affianceSuite® Packaged Services Terms and Conditions
affianceSuite® Service
Scope. Scantron will provide remote monitoring and management (the “RMM Service”), Microsoft patch updates (the “MS Patching Service”) and helpdesk support (the “Helpdesk Service”) (together, the AffianceSuite Service) for targeted Devices in Customer’s network environment with Helpdesk Service limited to defined Customer employees (the “affianceSuite Users”).
RMM Service. Scantron will proactively monitor Customer’s Devices for critical system hardware errors, such as errors materially affecting the performance of system hardware, and file system utilization, such as capacity remaining. Scantron will take appropriate and reasonable action to correct or mitigate errors once alerted. In addition, Customer may request to have Scantron support personnel complete general server administration tasks such as user administration items or other server related tasks that may need to be performed at Scantron’s then-current applicable rates.
MS Patching Service. Scantron will perform standard patching of Microsoft products, including both the Operating Systems and supported Microsoft applications, on a recurring basis multiple times each month. Scantron monitors the release of monthly Microsoft patches for any potential issues and only releases patches for installation when no widespread issues have been reported.
Helpdesk Service. Scantron will provide support via telephone and remote-control to AffianceSuite Users during Normal Business Hours. Helpdesk Service includes issues with the operation of the Supported Software and Hardware Products (defined below), but also functional questions on how to use the supported products.
Supported Software and Hardware Products. Software support within AffianceSuite Service is limited to Microsoft Operating Systems that are currently supported by Microsoft and current versions of Microsoft Office Software. Home versions of Windows Client cannot be supported due to limitations in the software. Programming questions such as the creation of Microsoft Access databases or complex Microsoft Office macros are not included. Scantron will provided limited support on Apple, Linux, and other non-Windows operating systems less than six (6) years of age. Scantron will make a best effort to support these systems, but charges will be billable for time and materials. Customer acknowledges the potential need to maintain a support relationship with an Apple, Linux or other operating system software vendor or specialist and further agrees that all such third-party billable charges are the responsibility of the Customer. Hardware support is limited to computer hardware systems such as server systems, routers, and PCs up to six (6) years from the date of manufacture. Customer recognizes that after six (6) years, performance is likely to decrease, and problems/malfunctions related to the systems are likely to increase. As a result, Scantron cannot proactively provide support on systems over six (6) years of age. Any service on systems over six (6) years of age can be purchased at Scantron’s then-current hourly rate or via a separate Scantron hardware support Statement of Work (SOW).
Third Party Patching
Scope. Scantron will leverage software tools and remote labor to apply patches for targeted third-party network utility applications on targeted Devices per a mutually agreed process and schedule (the “Third Party Patching Service”).
Targeted Applications. Third Party Patching Service is limited to application patches, which may include security updates, product enhancements, product fixes and service packs, and which are available via manufacturers’ automated patch distribution systems. Targeted applications are defined as common third-party applications such as Adobe Reader DC, Adobe Air, Google Chrome, Microsoft Edge, Mozilla Firefox, Zoom and Oracle Java when properly licensed.
Managed Total Endpoint Protection
Scope Managed Total Endpoint Protection (the “MTEP Service”) is a security service that provides protection for endpoint devices on Customer’s network (the “MTEP Endpoints”) via anti-virus software (the “Webroot Software”) provided by Scantron’s technology partner (“Kaseya”). Scantron will manage the deployment and maintenance of the Webroot Software to provide protection against viruses or similar forms of malicious or undesired code (the “Malware”). Scantron does not guarantee complete prevention of impact from Malware but will apply the appropriate labor to remove Malware from Customer’s network environment.
Setup Scantron will perform the tasks required to initiate the MTEP Service including the removal of existing anti-virus and/or anti-malware software from MTEP Endpoints and installation of the Webroot Software. Upon termination of the Service, Scantron will provide the labor required to disengage the MTEP Service per Customer’s direction. One-time fees for labor to perform these setup and disengagement tasks apply.
