory Requirements. The Parties acknowledge and agree that this is an evolving technological area and therefore, laws and regulations regarding Services may change. Changes to existing Services required to achieve regulatory compliance may be available for an additional fee. Any required changes may also impact the price for Services.
6.1 ADDITIONAL EXCLUSIONS. IN ADDITION TO THE EXCLUSIONS FROM DAMAGES SET FORTH IN THE MCA, AND NOTWITHSTANDING ANY PROVISION OF THE AGREEMENT TO THE CONTRARY, MOTOROLA WILL HAVE NO LIABILITY FOR (A) INTERRUPTION OR FAILURE OF CONNECTIVITY, VULNERABILITIES, OR SECURITY EVENTS; (B) DISRUPTION OF OR DAMAGE TO CUSTOMER’S OR THIRD PARTIES’ SYSTEMS, EQUIPMENT, OR DATA, INCLUDING DENIAL OF ACCESS TO USERS, OR SHUTDOWN OF SYSTEMS CAUSED BY INTRUSION DETECTION SOFTWARE OR HARDWARE; (C) AVAILABILITY OR ACCURACY OF ANY DATA AVAILABLE THROUGH THE SERVICES, OR INTERPRETATION, USE, OR MISUSE THEREOF; (D) TRACKING AND LOCATION-BASED SERVICES; OR (E) BETA SERVICES.
6.2 Voluntary Remedies. Motorola is not obligated to remedy, repair, replace, or refund the purchase price for the disclaimed or excluded issues in the MCA or Section 6.1 – Additional Exclusions above, but if Motorola agrees to provide Services to help resolve such issues, Customer will reimburse Motorola for its reasonable time and expenses, including by paying Motorola any Fees set forth in an Ordering Document for such Services, if applicable.
6.3 Motorola as a Controller or Joint Controller. In all instances where Motorola acts as a controller of data, it will comply with the applicable provisions of the Motorola Privacy Statement at https://www.motorolasolutions.com/en_us/about/privacy-policy.html#privacystatement, as may be updated from time to time. Motorola holds all Customer Contact Data as a controller and shall Process such Customer Contact Data in accordance with the Motorola Privacy Statement. In instances where Motorola is acting as a joint controller with Customer, the Parties will enter into a separate Addendum to the Agreement to allocate the respective roles as joint controllers.
6.4 DIRECT DAMAGES. For avoidance of doubt, notwithstanding the limitation set out in Section 8.2 of the MCA, the direct damages limitation for services provided under this Cyber SSA and limited to the fees, or the portion of fees, relating only to the Cyber Security Services under this Cyber SSA, even if such Services are offered or bundled with other Motorola services.
7 Survival. The following provisions will survive the expiration or termination of this CYBER SSA for any reason: Section 4 – Term; Section 5 – Payment; Section 6.1 – Additional Exclusions; Section 6.4 – Direct Damages; Section 7 – Survival.