Master Training and Services Agreement – SANS (v.0323)

This Master Training Services Agreement (“Agreement”) is made and entered into by and between The Escal Institute of Advanced Technologies, Inc. /dba SANS Institute, with a principal place of business at 11200 Rockville Pike, Suite 200, North Bethesda, MD 20852 (“SANS”) and Customer (“Customer”). SANS and Customer may be referred to individually as a "Party" and together as the "Parties”. By providing payment for SANS-provided training, product, and/or service, Customer agrees to be bound by the terms of this Agreement.

The following Addendums are attached and incorporated into this Agreement, as applicable:

Addendum A – Cyber Security Training

Addendum B – Private Class Training

Addendum C – Cyber Range Tournament

Addendum D – Voucher Account

1. DEFINITIONS

1.1. Affiliate means any entity, individual, firm, or corporation, directly or indirectly, through one or more intermediaries, controlling, controlled by, or under common control with Customer.

1.2. Confidential Information means any information that is proprietary or confidential to a Party and either marked as confidential or identified as such to the other Party, including, but not limited to, business or technical data or know-how, customer and prospective customer lists, secrets, ideas, concepts, designs, drawings, flow charts, diagrams, financials, and other intellectual property, in whatever form including, documented information, machine readable or interpreted information transmitted in any form including, in writing, orally, or visually. Any abstracts, summaries or compilations are included in this definition of Confidential Information. For avoidance of doubt, Confidential Information includes details of SANS training courses or exams, pricing, courseware, user information, and the business relationship between the Parties.

1.3. COTS means Commercial Off The Shelf and is used in reference to the SANS-provided Training and associated Courseware.

1.4. Course Materials means SANS' educational materials including, but not limited to, online, written, and visual materials.

1.5. Courseware means SANS' Course Materials and verbal instruction.

1.6. Disclosing Party means the Party that discloses its Confidential Information to the Receiving Party under this Agreement.

1.7. GIAC means a Global Information Assurance Certification.

1.8. Modality means the medium or format in which SANS-provided COTS Training and/or GIAC exams are offered. This includes, but is not limited to, in-person events, live online events, on-demand online events, private events, continuous events, etc.

1.9. PO means a purchase order used to facilitate invoicing and/or payment only.

1.10. Price Quote means the document that details the SANS-provided products and services being provided to the Customer by SANS, the price of such products and/or services, and the payment terms.

1.11. Receiving Party means the Party that receives Confidential Information of the Disclosing Party under this Agreement.

1.12. Specifications means any characteristics, features, descriptions, criteria, scope, capabilities, standards, and/or requirements for the services delivered by SANS to Customer as described herein and/or an applicable Price Quote.

1.13. Training means the SANS provided COTS/cybersecurity training, GIAC exams or other products and services as detailed in a Price Quote or User registration and provided in accordance with the terms and conditions of this Agreement. Training includes the training services provided in Addendums A, B and C.

1.14. User means an individual person who Customer has named as a student who will attend Training.

2. SANS RESPONSIBILITIES

2.1. Services. SANS will provide, perform, and/or deliver all Training and/or other products and services to Customer in accordance with Specifications described in any Price Quote. In the event a conflict between the terms of this Agreement and the Price Quote, or other applicable exhibits, the terms of this Agreement shall govern.

2.2. Compliance with Laws. In connection with its obligations under this Agreement, SANS agrees to comply with all federal, state, and local laws, constitutions, codes, statutes and ordinances of any governmental authority that may be applicable to SANS, its activities under this Agreement, including all applicable sanctions and export control laws and regulations.

3. COURSEWARE, COURSE MATERIALS AND INTELLECTUAL PROPERTY RIGHTS

3.1. All SANS' Courseware is copyrighted and/or otherwise consists of data, concepts, technology, and intellectual property owned, licensed or proprietary to SANS. Customer obtains no intellectual property rights to the Courseware by virtue of this Agreement. Customer may not distribute Courseware to Customer’s employees who did not attend Training and may not use the Courseware to conduct its own in-house courses. SANS Training cannot be recorded, streamed, or set up for video conferencing by Customer or its Users except as set forth in Specifications agreed to by SANS.