Support Services Scantron will deliver the following support services during Normal Business Hours:
- Install and configure the Webroot Software (one-time installation charges apply)
- Adjust configuration as required to optimize effectiveness and performance
- Apply fixes, patches, bug fixes or any new or modified features added to or augmenting or otherwise modifying the Webroot Software
- Reconcile Webroot Software deployment against known Devices to close any deployment gaps
- Respond to actionable data, alerts or threat reports generated by the Webroot Software to remediate issues
- Contact Customer’s designated personnel as needed to verify possible false positive items
- Perform mitigation actions as needed to verified threats
- Tune Software exclusions to address any application functionality or performance issues
- Provide remote phone support for the Webroot Software
- De-install the Webroot Software upon termination of the MTEP Service
Software Customer agrees to the installation of required Webroot Software on MTEP Endpoints and to certain terms and conditions regarding the use of the Webroot Software which are placed on Scantron by Kaseya at https://www.kaseya.com/legal/kaseya-end-user-license-agreement-eula/ the (“Terms of Service”), as they relate to Customer and as may be amended from time to time by Kaseya in accordance with its sole discretion. Kaseya’s liability is limited to not exceed its liabilities and obligations detailed in the Terms of Service.
DNS Protection
Scope Scantron will provide setup and support for software (the “Cisco Umbrella Software”) which produces pro-active validation of Domain Name Service (DNS) requests from Customer’s designated servers, workstations, and portable devices (the “DNS Target Systems”) via a process that compares website requests against a database of undesirable or disallowed sites (the “DNS Protection Service”). In addition to blocking access to certain websites which have been dynamically determined to be harmful, the DNS Protection Service allows Customer to define web filtering characteristics for DNS Target Systems via a global policy and to create exceptions for users who need additional access. By blocking access to undesired sites, Customer is protected from a variety of risks associated with websites including phishing schemes, malware, botnets, and negative impact on productivity.
Setup. Scantron will provide the labor required to initiate the DNS Protection Service via redirection of existing DNS request architecture. Upon termination of the DNS Protection Service, Scantron will provide the labor required to disengage the service and re-establish an alternate DNS request architecture per Customer’s direction. One-time setup or disengagement fees may apply.
Support. Scantron will provide phone support and remote labor required to assist Customer with on-going maintenance and adjustment of the DNS Protection Service.
Website. The DNS Protection Service includes access to a web portal which allows Customer to view certain aspects of the DNS Protection Service and manage certain settings including those related to web content filtering (the “DNS Website”). Customer’s access and use of the DNS Website and the Cisco Umbrella Software is subject to Cisco’s Terms of Use which are located at http://www.opendns.com/website-terms-of-use.
Axcient Backup
Scope. Scantron will provide a backup and recovery solution for Customer’s designated systems or data. The solution will be dependent on the Customer’s current backup environment and consists of software (the “Axcient Software”), replication to a SOC 2 certified data storage facility (the “Axcient Datacenter”), remote support for the solution (together, the “Axcient Backup Service”) and may also consist of an on-premise hardware device (the “Data Protection Device”) depending on the service level selected.
Customer may have the option to lease or purchase the Data Protection Device and choose between limited and unlimited off premise storage.
- Provision of Axcient Backup Service – Scantron hereby agrees to provide to Customer the Axcient Backup Service solely for Customer’s own internal business purposes and subject to the restrictions herein. The Axcient Backup Service leverages proprietary Axcient Software which is subject to the terms and conditions of Axcient located at https://axcient.com/master-terms-of-service/. Scantron hereby grants to Customer a non-exclusive, nontransferable license to use the Axcient Software as installed solely for Customer’s internal business purposes and in accordance with the Axcient Backup Service.
Customer shall not, and shall not have others, modify, customize, reverse engineer, reverse assemble or reverse compile the Data Protection Device or Software or any part thereof.
- Device Retention – If it is determined an on-premise Data Protection Device is needed, the Data Protection Device may be leased or purchased depending on the services being selected as detailed in XYZ (the Customer quote). Any rights not expressly granted to Customer under this SOW are retained by Axcient.
- Data Protection Device Purchase or Lease – Customer may elect to purchase or lease the Data Protection Device.
- Purchased devices – May be retained by Customer at the end of the SOW term. Customer maintains no ownership in any copyrights or other intellectual property rights vested in the device or software.
- Leased devices – Must be returned at Customer’s expense to Scantron within 30 days following termination of the SOW. Customer agrees it is acquiring only the right to use the Data Protection Device and the Axcient Software during the term of this SOW. Customer has no ownership rights in the Data Protection Device or the Axcient Software, any copyrights and other intellectual property rights vested in the Data Protection Device and Axcient Software, and any modifications to the Data Protection Device and Axcient Software (including derivative works), and changes to the Data Protection Device and Axcient Software made by Scantron or its affiliates under the SOW. In no event shall title to any part of the Data Protection Device pass to Customer. Customer agrees that the Data Protection Device and Axcient Software (in whole or part) shall remain the exclusive property of Axcient and may not be copied or used except as expressly authorized by this SOW.
