CERTIFIED CIO 

MASTER SERVICES AGREEMENT 

 

This Master Services Agreement (this “Agreement”) is between Project-9 LLC d/b/a Certified CIO, a Pennsylvania limited liability company with an office at 1157 Eichelberger St, Unit 10, Hanover, PA 17331 (“us”, “our”, “we” or “Certified CIO”), and CURRENT CUSTOMER, the entity whose name, authorized signatory and contact information appear in the signature block of this Agreement (“you”, “your” or “Client”).  This Agreement will be effective as of the latest date of the signatures of the parties on any MSA, SOW, or other executed agreement (“Effective Date”). 

 As a “master” form of contract, this Agreement allows the parties to contract for multiple Services through the issuance of multiple SOW’s (as discussed in Section 1 below), without having to re-negotiate the basic terms and conditions contained herein. The current version of our Master Services Agreement is available on Certified CIO’s website located at https://www.certifiedcio.com/terms/.  By accepting Services under a SOW, you agree to be bound by the terms of that version of the Master Services Agreement then hosted on Certified CIO’s website.

1)       SCOPE OF SERVICES; SOW.  This Agreement governs all of the services that we perform for you (collectively, the “Services”).  The Services will be described in one or more statements of work that we provide to you (each, a “SOW”), and once you and we mutually agree to a SOW (either by signing it or by electronic acceptance), the SOW will become a part of, and governed under, the terms of this Agreement.  If there is a material difference or conflict between the language in a SOW and the language in this Agreement, then the language of the SOW will control, except in situations involving warranties, limitations of liability or termination of this Agreement.  Under those limited circumstances, the terms of this Agreement will control unless the SOW expressly states that it is overriding the conflicting provisions of this Agreement. 

 

2)       GENERAL REQUIREMENTS. 

a)       System Configuration.  For the purposes of this Agreement, “System” means, collectively, any computer network, computer system, peripheral or device installed, maintained, monitored or operated by Certified CIO pursuant to this Agreement.  Our fees are based upon the configuration of your System as of the effective date of the applicable SOW.  If the System configuration changes, then we may adjust the scope of services and/or the fees charged to you under the applicable SOW to accommodate those changes. 

b)       Requirements.  At all times, all software on the System must be genuine and licensed, and you agree to provide us with proof of such licensing upon our request.  If we require you to implement certain minimum hardware or software requirements in a SOW (“Minimum Requirements”), you agree to do so as an ongoing requirement of Certified CIO providing its Services to you.  

c)       Maintenance; Updates.  If patches and other software-related maintenance updates that are produced and distributed by the manufacturers of software and/or hardware devices (“Updates”) are expressly set forth in a SOW to be provided by Certified CIO under such SOW, Certified CIO will install the Updates only if Certified CIO has determined, in its reasonable discretion, that the Updates will be compatible with the particular configuration of the System; however, Client agrees and understands that Certified CIO (i) does not warrant or guarantee that any Update will perform properly, (ii) will not be responsible for any downtime or losses arising from or related to the installation, use, or inability to use any Update, and (iii) reserves the right, but not the obligations, to refrain from installing an Update until Certified CIO has determined, in its reasonable discretion, that the Updates will be compatible with the configuration of the Environment and materially beneficial to the features or functionality of the affected software or hardware subject to the Services. It is agreed and understood that updates are developed by third party vendors and, on rare occasions, may make the System, or portions of the System, unstable, or cause the managed equipment or software to fail to operate properly even when the Patches are installed correctly.  As noted above, Certified CIO shall not be responsible for any downtime or losses arising from or related to the installation or use of any Update, provided that the Update was installed in accordance with manufacturer’s instructions.  Certified CIO reserves the right, but not the obligation, to refrain from installing an Update if Certified CIO is aware of technical problems caused by an Update, or believes that an Update may cause the System, or any portion of the System, to become unstable. Unless otherwise provided in an SOW, maintenance services will be applied in accordance with the recommended practices of the managed services industry.  Client understands and agrees that maintenance services are not intended to be, and will not be, a warranty or guaranty of the functionality of any particular device, or a service plan for the repair or remediation of any particular managed hardware or software.  Repair and/or device remediation services are not covered under Certified CIO’s maintenance service plan and shall be provided on an hourly basis to Client. 

d)       Third Party Support.  If, in Certified CIO’s discretion, a hardware or software issue requires vendor or OEM support (a “Third Party Provider”), Certified CIO may contact the vendor or OEM (as applicable) on your behalf and pass through to you, without markup, all fees and costs incurred in that process.  If such fees or costs are anticipated in advance or exceed $100, Certified CIO will obtain your permission before incurring such expenses on your behalf.  Not all Third Party Services will be expressly identified as being provided by a Third Party Provider, and at all times Certified CIO reserves the right to utilize the services of any Third Party Provider or to change Third Party Providers in its sole discretion as long as the change does not materially diminish the Services that Certified CIO is obligated to provide to Client. While Certified CIO will endeavor to facilitate a workaround for the failure of a Third Party Service, Certified CIO will not be responsible, and will be held harmless by Client, for any failure of any service provided by a Third Party Provider as well as the failure of any Third Party Provider to provide such services to Certified CIO or to Client. 

