This END USER LICENSE AGREEMENT (“Agreement”) is a legal agreement between The Escal Institute of Advanced Technologies, Inc. /dba SANS Institute, ("SANS" or “Service Provider”) and you (“End User Customer” or “Customer”). SANS and End User Customer may be referred to in this Agreement individually as a "Party" and together as the "Parties”. By using the Products, the End User Customer agrees to be bound by the terms of this Agreement.
1. DEFINITIONS.
a. Applicable Data Protection Legislation means any data protection regulation that may apply in the context of the Agreement, including, where applicable, (i) the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) and the laws and regulations adopted to implement the GDPR and (ii) any other laws or regulations relating to the Processing of Personal Data.
b. Confidential Information means any information that is proprietary or confidential to a Party and either marked as confidential or identified as such to the other Party, including, but not limited to, business or technical data or know-how, customer and prospective customer lists, secrets, ideas, concepts, designs, drawings, flow charts, diagrams, financials, and other intellectual property, in whatever form including, documented information, machine readable or interpreted information transmitted in any form including, in writing, orally, or visually. Any abstracts, summaries or compilations are included in this definition of Confidential Information. For avoidance of doubt, Confidential Information includes details of SANS training courses or exams, pricing, courseware, user information, and the business relationship between the Parties.
c. End User Customer Materials means End User Customer-sourced data or materials not provided by SANS or its suppliers, that are used in connection with SSA Training Materials, such as End User Customer-sourced content, logos, artwork, or media.
d. Disclosing Party means the Party that discloses its Confidential Information to the Receiving Party under this Agreement.
e. Engagement Materials means SANS fact sheets, FAQs, help files, media files, newsletters, posters, and screensavers provided or made available to facilitate use of the SANS Products. Engagement Materials do not include SSA Training Materials themselves.
f. Named User means, as applicable, an authorized SSA Training Named User as defined in Addendum A, an authorized SSA Litmos Training Named User as defined in Addendum B, an authorized SSA Phishing Named User, as defined in Addendum C, or a named user otherwise defined in a Price Quote or additional Addendum.
g. Personal Data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
h. Price Quote means the document provided by a SANS authorized reseller that details the Product(s) being provided to End User Customer by SANS, as well as the quantities, fees, Subscription Term, and payment terms.
i. Products means the products to be provided by SANS and made available to End User Customer as set forth in a Price Quote or statement of work.
j. Receiving Party means the Party that receives Confidential Information of the Disclosing Party under this Agreement.
k. SSA Training Materials means SANS Security Awareness videos, interactive programs, online training content, exams, assessments, electronic materials, and other training Products. Each Product is licensed separately.
l. Services means the services to be performed by SANS for End User Customer as set forth in a Price Quote or statement of work.
m. Subscription Term means the License Term or Subscription Term specified in a Price Quote.
2. ENGAGEMENT MATERIALS. Except as set forth in the applicable Price Quote:
a. End User Customer is granted a non-exclusive, non-transferable, and non-sublicensable license during the applicable Subscription Term to use Engagement Materials related to the Products or Services to which it subscribes, only for its own internal use in connection with such Products or Services. Engagement Materials: (i) are not subject to “per user” limitations; (ii) are provided as digital files only, and (iii) may be modified or updated by SANS from time to time.
b. End User Customer shall not, for the purposes of sale, resale, lease, and/or developing a competing product: copy, reproduce, distribute, display, modify or create derivative works based upon all or any portion of the Engagement Materials in any medium.
3. PERFORMANCE STANDARDS. Using commercially reasonable efforts, the services will be available 99.999%, measured monthly, excluding: (i) holidays; (ii) weekends; (iii) scheduled maintenance; and/or (iv) any downtime resulting from outages of third-party connections or utilities or other reasons beyond SANS’ control.