Axcient Disaster Recovery
Scope. Scantron will provide a Recovery Solution (Solution) for Customer’s designated systems or data. The Solution provided will be dependent on the Customer’s current disaster recovery environment and consists of software (the “Software”), replication to an SOC 2 certified data storage facility (the “Datacenter”), remote support for the Solution (together, the “Service”) and may also consist of an on-premise hardware device (the “Data Protection Device”) or cloud service depending on the backup recovery service selected.
Scantron will provide the Service to Customer during the term of this SOW, consisting of off-site automated data recovery services described herein. Scantron will provide access to Customer’s backup data for restoration and recovery purposes on a continuous basis and remote support for initial setup, on-going adjustments, and restoration requests. Scantron reserves the right to physically ship the backup data on tape or other media to Customer’s site. Shipping charges associated with the Solution or data recovery operations will be billed separately to Customer. Services provided:
- Access to Data backed up to cloud storage or on-premises hardware
- Ability to spin up data on a Virtual Machine
- Defined Recovery Point Objective
- Defined Recovery Time Objective
- Runbook on how the recovery process should be initiated and process for competition.
Customer Obligations – Customer will report any errors in executing backups promptly by phone or email to Scantron. Customer will arrange for, and maintain, communication services used to connect to the Datacenter. Customer is responsible for any communication costs associated with the connection between Customer’s site and the Datacenter. Customer shall implement reasonable security and environmental precautions to ensure a high level of system availability and data protection and recovery.
Customer covenants and agrees that Customer shall not place any data in the Datacenter that (i) infringes the intellectual property rights or privacy rights of any third party, (ii) violates any law, statute, ordinance or regulation, (iii) is defamatory, libelous, unlawfully threatening or harassing, (iv) is obscene, or contains any viruses, Trojan horses, worms, time bombs, cancel bots or other programming routines that are intended to or have the effect of damaging, detrimentally interfering with, surreptitiously intercepting or expropriating any system, data or personal information. Customer shall defend, indemnify and hold Scantron and its technology partner harmless against any third-party claim, suit or proceeding alleging any breach of the covenants contained in this Section.
Customer agrees to these https://axcient.com/master-terms-of-service/, as they relate to Customer and as may be amended from time to time by Scantron in accordance with its sole discretion.
Hawknet™ Essentials
Scope. Scantron will leverage a set of tools that monitor Customer’s critical systems, such as Customer’s internet connection, router, server, and other selected network equipment, for uptime and a limited number of system health issues (the “HawkNet Essentials Services”). If a critical issue is detected during the Normal Business Hours, a Scantron engineer will be alerted and can remotely diagnose and attempt to resolve the problem. Issues detected outside of Normal Business Hours will generate a ticket for action at the start of the next business day.
Automated Services. Scantron will perform or enable the following services without requiring a service request from Customer:
- Network discovery, mapping, and inventory documentation
- Device monitoring based on industry best practices
- Network device backup to ensure network security and continuity
- Alerting to ensure proactive awareness of network issues
- Traffic analysis and performance
Hawknet Performance
Scope. Scantron will leverage a set of tools that monitor Customer’s critical systems, such as Customer’s internet connection, router, server, and other selected network equipment, for uptime and a limited number of system health issues (the “HawkNet Essentials Services”). If a critical issue is detected during the Normal Business Hours, a Scantron engineer will be alerted and can remotely diagnose and attempt to resolve the problem. Issues detected outside of Normal Business Hours will generate a ticket for action at the start of the next business day.
Automated Services. Scantron will perform or enable the following services without requiring a service request from Customer:
- Network discovery, mapping, and inventory documentation
- Device monitoring based on industry best practices
- Network device backup to ensure network security and continuity
- Alerting to ensure proactive awareness of network issues
- Traffic analysis and performance
- Auvik Traffic Insights / Netflow data analysis.
- Network traffic flow analysis by application, bandwidth, protocol, address, internal / external destination.
Managed Firewall
Scope. Managed Firewall Service includes configuration, administration, monitoring, report generation, and customer support for the management of a customer-owned or leased Unified Threat Management (UTM) device and software related to the UTMs (the “Managed Firewall Service”). If a critical issue is detected during the Normal Business Hours, a Scantron engineer will be alerted and can remotely diagnose and attempt to resolve the problem. Issues detected outside of Normal Business Hours will generate a ticket for action at the start of the next business day.