e)        Advice; Instructions. From time to time, we may provide you with specific advice and directions related to our provision of the Services or the maintenance or administration of the System and/or security products and services for you, in line with reasonable best IT and security practices, including risks associated with various solutions.  This may require you to make additional purchases or investments in the System or the environment in which the System is maintained, at your sole cost.  (For illustrative purposes, such advice or directions may include installing cooling mechanisms or environmental controls in a server room, increasing the System’s server or hard drive capacity, or replacement of obsolete equipment, replacing systems or software that are end of life, etc.).  Responsibility to accept, reject, or change such solutions ultimately resides with the Client, not Certified CIO.  Certified CIO will not be responsible for any System downtime caused by your failure to promptly follow Certified CIO’s advice or directions.  Client understands and agrees that no security solution is 100% faultless or perfect in all situations and that implementation of the Services under this Agreement is not a guarantee that security incidents or breaches will not occur.  Certified CIO may, in its discretion, request that Client sign a written document reflecting the recommendations that the Client has or has not elected to implement, and such document will serve as express evidence of solutions not implemented by Certified CIO. If your failure to follow or implement Certified CIO’s advice renders part or all of the Services economically or technically unreasonable in Certified CIO’s discretion, then Certified CIO may terminate the applicable SOW for cause by providing notice of termination to you.  Any services required to correct or remediate issues caused by your failure to follow Certified CIO’s advice or directions, as well as any services required to bring the System up to the Minimum Requirements, will be billed to you at Certified CIO’s then-current hourly rates.  

f)       Prioritization.  Unless otherwise stated in a SOW, all Services will be performed on a schedule, and in a prioritized basis, as determined by Certified CIO.  Exact start dates may vary or deviate from the dates Certified CIO state to Client depending on the Service being provided and the extent to which prerequisites (if any), such as transition or onboarding activities, must be completed. Certified CIO will respond to any notification received by Certified CIO of any error, outage, alarm, or alert pertaining to the System in accordance with Section 8(a) below. 

g)       Authorized Contact(s).  You understand and agree that Certified CIO will be entitled to rely on any directions or consent provided to Certified CIO by any of your Authorized Contacts, as indicated in an applicable SOW.  If no Authorized Contact is identified in an applicable SOW, then your Authorized Contact will be the person(s) (i) who signed this Agreement, and/or (ii) who signed the applicable SOW.  If you desire to change your Authorized Contact(s), please notify Certified CIO of such changes in writing which, unless exigent circumstances are stated in the notice, will take effect three (3) business days thereafter. 

h) Client Obligations.  Client shall cooperate with Certified CIO in all matters relating to the Services, including Certified CIO Personnel such access to Client’s premises and such office accommodation and other facilities and equipment and networks as may reasonably be requested by Certified CIO, for the purposes of performing the Services and each Project. Client authorizes Certified CIO to perform any offsite analysis of Client data necessary for the Service. Accordingly, Client acknowledges and agrees that Certified CIO may be required to connect its computers and equipment directly to Client’s computer network.  Client explicitly consents to Certified CIO connecting its computers and equipment directly to Client’s computer network and Client assumes all risk and liability in this regard and Certified CIO shall have no liability in this regard whatsoever. Without limiting the generality of the foregoing, Client hereby grants to Certified CIO and Certified CIO’s designated Third Party Providers the right to monitor, diagnose, manipulate, communicate with, retrieve information from, and otherwise access the System as necessary to enable Certified CIO or Third Party Providers, as applicable, to provide the Services and/or Third Party Depending on the Service, Client acknowledges that Certified CIO may be required to install one or more software agents into the System through which such access may be enabled. It is Client’s responsibility to secure, at its own cost and prior to the commencement of any Services, any necessary rights of entry, licenses (including software licenses), permits or other permissions necessary for Certified CIO or its Third Party Providers to provide Services to the System and, if applicable, at Client’s designated premises, both physically and virtually. Proper and safe environmental conditions must be provided and assured by Client at all times. Certified CIO shall not be required to engage in any activity or provide any Services under conditions that pose or may pose a safety or health concern to any personnel, or that would require extraordinary or non-industry standard efforts to achieve.  Furthermore, Client shall respond promptly to any Certified CIO request to provide direction, information, approvals, authorizations, or decisions that are reasonably necessary for Certified CIO to perform Services in accordance with the requirements of this Agreement and provide such Client materials and/or information as Certified CIO may request, in order to carry out the Services, in a timely manner, and ensure that it is complete and accurate in all material respects (including the maintenance and preservation of all passwords, keys, access codes, activations codes and other similar words, phrases and codes).  Client will refrain from modifying or moving the System or installing software in the System unless Certified CIO expressly authorizes such activity and to take all actions reasonably necessary to prevent any third party from making any alterations to any hardware or software subject to the Services. In all situations (including those where Certified CIO is co-managing a System with Client’s internal IT department), Client agrees and understands that Certified CIO will not be responsible for changes to the System or issues that arises from those changes that are not authorized by Certified CIO.

