Provision of Cybersecurity & IT Managed Services Agreement

This Cyber Security Agreement (referred to as "Agreement") will be effective from the date the Customer accepts these terms online, or through the acceptance of a quote and our written engagement.

(1) CyberOwl360

(Contractor)

and

(2) The party accepting these terms via electronic acknowledgement

(Customer)

CyberOwl360 (hereinafter referred to as "Contractor"), with its principal place of business at [Address].

The Company and the Contractor shall hereinafter be collectively referred to as "Parties" and individually as "Party".

WHEREAS, the Company wishes to avail the cybersecurity services of the Contractor,

WHEREAS, the Contractor has agreed to provide the requested service to the Company on the terms and conditions hereinafter set forth.

The Parties agree to the following terms and conditions:

Terms of the Agreement

Definitions

• Company Data: Company Data is any and all data that the Company has disclosed to the Contractor. For the purposes of this Agreement, Company Data does not cease to be Company Data solely because it is transferred or transmitted beyond the Company’s immediate possession, custody, or control.

• Data Breach: The unauthorized access and acquisition of computerized data that materially compromises the security of confidential and/or sensitive personal information maintained by the Company as part of a fact base of distinctive information regarding a range of individuals and/or that leads to a breach and/or the Company has sufficient reason to believe has to lead to loss or injury to any Company's properties.

• System: A range of equipment that assists operations or drives a specific goal. This may consist of a distinct set of knowledge resources such as a server, software, storage devices arranged for the assembly, processing, treatment, application, sharing, dissemination, or constitution of information.

• Change Management: A formal process used to ensure that changes to a system are introduced in a controlled and coordinated manner. This reduces the possibility that unnecessary changes will be introduced to a system, that faults or vulnerabilities are introduced to the system, or that changes made by other users are undone

Services/Deliverable

The Company agrees to purchase such services or deliverables from the Contractor as mentioned below:

• (Initial Audit Scope of Works)

• (Once off Set up Costs)

• (Managed Monthly Services Scope of Works)

• (Security Awareness Training Scope of Works)

Term of Service

• This Agreement will be effective as of the Effective Date and will continue for the agreed duration as per the quoted scope of works ("Term") unless terminated early or extended by mutual written consent between the Parties or by the provisions of this Agreement.

Disclosure of Company Data

Contractor shall not disclose Company Data in any manner that would lead to a violation of state or federal law or the terms of this Agreement including, without limitation, by means of outsourcing, distributing, retransfer, or access, to any individual or entity, except:

• Employees or agents who actually and legitimately need to access or use Company Data in the performance of Contractor’s duties to Company.

• Such external mediators, approved by the Company in writing and in advance of any disclosure, but only to the extent of such approval.

Usage Policy

• The Contractor shall only use, store, or access Company Data in compliance with and only till the scope permissible under this Agreement. Any transmission, transportation, or storage of Company Data outside the [Region/State/Country] is prohibited except on prior written authorization by the Company.

Customer Assistance

The Customer must:

• provide all reasonable assistance requested by the personnel of the Contractor in the diagnosis of any problem within the Customer’s computer System infrastructure and follow any reasonable direction of the contractor in the course of doing so;

• make available free of charge and within a reasonable time all information, facilities and services reasonably required to enable the contractor to provide the Services;

• provide access to the required IT infrastructure and remote access to allow the contractor to deliver the services outlined in the quoted scope of works.

• provide such facilities as reasonably required by the Contractor for performance of the managed services; and evaluate all recommendation made by the Contractor and respond in a reasonable time to accept or reject any recommendation by the Contractor.

Payment

• The Company shall pay the Contractor as per the agreed amount quoted and as per our payment terms. The payment shall be made after the invoice has been sent by the Company for all other sco. The Company shall make the payment to the Service Provider within [number of days] days of the invoice date. The mode of payment shall be [Payment Mode] or any other mode of payments as mutually agreed by both the Parties.

• Out of Scope works will be charged by the hour at a rate set out below:

• The hourly rate for services is set at AUD $195, with billable hours subject to a mutually agreed-upon scope of work prior to the commencement of any tasks. The client shall acknowledge acceptance of our hourly rate for the provision of services on a case-by-case basis.

Safeguarding Company Data

• The Contractor concurs that implementation, data storage, and access to Company Data shall be executed with proficiency, care, and judgment in accordance with the general standards of quality adherence.

• The Contractor shall implement and maintain the integrity of the Company Data.

• The Contractor shall also implement and maintain any safeguards required to be implemented by applicable state and federal laws and regulations.