- Configuration: The Managed Firewall Service will be operational once Scantron notifies Customer of proper reception of alerts from the managed UTMs. Customer must ensure that each UTM is accessible by Scantron.
- VPN Support: At Customer’s request, Scantron will configure Customer’s UTMs to allow a VPN to be established between two UTMs or between a UTM and a client.
- Firewall System Monitoring: Scantron will monitor the availability and condition of the UTMs and respond in case of failure.
- Security Monitoring and Log Analysis: Scantron offers 24 x 7 x 365 Security Operations Center (SOC) monitoring of event logs associated with managed UTMs and will process incoming security alerts from the managed UTMs to determine whether any events of significance occur. Security monitoring is limited to the information as it becomes available from, and is detected by, the UTM.
- Firewall Software Upgrades: Scantron will perform major software upgrades on the managed UTMs in order to maintain the security posture. If an upgrade is planned, Customer will be notified in advance. If possible, upgrades will be performed remotely and during routine maintenance windows.
- Firewall Software Upgrades: Scantron will perform major software upgrades on the managed UTMs in order to maintain the security posture. If an upgrade is planned, Customer will be notified in advance. If possible, upgrades will be performed remotely and during routine maintenance windows.
- Firewall Software Patches: Scantron monitors for new security threats, corresponding patches, and software upgrades. If a potentially critical security patch is discovered, Scantron will inform Customer within a commercially reasonable time after becoming aware of the availability of the patch. If Scantron reasonably determines that a patch is non-critical, Scantron will schedule installation of the patch for routine installation.
- Support: Scantron will provide solution phone support during Normal Business Hours. Scantron will provide associated log history and additional reporting via a web-based portal. Scantron support services related to the Managed Firewall Service: (a) Use commercially reasonable efforts to isolate any problems with the UTMs and send a technician to the Customer site if necessary; and (b) if Scantron, in its reasonable discretion, determines that any component of a UTM that resides on Customer’s premise needs to be replaced, Customer will replace such component with a component in good working order and of like kind and functionality from a Scantron-approved manufacturer at the time of replacement. Scantron will support the Scantron-released-and-approved current major version and the major version immediately preceding the current major version of UTMs, including software, being managed. Customer will upgrade device(s) to conform to the policy within 30 days of such notification.
- Specific Customer Obligations: If a Customer UTM ceases to be fully supported by the manufacturer(s) thereof, Customer will convert to a current model within the timeframe requested by Scantron. Changes, such as adding or removing servers, adding new applications, and applying changes to the UTM policies will affect the alarm policy of the UTM. Customer will notify Scantron of all planned changes. Customer acknowledges and agrees that (a) Managed Firewall Service constitutes only one component of Customer’s overall security program and is not a comprehensive security solution; (b) there is no guarantee that UTM functionality will be uninterrupted or error-free, that networks or systems connected to or supported by Scantron will be secure, or that Scantron’s services will meet Customer’s requirements; and (c) there is no guarantee that any communications sent by means of Scantron-managed UTMs will be private.
- Equipment: Customer will (a) maintain the Customer’s UTM and any associated software, systems, cabling and facilities in accordance with the reasonable instructions of Scantron and (b) not modify, relocate, or in any way interfere with Scantron’s Managed Firewall Service unless expressly authorized by a representative of Scantron to do so. Customer will furnish electrical power in the form of a 120V outlet, including backup power, and such other facilities as are required to accommodate the Managed Firewall Service. To the extent that Scantron uses Customer-owned or provided hardware and/or software, Customer will provide any license, approvals, or consents reasonably required for Scantron to access or use Customer’s equipment.
- Security: Customer will, at its own expense, take all reasonable physical and information systems security measures necessary to protect all equipment, software, data, and systems located on Customer’s premises or otherwise in Customer’s control and used in connection with the Managed Firewall Service, whether owned by Customer, Scantron, or Scantron’s subcontractors. Scantron will not be liable for any loss resulting from any unauthorized access to or alteration of theft, destruction, corruption, or use of, facilities used in connection with the Managed Firewall Service. All security policies, including, but not limited to, UTM security policies, are the responsibility of Customer even if Customer uses a third party (or Scantron) to configure and implement such policies.