i) Client Understandings.  Client agrees and understand that it alone, and not Certified CIO, is responsible for Client’s own compliance with all Laws, including all confidentiality and security requirements, and any and all such requirements of the HIPAA, Gramm-Leach-Bliley Act, USA Patriot Act (along with all network rules applicable to VISA, MasterCard, Discover, and/or other networks). Unless otherwise expressly stated in a SOW, the Services are not intended, and will not be used, to bring Client into full regulatory compliance with any Law, rule, regulation, or requirement that may be applicable to Client’s business or operations, including, but not limited to, Cybersecurity Maturity Model Certification (CMMC), PCI or NIST framework. Depending on the Services provided, the Services may aid Client’s efforts to and assist Client in aligning with regulatory compliance but no such services will be intended to be an audit of Client’s compliance or otherwise fulfill regulatory compliance and/or certification; consequently, the Services are not (and should not be used as) a compliance solution and provide no guarantee that Client will “pass” any third party assessment in connection with an audit of compliance. Client warrants and represents that Client knows of no law governing Client’s business that would impede or restrict Certified CIO’s provision of the Services, or that would require Certified CIO to register with, or report Certified CIO’s provision of the Services (or the results thereof), to any government or regulatory authority. Client agrees to promptly notify Certified CIO if Client becomes subject to any of the foregoing which, in Certified CIO discretion, may require a modification to the scope or pricing of the Services. Similarly, if Client is subject to responsibilities under any applicable Law (including, but not limited to, HIPAA, Gramm-Leach-Bliley Act, and USA Patriot Act), then Client agrees to identify to Certified CIO any data or information subject to protection under that Law prior to providing such information to Certified CIO or, as applicable, prior to giving Certified CIO access to such information. Client understands and agrees that data loss or network failures in its Environment may occur, whether or not From time to time, Certified CIO may provide Client with sample (i.e., template) policies and procedures for use in connection with Client’s business (“Sample Policies”).  The Sample Policies are for Client’s informational use only, and do not constitute or comprise legal or professional advice.  The Sample Policies are not intended to be a substitute for the advice of competent counsel. Client should seek the advice of competent legal counsel prior to using the Sample Policies, in part or in whole, in any transaction.  Certified CIO does not warrant or guaranty that the Sample Policies are complete, accurate, or suitable for Client’s specific needs, or that Client will reduce or avoid liability by utilizing the Sample Policies in its business operations. In order to reduce the likelihood of a network failure, Client must maintain proper security for its computer and information systems, including Updates. Client will adhere to Updates and maintain specific security standards, policies, procedures such as those set forth by the NIST Cybersecurity Framework available at https://www.nist.gov/cyberframework. It is understood that within the Services provided it is not the intent for Certified CIO to provide any type of internet security monitoring, cyber security monitoring, cyber terrorism monitoring, or other cyber threats for Client unless otherwise expressly specified in a SOW. In the event any such monitoring services is provided under an SOW, and unless otherwise indicated in such SOW, all monitoring and alert-type services are limited to detection and notification functionalities only.  These functionalities are guided by Client-designated policies, which may be modified by Client as necessary or desired from time to time.  Initially, the policies will be set to a baseline standard as determined by Certified CIO; however, Client is advised to establish and/or modify the policies that correspond to Client’s specific monitoring and notification needs. Furthermore, Client understands and agrees that no security solution is one hundred percent effective, and any security paradigm may be circumvented and/or rendered ineffective by certain malware, such as certain ransomware or rootkits that were unknown to the malware prevention industry at the time of infection, and/or which are downloaded or installed into the Environment. Certified CIO does not warrant or guarantee that all malware or malicious activity will be capable of being detected, avoided, quarantined, or removed, or that any data deleted, corrupted, or encrypted by such malware (“Impacted Data”) will be recoverable. Unless otherwise expressly stated in an SOW, the recovery of Impacted Data is out-of- scope and not included in the Services. Moreover, unless expressly stated in an SOW, Certified CIO will not be responsible for activating multifactor authentication in any application in or connected to the Environment. Client is strongly advised to (a) educate its employees to properly identify and react to “phishing” activity (i.e., fraudulent attempts to obtain sensitive information or encourage behavior by disguising oneself as a trustworthy entity or person through email), and (b) obtain insurance against cyberattacks, data loss, malware-related matters, and privacy-related breaches, as such incidents can occur even under a “best practice” scenario. Except as otherwise expressly set forth in this Agreement, Certified CIO is held harmless from any costs, expenses, or damages arising from or related to such incidents. 

j) Procurement. Equipment and software procured by Certified CIO on Client’s behalf (“Procured Equipment”) may be covered by one or more manufacturer warranties, which will be passed through to Client to the greatest extent possible.  By procuring equipment or software for Client, Certified CIO does not make any warranties or representations regarding the quality, integrity or usefulness of the Procured Equipment.  Certain equipment or software, once purchased, may be not be returnable or, in certain cases, may be subject to third party return policies and/or re-stocking fees, all of which shall be Client’s responsibility in the event that a return of the Procured Equipment is requested. Certified CIO is not a warranty service or repair center.  Certified CIO will facilitate the return or warranty repair of Procured Equipment; however, Client understands and agrees that the return or warranty repair of Procured Equipment is governed by the terms of the warranties (if any) governing the applicable Procured Equipment, for which Certified CIO shall be held harmless.