4. CONFIDENTIALITY AND NON-DISCLOSURE.
a. The Receiving Party may be given Confidential Information from the Disclosing Party in order to perform its obligations under this Agreement. The Receiving Party will protect the confidentiality of the Disclosing Party’s Confidential Information during the Term of this Agreement and indefinitely thereafter by (a) using the same means it uses to protect its own Confidential Information, but in any event, not less than reasonable means, and (b) using the Disclosing Party’s Confidential Information solely in connection with this Agreement. The Receiving Party shall not copy or disclose this Agreement and the Disclosing Party’s Confidential Information except to those employees, officers, directors, subcontractors, agents, or affiliated entities of the Receiving Party (“Representatives”) who have a need to know such Confidential Information as required in connection with this Agreement; provided, such Representatives are advised of and agree to abide by the confidentiality obligations set forth in this Agreement. Compliance by Representatives with the confidentiality and use obligations in this Agreement will remain the responsibility of Receiving Party, and both Receiving Party and Representatives shall be liable for any breach of this Agreement by Representatives.
b. Confidential Information will not include any information or data which:
i. was rightfully in the Receiving Party or its Representatives’ possession prior to receipt from the Disclosing Party;
ii. becomes rightfully available to the Receiving Party or its Representatives from a source other than the Disclosing Party who is free to lawfully disclose such information to the Receiving Party;
iii. is independently developed by the Receiving Party or its Representatives, without the use of the Disclosing Party's Confidential Information; or
iv. is legally required to be disclosed to a regulatory agency or pursuant to an order of a court of competent jurisdiction, provided that, where permissible, the Disclosing Party be given an opportunity to seek a protective order.
c. Applicable only if End User Customer is a governmental entity: In the event SANS, as the Disclosing Party, identifies its information as Confidential Information, and Receiving Party is a government entity and can demonstrate that SANS’ Confidential Information would otherwise be public information based upon governing law, then prior to public disclosure, the Receiving Party, as a government entity, shall provide SANS written notice demonstrating SANS’ Confidential Information would otherwise be public information based upon governing law.
d. Upon termination of this Agreement, at Disclosing Party's request and to the extent legally permissible (as interpreted by SANS), Receiving Party will destroy or return to Disclosing Party all Disclosing Party's Confidential Information in its possession or control and provide written certification of compliance thereof.
e. Receiving Party agrees to take appropriate actions to address incidents of unauthorized access to Disclosing Party's Confidential Information, including notification within five (5) days to Disclosing Party of any such incident.
5. INTELLECTUAL PROPERTY/CONFIDENTIAL INFORMATION.
a. End User Customer acknowledges that SANS or its licensors are the sole and exclusive owners of the SANS Products and Services, and the SANS Confidential Information, including, without limitation, the SSA Training Materials and the Engagement Materials, and any improvements and enhancements thereto and derivations thereof, and all intellectual property rights therein. Nothing in this Agreement transfers SANS’ exclusive ownership of its intellectual property or Confidential Information.
b. End User Customer may not: (i) except as expressly provided in this Agreement, use, copy, modify, translate, or merge any such information or create derivative works therefrom; (ii) disable or circumvent any SANS licensing control feature; (iii) reverse-engineer, disassemble, or decompile such information, or otherwise attempt to access or determine its underlying source code, underlying user interface techniques or algorithms, or permit any such actions; (iv) distribute, lend, sublicense, rent or lease the above; and/or (v) attempt to build a competitive service or product, or copy any feature, function or graphic for competitive purposes.
c. SANS acknowledges that End User Customer or its licensors are the sole and exclusive owners of the End User Customer Materials and End User Customer Confidential Information, and all intellectual property rights therein. Nothing in this Agreement transfers End User Customer’s exclusive ownership of its intellectual property or Confidential Information.
6. DATA PROTECTION.
a. In order to perform the Services under this Agreement, SANS is required to Process Personal Data. SANS shall comply with the Applicable Data Protection Legislation.
b. With respect to Personal Data, the End User Customer shall act as a Personal Data Controller, where “Controller” means the entity which alone determines the purposes and the means of the Processing of Personal Data, and SANS shall carry out the Processing of the Personal Data only on behalf of the End User Customer. Acting as a Data Processor, SANS shall carry out the Processing of Personal Data only according to the End User Customer’s documented instructions for Processing, unless that law prohibits such information on important grounds of public interest.
c. To the extent that data includes Personal Data, the Parties agree that the SANS DPA is incorporated into these terms and applies automatically to all customers globally who require it.
d. To the extent that Personal Data is provided from a Party to the other Party and such disclosure requires a data processing agreement between the Parties under an applicable data protection law, the Parties agree that the SANS DPA is incorporated into and attached to this Agreement by reference.