Password Management and Multi-factor Authentication
Scope. Scantron will deploy and support password and identity management software, powered by the LogMeIn LastPass® platform (the “LastPass Software”), that authenticates user access to Customer’s network environment as further defined in this section (the “Password Management Service”). Service deliverables are defined as:
- LastPass Software deployment to create a unique password manager account with an email address and a strong master password to locally-generate a unique encryption key. One-time set-up fees may apply.
- LastPass Software that provides individual accounts with password vault, password generator, and single sign-on with auto fill credentialing capabilities.
- Ability to add multi-factor authentication access to provide an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.
- Apply fixes, patches, bug fixes or any new or modified features added to or augmenting or otherwise modifying the LastPass Software.
- Provide remote phone support for the LastPass Software.
- De-install the LastPass Software upon termination of the Service.
Performance Evaluation. Customer authorizes Scantron or its suppliers to evaluate Password Management Service upgrades and changes on an annual basis at each of Customer’s locations which utilize the Services. If such evaluations identify ways to improve performance or service at no additional cost to Customer, Customer authorizes Scantron and its suppliers to implement them.
Software.
- Customer agrees to the installation of required Software on its network.
- Customer agrees to LogMeIn Terms of Service available at https://www.logmein.com/legal/terms-and-conditions as it relates to the end user and as may be amended from time to time by LogMeIn in its sole discretion.
General.
Third Party Beneficiary – LogMeIn is a third-party beneficiary of the Password Management Service. LogMeIn will have the right to enforce Customer’s obligations under the Password Management Service and the limitations and restrictions applicable to Customer under this SOW.
Advanced Endpoint Security with 24×7 SOC
Scope. Advanced Endpoint Security with 24×7 SOC (the “AES Service”) is a security service that provides protection for endpoint devices on Customer’s network (the “Endpoints”) via advanced anti-virus software (the “SentinelOne Software”) provided by Secur-Serv’s technology partner (“SentinelOne”). Secur-Serv will manage the deployment and maintenance of the SentinelOne Software to provide protection against viruses or similar forms of malicious or undesired code (the “Malware”). Secur-Serv will provide 24×7 monitoring of all endpoints for any malicious activity and immediately take required action to quarantine identified threats or take other steps to minimize impact. Secur-Serv does not guarantee complete prevention of impact from Malware but will apply the appropriate labor to remove Malware from Customer’s network environment.
Setup. Secur-Serv will perform the tasks required to initiate the AES Service including the removal of existing anti-virus and/or antimalware software from Endpoints and installation of the SentinelOne Software. Upon termination of the AES Service, Secur-Serv will provide the labor required to disengage the AES Service per Customer’s direction. One-time fees for labor to perform these setup and disengagement tasks apply.
Support Services. Secur-Serv will deliver the following support services during Normal Business Hours:
• Install and configure the SentinelOne Software (one-time installation charges apply)
• Adjust configuration as required to optimize effectiveness and performance
• Apply fixes, patches, bug fixes or any new or modified features added to or augmenting or otherwise modifying the SentinelOne Software
• Reconcile SentinelOne Software deployment against known Endpoints to close any deployment gaps
• Monitor Endpoints 24×7 for alerts or threat reports generated by the SentinelOne Software to quarantine or remediate issues according to customers runbook
• Respond 24×7 to actionable data, alerts or threat reports generated by the Software.
• Contact Customer’s designated personnel as needed to verify possible false positive items
• Tune SentinelOne Software exclusions to address any application functionality or performance issues
• Provide remote phone support for the SentinelOne Software
• Provide web-based Customer access to the SentinelOne Software
• De-install the SentinelOne Software upon termination of the AES Service
Remediation Projects. Customer acknowledges that remediation of certain issues detected by the AES Service may require reconfiguration or upgrade of software or hardware in Customer’s network environment that is outside the scope of the AES Service and may be defined as a Change Project under the SOW at Secur-Serv’s sole discretion.
Software. Customer agrees to the installation of required SentinelOne Software on Endpoints and to certain terms and conditions regarding the use of the SentinelOne Software which are placed on Secur-Serv by SentinelOne available at https://www.sentinelone.com/terms-of-service/ (the “Terms of Service”), as they relate to Customer and as may be amended from time to time by SentinelOne in accordance with its sole discretion. SentinelOne’s liability is limited to not exceed its liabilities and obligations detailed in the Terms of Service.