 

3)       FEES; PAYMENT.  You agree to pay the fees described in each SOW.  If the SOW does not include a fee schedule, then you agree to pay Certified CIO on an hourly basis pursuant to Certified CIO’s standard non-contract rates as listed on our website: https://www.certifiedcio.com/pricing-page/ 

a)          Schedule.   Unless otherwise stated in a SOW, all undisputed fees will be due and payable in advance of the calendar month in which the Services are to be provided to you.  Payments made by ACH will be deducted from your designated bank account on the due date listed on your invoice. If you decline to use ACH as your designated payment method, then you must keep a current credit card on file with Certified CIO, and all fees will be automatically charged to that credit card each month, along with a nonrefundable three and one-half percent (3.5%) surcharge.  For prepaid fees or fees paid pursuant to a service plan, payment must be made in advance of work performed, unless other arrangements are expressly stated in the SOW.  Without limiting the generality of the foregoing, Client agrees that Certified CIO may adjust, and Client is responsible to pay for any increase following, any service fee calculation adjustment made from time to time relating to Services provided under an SOW on a “per user/hardware/software” basis, such that if Certified CIO reasonably determines an increase by Client to such use, Certified CIO may automatically adjust such billing without further action or consent required from Client.  Commencing with the first anniversary of any SOW, and on each anniversary thereafter, “Managed” fees and hourly labor rates shall increase by five percent (5%).

b)       Nonpayment.  Fees that remain unpaid for more than fifteen (15) days after the date on the invoice will be subject to interest on the unpaid amount(s) until and including the date payment is received, at the lower of either 1.5% per month or the maximum allowable rate of interest permitted by applicable law.  Certified CIO reserves the right, but not the obligation, to suspend part or all of the Services without prior notice to you in the event that any portion of undisputed fees are not timely received by Certified CIO.   All disputes related to fees must be received by Certified CIO on or before the due date of the invoice specifying the disputed charge(s); otherwise, you waive your right to dispute the fee thereafter.  A re-connect fee may be charged to you in the event that Certified CIO suspends the Services due to your nonpayment.  Time is of the essence in the performance of all payment obligations by you. 

 

4)       ACCESS.  You hereby grant to Certified CIO the right to monitor, diagnose, manipulate, communicate with, retrieve information from, and otherwise access the System for the purpose of enabling Certified CIO to provide the Services.  It is your responsibility to secure, at your own cost and prior to the commencement of any Services, any necessary rights of entry, licenses, permits or other permissions necessary for Certified CIO to provide Services to the System and, if applicable, at your designated premises.  This access permission includes all devices, peripherals and/or computer processing units, including mobile devices (such as notebook computers, smart phones and tablet computers) that are connected to the System (collectively, “Devices”), regardless of whether such Devices are owned, leased or otherwise controlled by Client. Unless otherwise stated in writing by Certified CIO, Devices may not receive or benefit from the Services while the Devices are detached from, or unconnected to, the Environment. Client is strongly advised to refrain from connecting Devices to the System where such devices are not previously known to Certified CIO and are not expressly covered under a managed service plan from Certified CIO (“Unknown Devices”). Certified CIO will not be responsible for the diagnosis of, any failures due to, or remediation of any issues in the System caused by the connection or use of Unknown Devices in the System, and Certified CIO will not be obligated to provide the Services to any Unknown Devices. 

 

5)       LIMITED WARRANTIES; LIMITATIONS OF LIABILITY. 

a)       Hardware / Software Purchased Through Certified CIO; Software Development.  Unless otherwise stated in a SOW, all hardware, software, peripherals or accessories purchased through Certified CIO (“Third Party Products”) are nonrefundable once the applicable purchase order is placed in Certified CIO’s queue for delivery.  We will use reasonable efforts to assign, transfer and facilitate all warranties (if any) and service level commitments (if any) for the Third Party Products to you, but will have no liability whatsoever for the quality, functionality or operability of any Third Party Products, and we will not be held liable as an insurer or guarantor of the performance, uptime or usefulness of any Third Party Products.  Unless otherwise expressly stated in a SOW, all Third Party Products are provided “as is” and without any warranty whatsoever as between Certified CIO and you (including but not limited to implied warranties). Unless otherwise set forth in an SOW, any software developed for Client will include open source code; however, unless otherwise expressly noted in such SOW, the inclusion of the open source code will not impose any additional fees, costs, or usage restrictions on Client.  Client is instructed, however, to refrain from separating or isolating the open source code from the software, since the use of certain open source code, in isolation or in conjunction with third party materials or code, may trigger additional licensing or usage restrictions for which Certified CIO shall not be responsible.  

b)       Warranty Application.  Notwithstanding any provision to the contrary in this Agreement, any warranty provided by Certified CIO shall be deemed null and void if the applicable hardware or product is (i) altered, modified or repaired by persons other than Certified CIO, including, without limitation, the installation of any attachments, features, or devices not supplied or approved  by  Certified CIO; (ii) misused, abused, or not operated in accordance with the specifications of Certified CIO or the applicable manufacturer or creator of the hardware or product, or, (3) subjected to improper site preparation or maintenance by persons other than Certified CIO or persons approved or designated by Certified CIO. 

