Unless otherwise stated, these Services and Support Policies (the “Policies”) apply to the services and support described below, as may be updated from time to time.
1. Introduction.
- A. CCG provides certain services for the fees provided under its price list, including Software Product Support & Maintenance, Delivery & Installation Services, Training Services, and Professional Services. Customer may obtain the services for the fees under the then current price list.
- B. These Policies outline the parameters of the services available from CCG.
2. Definitions.
- A. “AdminCore” (see under Software Solutions).
- B. “Appliance” (see under Software Solutions).
- C. “CCG” means Canfield Consulting Group, LLC, a Maryland limited liability company.
- D. “CCG Website” means the URL www.phen-ai.com, which is comprised of various web pages, tools, information, software, content, and features, operated by CCG
- E. “Confidential Information” means the trade secrets and proprietary information of CCG and its licensors that is not generally known to the public, whether such information is in tangible or intangible form, and includes IP Rights.
- F. “Customer” means the entity or agency subscribing to the services offered by CCG.
- G. “Documentation” means the associated media, printed materials, and online or electronic documentation distributed with the Appliance or its components.
- H. “IP Rights” means the intellectual property rights, including copyrights, patents, patents pending, trademarks and trade secrets, in and to the Appliance, AdminCore, Sensors, Software, Documentation, algorithms, databases, and the CCG Website (including related software, images, photographs, animations, video, audio, music, text, and content) owned by CCG or its licensors.
- I. “Permitted Number of Interfaces” means the number of authorized Internet Protocol Version 4 (IPv4) or Internet Protocol Version 6 (IPv6) addresses from which the Sensor is permitted to collect data. A “non-permitted interface” is the unauthorized use of the Sensor to collect data from more than the authorized number of IPv4 or IPv6 addresses, based on the license fee paid.
- J. “Sensor” (see under Software Solutions).
- K. “Service” means those services offered by CCG and described under these Policies.
- L. “Site” means the location specified for the delivery and installation of the Appliance and for the delivery of those Services selected by Customer.
- M. “Software” means (i) all of the software code (whether as source code, object code, or application programming interfaces) of the all-in-one cybersecurity suite of software applications and products referred to as “CheckMate” that is comprised of CCG’s “Phen.(AI),” “Cognoscenti,” “CanSecure,” “NeTERS,” and “SmartLog Analyzer” software, and each of their underlying programs and subroutines, whether provided together, separately, or in combination, directly on the Appliance or its components, or by electronic download, on physical media, or by any other method of distribution, and (ii) upgrades, updates, patches, additions, and modifications to the CheckMate software.
- i. “Distributed Software” means the different components of the application programming interface of the Software that are installed on the Appliance that permits Customer to interact with CheckMate, and excludes the source code and object code of the Software.
- ii.“Licensed Software” means the Distributed Software for which Customer has paid the necessary license fees for the licensed period of use.
- N. “Software Solutions” means the application solutions provided in the “Appliance” and Distributed Software. The Appliance consists of the AdminCore and the Sensors. “AdminCore” resides on the server(s) supplied by CCG, and means the components of the Distributed Software that provide the central architecture that receives data from the Sensor(s) and provides a complete self-contained cyber-defense solution for (i) detecting network problems and insider threats, (ii) providing threat hunting and behavioral analytic detections, including penetration testing, scanning, and complete visibility of the network, (iii) monitoring, (iv) providing security and threat analysis, (v) taking appropriate action, and (vi) providing the artificial intelligence functions for CheckMate. The “Sensor” resides on the hardware provided by CCG, and means the components of the Distributed Software that provides the data to the AdminCore for monitoring, analysis, and action.
- O. “Support” means the support services described in these Policies.
- P. “Work Hour” means the hour within a Workday. Any Work Hour that exceeds the time of the Workday, shall be continued to the next Workday. Work Hour excludes Work Interruptions.
- Q. “Work Interruption” means severe weather conditions, physical security threats (e.g., bomb threats, gun violence, riots, etc.), government-imposed travel restrictions (e.g., quarantine requirements, pandemic closures, etc.), and such other events outside the reasonable control of CCG,
- R. “Workday” means eight (8) hours per day, generally between the hours of 9:00 AM and 5:00 PM, excluding the lunch hour and excluding Saturdays, Sundays, holidays (whether local, state, or federal holidays), and Work Interruptions.
- S. “Work Week” means five (5) consecutive Workdays, normally Monday through Friday, excluding Saturdays, Sundays, holidays, and Work Interruptions. Where the Work Week is interrupted by weekends, holidays, or Work interruptions, the Work Week will continue to the next Workday, following such weekend or holiday.