• The System shall use secure protocols and encryption to safeguard Company Data in transit.

• The Contractor understands that the System may be placed on a public network and shall implement safeguards reasonably necessary to protect its System from compromises and attacks.

• The Contractor shall:

• Limit administrative access to the System

• Limit remote access to the System

• Limit permit and benefits to the minimum unless necessary for the proper functioning of company operations.

• Withdraw or dismantle applications and services that are not needed for the proper regulation of the system

• Use official accounts and not shared accounts.

• Use standard industry-compliant services for substantiation and authorization.

• Facilitate an appropriate level of audit and log for the system and its applications.

Interruptions

• The Contractor will use best endeavours to supply the Services without warranting that supply will be interruption or error free.

• Despite anything else within the Agreement, the Customer acknowledges and accepts that the Services may not be available in all circumstances.

• The Customer agrees to indemnify and release the contractor against any claim for damages arising in contract and or tort (including negligence) for default or failure to perform our obligations under the Agreement (including Service Levels) resulting from circumstances reasonably beyond its control. This includes but is not limited to, weather conditions, power failure, telecommunications failure, technical failure, maintenance requirements, inability to access Customer’s premises, the Customer’s acts or omissions or those of any third parties.

• The Contractor will rely upon these clauses to the full extent permitted by law.

Oversight

• The Company reserves the right to request security information reasonably necessary to ascertain the Company’s own compliance with state and federal data privacy laws. Upon the Company’s request, Contractor shall provide a copy of its most recent SOC 2 audit report, and that of any data center in which the Company’s data is stored.

Data

• The Contractor acknowledges that data in any way stored in or processed on the system will remain the property of the Customer.

• The customer must ensure and bear all responsibility for their own data, backing it up as necessary and will not hold the Contractor liable if the Customer's data is lost, corrupted or altered.

• The Contractor will ensure the Customer has access to the System at all times for the purpose of ensuring that;

• the Customer’s access to any part of the System is not restricted in any way by the actions or inactions of The Contractor;

• Data stored in or processed by the System is secure in accordance with industry best practice;

• Data stored in or processed by the System is entire and not corrupted;

• The Contractor is able to operate its business in a normal manner without the requirement to take any special measures; and

• Data is generally being managed in the manner specified by this Agreement and that all necessary security arrangements are in force.

• The contractor must not allow any of its employees, suppliers or subcontractor to, in any whatsoever prevent the Customer from accessing the System, its Data, or any Access Controls.

Ownership of Systems

• The Customer warrants that it is the owner of or has the rights to use the System and will maintain licenses for the use of the Software.

• The Contractor will not use or allow the use of the System or any component of the System by any person not authorised by the Customer, or for any purpose other than as specified by this Agreement.

Data Breach

• If Contractor becomes aware that Company Data may have been accessed, disclosed, or acquired without proper authorization and contrary to the terms of this Agreement, Contractor shall bring this to the Company's notice within [number of days] business days, and shall process measures to preserve forensic evidence and eliminate the cause of the Data Breach.

• The Contractor shall give the highest priority to immediately correcting any Data Breach and shall devote such resources as may be required to accomplish that goal.

• The Contractor shall provide the Company information necessary to enable the Company to fully understand the nature and scope of the Data Breach.

• Upon request, the Contractor shall provide Company information about what Contractor has done or plans to do to mitigate any deleterious effect of the unauthorized use or disclosure of, or access to, Company Data.

• In the event that a Data Breach requires the Contractor’s assistance in reinstalling software, such assistance shall be provided at no cost to the Company.

• The Company may discontinue any services or products provided by the Contractor until the Company, in its sole discretion, determines that the cause of the Data Breach has been sufficiently mitigated.

No Surreptitious Code

• The Contractor agrees that, to the best of its knowledge, the System does not contain any code or mechanism that collects personal information or maintains control of the System without the Company’s permission or such action which may restrict the Company’s access to or use of Company Data.

• The Contractor further warrants that it will not knowingly introduce, via any means, spyware, adware, ransomware, rootkit, keylogger, virus, trojan, worm, or other code or mechanism designed to permit unauthorized access to Company Data, or which may restrict Company’s access to or use of Company Data.

Warranties

• The Contractor warrants that the service/deliverables purchased hereunder are free and clear of any defects for a period of [Mention Warranty Tenure] from the date of allotment. The Contractor shall abide by this warranty and fix any issue at an authorized Contractor service center in the [Mention State].