Security Awareness Training
Service – Security Awareness Training (the “SAT Service”) is security training that instructs employees how to recognize and deal with potential security issues. SAT Service will demonstrate best practices for handling various forms of security challenges and direct users on the proper handling of these threats. SAT Service will be dependent on the Customer’s current environment and utilizes our partner Webroot’s cloud-based software (the “Software”). The SAT Service provides:
- Customer access to the SAT cloud-based software and resources consisting of trackable, customizable campaigns
- Phishing simulator, interactive security awareness courses
- Reporting center and contact training management
Customer Obligations – Customer shall not, and shall not have others, modify, customize, reverse engineer or reverse compile the Software or any part thereof. Customer also agrees to the terms of service for the Software found at https://www.webroot.com/us/en/legal and any changes made to these terms by Webroot at its sole discretion. Customer also agrees to:
- Cooperate with Scantron in its performance of the Services and provide sufficient and reasonable access to Customer’s premises, employees, contractors, equipment, and network as necessary for Scantron to provide the Services.
- Designate one of its employees to serve as a primary contact with respect to this SOW and to act as its authorized representative with respect to matters pertaining to this SOW. Customer shall inform Scantron of such primary contact and, in the event such primary contact is changed, provide a new primary contact to Scantron.
- Assist in the provision of SAT Services: (I) participate in remote resolution efforts as requested by Scantron; (ii) install or address issues associated with SAT Service setup and accessibility as needed.
Vulnerability Assessment with VulScan
Services. “VulScan Services” will mean regular assessment of internal and external vulnerabilities related to Customer’s network environment, powered by RapidFire Tools® VulScan platform (the “VulScan Software”), as further defined herein. Service deliverables are defined as:
- VulScan Software deployment of virtual machines on existing Customer hardware (the “VulScan Scanners”). One-time set-up fees may apply.
- Quarterly scans of internal vulnerabilities for specified IP address ranges
- Quarterly scans of external network vulnerabilities for a specified quantity of IP addresses
- Quarterly report of all incidents collected in the preceding quarter
- Phone consultation in response to Customer’s review of assessment results
- Categorization of all alerts into three categories:
- Vulnerability remediation that is covered by a separate, active Statement of Work between Customer and Scantron.
- Vulnerability requiring remediation under a separate project services quote.
- Vulnerability that requires discussion with Customer to assess risk tolerance.
- Annual review of most recent alert report via phone
Performance Evaluation. Customer authorizes Scantron or its suppliers to evaluate VulScan Service upgrades and changes on an annual basis at each of Customer’s locations which utilize the VulScan Services. If such evaluations identify ways to improve performance or service at no additional cost to Customer, Customer authorizes Scantron and its suppliers to implement them.
Software & Scanners.
- Customer agrees to the installation of required VulScan Software and VulScan Scanners on its network.
- Customer agrees to RapidFire Tools End User Software License Agreement available at https://www.rapidfiretools.com/eula/ (the “EULA”) as it relates to the end user and as may be amended from time to time by RapidFire Tools in its sole discretion.
General.
Third Party Beneficiary – RapidFire Tools is a third-party beneficiary of the VulScan Service. RapidFire Tools will have the right to enforce Customer’s obligations under the VulScan Service and the limitations and restrictions applicable to Customer under this SOW.
Vulnerability Assessment with Managed Risk
Scope. Scantron will provide regular assessment of internal and external vulnerabilities related to Customer’s network environment, using the Arctic Wolf® Managed Risk platform (the “Managed Risk Software”), as further defined herein (the “Managed Risk Service”). Managed Risk Service deliverables are defined as:
- Managed Risk Software deployment leveraging existing Customer hardware or hardware provided to Customer from Scantron (the “Managed Risk Scanners”). One-time set-up fees may apply.
- Continuous scans of internal vulnerabilities for specified IP address ranges
- Continuous scans of external network vulnerabilities for a specified quantity of IP addresses
- Real time alerting of critical vulnerabilities
- Quarterly report of all incidents collected in the preceding quarter
- Phone consultation in response to Customer’s review of assessment results
- Categorization of all alerts into three categories:
- Vulnerability remediation that is covered by a separate, active Statement of Work between Customer and Scantron.
- Vulnerability requiring remediation under a separate Project Services quote.
- Vulnerability that requires discussion with Customer to assess risk tolerance.