3. Limitation on Hardware Warranty.
- A. The AdminCore and Sensors are provided on third-party servers and hardware. The servers and hardware, including chassis, motherboards, disks, and memory, are provided with a limited warranty as provided under this section.
- B. Provided that Customer has paid for Platinum Support and has current Licensed Software and a valid license for the Permitted Number of Interfaces, CCG provides a thirty (30) day limited warranty on the chassis, motherboards, disks, and memory, for the Appliance, commencing on the date of delivery of the Appliance. Customer shall contact CCG within such thirty (30) day period in the event the servers, hardware, chassis, motherboards, disks, or memory are found to be defective. Within two (2) weeks of replacement by CCG of any defective servers, hardware, chassis, motherboards, disks, or memory, Customer agrees to and will ship the defective servers, hardware, chassis, motherboards, disks, or memory, as applicable, to CCG’s main office at Customer’s expense. In the event Customer fails to return the defective parts. CCG will charge Customer the list price of the server, hardware, chassis, motherboards, disks, or memory that Customer fails to return. CCG provides no other warranty on the servers, hardware, chassis, motherboards, disks, or memory.
- C. After the expiration of CCG’s limited warranty under paragraph 3.B, warranty services related to third-party branded products are governed by such third-party’s terms and conditions, including any requirement that Customer have paid such third-party for such third-party warranty services. In the event of a defect in the servers or hardware, Customer agrees to contact CCG immediately in order for CCG to make recommendations or take any action with respect to the claimed defects in the servers or hardware. In no event will Customer open, disassemble, or remove components from the Appliance or servers.
- D. The limited warranty under this section does not apply to defects arising from accident, abuse, alteration, modification, or improper installation or configuration by Customer, or failure to operate or maintain the servers, hardware, or Sensors, in accordance with the applicable documentation.
- E. A material condition of this limited warranty is that Customer will comply with all notices from CCG that Customer will not open, disassemble, or remove components from the Appliance or servers, or break any tamper-evident seals on the servers or hardware.
4.Delivery and Installation Services. For paid on-site services, Customer will provide necessary access to CCG personnel to facilitate the delivery and installation of the CCG products, and both parties will cooperate with the other.
5.Training Services. CCG will provide training services where Customer has paid for such services under CCG’s then-current fee schedule. CCG agrees to provide up to two (2) Workdays of onsite or online training for up to 6 persons in the training group. The parties will cooperate to find a mutually acceptable date and time for the training.
6.Professional Services. Professional services will be provided by CCG for the fees under CCG’s then-current fee schedule. CCG will provide professional services to address Customer needs such as managing and maintaining the CCG products, assistance with creating reports, support with threat analysis, alerts, and any other matters as determined between CCG and Customer.
7.Software Product Support & Maintenance. As a prerequisite for Software Product Support and Maintenance (“Support”), Customer must have current Licensed Software and a valid license for the Permitted Number of Interfaces. All Support requires a prepaid annual subscription concurrent with the annual license fee for the Licensed Software and the Permitted Number of Interfaces. Support provides software product support and maintenance for CCG’s Licensed Software, which includes patches, updates, and upgrades to CCG’s Licensed Software.
- A. Software product support objectives: In the event of an issue with CCG’s Licensed Software, Customer shall contact CCG by email, at the email address provided by CCG, describing the issue with as much specificity as possible.
Case Severity | Standard Support | Gold Support | Platinum Support |
---|---|---|---|
Upon receipt by CCG of Customer’s email indicating an issue: | |||
1 | CCG will acknowledge receipt of the issue by the end of the next Workday. | CCG will acknowledge receipt of the issue within 8 business hours. | CCG will acknowledge receipt of the issue within 2 business hours. |
2 | CCG will acknowledge receipt of the issue within 5 Workdays. | CCG will acknowledge receipt of the issue within 3 Workdays. | CCG will acknowledge receipt of the issue by the end of the next Workday. |
3 | CCG will acknowledge receipt of the issue within 3 Work Weeks. | CG will acknowledge receipt of the issue within 2 Work Weeks. | CCG will acknowledge receipt of the issue within 1 Work Week. |
- B. Problem Resolution. Resolution will consist of either a Work Around, an Interim Solution, or a Permanent Solution. Problems that require an Interim Solution will be considered resolved when the test used to reproduce the problem demonstrates the corrected behavior. CCG will not responsible for resolving problems arising from errors in equipment or software not provided by CCG or errors made by individuals who are not CCG employees or contractors.
