These WORKFORCE SECURITY & RISK TRAINING PHISHING SERVICE SUPPLEMENTAL TERMS ("Terms") govern your use of the Workforce Phishing Services and is a legal agreement between The Escal Institute of Advanced Technologies, Inc. /dba SANS Institute ("SANS") and you ("End User Customer"). These Terms will take effect when you use the Products. Nothing in these Terms modifies or supersedes the Master Training and Services Agreement, End User License Agreement, or Master License and Services Agreement (the "Agreement") between the Parties. Capitalized terms not defined herein shall, unless otherwise indicated, have the same meaning ascribed to such terms in the Agreement.
1. DEFINITIONS
1.1. Workforce Phishing Named User means any individual (i) with a user login account permitting such individual to access and use Workforce Training Materials on the SLP or End User Customer LMS, or (ii) designated to be tested in Workforce Phishing Service activities.
1.2. Workforce Phishing Service means a SANS tool or service available to End User Customer to test its employees’ ability to withstand phishing/social engineering attacks.
2. Workforce PHISING SERVICES
2.1. End User Customer is hereby granted a non-exclusive, non-transferable, and non-sublicensable license, to use the Workforce Phishing Service during the Subscription Term set forth in the Price Quote, limited to the number of Workforce Phishing Named Users set forth in the Price Quote.
2.2. End User Customer grants SANS all necessary rights to authorize SANS and its subprocessors a non-exclusive right to process data solely to provide the Workforce Phishing Service to End User Customer and its Workforce Phishing Named Users.
2.3. A person who is a user only because he or she is designated to be tested through the Workforce Phishing Service will not be counted against End User Customer’s total allotment of Workforce Phishing Named Users until the first phishing message is sent to that Workforce Phishing Named User by the Workforce Phishing Service, at which point the he/she will become an Workforce Phishing Named User.
2.4. End User Customer shall:
2.4.1. ensure that its Workforce Phishing Named Users comply with the terms of this Agreement and shall be responsible for the acts or omissions of any Workforce Phishing Named User, or person using an Workforce Phishing Named User’s login, in connection with their use of the Workforce Phishing Services not in conformity with this Agreement;
2.4.2. notify SANS within five (5) business days of any known unauthorized use of End User Customer’s account;
2.4.3. not attempt to gain unauthorized access to or reverse engineer the Workforce Phishing Service;
2.4.4. not use any SANS Confidential Information to build a competitive service or product, nor copy any feature, function or graphic for competitive purposes;
2.4.5. not sell, resell, rent or lease the Workforce Phishing Service; and
2.4.6. only conduct simulated phishing emails to domains and recipients for whom End User Customer has authorization.
2.5. If third party services or applications are provided to End User Customer as part of the Workforce Phishing Services, End User Customer shall protect the confidential and proprietary information of such third parties to the same degree as it is obligated to protect other Confidential Information under the Agreement.
2.6. Neither Party shall utilize any phishing practices or templates that would create a significant risk of claims, liabilities, administrative actions, internet service provider blacklisting, or other consequences adverse to either SANS or End User Customer, such as identification of the sender as the Internal Revenue Service or another government agency or violations of industry standard acceptable use policies. SANS and its service providers may, but are not obligated to, take action to prevent and stop transmission of any such content provided by End User Customer.