c)       Limitations.   Client acknowledges and agrees that Certified CIO would not provide any Services, or enter into any SOW or this Agreement, unless Certified CIO could rely on the limitations described in this Agreement, including this Section.  IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, SPECIAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE DAMAGES, OR FOR LOST REVENUE, LOSS OF PROFITS (EXCEPT FOR FEES DUE AND OWING TO CERTIFIED CIO), SAVINGS, OR OTHER INDIRECT OR CONTINGENT EVENT-BASED ECONOMIC LOSS ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, ANY SOW, OR THE SERVICES, OR FOR ANY LOSS OR INTERRUPTION OF DATA, TECHNOLOGY OR SERVICES, OR FOR ANY BREACH HEREOF OR FOR ANY DAMAGES CAUSED BY ANY DELAY IN FURNISHING SERVICES UNDER THIS AGREEMENT OR ANY SOW, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  Except for your payment obligations and each party’s indemnification obligations described in this Agreement, each party’s aggregate liability to the other for damages from any and all claims or causes whatsoever, and regardless of the form of any such action(s), that arise from or relate to this Agreement (collectively, “Claims”), whether in contract, tort or negligence, shall be limited to the amount of the aggrieved party’s actual direct damages, not to exceed the amount of fees paid by you to Certified CIO for the specific Service upon which the applicable claim(s) is/are based during the six (6) month period immediately prior to the date on which the cause of action accrued.  The foregoing limitations shall not apply to the extent that the Claims are the result of an aggrieved party’s willful misconduct or gross negligence.  It is understood and agreed that the costs of hardware or software (if any) provided to Client under this Agreement shall not be included in the calculation of the limitation of damages described in this paragraph. 

 

6)       INDEMNIFICATION. You agree to indemnify, defend and hold Certified CIO harmless from and against any and all losses, damages, costs, expenses or liabilities, including reasonable attorneys’ fees, (collectively, “Damages”) that arise from, or are related to, your breach of this Agreement, or which relate to any act or omission undertaken or caused by you.  The foregoing indemnification obligation includes Damages arising out of any alleged infringement of copyrights, patent rights and/or the unauthorized or unlicensed use of any material, property or other work in connection with the performance of the Services.  Certified CIO will have the right, but not the obligation, to control the intake, defense and disposition of any claim or cause of action for which indemnity may be sought under this section. 

 

7)       TERM; TERMINATION.  This Agreement will begin as of the latest date of the signatures of the parties below, and will continue until terminated as described in this Section (the “Term”).  Since this is a master agreement, you may have the option (depending on the circumstances) to terminate individual SOWS without affecting other SOWs that are in-progress.  

a)       Termination Without Cause.  Certified CIO, in its sole discretion, may terminate this Agreement or any SOW, in whole or in part, at any time without cause, by providing at least thirty (30) days’ prior written notice to Client. Unless otherwise agreed by the parties in writing, Client will not terminate a SOW without cause prior to the SOW’s natural expiration date.   If you terminate a SOW without cause, then you will be responsible for paying the early termination fee described in the applicable SOW.  If no early termination fee is listed, then prior to the effective date of termination of the SOW or this Agreement (as applicable) without cause, you agree to pay Certified CIO an amount equal to (i) all expenses incurred by Certified CIO in its preparation and provision of the Services to you, e.g., licensing fees incurred by Certified CIO, non-mitigatable hard costs, etc. (including, but not limited to, residual license fees and related charges arising with respect to Microsoft NCE) (“Hard Costs”), as well as (ii) one hundred percent (100%) of all fees that would have been paid to Certified CIO had the term not been terminated prematurely.   

b)       Termination For Cause.  In the event that one party (a “Defaulting Party”) commits a material breach under a SOW or under this Agreement, the non-Defaulting Party will have the right, but not the obligation, to terminate immediately this Agreement or the relevant SOW (a “For Cause” termination) provided that (i) the non-Defaulting Party has notified the Defaulting Party of the specific details of the breach in writing, and (ii) the Defaulting Party has not cured the default within twenty (20) days (ten (10) days for non-payment by Client) following receipt of written notice of breach from the non-Defaulting Party.  A “For Cause” termination by Certified CIO includes circumstances that Client or any of its staff, personnel, contractors, or representatives engages in any unacceptable act or behavior that renders it impracticable, imprudent, or unreasonable to provide the Services to Client.  If Certified CIO terminates this Agreement or any SOW For Cause, then Certified CIO shall be entitled to receive, and you hereby agree to pay to Certified CIO, (i) all amounts that would have been paid to Certified CIO had this Agreement or SOW (as applicable) remained in effect, and (ii) all Hard Costs.  If you terminate this Agreement or a SOW for cause, then you will be responsible for paying only for those services that were properly delivered and accepted by you up to the effective date of termination. 

