SANS Workforce Security and Risk Litmos Services Supplemental Terms 0526

These WORKFORCE SECURITY AND RISK LITMOS SERVICES SUPPLEMENTAL TERMS (“Terms”) govern your subscription to Litmos US, L.P. (“Litmos”) through SANS in order to deliver Workforce Training Services and constitutes a legal agreement between The Escal Institute of Advanced Technologies, Inc. /dba SANS Institute ("SANS") and you (“End User Customer”). These Terms will take effect when you use the Products. Nothing in these Terms modifies or supersedes the Master Training and Services Agreement, End User License Agreement, or Master License and Services Agreement (the “Agreement”) between the Parties. Capitalized terms not defined herein shall, unless otherwise indicated, have the same meaning ascribed to such terms in the Agreement. These Terms supplement the Workforce Security and Risk Training Services Supplemental Terms. To the extent of a conflict between these Terms and the Workforce Security and Risk Training Services Supplemental Terms, these Terms shall govern solely with respect to Litmos and Litmos-related functionality. End User Customer acknowledges that Litmos is a third-party hosted platform made available by SANS and that SANS’ rights in respect of Litmos are governed by SANS’ agreement with Litmos.

1. DEFINITIONS.

1.1. Active User means the number of unique individuals who access Litmos in a calendar month, where Active User is the applicable usage metric in the relevant Price Quote or Order.

1.2. Customer Data means all electronic data and information submitted by or on behalf of End User Customer or its Workforce Litmos Training Named Users to Litmos in connection with the Workforce Training Services, including data derived from End User Customer’s use of Litmos and stored in Litmos.

1.3. Workforce Litmos Training Named User means a Workforce Training Named User who accesses Workforce Training Services through the Litmos training platform.

2. EXTENSION OF SUPPLEMENTAL TERMS.

2.1. Except as expressly modified by these Terms, all definitions, terms, conditions, limitations, and restrictions in the Workforce Security and Risk Training Services Supplemental Terms apply to End User Customer’s and Workforce Litmos Training Named Users’ access to and use of Litmos.

2.2. End User Customer acknowledges that Litmos and all intellectual property rights therein are owned by Litmos., or its affiliates or licensors, and that no ownership rights in Litmos are transferred to End User Customer.

2.3. End User Customer shall hold Confidential Information of Litmos with the same degree of protection and care as End User Customer holds SANS’ Confidential Information, and shall not disclose Litmos Confidential Information, documentation, performance information, or benchmark results to any third party except as expressly permitted by SANS in writing.

2.4. End User Customer grants SANS all necessary rights to authorize Litmos and its subprocessors a non-exclusive right to Process Customer Data solely as necessary to provide the Services, including access to and use of Litmos, to End User Customer and its Workforce Litmos Training Named Users.

2.5. End User Customer acknowledges and agrees that SANS is required under its agreement with Litmos to ensure that End User Customer’s rights and use of Litmos are subject to terms that are not materially less protective of Litmos than the terms binding on SANS, and these Terms shall be interpreted accordingly.

2.6. End User Customer represents and warrants that is has obtained and will maintain all rights, licenses, permissions, notices, and consents necessary for any content or data it uploads to, creates in, or otherwise makes available through Litmos, and that such content or data does not and will not infringe, misappropriate, or otherwise violate any third-party intellectual property rights, privacy rights, or applicable law.

3. ACCESS AND USE.

3.1. Subject to the Agreement, the applicable Price Quote, and these Terms, SANS grants End User Customer a non-exclusive, non-transferable, non-sublicensable right during the applicable Subscription Term to access and use Litmos solely for End User Customer’s internal business use in connection with SANS Workforce Training Services.

3.2. End User Customer may permit Workforce Litmos Training Named Users to access and use Litmos solely to view and participate in SANS Workforce Training Services, administer training assignments, run reports, customize themes, customize system notification messages, and use those features and integrations that SANS makes available to End User Customer as part of the subscribed Services.

3.3. End User Customer shall ensure that each Workforce Litmos Training Named User is assigned to and accesses only the End User Customer’s applicable tenant or environment and shall not permit access to any other customer’s tenant or environment.

3.4. End User Customer shall not permit use of Litmos for any purpose other than receiving, administering, and supporting SANS Workforce Training Services, and shall not upload, create, or distribute through Litmos any content unrelated to SANS Workforce Training Services except as expressly approved by SANS in writing.

4. RESTRICTIONS.

4.1. End User Customer shall not, and shall not authorize or permit any other person or entity to, directly or indirectly:

4.1.1. copy, modify, distribute, or create derivative works of Litmos, except to the limited extent expressly permitted in writing by SANS or through standard configuration features made available in Litmos;

4.1.2. disassemble, decompile, reverse engineer, or otherwise attempt to discover any source code, structure, algorithms, sequence, organization, or ideas underlying Litmos, except to the extent such restriction is prohibited by applicable law;

4.1.3. sell, resell, sublicense, rent, lease, timeshare, or otherwise provide access to Litmos to any third party;

4.1.4. access or use Litmos to provide services to third parties, as a service bureau, as an application service provider, or for the benefit of any third party other than End User Customer’s authorized users receiving SANS Workforce Training Services;

4.1.5. attempt to gain unauthorized access to Litmos or related systems or networks;

4.1.6. publish, disclose, or provide to any third party benchmark results, performance comparisons, or similar testing information relating to Litmos;

4.1.7 access or use Litmos in a manner that abuses, interferes with, or disrupts networks, security systems, user accounts, or the integrity or performance of Litmos or third-party data contained therein;

4.1.8. access or use Litmos for purposes of designing or developing a competing product or service; or

4.1.9. use Litmos in excess of the applicable usage metric or in circumvention of any technical or contractual usage limits.