3.2. SANS grants to each individual User enrolled in Training a worldwide, non-transferable, perpetual, irrevocable, non-exclusive, limited license directly to use such Courseware associated with such Training in connection with the User’s employment by Customer. Neither Customer nor its Users may copy, reproduce, distribute, display, modify or create derivative works based upon all or any portion of the Courseware in any medium, whether printed, electronic, or otherwise, for any purpose, including, but not limited to, for purposes of teaching any computer or electronic security courses to any third party, without the express written consent of SANS.

3.3. Course Materials are guaranteed to be in good working condition for the duration of the User's attendance in the Training o for which the User is registered; provided, SANS is not responsible for any loss, damage, or performance limitation caused in whole or in part by User abuse, mishandling, misuse, negligence, improper storage, servicing or operation, or unauthorized attempts to repair or alter the Course Materials in any way.

4. CONDUCT

Customer's personnel are expected to behave professionally when attending Training. The use of obscene or sexually harassing language, and abusive or threatening behavior directed at SANS personnel or other students is not conducive to a learning environment. Improper conduct can result in expulsion from the class.

5. TERM AND TERMINATION

5.1. Term. Unless terminated earlier as described elsewhere herein, this Agreement will become effective as of the Effective Date set forth above and will continue until the termination of all applicable Price Quote (s) (“Term”).

5.2. Termination.

5.2.1. Without Cause. Either Party may terminate this Agreement or any Price Quote, in whole or in part, for any reason upon sixty (60) days prior written notice to the other Party.

5.2.2. For Breach. If either Party materially breaches this Agreement, the other Party may terminate this Agreement upon thirty (30) days prior written notice to the breaching Party of such material breach, provided that the breaching Party has not cured such material breach by the end of the thirty (30) day period.

5.2.3. Immediate. SANS may terminate this Agreement immediately upon any breach by Customer of Sections 3. Additionally, either Party may terminate this Agreement immediately upon written notice to the other Party in the event the other Party: (a) becomes insolvent; (b) makes an assignment for the benefit of creditors; (c) files a voluntary bankruptcy petition; (d) acquiesces to any involuntary bankruptcy petition; (e) is adjudicated bankrupt; or (f) ceases to do business.

5.3. Effect of Termination.

5.3.1. In the event of termination, Customer shall pay SANS for all services performed by SANS up to the date of termination, as well as all fees accrued prior to the date of termination.

5.3.2. For the avoidance of doubt, following termination, Users shall be permitted to keep any Course Materials licensed to them by their attendance at a SANS Training or GIAC exam.

5.4. Survivability. Sections 3, 5, 7, 8, 9, 10, 12, 13, 16 and 18.7 will survive the termination or expiration of this Agreement.

6. ORDERS AND PAYMENT TERMS

6.1. Order Placement and Processing. Customer shall order Training from SANS using a Price Quote. All Training orders are subject to acceptance by SANS. SANS shall notify Customer in writing if SANS rejects an order.

6.2. Purchase Orders. A PO must reference this Agreement. POs are for facilitating invoicing and payment only. SANS expressly rejects any additional or different terms and conditions which appear on a PO.

6.3. Price Quote. Customer may request changes to a Price Quote by providing written notice to SANS. Any changes to a Price Quote must be mutually agreed to in writing in an amended Price Quote signed by both Parties. SANS will implement the changes and Customer will pay for any additional charges for changes as agreed to in the Price Quote.

6.4. Payment Terms. Customer agrees to make all payments in United States Dollars (USD). Customer shall remit payment to SANS within thirty (30) days from receipt of SANS’ invoice or as otherwise set forth in a Price Quote.

6.5. Invoice Payment. Except as otherwise set forth in the Price Quote, Customer will be invoiced for one hundred percent (100%) of the retail price for Training as identified in the Price Quote.

6.6. Payment Forms. Acceptable payment forms include ACH, wire transfer, credit card, check, and SANS voucher account funding. Customer is responsible for any applicable fees associated with the payment form.

6.7. Taxes. Customer and/or its Affiliates shall be liable for all sales, use, value added, duties, tariffs or other similar taxes of any nature whatsoever associated with the provision of Training or other products or services provided under this Agreement. Customer shall provide SANS with a copy of all applicable tax exemption certificates.

7. AUDIT

During the Term, SANS will keep true and accurate books and records relating to this procurement (collectively, “Records”). Records will include such information necessary for the Customer to verify the accuracy of the invoicing, billing, and payments in connection with the ordered Training, products and services delivered hereunder, but not the underlying costs and financial data used in calculating the same. At the Customer’s reasonable request, SANS will provide access to the Records, as necessary, to verify the fees and other amounts charged to the Customer, which shall be accomplished through electronic means.