c)       Client Activity As A Basis for Termination.  Notwithstanding any provision to the contrary, in the event that any Client-supplied equipment, hardware or software, or any action undertaken by you, causes the System or any part of the System to malfunction or requires remediation by Certified CIO on three (3) occasions or more (“System Malfunction”), and you fail to remedy, repair or replace the System Malfunction as directed by Certified CIO (or you fail to cease the activity causing the System Malfunction, as applicable), then Certified CIO will have the right, upon ten (10) days prior written notice to you, to terminate this Agreement or the applicable SOW For Cause or, at Certified CIO’s discretion, amend the applicable SOW to eliminate from coverage any System Malfunction or any equipment or software causing the System Malfunction. 

d)       Consent.  You and we may mutually consent, in writing, to terminate a SOW or this Agreement at any time. 

e)       Equipment / Software Removal.  Upon termination of this Agreement for any reason, you will provide Certified CIO with access, during normal business hours, to your premises or any other locations at which Certified CIO-owned equipment or software (collectively, “Certified CIO Equipment”) is located to enable Certified CIO to remove all Certified CIO Equipment from the premises.  If you fail or refuse to grant Certified CIO access as described herein, or if any of the Certified CIO Equipment is missing, broken or damaged (normal wear and tear excepted) or any of Certified CIO-supplied software is missing, Certified CIO will have the right to invoice you for, and you hereby agree to pay immediately, the full replacement value of any and all missing or damaged items. 

f)        Transition; Deletion of Data.  In the event that you request Certified CIO’s assistance to transition to a new service provider, Certified CIO will provide such assistance if (i) all fees due and owing to Certified CIO are paid to Certified CIO in full prior to Certified CIO providing its assistance to you, and (ii) you agree to pay Certified CIO its then-current hourly rate for such assistance, with up-front amounts to be paid to Certified CIO as may be required by Certified CIO.   

For the purposes of clarity, it is understood and agreed that the retrieval and provision of passwords, log files, administrative server information, or conversion of data are transition services, and are subject to the preceding requirements. Client also understands and agrees that any software configurations that Certified CIO custom creates or programs for Client are Certified CIO’s proprietary information and shall not be disclosed to Client under any circumstances. Unless otherwise expressly stated in a SOW, Certified CIO will have no obligation to store or maintain any Client data in Certified CIO’s possession or control beyond fifteen (15) calendar days following the termination of this Agreement and/or a relevant SOW.  Certified CIO will be held harmless for, and indemnified by you against, any and all claims, costs, fees, or expenses incurred by either party that arise from, or are related to, Certified CIO’s deletion of your data beyond the time frames described in this Section 7(f).  Without limiting the generality of the foregoing, Client agrees and understand that Third Party Providers may have other cancellation and data retention policies and procedures that may result in the deletion of Client data used by certain software (i.e., Datto Cloud, Aptega, Lifecycle Insights) upon following termination of this Agreement and/or a relevant SOW.  

 

8)          Response. All Services will be performed on a schedule, and in a prioritized manner, as Certified CIO deems reasonable and necessary. Exact start dates may vary or deviate from the dates Certified CIO state to Client depending on the Service being provided and the extent to which prerequisites (if any), such as transition or onboarding activities, must be completed. Certified CIO will respond to any notification received by Certified CIO of any error, outage, alarm, or alert pertaining to the System in accordance with the priority table(s) supplied to Client in an SOW. In no event will Certified CIO be responsible for delays in its response or Certified CIO’s provision of Services during (a) those periods of time covered under during Certified CIO’s initial startup activities with Client, (b) periods of delay caused by Scheduled Downtime, Customer-Side Downtime, downtime caused by Third Party Service Provider’s (“Vendor-Side Downtime”), (c) periods in which Certified CIO is required to suspend the Services to protect the security or integrity of the System or Procured Equipment, or (d) delays caused by a force majeure event. Certified CIO will not be responsible under any circumstances for any delays or deficiencies in the provision of, or access to, the Services to the extent that such delays or deficiencies are caused by Customer-Side Downtime or Vendor-Side Downtime. 

For the purposes of this Agreement, “Scheduled Downtime” will mean those hours, as determined by Certified CIO but which will not occur between the hours of 9 AM and 5:00 PM EST (or EDT, as applicable), Monday through Friday without your authorization or unless exigent circumstances exist, during which time Certified CIO will perform scheduled maintenance or adjustments to its network.  Certified CIO will use its best efforts to provide you with at least twenty-four (24) hours of notice prior to scheduling Scheduled Downtime. Certified CIO will not be responsible under any circumstances for any delays or deficiencies in the provision of, or access to, the Services to the extent that such delays or deficiencies are caused by your actions or omissions (“Client-Side Downtime).  

