Service Schedule – Cyber Security Services

1. About this Service Schedule

1.1. This Service Schedule only applies where a Quotation that you and we execute expressly provides for our supply of one or more of the following services to you:

(a) Cybersecurity Hardware;

(b) Cybersecurity Software;

(c) Endpoint Security Management Services;

(d) Managed Cyber Security Services; and

(e) Cybersecurity Consulting Services.

1.2. This Service Schedule must be read in conjunction with our Terms of Service and the other documents that comprise an Agreement. 

2. Cybersecurity Hardware and Software

2.1. This clause 2 only applies where a Quotation provides for our supply to you of Third Party Security Products.

2.2. The Third Party Security Products provide you with access to security hardware and/or software (as applicable) that will be made available to you for you to use at Your Premises or in a hosted environment, as set out in the Quotation. 

2.3. If we provide you with recommendations concerning which Third Party Security Products to purchase, we do not represent that the Third Party Security Products will prevent or block all security attacks to your networks, computer systems and environment. 

2.4. Notwithstanding any communications between the parties, it is your responsibility to select the Third Party Security Products and associated options that are most appropriate for your cybersecurity needs and unless a Quotation provides for us to carry out a full audit of your IT environment, you warrant to us that you have conducted all investigations and made all necessary inquiries in order to satisfy this requirement.

2.5. Our provision of Third Party Security Products may be subject to a service level agreement provided or published by the Vendor of the Third Party Security Products from time to time.

2.6. You agree to use, and ensure that your End Users use, Third Party Security Products only in accordance with the Agreement and any applicable Vendor Terms.

2.7. Vendor Terms will, among other things, grant you a right to use the Third Party Security Products and specify associated obligations.  The Vendor Terms may be detailed in a licence issued by the Vendor and will be appended to or referred to in the relevant Quotation that we issue to you for the Third Party Security Products.

2.8. We will use our best endeavours to make Third Party Security Products available to you 24 hours a day, 7 days a week. However, you acknowledge that the Third Party Security Products may be unavailable at times, due to various factors including network maintenance, peak congestion or Your Equipment failure. You further acknowledge that other than in respect of guarantees that may be implied in the Agreement under the ACL or other non-excludable Applicable Law, we do not guarantee the speed, performance or quality of the Third Party Security Products, although certain credits or rebates may be available under applicable Vendor Terms. Where such credits or rebates are available and provided to us for Third Party Security Products that we supply to you, we will pass on those credits or rebates to you on a pro rata basis.

2.9. Emergency maintenance and scheduled maintenance in relation to Third Party Security Products may be required from time to time. Should this be necessary, we will provide as much notice as is reasonably practicable and where within our control, we will endeavour to conduct such maintenance at times that are unlikely to impact most clients.

2.10. Fees for Third Party Security Products may include establishment, monthly recurring (which may be invoiced in advance), usage-based and other associated charges (including for hardware, software and professional services). All such Fees will be set out in the Quotation.

2.11.  If there is a data allowance associated with a particular Third Party Security Product and it is not used within the period for which it is provided, it does not roll-over into a subsequent period.

2.12. You acknowledge that devices connected to a network, and particularly those connected to the Internet, are subject to security threats and other than in respect of guarantees that may be implied in the Agreement under the ACL or other non-excludable Applicable Law, no representation, warranty or guarantee is provided that Third Party Security Products will be able to completely eliminate all or any specific types of security vulnerabilities or threats on your network.

2.13. Without limiting clause 2.12 above (and without making any warranty or representation), we recommend that you take up all appropriate options within the Third Party Security Products and employ other security technologies in conjunction with the Third Party Security Products.

2.14. If you experience a fault that you consider is with a Third Party Security Product, you must use reasonable endeavours to determine if the fault is caused by your own network, Your Equipment or otherwise within your responsibility, prior to contacting us for support. Should you request after-hours support and the fault is found not to be related to a third Party Security Product, we may impose a professional service fee at our then current rates for the time we spent communicating with you about the fault and investigating it. In any event, support for Third Party Security Products is only available if you enter into an agreement that provides for our provision of support services in accordance with our Managed IT Services Schedule.

3. Endpoint Security Management Services

3.1. If “Endpoint Security Management Services” is specified in a Quotation, we will during the Term of the relevant Agreement:

(a) read and respond to any security notifications issued to us with respect to potential security issues reported by security management software that we install on any items expressly specified in a Quotation as being covered by Security Endpoint Management Services (Monitored Items); and

(b) install security updates and other software patches to the Monitored Items after receiving notice of the existence of the updates and patches where they are available to us free of charge or paid for by you.

4. Managed Cyber Security Services

4.1. If “Managed Cyber Security Services” is specified in a Quotation (Managed Cyber Security Services):

(a) we will deploy the firewalls and other security products specified in the Quotation that are designed to maintain your network security;

(b) we will use our best endeavours to identify security breaches, threats and vulnerabilities on the devices or networks specified in the Quotation as being covered by the Managed Cyber Security Services (Your Devices and Networks); and

(c) you acknowledge that devices connected to Your Devices and Networks, particularly those connected to the internet, are subject to security threats and that other than in respect of guarantees that may be implied in the Agreement under the ACL or other non-excludable Applicable Law, no representation, warranty or guarantee is provided that our Managed Cyber Security Services will be able to identify or eliminate all or any specific types of security breaches of, and threats or vulnerabilities to, Your Devices and Networks.

5. Cybersecurity Consulting Services

5.1. If Cybersecurity Consulting Services” is specified in a Quotation, we will provide the consulting services in accordance with any requirements set out in the Quotation (Cybersecurity Consulting Services).

5.2. In relation to the Fees for Cybersecurity Consulting Services:

(a) the Quotation will set out:

5.2.a.1. a specified number of hours for our provision of Cybersecurity Consulting Services to you (Fixed Hours Engagement); or

5.2.a.2. a specified number of hours for our provision of Cybersecurity Consulting Services to you each month during the Term (Monthly Retainer);

(b) in respect of any Fixed Hours Engagement or Monthly Retainer, once you have used the specified number of hours set out in the Fixed Hours Engagement or Monthly Retainer, your engagement of our Cybersecurity Consulting Services shall be deemed to have come to an end until you buy further blocks of time (each, a Block of Time);

(c) if you require our Personnel to work in the evenings, weekends or public holidays and depending on the availability of Personnel, we can do so at your written request only at our after-hours rates. For clarity, after-hours work is any work done outside of Business Hours on Business Days.

5.3. In respect of any Monthly Retainer, any unused hours at the end of each month during the Term are forfeited.

5.4. You will be responsible for all costs and expenses of our Personnel for any onsite attendance, and for interstate travel, with respect to accommodation, meals and transport (collectively, Additional Expenses). You must reimburse us for all Additional Expenses that we incur within 7 days of the date of any invoice we issue to you for Additional Expenses.

6. Definitions and Interpretation

6.1. In this Service Schedule, words in bold font in parentheses have the meanings given to them therein and words starting with a capital letter in this Service Schedule that are not otherwise defined in this Service Schedule have the meanings given to them in the Terms of Service. In addition, the following words have the following meanings:

Third Party Security Products means the security hardware and/or software products specified in a Quotation.

Vendor Terms means a Vendor’s terms and conditions, as detailed in a licence agreement, end user agreement, terms of service or other similar customer agreement, issued by the Vendor and referred to in or appended to a Quotation that we issue to you for Third Party Security Products.