8. CONFIDENTIALITY

8.1. The Receiving Party may be given Confidential Information from the Disclosing Party in order to perform its obligations under this Agreement. The Receiving Party will protect the confidentiality of the Disclosing Party’s Confidential Information during the Term of this Agreement and indefinitely thereafter by (a) using the same means it uses to protect its own Confidential Information, but in any event, not less than reasonable means, and (b) using the Disclosing Party’s Confidential Information solely in connection with this Agreement. The Receiving Party shall not copy or disclose this Agreement and the Disclosing Party’s Confidential Information except to those employees, officers, directors, subcontractors, agents, or affiliated entities of the Receiving Party (“Representatives”) who have a need to know such Confidential Information as required in connection with this Agreement; provided, such Representatives are advised of and agree to abide by the confidentiality obligations set forth in this Agreement. Compliance by Representatives with the confidentiality and use obligations in this Agreement will remain the responsibility of Receiving Party, and both Receiving Party and Representatives shall be liable for any breach of this Agreement by Representatives.

8.2. Confidential Information will not include any information or data which:

8.2.1. was rightfully in the Receiving Party or its Representatives’ possession prior to receipt from the Disclosing Party;

8.2.2. becomes rightfully available to the Receiving Party or its Representatives from a source other than the Disclosing Party who is free to lawfully disclose such information to the Receiving Party;

8.2.3. was or becomes generally available to the public through no breach of this Agreement by Receiving Party;

8.2.4. is independently developed by the Receiving Party or its Representatives, without the use of the Disclosing Party's Confidential Information; or

8.2.5. is legally required to be disclosed to a regulatory agency or pursuant to an order of a court of competent jurisdiction, provided that, where permissible, the Disclosing Party be given an opportunity to seek a protective order.

8.3. Applicable only if Customer is a governmental entity: In the event SANS, as the Disclosing Party, identifies its information as Confidential Information, and Receiving Party is a government entity and can demonstrate that SANS’ Confidential Information would otherwise be public information based upon governing law, then prior to public disclosure, the Receiving Party, as a government entity, shall provide SANS written notice demonstrating SANS’ Confidential Information would otherwise be public information based upon governing law.

9. PRIVACY

In accordance with SANS’s Privacy Policy, all information collected from a User related to Training taken from SANS will be kept confidential except as may be disclosed (i) as permitted by applicable law, (ii) as consented to by the User, or (iii) to Customer as the sponsor of User’s training at SANS. Please see SANS’s Privacy Policy for additional information (https://www.sans.org/privacy/).

10. DATA PROTECTION

10.1. In the event that either Party needs to provide any data defined as “Personal Data” under any applicable data protection law (including, but not limited to, the E.U. General Data Protection Regulations (“GDPR”), the U.K. General Data Protection Act, or the California Consumer Privacy Act) to the other Party to perform a Party’s obligations under this Agreement, then the Parties acknowledge and agree that they are each acting as separate and Independent Controllers of such Personal Data shared. A Party shall not share any Personal Data with the other Party unless such Party confirms that it is legally permitted to share such Personal Data.

10.2. Each Party undertakes to comply on their own with applicable Data Protection legislation, including, but not limited, to exercising principles relating to the processing of Personal Data, exercising individual's rights, conducting impact assessments, taking commercially reasonable efforts to prevent and manage data breaches appropriately, maintaining confidentiality, limiting the processing to the Training, or products or services delivered under this Agreement, maintaining the ability to demonstrate compliance with applicable data protection legislation, implementing appropriate data retention procedures and adhering to data transfer requirements, and maintaining industry-standard administrative, physical and technical safeguards to protect the security, confidentiality and integrity of such Personal Data.

10.3. To the extent that Personal Data is provided from a Party to the other Party and such disclosure requires a data processing agreement between the Parties under an applicable data protection law , the Parties agree that the SANS GDPR DPA is incorporated into and attached to this Agreement by reference.

11. REPRESENTATIONS AND WARRANTIES

11.1. Each Party represents and warrants to the other Party:

11.1.1. it is duly organized and in good standing in the state or jurisdiction in which is it incorporated or organized;

11.1.2. it has full right and power to enter into this Agreement, and the signer of this Agreement has authority to bind such Party it signs on its behalf;

11.1.3. it is not prohibited by any regulatory authority from carrying out its duties and obligations under this Agreement.