7. REPRESENTATIONS AND WARRANTIES.
Each Party represents and warrants to the other Party: (i) it is duly organized and in good standing in the state or jurisdiction in which is it incorporated or organized; (ii) it has full right and power to enter into this Agreement, and the signer of this Agreement has authority to bind such Party it signs on its behalf; and (iii) it is not prohibited by any regulatory authority from carrying out its duties and obligations under this Agreement. Such representations and warranties shall be continuing throughout the Term of this Agreement.
8. INTELLECTUAL PROPERTY INDEMNIFICATION.
a. Subject to the limitations of liability in Section 9, SANS shall defend, indemnify, and hold End User Customer and its officers, directors, employees, and agents (each a “End User Customer Indemnitee”) harmless from and against any third party claims, demands, suits, proceedings, and resulting liabilities, direct damages, and expenses (collectively “Claims”), to the extent that the SSA Training Services, SSA Training Materials, SSA Phishing Services, or Engagement Materials infringe any patent, copyright, trademark, trade secret or other intellectual property interest of a third party. SANS shall, in its sole discretion and at no additional charge to End User Customer, make commercially reasonable efforts to replace, in whole or in part, the infringing materials or Services with substantially compatible and functionally equivalent materials or Services, modify them to avoid the infringement, or secure the right for End User Customer to continue their use. In the event that SANS determines that the foregoing actions are not commercially practicable, either Party may terminate the applicable Price Quote, and SANS shall refund to the End User Customer the applicable subscription fees for periods after the effective date of termination. This obligation does not extend to infringement by any End User Customer Materials incorporated into the foregoing, or to infringement resulting from any modifications or adaptations made by End User Customer or third parties to the foregoing.
b. Subject to the limitations of liability in Section 13, End User Customer shall defend, indemnify, and hold SANS and its officers, directors, employees, and agents (each a “SANS Indemnitee”) harmless from and against any Claims alleging that the End User Customer Materials infringe any patent, copyright, trademark, trade secret or other intellectual property interest of a third party.
c. The foregoing obligations are conditioned on (i) the End User Customer Indemnitee or SANS Indemnitee (each an “Indemnitee” as applicable) providing prompt notification of the Claim to the other indemnifying Party (SANS and End User Customer each the “Indemnifying Party” as applicable), (ii) the Indemnitee allowing the Indemnifying Party to control the defense and settlement of the Claim (except that the Indemnifying Party may not agree to any settlement or consent to any judgment that would admit fault, wrongdoing or liability on the part of the Indemnitee without such Indemnitee’s prior written consent), and (iii) the Indemnitee’s cooperation with the Indemnifying Party as reasonably requested by the Indemnifying Party (at the Indemnifying Party’s expense) in the defense and any related settlement of the Claim.
d. Applicable only if End User Customer is a governmental entity: To the extent established law preempts or limits End User Customer from providing indemnification to SANS, each Party’s indemnification obligation in this section shall be eliminated or mutually limited pursuant to applicable law to End User Customer.
9. GENERAL INDEMNIFICATION.
a. Subject to the limitations of liability in Section 8, each Indemnifying Party agrees to indemnify, defend and hold harmless the other Party’s Indemnitee against any and all losses, damages, liabilities or expenses (including reasonable attorneys’ fees and other costs of defense) in connection with any and all actions, suits, claims or demands that may be brought or instituted against any Indemnitee by any third party to the extent they arise out of or relate to (a) a breach of a representation, warranty or covenant of the Indemnifying Party under this Agreement, or (b) an Indemnifying Party’s negligence or willful misconduct in performing obligations under this Agreement.
b. The foregoing obligations are conditioned on (i) the Indemnitee’s prompt notification of the Claim to the Indemnifying Party, (ii) the Indemnitee allowing the Indemnifying Party to control the defense and settlement of the Claim (except that the Indemnifying Party may not agree to any settlement or consent to any judgment that would admit fault, wrongdoing or liability on the part of the Indemnitee without such Indemnitee’s prior written consent), and (iii) the Indemnitee’s cooperation with the Indemnifying Party as reasonably requested by the Indemnifying Party (at the Indemnifying Party’s expense) in the defense and any related settlement of the Claim.
10. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY.
a. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES OR LIABILITIES OR FOR ANY LOST PROFITS, LOST SAVINGS OR LOSS OF REVENUES, ARISING FROM OR RELATING TO THIS AGREEMENT OR THE SANS PRODUCTS OR SERVICES, EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
b. IN NO EVENT SHALL SANS’ LIABILITY IN ANY MANNER ARISING UNDER THIS AGREEMENT EXCEED THE TOTAL PAYMENT RECEIVED BY SANS UNDER THE PRICE QUOTE FOR THE SANS PRODUCTS OR SERVICES FROM WHICH THE CLAIM ARISES DURING THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE DATE WHEN THE CAUSE OF ACTION ARISES.
11. INSURANCE.
SANS shall, at its sole expense and throughout the Term, carry and maintain the following insurance coverage: (a) Commercial General Liability, (b) Worker’s Compensation; and (c) Employer’s Liability, in reasonable amounts.
12. COMPLIANCE WITH LAWS.
a. Each Party will, at its sole expense, obtain all permits and licenses, pay all fees, and comply with all federal, state, and local laws, ordinances, rules, regulations, codes, and orders applicable to it in the performance of this Agreement.
b. Each Party shall conduct operations in compliance with applicable laws, rules and regulations in exercising rights and obligations under any part of this Agreement. Laws may include but not be limited to the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act and local anticorruption legislation that may apply. Neither party is listed by any government agency as debarred, suspended, proposed for suspension or debarment or otherwise determined to be ineligible for government procurement programs. In exercising rights and obligations under any part of this Agreement, neither party nor anyone acting on its behalf shall make, offer, promise or authorize payment of anything of value directly or indirectly to any of the following prohibited parties for the purpose of unlawfully influencing their acts or decisions: a) employees, consultants, or representatives of the other Party, b) government officials or employees, c) political party officials or candidates, d) officers or employees of any public international organization, e) immediate family member of such persons (or any other person) for the benefit of such persons.
c. Each Party warrants that neither it nor its controlling owners is listed on any (i) sanction programs list maintained by the U.S. Office of Foreign Assets Control within the U.S. Treasury Department (“OFAC”), or (ii) denied party list maintained by the U.S. Bureau of Industry and Security within the U.S. Department of Commerce (“BIS”). End User Customer agrees it shall not allow Users access to any SANS product, service, or technology provided under this Agreement to any person or entity in a U.S. embargoed country or in violation of a U.S. export control law or regulations. End User Customer agrees to cooperate with SANS as necessary for SANS to comply with export requirements and recordkeeping required by OFAC, BIS, or another governmental agency.
13. GOVERNING LAW; JURISDICTION.
This Agreement will be governed by and construed in accordance with the laws of the State of Maryland. Each Party hereby irrevocably consents to exclusive personal jurisdiction and venue in the state and federal courts located in Maryland. Both Parties exclude the application of the Uniform Computer Information Transactions Act (“UCITA”), the United Nations Convention on the International Sale of Goods (“CISG”) and any law of any jurisdiction that would apply UCITA or CISG or terms equivalent to UCITA or CISG to this Agreement. The Parties agree to settle all disputes promptly by negotiation between executives in good faith. Should good faith negotiations fail, any controversy or claim arising out of or relating to this Agreement, or breach thereof, will be exclusively settled by binding arbitration in Montgomery County, Maryland, USA administered by the American Arbitration Association in accordance with its Commercial Arbitration Rules, and judgment on the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof. Either Party may initiate arbitration by written notice if negotiations have failed to resolve the matter within 30 days of initiation. The language of the arbitration will be English.
Applicable only if End User Customer is a governmental entity: Notwithstanding the above, choice of law and forum shall be (i) the state in which the End User Customer is located if End User Customer is located in the United States of America, or (ii) the capital city of the country in which the End User Customer is located if End User Customer is located outside of the United States of America.