9)       CONFIDENTIALITY.  

a)       Defined.  For the purposes of this Agreement, Confidential Information means any and all non-public information provided to Certified CIO by you, including but not limited to your customer data, customer lists, internal documents, and related information.  Confidential Information will not include information that: (i) has become part of the public domain through no act or omission of Certified CIO, (ii) was developed independently by Certified CIO, or (iii) is or was lawfully and independently provided to Certified CIO prior to disclosure by you, from a third party who is not and was not subject to an obligation of confidentiality or otherwise prohibited from transmitting such information. 

b)       Use.  Certified CIO will keep your Confidential Information confidential, and will not use or disclose such information to any third party for any purpose except (i) as expressly authorized by you in writing, or (ii) as needed to fulfill Certified CIO’s obligations under this Agreement.  If Certified CIO is required to disclose the Confidential Information to any third party as described in part (ii) of the preceding sentence, then Certified CIO will ensure that such third party is required, by written agreement, to keep the information confidential under terms that are at least as restrictive as those stated in this Section 9.  

c)       Due Care.  Certified CIO will exercise the same degree of care with respect to the Confidential Information it receives from you as Certified CIO normally takes to safeguard and preserve its own confidential and proprietary information, which in all cases will be at least a commercially reasonable level of care. 

d)       Compelled Disclosure.  If Certified CIO is legally compelled (whether by deposition, interrogatory, request for documents, subpoena, civil investigation, demand or similar process) to disclose any of the Confidential Information, Certified CIO will immediately notify you in writing of such requirement so that you may seek a protective order or other appropriate remedy and/or waive Certified CIO’s compliance with the provisions of this Section 9.  Certified CIO will use its best efforts, at your expense, to obtain or assist you in obtaining any such protective order.  Failing the entry of a protective order or the receipt of a waiver hereunder, Certified CIO may disclose, without liability hereunder, that portion (and only that portion) of the Confidential Information that Certified CIO has been advised by written opinion of counsel reasonably acceptable to Certified CIO that it is legally compelled to disclose.  Without limiting the generality of the foregoing, Client acknowledges and agrees that during the delivery of the Services, Certified CIO may become aware of issues such as data breaches, network intrusions, or the presence of malware, and that such issues may give rise to regulatory reporting obligations which Client is subject to in one of more territories in which Client operates.  Accordingly, Client shall remain solely responsible for all such reporting requirements and Certified CIO shall have no liability in this regard whatsoever. 

 

10)    THIRD PARTY SERVICES. 

a)       EULAs.  Portions of the Services may require you to accept the terms of one or more third party end user license agreements (“EULAs”).  If the acceptance of a EULA is required in order to provide the Services to Client, then Client hereby grants Certified CIO permission to accept the EULA on Client’s behalf. EULAs may contain service levels, warranties and/or liability limitations that are different than those contained in this Agreement.  You agree to be bound by the terms of such EULAs, and will look only to the applicable third party provider for the enforcement of the terms of such EULAs. If, while providing the Services, Certified CIO is required to comply with a third party EULA and the third party EULA is modified or amended, Certified CIO reserves the right to modify or amend any applicable SOW with you to ensure Certified CIO’s continued compliance with the terms of the third party EULA.  Such EULA’s may affect ownership of data including immediate deletion of Client data upon termination of Services under this Agreement or a relevant SOW. Without limiting the generality of the foregoing, by using Microsoft software and services you are agreeing to their agreements. You can manually download the latest version of the Microsoft Customer Agreement via https://aka.ms/customeragreement. Additional specific product Terms may be viewed via https://www.microsoft.com/licensing/terms/productoffering or any subsequent site provided by Microsoft. 

b)       Data Loss. If backup and/or disaster recovery services are to be provided under a SOW, then you hereby understand and agree that Certified CIO will not be responsible for any data lost, corrupted or rendered unreadable due to (i) communication and/or transmissions errors or related failures (whether onsite or cloud-based), (ii) equipment failures (including but not limited to silent hardware corruption-related issues), or (iii) Certified CIO’s failure to backup or secure data from portions of the System that were not expressly designated in the applicable SOW as requiring backup or recovery services. Unless expressly stated in writing by Certified CIO, Certified CIO does not warrant or guarantee that any maintained storage device or functionality, data backup device or functionality, or load balancing functionality will operate in an error-free manner. 

c)       BYOD.  You hereby represent and warrant that Certified CIO is authorized to provide the Services to all devices, peripherals and/or computer processing units, including mobile devices (such as notebook computers, smart phones and tablet computers) that (i) are connected to the System, and (ii) have been designated by you to receive the Services, regardless of whether such device(s) are owned, leased or otherwise controlled by you.  Unless otherwise stated in a SOW, devices will not receive or benefit from the Services while the devices are detached from or unconnected to the System. 

 

11)    OWNERSHIP.  Each party is, and will remain, the owner and/or licensor of all works of authorship, patents, trademarks, copyrights and other intellectual property owned or licensed by such party (“Intellectual Property”), and nothing in this Agreement or any SOW shall be deemed to convey or grant any ownership rights in one party’s Intellectual Property to the other party.   