11.2. Such representations and warranties shall be continuing throughout the Term of this Agreement.

12. INDEMNIFICATION

12.1. Each Party (an “Indemnifying Party”) hereby agrees to indemnify, defend and hold the other Party, its affiliated entities, and its and their officers, directors, employees, and agents (each an “Indemnified Party”) harmless from and against any action, claim, suit, investigation or other proceeding (each, a “Claim”) brought against an Indemnified Party by a third party based on: (a) breach of any applicable law by such Indemnifying Party or (b) gross negligence or willful misconduct by such Indemnifying Party.

12.2. Applicable only if Customer is a governmental entity: To the extent established law preempts or limits Customer from providing indemnification to SANS, each Party’s indemnification obligation in this section shall be eliminated or mutually limited pursuant to applicable law to Customer.

13. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY

13.1. Except as specifically provided herein, SANS disclaims any and all representations and warranties, oral or written, expressed, implied, or statutory, including without limitation, any implied warranties of fitness for a particular purpose or of merchantability. In no event shall SANS be liable for any incidental, indirect, consequential, exemplary, special, or punitive damages, whether or not foreseeable, and regardless of whether liability is based on agreement, tort, or otherwise.

13.2. EXCEPT IN THE EVENT OF BREACH OF SECTION 3, IN NO EVENT SHALL EITHER PARTY, ANY OF THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, OR AGENTS, OR ANY OF THEIR AFFILIATE’S LIABILITY IN ANY MANNER ARISING UNDER THIS AGREEMENT EXCEED AN AMOUNT EQUAL TO THE TOTAL PAYMENT RECEIVED BY SANS FOR TRAINING OR OTHER PRODUCTS OR SERVICES UNDER THIS AGREEMENT DURING THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE DATE WHEN CAUSE OF ACTION ARISES, INCLUDING ATTORNEY FEES.

14. INSURANCE

SANS shall, at its sole expense and throughout the Term, carry and maintain the following insurance coverage: (a) Commercial General Liability, (b) Worker’s Compensation; and (c) Employer’s Liability, in reasonable amounts.

15. COMPLIANCE WITH LAWS

15.1. Each Party will, at its sole expense, obtain all permits and licenses, pay all fees, and comply with all federal, state, and local laws, ordinances, rules, regulations, codes, and orders applicable to it in the performance of this Agreement.

15.2. Each Party shall conduct operations in compliance with applicable laws, rules and regulations in exercising rights and obligations under any part of this Agreement. Laws may include but not be limited to the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act and local anticorruption legislation that may apply. Neither party is listed by any government agency as debarred, suspended, proposed for suspension or debarment or otherwise determined to be ineligible for government procurement programs. In exercising rights and obligations under any part of this Agreement, neither party nor anyone acting on its behalf shall make, offer, promise or authorize payment of anything of value directly or indirectly to any of the following prohibited parties for the purpose of unlawfully influencing their acts or decisions: a) employees, consultants, or representatives of the other Party, b) government officials or employees, c) political party officials or candidates, d) officers or employees of any public international organization, e) immediate family member of such persons (or any other person) for the benefit of such persons.

15.3. Each Party warrants that neither it nor its controlling owners is listed on any (i) sanction programs list maintained by the U.S. Office of Foreign Assets Control within the U.S. Treasury Department (“OFAC”), or (ii) denied party list maintained by the U.S. Bureau of Industry and Security within the U.S. Department of Commerce (“BIS”). Customer agrees it shall not allow Users access to any SANS product, service, or technology provided under this Agreement to any person or entity in a U.S. embargoed country or in violation of a U.S. export control law or regulations. Customer agrees to cooperate with SANS as necessary for SANS to comply with export requirements and recordkeeping required by OFAC, BIS, or other governmental agency.

16. GOVERNING LAW; JURISDICTION; ATTORNEY'S FEES

16.1. This Agreement will be governed by and construed in accordance with the laws of the State of Maryland, USA. Each Party hereby irrevocably consents to exclusive personal jurisdiction and venue in the state and federal courts located in Maryland. Both Parties exclude the application of the Uniform Computer Information Transactions Act (“UCITA”), the United Nations Convention on the International Sale of Goods (“CISG”) and any law of any jurisdiction that would apply UCITA or CISG or terms equivalent to UCITA or CISG to this Agreement. The Parties agree to settle all disputes promptly by negotiation between executives in good faith. Should good faith negotiations fail, any controversy or claim arising out of or relating to this Agreement, or breach thereof, will be exclusively settled by binding arbitration in Montgomery County, Maryland, USA administered by the American Arbitration Association in accordance with its Commercial Arbitration Rules, and judgment on the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof. Either Party may initiate arbitration by written notice if negotiations have failed to resolve the matter within 30 days of initiation. The language of the arbitration will be English.