14. EXPORT COMPLIANCE.
The Products, Services and other technology provided under this Agreement may be subject to export laws and regulations of the United States of America and other jurisdictions. Each Party warrants that neither it nor its controlling owners is (i) listed on any sanction programs list maintained by the U.S. Office of Foreign Assets Control within the U.S. Treasury Department (“OFAC”), or (ii) denied party list maintained by the U.S. Bureau of Industry and Security within the U.S. Department of Commerce (“BIS”). End User Customer agrees it shall not allow users access to any Product, Service or technology provided under this Agreement to any person or entity in a U.S. embargoed country or in violation of a U.S. export control law or regulations. End User Customer agrees to cooperate with SANS as necessary for SANS to comply with export requirements and recordkeeping required by OFAC, BIS or another governmental agency.
15. NOTICES.
Notice shall be delivered to the Parties’ addresses on the Price Quote, to the attention of the Legal Department.
16. MISCELLANEOUS
a. Assignment; No Third-Party Beneficiaries. Neither Party may assign this Agreement or its rights or obligations thereunder without the written consent of the other Party, which consent will not be unreasonably withheld, except that a Party may assign upon written notice to a successor by merger, acquisition, or sale of substantially all of such Party’s business or assets. In addition, SANS may assign this Agreement or applicable Price Quotes in whole or part to an affiliated entity without written consent of End User Customer. SANS may subcontract all or any part of its obligations under this Agreement or applicable Price Quotes but shall remain responsible for the acts and omissions of its subcontractors as though they were acts of SANS itself. Except as specifically provided herein, there are no third-party beneficiaries to this Agreement, and nothing in this Agreement shall benefit or create any right on behalf of any person or entity other than End User Customer and SANS.
b. Waiver. The failure of either Party to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision or a waiver of the right of such Party to thereafter enforce each and every provision of this Agreement.
c. Severability. If a particular provision of this Agreement is terminated or held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision of the Agreement will be enforced to the maximum extent legally permissible, and the remainder of this Agreement will continue in full force and effect.
d. Headings. The headings or titles preceding the text of the sections and subsections of this Agreement are inserted solely for convenience of reference, and shall not constitute a part of this Agreement, nor shall they affect the meaning, construction or effect of this Agreement.
e. Independent Contractor. SANS is an independent contractor and not an employee, agent, affiliate, partner or joint venturer with or of End User Customer.
f. Force Majeure. Neither Party shall be liable to the extent that its performance of this Agreement is prevented, or rendered so difficult or expensive as to be commercially impracticable, by reason of an Act of God, labor dispute, unavailability of transportation, goods or services, governmental restrictions or actions, war (declared or undeclared) or other hostilities, pandemic, or by any other event, condition or cause which is not foreseeable on the Effective Date and is beyond the reasonable control of the Party, provided that such Party promptly informs the other Party of such event, and makes diligent efforts to work around the event and resume performance. In the event of non-performance or delay in performance attributable to any such causes, the period allowed for performance of the applicable obligation under this Agreement will be extended for a period equal to the period of the delay.
g. Entire Agreement. This Agreement and all appendices attached hereto (which are specifically incorporated herein by this reference) contain the full and entire agreement between the Parties. It supersedes all prior negotiations, and proposals, written or otherwise, relating to its subject matter. Any modifications, revisions or amendments to this Agreement must be set forth in writing signed by authorized representatives of both Parties.
h. End User Customer PO to Facilitate Payment Only. The Parties agree that any PO submitted by an End User Customer to SANS is for facilitating invoicing and payment only. Any additional, inconsistent, or different terms included in an End User Customer PO or other documents (including electronic) submitted to SANS by or on behalf of End User Customer at any time, whether before or after the Effective Date are hereby expressly rejected by SANS and of no effect. These terms and conditions shall be deemed accepted by End User Customer without any such additional, inconsistent, or different terms and conditions, except to the extent expressly accepted by SANS in writing and signed by SANS.
i. Counterparts. This Agreement may be executed and delivered (i) in any number of counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument, and/or (ii) by exchange of facsimile or PDF copies, or secure electronic signature and delivery method (e.g., DocuSign), in which case the instruments so executed and delivered shall be binding and effective for all purposes.