- C. Resolution Objectives.
Case Severity | Work Around | Interim Solution | Permanent Solution |
---|---|---|---|
1 | Standard Support: Provided within 7 Workdays. Gold Support: Provided within 5 Workdays. Platinum Support: Provided within 3 Workdays | Interim Solution | Standard Support: Included in next release. Gold Support: Included in next release. Platinum Support: Included in the next release. |
2 | Standard Support: Provided within 2 Work Weeks. Gold Support: Provided within 1 Work Week. Platinum Support: Provided within 3 Workdays. | Standard Support: Provided within 3 Work Weeks if no Work Around is possible. Gold Support: Provided within 2 Work Weeks if no Work Around is possible. Platinum Support: Provided within 3 Workdays if no work around is possible. | Standard Support: Included in next release. Gold Support: Included in next release. Platinum Support: Included in next release |
3 | Next release. | Standard Support: Provided within 8 Work Weeks. Gold Support: Provided within 6 Work Weeks. Platinum Support: Provided within 3 Work Weeks. | When deemed feasible by CCG. |
- D. Severity Definitions.
Severity Level | Description |
---|---|
1 | A Severity 1 problem exists if any CCG product or major function thereof is (i) inoperative, or (ii) is experiencing intermittent problems that is having a significant impact on the Customer’s ability to use the CCG product. |
2 | A Severity 2 problem exists if functionality of the CCG product is found to be defective or absent, or contains a problem that renders the CCG product difficult, but not impossible to use. |
3 | A Severity 3 problem exists if the Customer experiences a non-critical degradation of performance, or experiences minor problems that need correction in either the CCG product or the relevant CCG product manuals. |
- E. Escalation within CCG.
- i. When a problem arises, the Customer will contact CCG by email; CCG’s internal support organization will start verifying the software issue. Once the problem is verified by the CCG support organization, the request will be handed over to product development to resolve the issue if no resolution is immediately available. The Customer will be contacted as describe above.
- ii. CCG’s assigned support engineer follows up on the issue internally within CCG and will, according to the resolution objectives set forth above, attempt to send out Work-Around, Interim, or Permanent solutions.
- iii. Customer understands that CCG cannot guarantee a favorable outcome, and some issues may have to be resolved by providing a new/replacement installation with loss of history.
- iv. CCG provides a data feed comprising the latest updates and new tests available to detect and identify the latest known vulnerabilities. The tests are available for download on a weekly basis. The feed is usually updated weekly.
8. Customer Obligations.
- A. Cooperation. Customer will cooperate with CCG in identifying and resolving issues.
- B. Site Access. Customer will provide CCG with access to the Site to perform those Services that cannot be provided remotely.
- C. Qualified Personnel. With respect to Training Services, Customer will ensure that its personnel that will receive Training Services are qualified cyber security personnel.
- D. Technical Contact. Customer shall identify the individual who will be the technical contact for CCG.
9. Warranties, Disclaimers, Remedies, & Liabilities.
- A. Services Warranty. CCG warrants that its Delivery & Installation Services, Training Services, Professional Services, and Software Product Support & Maintenance will be performed consistent with generally accepted industry standards. This warranty shall be valid for thirty (30) days from the date of performance of the respective Service. Customer must notify CCG of any warranty deficiencies within thirty (30) days from the date of performance of the defective Service.
- B. EXCLUSIVE REMEDY. IN THE EVENT OF CCG’S BREACH OF ITS ABOVE WARRANTY, CCG’S SOLE AND EXCLUSIVE OBLIGATION AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY SHALL BE THE REPERFORMANCE OF THE RESPECTIVE SERVICE.
- C. DISCLAIMER. THE WARRANTY UNDER THIS SECTION 9 IS EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- D. LIMITATION OF LIABILITY. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR ANY LOSS OF PROFITS, REVENUE, DATA, OR USE, INCURRED BY EITHER PARTY OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, EVEN IF THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
10. Termination.
- A. Automatic. Software Product Support & Maintenance shall automatically terminate one year from the date of Customer’s Support agreement, unless Customer has renewed the Support agreement for the next year.
- B. Software License. CCG may terminate its Software Product Support & Maintenance if Customer no longer has a valid Licensed Software or valid license for the Permitted Number of Interfaces.
- C. C.Non-Payment. CCG may terminate its Services where the required payments from Customer have not been received by CCG.