- Semi-annual review of most recent alert report via phone
Performance Evaluation. Customer authorizes Scantron or its suppliers to evaluate Managed Risk Software upgrades and changes on an annual basis at each of Customer’s locations which utilize the Managed Risk Services. If such evaluations identify ways to improve performance or service at no additional cost to Customer, Customer authorizes Scantron and its suppliers to implement them.
Software & Scanners.
- Customer agrees to the installation of required Managed Risk Software on its network.
- Other than normal wear and tear, Customer is responsible for loss, repair, replacement and other costs, damages, fees, and charges to repair the Managed Risk Scanner. Upon termination and/or expiration of the Managed Risk Service, the Managed Risk Scanners must be returned to Scantron. If the Managed Risk Scanners are not returned within 90 days following termination or expiration, Customer will be liable for the replacement cost of the Managed Risk Scanners which shall be due and owing upon receipt of the invoice from Scantron. Any automated maintenance and update cycles to the Managed Risk Software and Managed Risk Scanners will be performed remotely by Arctic Wolf. Arctic Wolf will provide any services related to the replacement or upgrades of the Managed Risk Scanners. Any costs related to such Managed Risk Scanner replacement or upgrades will be provided by Arctic Wolf.
- Customer agrees to Arctic Wolf’s Solutions Agreement available at https://arcticwolf.com/terms/msa/ (the “Solutions Agreement”) as it relates to the end user and as may be amended from time to time by Arctic Wolf in its sole discretion.
Third Party Beneficiary. Arctic Wolf is a third-party beneficiary of the Managed Risk Service. Arctic Wolf will have the right to enforce Customer’s obligations under the Managed Risk Service and the limitations and restrictions applicable to Customer therein.
Managed Detection and Response
Scope. Managed Detection and Response, (the “MDR Service”) is a security service that provides 24×7 monitoring of networks, endpoints, and cloud environments to detect, respond to, and recover from cyber-security issues on Customer’s assets and network via cybersecurity software (the “MDR Software”) provided by Scantron’s technology partner (“Arctic Wolf”). Scantron will manage the deployment and maintenance of the MDR Software to provide protection against cyber-security issues. Scantron does not guarantee complete prevention of impact from cyber-security issues but will collaborate with Customer and Artic Wolf to apply the appropriate labor to address actionable alerts from the MDR Software.
Setup. Scantron will perform the tasks required to initiate the MDR Service including installation of the MDR Software and any associated hardware devices (the “MDR Sensors”). Upon termination of the MDR Service, Scantron will provide the labor required to disengage the MDR Service and remove the MDR Software and MDR Sensors per Customer’s direction. One-time fees for labor to perform these setup and disengagement tasks apply.
Support Services. Scantron will deliver the following support services during Normal Business Hours:
- Install and configure the MDR Software and MDR Sensors (one-time installation charges apply)
- Adjust configuration as required to optimize effectiveness and performance
- Apply fixes, patches, bug fixes or any new or modified features added to or augmenting or otherwise modifying the MDR Software
- Categorize alert data from threat reports generated by the MDR Software
- Contact Customer’s designated personnel as needed to convey, and coordinate required action.
- Perform mitigation actions as needed to verified threats that do not require a Change Project as defined by the SOW
- Tune MDR Software exclusions to address any application functionality or performance issues
- Provide remote phone support for the MDR Software
- De-install the MDR Software and MDR Sensor(s) upon termination of the MDR Service
Remediation Projects. Customer acknowledges that remediation of certain issues detected by the MDR Service may require reconfiguration or upgrade of software or hardware in Customer’s network environment that is outside the scope of the MDR Service and may be defined as a Change Project under the SOW at Scantron’s sole discretion.
Software. Customer agrees to the installation of required MDR Software on Customer’s network and to certain terms and conditions regarding the use of the MDR Software which are placed on Scantron by Arctic Wolf available at https://arcticwolf.com/terms/msa/, (the “Terms of Service”) as they relate to Customer and as may be amended from time to time by Arctic Wolf in accordance with its sole discretion. Arctic Wolf’s liability is limited to not exceed its liabilities and obligations detailed in the Terms of Service.
MDR Sensors. Customer agrees to the installation of required MDR Sensors on its network and to certain terms and conditions regarding the use of the MDR Sensors. Arctic Wolf will monitor MDR Sensors and will provide replacement MDR Sensors as required to address MDR Sensor issues or upgrade requirements. MDR Sensors remain the property of Arctic Wolf throughout the Term of agreement and must be returned to Arctic Wolf upon termination of service per instructions provided by Scantron.