END USER CUSTOMER
By: _____________________________________________
End User Customer Name: __________________________
Print Name: ______________________________________
Title: ____________________________________________
Date: ___________________________________________
SANS INSTITUTE
By: _____________________________________________
Print Name: Erin Williams
Title: Contracts Operations Manager
ADDENDUM A
SSA TRAINING SERVICES SUPPLEMENTAL TERMS
1. SUPPLEMENTAL DEFINITIONS.
a. End User Customer Learning Management System or End User Customer LMS means an End User Customer-supplied software application for the administration, documentation, tracking, reporting, and delivery of educational courses, training programs, or learning and development programs.
b. SSA Learning Platform or SLP means a training platform owned and operated by SANS to deliver online training. SANS reserves the right to upgrade its platform or migrate it to another, with this Agreement remaining in full force and applying equally to any upgraded or new platform(s).
c. SSA Training Named User means any individual who has been issued a user login account at any time during the Subscription Term permitting such individual to access and use SSA Training Materials through the SLP or the End User Customer LMS as applicable. An SSA Training Named User must be an employee, agent, contractor, or representative of End User Customer unless otherwise authorized by SANS.
d. SSA Training Services means the provision by SANS of SSA Training Materials or related services to End User Customer or its SSA Training Named Users.
2. SSA TRAINING SERVICES. Except as set forth in the Price Quote:
a. End User Customer is granted a non-exclusive, non-transferable, and non-sublicensable license during the Subscription Term to access and use the SLP solely to administer the delivery of SSA Training Services to SSA Training Named Users; add or delete SSA Training Named Users; assign training; run reports; customize themes; customize system notification messages; enable SSA Training Named Users to view SSA Training Materials and receive SSA Training Services, and to the extent specifically authorized by SANS; supplement SSA Training Materials with training materials related to the SSA Training Materials for presentation to SSA Training Named Users. Use of SSA Learning Platform for delivery of any other content is strictly prohibited.
b. End User Customer may permit SSA Training Named Users to access and use the SSA Training Materials through the SLP during the Subscription Term to view SSA Training Materials and receive SSA Training Services.
c. Use of SSA Training Materials during the Subscription Term is limited to no more than the number of SSA Training Named Users set forth in the Price Quote.
d. Each of the SSA Training Materials will have a separate SSA Training Named User account.
e. End User Customer grants SANS all necessary rights to authorize it and its affiliates and subprocessors a non-exclusive right to process data solely to provide the SSA Training Services and SAP Litmos functionality (as applicable) described in this Agreement to End User Customer and its SSA Training Named Users.
f. End User Customer shall:
i. ensure that its SSA Training Named Users comply with the terms of this Agreement and shall be responsible for the acts or omissions of any SSA Training Named User, or person using an SSA Training Named User’s login, in connection with their use of the SSA Training Materials, or access to SAP Litmos or the SLP not in conformity with this Agreement;
ii. notify SANS within five (5) business days of any known unauthorized use of End User Customer’s or any SSA Training Named User’s account;
iii. not copy, reproduce, distribute, display, modify or create derivative works based upon all or any portion of SAP Litmos or the SSA Training Materials in any medium, without the express written consent of SANS, or permit any other person to do so;
iv. not sell, resell, rent, or lease the SSA Training Materials or access to SAP Litmos or the SLP, or permit any other person to do so;
v. not interfere with or disrupt the performance of SAP Litmos or the SLP, or permit any other person to do so;
vi. not provide access to anyone other than an authorized SSA Training Named User;
vii. not attempt to gain unauthorized access to SAP Litmos, the SLP, or any CBT Material, or permit any other person to do so.
3. SSA TRAINING NAMED USERS AND LEARNING PLATFORM
a. Each individual permitted to access or use a component of the SLP must be assigned a unique user login and will be considered an SSA Training Named User. End User Customer may not permit more than one person to access or share a single user login account, nor otherwise attempt to circumvent licensing metrics.
b. Once credentialed, an SSA Training Named User continues to be counted in the SSA Training Named User metrics even if that SSA Training Named User ceases to have a login account. New SSA Training Named Users must be added and may not be substituted for prior SSA Training Named Users.
c. End User Customer must adhere to SANS’ reasonable guidelines to ensure system performance, including those regarding data purging, hosting hardware and infrastructure, and loads per instance.
d. SANS reserves the right to limit the number of SSA Training Named Users eligible for SANS training for system performance.
e. End User Customer may not use the SLP: (i) to deliver any training other than SSA training; (ii) to deliver training or manage data on behalf of any other organization; (iii) to provide software or content development services to third parties; (iv) on a service bureau or time-share basis; and/or (v) as an application service provider.
f. End User Customer may not, at any time, load users onto the SLP in excess of 1.05 times the number of Named Users set forth in the Agreement and/or Price Quote.