16.2. Applicable only if Customer is a governmental entity: Notwithstanding the above, choice of law and forum shall be (i) the state in which the Customer is located if Customer is located in the United States of America, or (ii) the capital city of the country in which the Customer is located if Customer is located outside of the United States of America.

17. NOTICES

All notices or reports required or permitted under this Agreement shall be in writing and shall be delivered by personal delivery, facsimile transmission, a nationally recognized overnight delivery service, by certified or registered mail, return receipt requested, or by electronic mail to be confirmed in writing delivered by one of the methods described herein, and shall be deemed given upon personal delivery, electronic confirmation of electronic mail or facsimile transmission, or signature evidencing receipt of overnight delivery or registered mail, as applicable. Notices and communications between Customer and SANS shall be in English to the following addresses of the Parties or to such other addresses as the Party concerned may subsequently notify in writing to the other Party. Notice hereunder for SANS shall be delivered to the SANS address as follows. Notice hereunder for Customer is the address for Customer in the associated Price Quote with attention to the Legal Department.

If to SANS:
SANS Institute
Attn: Contracts Administration
11200 Rockville Pike, Suite 200
North Bethesda, MD 20852
Contractadmin@sans.org

18. MISCELLANEOUS

18.1. Assignment; No Third-Party Beneficiaries. Neither Party may assign this Agreement or its rights or obligations thereunder without the written consent of the other Party, which consent will not be unreasonably withheld, except that a Party may assign upon written notice to a successor by merger, acquisition, or sale of substantially all of such Party’s business or assets. In addition, SANS may assign this Agreement or applicable Price Quotes in whole or part to an affiliated entity without written consent of Customer. SANS may subcontract all or any part of its obligations under this Agreement or applicable Price Quotes but shall remain responsible for the acts and omissions of its subcontractors as though they were acts of SANS itself. Except as specifically provided herein, there are no third-party beneficiaries to this Agreement, and nothing in this Agreement shall benefit or create any right on behalf of any person or entity other than Customer and SANS.

18.2. Waiver. The failure of either Party to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision or a waiver of the right of such Party to thereafter enforce each and every provision of this Agreement.

18.3. Severability. If a particular provision of this Agreement is terminated or held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision of the Agreement will be enforced to the maximum extent legally permissible and the remainder of this Agreement will continue in full force and effect.

18.4. Headings. The headings or titles preceding the text of the sections and subsections of this Agreement are inserted solely for convenience of reference, and shall not constitute a part of this Agreement, nor shall they affect the meaning, construction or effect of this Agreement.

18.5. Independent Contractor. SANS is an independent contractor and not an employee, agent, affiliate, partner or joint venturer with or of Customer.

18.6. Force Majeure. Neither Party shall be liable to the extent that its performance of this Agreement is prevented, or rendered so difficult or expensive as to be commercially impracticable, by reason of an Act of God, labor dispute, unavailability of transportation, goods or services, governmental restrictions or actions, war (declared or undeclared) or other hostilities, pandemic, or by any other event, condition or cause which is not foreseeable on the Effective Date and is beyond the reasonable control of the Party, provided that such Party promptly informs the other Party of such event, and makes diligent efforts to work around the event and resume performance. In the event of non-performance or delay in performance attributable to any such causes, the period allowed for performance of the applicable obligation under this Agreement will be extended for a period equal to the period of the delay.

18.7. Customer PO to Facilitate Payment Only. The Parties agree that any PO submitted by a Customer to SANS is for facilitating invoicing and payment only. Any additional, inconsistent, or different terms included in a Customer PO or other documents (including electronic) submitted to SANS by or on behalf of Customer at any time, whether before or after the Effective Date are hereby expressly rejected by SANS and of no effect. These terms and conditions shall be deemed accepted by Customer without any such additional, inconsistent, or different terms and conditions, except to the extent expressly accepted by SANS in writing and signed by SANS.

