SSA Phishing Service Supplemental Terms 0923

These SSA PHISHING SERVICE SUPPLEMENTAL TERMS ("Terms") governs your use of the SSA Phishing Services and is a legal agreement between The Escal Institute of Advanced Technologies, Inc. /dba SANS Institute, ("SANS" or "Service Provider") and you ("End User Customer" or "Customer"). These Terms will take effect when you use the Products. Nothing in these Terms modifies or supersedes the End User License Agreement or Master License and Services Agreement (the "Agreement") between the Parties. Capitalized terms not defined herein shall, unless otherwise indicated, have the same meaning ascribed to such terms in the Agreement.


1.1. SSA Phishing Named User means any individual (i) with a user login account permitting such individual to access and use SSA Training Materials on the SLP or End User Customer LMS, or (ii) designated to be tested in SSA Phishing Service activities.

1.2. SSA Phishing Service means a SANS tool or service available to End User Customer to test its employees’ ability to withstand phishing/social engineering attacks.


2.1. End User Customer is hereby granted a non-exclusive, non-transferable, and non-sublicensable license, to use the SSA Phishing Service during the Subscription Term set forth in the Price Quote, limited to the number of SSA Phishing Named Users set forth in the Price Quote.

2.2. End User Customer grants SANS all necessary rights to authorize SANS and its subprocessors a non-exclusive right to process data solely to provide the SSA Phishing Service to End User Customer and its SSA Phishing Named Users.

2.3. A person who is a user only because he or she is designated to be tested through the SSA Phishing Service will not be counted against End User Customer’s total allotment of SSA Phishing Named Users until the first phishing message is sent to that SSA Phishing Named User by the SSA Phishing Service, at which point the he/she will become an SSA Phishing Named User.

2.4. End User Customer shall:

2.4.1. ensure that its SSA Phishing Named Users comply with the terms of this Agreement and shall be responsible for the acts or omissions of any SSA Phishing Named User, or person using an SSA Phishing Named User’s login, in connection with their use of the SSA Phishing Services not in conformity with this Agreement;

2.4.2. notify SANS within five (5) business days of any known unauthorized use of End User Customer’s account;

2.4.3. not attempt to gain unauthorized access to or reverse engineer the SSA Phishing Service;

2.4.4. not use any SANS Confidential Information to build a competitive service or product, nor copy any feature, function or graphic for competitive purposes;

2.4.5. not sell, resell, rent or lease the SSA Phishing Service; and

2.4.6. only conduct simulated phishing emails to domains and recipients for whom End User Customer has authorization.

2.5. If third party services or applications are provided to End User Customer as part of the SSA Phishing Services, End User Customer shall protect the confidential and proprietary information of such third parties to the same degree as it is obligated to protect other Confidential Information under the Agreement.

2.6. Neither Party shall utilize any phishing practices or templates that would create a significant risk of claims, liabilities, administrative actions, internet service provider blacklisting, or other consequences adverse to either SANS or End User Customer, such as identification of the sender as the Internal Revenue Service or another government agency or violations of industry standard acceptable use policies. SANS and its service providers may, but are not obligated to, take action to prevent and stop transmission of any such content provided by End User Customer.