ADDENDUM B
LITMOS/CALLIDUS SUPPLEMENTAL TERMS
If End User Customer subscribes to Litmos US, L.P. (“Litmos”) through SANS under a Price Quote in order to deliver SSA Training services through the End User Customer LMS, then the following supplemental terms shall apply:
1. SSA Litmos Training Named User means an SSA Training Named User who accesses SSA Training Services through the End User Customer LMS using Litmos.
2. Extension of Supplemental Terms.
a. All definitions, terms, conditions, limitations, and restrictions in Addendum A relating to the use of the SLP shall apply, mutatis mutandis, to the use of Litmos by End User Customer and SSA Litmos Training Named Users.
b. End User Customer acknowledges that Litmos and all intellectual property rights therein are owned by Litmos., or their affiliates or licensors.
c. Confidential information of Litmos, and their affiliates obtained by End User Customer in connection with this Agreement shall be protected by End User Customer as SANS Confidential Information.
d. End User Customer grants SANS all necessary rights to authorize Litmos and their subprocessors a non-exclusive right to process data solely to provide Litmos and related services to End User Customer and its SSA Litmos Training Named Users as part of the Services.
ADDENDUM C
SSA PHISHING SERVICE SUPPLEMENTAL TERMS
Except as set forth in the applicable Price Quote, the following supplemental terms and conditions shall apply to End User Customer’s use of the SSA Phishing Service:
1. Supplemental Definitions
a. SSA Phishing Named User means any individual (i) with a user login account permitting such individual to access and use SSA Training Materials on the SLP or End User Customer LMS, or (ii) designated to be tested in SSA Phishing Service activities.
b. SSA Phishing Service means a SANS tool or service available to End User Customer to test its employees’ ability to withstand phishing/social engineering attacks.
2. End User Customer is hereby granted a non-exclusive, non-transferable, and non-sublicensable license, to use the SSA Phishing Service during the Subscription Term set forth in the Price Quote, limited to the number of SSA Phishing Named Users set forth in the Price Quote.
3. End User Customer grants SANS all necessary rights to authorize SANS and its subprocessors a non-exclusive right to process data solely to provide the SSA Phishing Service to End User Customer and its SSA Phishing Named Users.
4. A person who is a user only because he or she is designated to be tested through the SSA Phishing Service will not be counted against End User Customer’s total allotment of SSA Phishing Named Users until the first phishing message is sent to that SSA Phishing Named User by the SSA Phishing Service, at which point the he/she will become an SSA Phishing Named User.
5. End User Customer shall:
a. ensure that its SSA Phishing Named Users comply with the terms of this Agreement and shall be responsible for the acts or omissions of any SSA Phishing Named User, or person using an SSA Phishing Named User’s login, in connection with their use of the SSA Phishing Services not in conformity with this Agreement;
b. notify SANS within five (5) business days of any known unauthorized use of End User Customer’s account;
c. not attempt to gain unauthorized access to or reverse engineer the SSA Phishing Service;
d. not use any SANS Confidential Information to build a competitive service or product, nor copy any feature, function or graphic for competitive purposes;
e. not sell, resell, rent or lease the SSA Phishing Service; and
f. only conduct simulated phishing emails to domains and recipients for whom End User Customer has authorization.
6. If third party services or applications are provided to End User Customer as part of the SSA Phishing Services, End User Customer shall protect the confidential and proprietary information of such third parties to the same degree as it is obligated to protect other Confidential Information under the Agreement.
7. Neither Party shall utilize any phishing practices or templates that would create a significant risk of claims, liabilities, administrative actions, internet service provider blacklisting, or other consequences adverse to either SANS or End User Customer, such as identification of the sender as the Internal Revenue Service or another government agency or violations of industry standard acceptable use policies. SANS and its service providers may, but are not obligated to, take action to prevent and stop transmission of any such content provided by End User Customer.