18.8. Entire Agreement. This Agreement and all appendices attached hereto (which are specifically incorporated herein by this reference) contain the full and entire agreement between the Parties. It supersedes all prior negotiations, and proposals, written or otherwise, relating to its subject matter. Any modifications, revisions or amendments to this Agreement must be set forth in writing signed by authorized representatives of both Parties.

18.9. Counterparts. This Agreement may be executed and delivered (i) in any number of counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument, and/or (ii) by exchange of facsimile or PDF copies, or secure electronic signature and delivery method (e.g., DocuSign), in which case the instruments so executed and delivered shall be binding and effective for all purposes.

ADDENDUM A – Cyber Security Training

1. CYBER SECURITY TRAINING SEATS

1.1. SANS’ cyber security training program (“Cyber Security Training Program”) allows Customer and its Affiliates to purchase seats for SANS-provided COTS training and GIAC examinations under a Price Quote.

1.2. An Affiliate may participate in the Cyber Security Training Program pursuant to this Agreement and on the same terms thereof. Customer is responsible for ensuring that such Affiliate accepts and agrees to the terms of the Agreement by submitting a Price Quote that references this Agreement.

2. CYBER SECURITY TRAINING PROGRAM USAGE

2.1. All Training procured through the Cyber Security Training Program will be based on SANS’ published retail prices at the time of registration and cannot be combined with other discounts or promotional offers other than as provided for within this Agreement or any Price Quote.

2.2. Descriptions of the available courses, to include, the offered Modalities, objectives, and any applicable requirements, are available at https://www.sans.org.

2.3. SANS reserves the right to change the availability of SANS-provided Training, Modalities offered, or Training instructors at any time and without notice.

3. CANCELLATION POLICY

3.1. Transfers: A User may request to transfer to other COTS training at any time prior to the start of the originally registered event, or where applicable, prior to accessing the online Course Materials, by submitting a transfer request, via e-mail to registration@sans.org. The difference in tuition fees, if applicable, and processing fees will apply.

3.2. Refunds: If a User cannot substitute their registration or transfer to other COTS training, the registered User may submit a refund request via e-mail to registration@sans.org. If the refund request is submitted by the refund deadline date specific to the event, payments received will be refunded, less a processing fee, in the same manner they were paid. To find the specific deadline dates for a COTS training event, please visit the training event link on the SANS webpage, https://www.sans.org, and navigate to the cancellations link. No refunds will be given after the stated deadline. If a User has already accessed online Course Material, no refund or substitution will be made.

3.3. Global Information Assurance Certification (GIAC) Exams. GIAC exams are non-transferable and non-refundable after the User receives access to the exam material.

3.4. Voucher Fund Payment. All changes to a User registration, paid using Voucher Funds, as defined in Addendum D, will also be subject to the additional Voucher Account Cancellation Policy outlined therein.

ADDENDUM B – Private Class Training

1. DEFINITIONS

1.1. Private Class means SANS-provided COTS training and/or GIAC exams available only to certain Users of Customer and not open to the general public.

1.2. Student Roster means the SANS provided format where Customer must provide a complete list of name and email addresses of all attending students.

2. PRIVATE CLASS

2.1. SANS’ private class program (“Private Class Program”) allows Customer and its Affiliates to engage SANS to provide a Private Class for a minimum guaranteed number of Users using a specific Modality selected by Customer and agreed to by SANS under a Price Quote.

2.2. Customer is responsible for payment to SANS for a minimum guaranteed number of Users (the “Guaranteed Minimum Student Count”) which is listed on the Price Quote. If there are less Users attending the Private Class than the Guaranteed Minimum Student Count, Customer is still responsible for payment for the full Guaranteed Minimum Student Count. Customer may have additional Users beyond the Guaranteed Minimum Student Count attend the Private Class and will be responsible for those individual seats purchased per the cost per User established on the Price Quote.

2.3. An Affiliate may participate in the Private Class Program pursuant to this Agreement and on the same terms thereof. Customer is responsible for ensuring that such Affiliate accepts and agrees to the terms of the Agreement by submitting a Price Quote that references this Agreement.

2.4. Customer must complete the Student Roster and provide it to SANS no less than seven (7) days prior to the Private Course start date. Should Customer need to substitute any Users on the Student Roster with a new User, Customer shall notify SANS as soon as possible. SANS will use reasonable efforts to accommodate such request.