5. USAGE METRICS AND EXCESS USE.

5.1. Litmos is subject to the usage metrics stated in the applicable Price Quote or Order, which may include Active Users, tenants, or other usage measures.

5.2. Any use of Litmos by End User Customer or its Workforce Litmos Training Named Users in excess of the applicable usage metric may be invoiced by SANS at the applicable excess use fee set forth in the Price Quote or Order, or if no excess use fee is stated there, at SANS’ then-current rate for such excess use.

5.3. End User Customer shall maintain complete and accurate records reasonably necessary to verify compliance with the applicable usage metric and shall provide information reasonably requested by SANS for such purpose.

6. SUPPORT AND ADMINISTRATION.

6.1. SANS, and not Litmos, shall provide support to End User Customer for Litmos-related issues. Litmos shall have no obligation to provide support directly to End User Customer or its Workforce Litmos Training Named Users.

6.2. End User Customer is responsible for its internal administration of Litmos, including selection of administrators, internal user management, password practices, and all actions taken through administrator accounts under End User Customer’s control.

7. DATA SECURITY AND DATA RESTRICTIONS.

7.1. End User Customer is responsible for the accuracy, quality, legality, and permitted use of Customer Data and for obtaining all notices, consents, and authorization necessary for SANS, Litmos, their affiliates, and their subprocessors to Process Customer Data to provide the Services.

7.2. Unless otherwise expressly agreed by SANS in writing, End User Customer shall not submit to Litmos any of the following: (i) special categories of personal data under Article 9(1) of the GDPR or similar sensitive personal data; (ii) protected health information regulated by HIPAA; iii) payment card data subject to PCI DSS; (iv) financial account information subject to Gramm-Leach-Bliley or similar regulation; (v) social security numbers, driver’s license numbers, passport numbers, or other government-issued identification numbers; or (vi) any substantially similar sensitive or regulated information protected under applicable law.

7.3. End User Customer shall use commercially reasonable efforts to prevent unauthorized access to or use of Litmos and shall notify SANS promptly of any such unauthorized access or use.

7.4. End User Customer acknowledges that Litmos may collect and use statistical, aggregated, anonymized, diagnostic, and usage data relating to operation and use of Litmos for support, security, analytics, improvement, benchmarking, and marketing purposes, and that Litmos retains all intellectual property rights in such data, to the extent permitted by applicable law.

8. SUSPENSION AND ENFORCEMENT.

8.1. SANS may suspend End User Customer’s access to Litmos immediately upon notice, or without prior notice where reasonably necessary, if: (i) payment is overdue under the applicable Price Quote after any required notice period; (ii) End User Customer or any Workforce Litmos Training Named User is in breach of the Agreement or these Terms; (iii) SANS reasonably determines that End User Customer’s use poses a security, legal, or operational risk; (iv) suspension is required to comply with legal process; or (v) suspension is required for SANS to comply with its obligations to Litmos.

8.2. If SANS becomes aware of End User Customer’s breach or circumstances indicating a potential breach of these Terms, End User Customer shall cooperate fully with SANS in investigation and remediation and shall take such corrective action as SANS reasonably requires to enforce these Terms.

9. DISCLAIMER; LIABILITY ALLOCATION.

9.1. LITMOS IS A THIRD-PARTY PLATFORM. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, LITMOS IS PROVIDED TO END USER CUSTOMER THROUGH SANS ON AN “AS IS” AND “AS AVAILABLE” BASIS EXCEPT TO THE EXTENT OF ANY EXPRESS WARRANTY THAT SANS IS EXPRESSLY AUTHORIZED TO PASS THROUGH TO THE END USER CUSTOMER IN WRITING.

9.2. LITMOS SHALL HAVE NO DIRECT LIABILITY TO END USER CUSTOMER UNDER THE AGREEMENT OR THESE TERMS.

9.3. SANS MAKES NO REPRESENTATIONS OR WARRANTIES ON BEHALF OF LITMOS OTHER THAN THOSE EXPRESSLY SET FORTH BY SANS IN WRITING, AND SANS SHALL NOT BE LIABLE FOR ANY LITMOS FAILURE OR INTERRUPTION EXCEPT TO THE EXTENT SANS ACTUALLY RECEIVES A CORRESPONDING REMEDY FROM LITMOS AND IS PERMITTED TO PASS SUCH REMEDY THROUGH.

10. CONFIDENTIALITY.

10.1. For purposes of the Agreement and these Terms, Confidential Information of SANS includes Confidential Information of Litmos that SANS discloses or makes available to End User Customer, including Litmos documentation, technical information, non-public pricing, security information, and non-public performance information.

11. TERMINATION EFFECTS.

11.1 Upon expiration or termination of the applicable Subscription Term or the Agreement, End User Customer shall cease all use of Litmos, and SANS may disable access to Litmos and related accounts.

11.2. End User Customer acknowledges that neither SANS nor Litmos has any obligation to maintain or preserve Customer Data in Litmos following expiration or termination except to the extent required by applicable law or expressly agreed in writing.