Compelled Disclosure

• If Contractor is served with any subpoena, discovery request, court order, or other legal request or command that calls for disclosure of any Company Data, Contractor shall promptly notify the Company in writing and provide the Company sufficient time to obtain a court order or take any other action the Company deems necessary to prevent the disclosure or otherwise protect Company Data.

Suspension of Services

• Without limiting the Contractors rights under the Agreement, the contractor may may suspend the supply of Services with notice (which may be written or verbal) to the Customer at any time.

• The contractor is directed/required to do under the law; or

• The Customer fails to pay an amount due and payable that is thirty (7) days past the Due Date, which is not the subject of a good faith dispute, and for which a valid Tax Invoice has been issued.

• In the event an invoice, subscription or payment has not been made as per the payment terms set out in the quote and the invoice, the contractor will cease all services effective immediately. At such a point, the customer bears full responsibility for any impact this has on their operations and will indemnify the contractor under these circumstances.

Termination

• Upon expiration or termination of the Contract, the Contractor shall ensure that no Data Breach occurs and shall follow the Company’s instructions as to the preservation, transfer, or destruction of Company Data.

• Upon request by the Company, the Contractor shall certify in writing to Company that return or destruction of data has been completed.

• The Contractor shall continue to protect Company Data in accordance with this Agreement till the time it is mutually nullified.

• Upon termination of this Agreement, the Contractor shall cease reproducing, advertising, marketing, and distributing any material or information pertaining to the Company immediately.

Termination for Convenience

• Either Party to this Agreement may, terminate this Agreement at any time without cause by giving notice of not less than thirty (30) days to the other Party, during the Initial Term or Subsequent Period.

• If the Customer terminates the Agreement (for any reason other than where the Contractor is in default) then the Customer shall pay for that part of the Services actually completed by the Contractor prior to terminating the Agreement including any software subscription fees payable and outstanding costs otherwise the Customer is liable to pay for the Rates which would have been payable if the Agreement had continued for the full term of this Agreement.

• On termination of this Agreement for any reason whatsoever, the System, the Data, and the Access Controls and each and every component of those will be returned to the Customer or made available to the Customer (as the case may be) in good working order.

• Any termination or expiry of the Agreement will not prejudice any equitable or legal right of action or remedy which may have accrued or manifest to either Party prior to or after termination of the Agreement.

• Termination of the Services in accordance with the Agreement does not affect the application of the provisions of these terms and conditions relating to limitation of liability or indemnity.

• Any terms of this Agreement intended by their nature to survive termination of this Agreement will survive any termination or expiry of this Agreement.

Indemnification

• Both Parties agree to indemnify, defend and hold the other Party harmless from any actions, suits, claims, damages (actual and consequential), judgments, levies, executions, liabilities, losses, expenses, and other costs incurred in connection with this Agreement whether by an act or omission to act by the Parties except for gross negligence, willful misconduct or bad faith.

• Upon acceptance of this agreement, the client shall assume responsibility for maintaining appropriate cybersecurity and information technology-related insurance coverage in the event of a cyber attack or crime. While the contractor will implement best practices and utilize all reasonable measures within their capacity to safeguard against such incidents, the client acknowledges that in the event of a hack, phishing attempt, or any other malicious cyber issue that results in damages—whether financial or infrastructural—the client will not hold the contractor liable. Furthermore, the client agrees to indemnify the contractor against all claims arising from such occurrences.

Confidentiality

• A Party will not, without the prior written approval of the other Party, disclose the other Party's Confidential Information.

• A Party will not be in breach of clause 15.1 in circumstances where it is legally compelled to disclose the other Party's Confidential Information.

• Each Party will take all reasonable steps to ensure that its employees and agents, and any sub-contractors engaged for the purposes of this Agreement, do not make public or disclose the other Party's Confidential Information.

• Despite any other provision of this clause 15, a Party may disclose the terms of this Agreement (other than Confidential Information of a technical nature) to its related companies, solicitors, auditors, insurers and accountants.

• This clause will survive the termination of this Agreement.

Privacy

• The contractor will not use or disclose any Personal Information for a purpose other than discharging its obligations under this Agreement. The contractor further agrees to comply at all times with the Privacy Principles contained and the Privacy act in the country of our clients location (or an applicable privacy code approved by the Commissioner pursuant to that Act) in the same way and to the same extent as the Customer would have been required to comply had it been directly responsible for performing the act or practice concerned. The contractor will take all necessary steps to protect Personal Information in its possession against misuse or loss and it will return all such information to the Customer (or if requested by the Customer, destroy or deidentify such information) upon termination or expiry of this Agreement. This clause will survive the termination or expiry of this Agreement.