3. INVOICES AND PAYMENT TERMS

In order to confirm the Private Class date, Customer shall provide payment thirty (30) days prior to the first day of the Private Class, with the balance due fifteen (15) days prior to the first day of the Private Class. A Private Class confirmed less than thirty (30) days prior to the first day of the Private Class requires full payment within three (3) business days of confirmation.

4. CANCELLATION POLICY

4.1. If Customer cancels Private Class (i) 60 calendar days prior to the start of Private Class, Customer is responsible to SANS for 50% of the Private Class total identified in the Price Quote or (b) less than 10 business days prior to the start of Private Class, Customer is responsible to SANS for 100% of the Private Class total identified in the Price Quote.

4.2. The performance of the Agreement, by either Party, is subject to acts of God, government authority, disaster, strikes, civil disorders, or other emergencies, any of which make it illegal or impossible to hold class for either organization. In case of an emergency that prevents the confirmed instructor from teaching, SANS will attempt to schedule another instructor or reschedule the Private Class for another mutually agreeable date. If another instructor cannot be confirmed for the originally requested date and Parties cannot mutually agree to another date, then, within forty-five (45) days of scheduled start date of the Private Class, Customer will receive a full refund of any payments made toward the Price Quote in the same manner as payment was received.

ADDENDUM C – Cyber Range Tournament

1. DEFINITIONS

1.1. Student Roster means the SANS provided format where Customer must provide a complete list of name and email addresses of all attending students.

1.2. Tournament means the virtual cyber range environment where Users participate in hands-on cyber challenges.

2. TOURNAMENT AND REQUIREMENTS

2.1. SANS’s cyber range Tournament program (“Cyber Range Program”) allows Customer to engage SANS to provide a Tournament for a minimum guaranteed number of Users using a specific Modality selected by Customer and agreed to by SANS in a Price Quote. 2.1.1

2.2. Customer is responsible for payment to SANS for a minimum guaranteed number of Users (the “Guaranteed Minimum Student Count”) which is listed on the Price Quote. If there are less Users attending the Tournament than the Guaranteed Minimum Student Count, Customer is still responsible for payment for the full Guaranteed Minimum Student Count. Customer may have additional Users beyond the Guaranteed Minimum Student Count attend the Tournament and will be responsible for those individual seats purchased per the cost per User established on the Price Quote. 2.1.1

2.3. Customer must complete the Student Roster and provide it to SANS no less than seven (7) days prior to the Tournament start date. Should Customer need to substitute any Users on the Student Roster with a new User, Customer shall notify SANS as soon as possible. SANS will use reasonable efforts to accommodate such request. 2.3.1

2.4. SANS will provide the following for the Tournament:

2.4.1. instructor laptop;

2.4.2. access to Tournament; including the registration and scoring servers;

2.4.3. back-end support during the duration of the Tournament event;

2.4.4. music selection for background music during the Tournament event.

2.5. Customer will provide the following for the Tournament:

2.5.1. preconfigured computer or laptop meeting requirements specified in the Price Quote for each User;

2.5.2. internet connection capable of streaming video for each User;

2.5.3. access to Zoom for virtual participation by Users where applicable.

2.6. Customer shall ensure the Tournament hosting site meets the following requirements:

2.6.1. Classroom Set Up: For individual Users competing in the Tournament, tables and chairs assembled in a classroom style facing the instructor in an amount sufficient for all Users. For team-based Users competing in the Tournament, tables and chairs grouped into teams in an amount sufficient for all teams of Users.

2.6.2. Technical Equipment: The hosting site should include (i) one (1) projector and one (1) screen, (ii) one (1) microphone, (iii) one (1) speaker system with audio that is compatible with a smartphone or a laptop computer.

2.6.3. Internet Connection. The hosting site should include robust and reliable internet connection meeting the following criteria: (a) Internet provided cannot be a satellite or 4G LTE connection (A 1Gbps wired network in the hosting site is sufficient), (b) If using the hosting site’s WiFi, it needs to be able to handle the number of attendees (Users, instructor and others) and have a robust WiFi signal everywhere in the room(s) being used, and (c) no outbound ports/traffic should be blocked by a firewall. The following Internet traffic should be prioritized: *.vpn.labs.sans.org & *.counterhack.com.

3. INVOICES AND PAYMENT TERMS

In order to confirm the Tournament date, Customer shall provide payment thirty (30) days prior to the first day of the Tournament, with the balance due fifteen (15) days prior to the first day of the Tournament. A Tournament confirmed less than thirty (30) days prior to the first day of the Tournament requires full payment within three (3) business days of confirmation.

4. CANCELLATION POLICY

4.1. If Customer cancels a Tournament (i) sixty (60) calendar days prior to the start of Tournament, Customer is responsible for paying 50% of the Tournament total identified on the Price Quote or (ii) less than ten (10) business days prior to the start of Tournament, Customer is responsible for paying 100% of the Tournament total as identified on the Price Quote. Any amounts owed as a result of cancellation by the Customer will be immediately due upon SANS’ receipt of written notice of cancellation.

4.2. The performance of the Agreement, by either Party, is subject to acts of God, government authority, disaster, strikes, civil disorders, or other emergencies, any of which make it illegal or impossible to hold class for either organization. In case of an emergency that prevents the Tournament, SANS will attempt to reschedule the Tournament for another mutually agreeable date. If the Parties cannot mutually agree to another date, then within forty-five (45) days of the scheduled start of the Tournament the Customer will receive a full refund of any payments made toward the Price Quote in the same manner as payment was received.

ADDENDUM D – Voucher Account

1. DEFINITIONS

1.1. Customer Investment Total means the agreed upon training investment established in each Price Quote that is paid by Customer to SANS and deposited into a Voucher Account held by SANS and dedicated to Customer.

1.2. Voucher Account means the SANS account where the Voucher Funds are held and where Customer can manage its training budget for individual Users to receive Training.

1.3. Voucher Funds means the total funds available to Customer to include Customer Investment Total and any other funds deposited into a Voucher Account.

2. VOUCHER FUNDS

2.1. SANS’ voucher account program (“Voucher Program”) allows Customer and its Affiliates, upon SANS’ receipt of Customer Investment Total, to manage its Voucher Account to purchase products and services from SANS. Voucher Funds in the Voucher Account have cash value and can be used by Customer or its Affiliates to register Users for SANS-provided COTS training and/or GIAC exams or other products and services.

2.2. An Affiliate may invest monetary funds in a Voucher Account dedicated to Customer pursuant to this Agreement and on the same terms thereof. Customer is responsible for ensuring that such Affiliate accepts and agrees to the terms of the Agreement by submitting a Price Quote that references this Agreement.

3. UTILIZATION OF VOUCHER ACCOUNT

3.1. All SANS Training procured through the Voucher Account will be based on SANS’ published retail prices at the time of registration and cannot be combined with other discounts or promotional offers other than as provided for within this Agreement or any Price Quote.

3.2. Voucher Funds are valid for 12 months and non-refundable. If Voucher Funds remain in the Voucher Account nearing the conclusion of the initial 12- month period, Customer may contribute an additional investment, as agreed to in a Price Quote, prior to expiration, to renew the Voucher Account. The existing Voucher Funds rollover (renew) with the new funds for another 12 months.

3.3. Descriptions of the available courses, to include, the offered Modalities, objectives, and any applicable requirements, are available at https://www.sans.org.

4. VOUCHER ADMINISTRATION TOOL

4.1. Customer shall appoint a staff member to serve as Customer’s Voucher Account administrator (the “Administrator”) for each Voucher Account under a Price Quote, and such Administrator will be given access to the online SANS Voucher Administration Tool.

4.2. The SANS Voucher Administration Tool allows the Administrator to: (i) approve/deny student enrollment; (ii) view Voucher Fund usage in real time; (iii) control how and where Voucher Funds are utilized; (iv) view Users’ certification status and GIAC exam results; and (v) obtain OnDemand course progress by student per course to determine whether the student is on schedule to complete the course prior to the course expiration

4.3. The SANS Voucher Administration Tool allows the Administrator to: (i) approve/deny User enrollment; (ii) view Voucher Fund usage in real time; (iii) control how and where Voucher Funds are utilized; (iv) view Users’ certification status and GIAC exam results; and (v) obtain OnDemand course progress by User per course to determine whether the User is on schedule to complete the course prior to the course expiration.

5. CANCELLATION POLICY

5.1. Voucher Fund Payment. In addition to any cancellation policy specific to User’s Training, where Customer has utilized Voucher Funds to pay for Training, all requests for substitution, transfer, or refund requests, along with Administrator approval, shall be sent via email to vouchersupport@sans.org.