• The Customer is responsible for obtaining all relevant consents from, and providing all relevant notices to, individuals whose Personal Information is provided by the Customer to the Contractor in connection with this Agreement so as to ensure that the Contractor dealings with that information pursuant to this Agreement comply with the Supplier's obligations under any Privacy Laws.

• For the purpose of this clause, Personal Information means information or an opinion about an individual as defined by the Privacy Act in each region that our client is domiciled, which is collected, used, disclosed, stored or handled by a Party for the purposes of this Agreement.

Assignment and Subcontracting

• The contractor may subcontract Service obligations under the Agreement, provided that the contractor is:

• not relieved from any obligations under the Agreement; and

• liable for any breach of the Agreement committed, caused or contributed to by the subcontractors.

Waiver

• The waiver by either Party of any breach of the Agreement does not licence the other Party to repeat or continue any such breach. Such a waiver will not operate as a waiver of any subsequent breach.

• The failure of either Party to exercise any right is not be deemed to be an abandonment or waiver of any right for damages injunction or otherwise.

Variation and Change Control

• No variation of this Agreement will be effective unless in writing and signed by both Parties.

• Works and scopes may vary if it is in writing with a clearly defined new scope of work and associated cost.

Arbitration

• In the event of any dispute arising in and out of this Agreement between the Parties, it shall be resolved by Arbitration.

Out of Scope

• No services other than the Services are covered by this Agreement.

• Any services other than the Services that are provided by the contractor (Out of Scope) will be charged in accordance with the time and hourly rate in the Payment Schedule of the Agreement.

• The Services that are Out of Scope include but are not limited to:

• installation of new or additional devices or provision of service which is not specifically mentioned in the Agreement or covered by its scope; and

• the integration and initial set up costs to be charged again if the customer alters or changes their IT stack.

• The contractor shall provide suitably qualified personnel to perform the Services;

• in accordance with best industry practice;

• within a reasonable time in all the circumstances;

• in a safe, proper and workmanlike manner; and

• otherwise in accordance with the Agreement, as required by the Customer.

• The Contractor may, on behalf of the Customer, liaise with potential vendors in relation to the System or the Services, but has no authority whatsoever to bind the Customer in any agreement.

• Miscellaneous

• Payment: The rate of deliverables secured or licensed here shall be of the proposed quotation, agreed upon mutually.

• Assignability: Neither Party may assign this Agreement or the rights and obligations thereunder to any third party without the prior express written approval of the other Party which shall not be unreasonably withheld.

• Notices: Any notice required to be given to the Company shall be delivered by certified mail, personal delivery, or overnight delivery paid for by the Contractor.

• Force Majeure: Neither Party shall be liable for any failure in performance of the obligation under this Agreement due to cause beyond that party's reasonable control (including and not limited to any pandemic, fire, strike, act or order of public authority, and other acts of God) during the pendency of such event.

• Modification: No modification of this Agreement shall be made unless in writing, signed by both Parties.

• Severability: If any term, clause, or provision hereof is held invalid or unenforceable by a court of competent jurisdiction, all other terms will remain in full force and effect until the Agreement termination.

• The Contractor and the Customer consider the covenants, obligations and restrictions contained within this Agreement to be reasonable in all the circumstances of the Agreement. (b)

• Unenforceability of a provision of this Agreement does not affect the enforceability of any other provision. (c)

• If any provision is void voidable or unenforceable, it is taken to be severed from the Agreement.

• Governing Law and Jurisdiction: This Agreement shall be governed following the laws of the [State/Court/Region]. If the disputes under this Agreement cannot be resolved by Arbitration, they shall be resolved by litigation in the courts of the [State/Court/Region] including the federal courts therein, and the Parties all consent to the jurisdiction of such courts, agree to accept service of process by mail and hereby waive any jurisdictional or venue defenses otherwise available to it.

• Legal and Binding Agreement: This Agreement is legal and binding between the Parties as stated above. This Agreement may be entered into and is legal and binding in the

The Parties each represent that they have the authority to enter into this Agreement.

Entire Agreement:

This Agreement constitutes the entire understanding of the Parties, and revokes and supersedes all prior agreements between the Parties and is intended as a final expression of their Agreement. It shall not be modified or amended except in writing signed by the Parties hereto and specifically referring to this Agreement. This Agreement shall take precedence over any other documents which may conflict with this Agreement.

Schedule

• This agreement is deemed accepted by the Customer when they accept our quote of works in writing, or when they tick the acceptance box or agree online.