 

12) CLIENT CYBER SECURITY.  It is understood that within the Services provided, it is not the intent, nor does the MSP provide any type of internet security monitoring, cyber security monitoring, cyber terrorism monitoring, or other cyber threats for Client unless otherwise specified in the SOW.  As cyber threats are always evolving it is strongly recommended that Client engage the services of a cyber protection third-party vendor to monitor the cyber controls and cyber activities in Client System.  In no event, including the negligent act or omission on its part, shall MSP, whether under these Terms, an SOW, or otherwise in connection with any of them, be liable in contract, tort, third-party liability, breach of statutory duty or otherwise, in respect of any direct, indirect or consequential losses or expenses, including without limitation loss of anticipated profits, company shut-down, third-party loss or injury, any loss because of data breach, any loss of personally identifiable or protected information, goodwill, use, market reputation, business receipts or contracts or commercial opportunities, whether or not foreseeable, if such loss was the result of or arose from any act of terrorism, strike or similar labor action, war, invasion, act of foreign enemy, hostilities or warlike operations, civil war, rebellion, revolution, insurrection, civil commotion assuming the proportions of or amounting to an uprising, or any action taken in controlling, preventing or suppressing any of these things, including any such act or series of acts of any person or group(s) or persons, whether acting alone or on behalf of or in connection with any organization(s), committed for political, religious or ideological purposes including but not limited to the intention to influence any government and/or to put the public in fear for such purposes by using activities perpetrated electronically that are directed towards the destruction, disruption or subversion of communication and information systems, infrastructure, computers, telecommunications or electronic networks and/or its content thereof or sabotage and or threat therefrom 

 

12)   ARBITRATION.  If the parties are unable to resolve a dispute informally, the dispute will be settled by final and binding arbitration. The arbitration will be initiated and conducted according to the JAMS Comprehensive Arbitration Rules and Procedures (except as modified herein) including the Optional Expedited Arbitration Procedures and Optional Appeal Procedure, in effect at the time the request for arbitration is made (the “Rules“).  In the event of any inconsistency between the Rules and the procedures set forth below, the procedures set forth below will control.  The arbitrator, and not any federal, state, or local court or agency, will have exclusive authority to resolve any dispute relating to the interpretation, enforceability or formation of this Agreement including, but not limited to any claim that all or any part of the Agreement is void or voidable. The arbitration shall be heard by a single arbitrator, to be selected by the parties and experienced in contract, intellectual property and information technology transactions.  If the parties cannot agree on an arbitrator within fifteen (15) days after a demand for arbitration is filed, JAMS shall select the arbitrator.  The arbitration shall take place in the venue described in Section 13, below. The arbitrator shall determine the scope of discovery in the matter, however, it is the intent of the parties that any discovery proceedings be limited to the specific issues in the applicable matter, and that discovery be tailored to fulfill that intent.  The cost of the arbitration shall be split evenly between the parties; however, the party prevailing in the arbitration shall be entitled to an award of its reasonable attorneys’ fees and costs. 

 

13)    MISCELLANEOUS. 

a)       Assignment.  Neither this Agreement nor any SOW may be assigned or transferred by a party without the prior written consent of the other party.  This Agreement will be binding upon and inure to the benefit of the parties hereto, their legal representatives, and permitted successors and assigns. Notwithstanding the foregoing, Certified CIO may assign its rights and obligations hereunder to a successor in ownership in connection with any merger, consolidation, or sale of substantially all of the assets of the business of a party, or any other transaction in which ownership of more than fifty percent (50%) of either party’s voting securities is transferred; provided such assignee expressly assumes the assignor’s obligations hereunder. 

b)       Amendment.  No amendment or modification of this Agreement or any SOW will be valid or binding upon the parties unless such amendment or modification is originated in writing by Certified CIO, specifically refers to this Agreement, and is accepted in writing by one of your Authorized Contacts.  

c)       Time Limitations.  The parties mutually agree that any action for any matter arising out of this Agreement or any SOW (except for issues of nonpayment by Client) must be commenced within six (6) months after the cause of action accrues or the action is forever barred. 

d)       Severability.  If any provision hereof or any SOW is declared invalid by a court of competent jurisdiction, such provision will be ineffective only to the extent of such invalidity, illegibility or unenforceability so that the remainder of that provision and all remaining provisions of this Agreement or any SOW will be valid and enforceable to the fullest extent permitted by applicable law.  

e)       Other Terms.  Certified CIO will not be bound by any terms or conditions printed on any purchase order, invoice, memorandum, or other written communication between the parties unless such terms or conditions are incorporated into a duly executed SOW.  

f)       No Waiver.  The failure of either party to enforce or insist upon compliance with any of the terms and conditions of this Agreement, the temporary or recurring waiver of any term or condition of this Agreement, or the granting of an extension of the time for performance, will not constitute an Agreement to waive such terms with respect to any other occurrences. 

g)       Merger.  This Agreement, together with any and all SOWs, sets forth the entire understanding of the parties and supersedes any and all prior agreements, arrangements or understandings related to the Services, and no representation, promise, inducement or statement of intention has been made by either party which is not embodied herein.  Any document that is not expressly and specifically incorporated into this Agreement or SOW will act only to provide illustrations or descriptions of Services to be provided, and will not act to modify this Agreement or provide binding contractual language between the parties.  Certified CIO will not be bound by any agents’ or employees’ representations, promises or inducements not explicitly set forth herein. 

h)       Force Majeure.  Certified CIO will not be liable to you for delays or failures to perform Certified CIO’s obligations under this Agreement or any SOW because of circumstances beyond Certified CIO’s reasonable control.  Such circumstances include, but will not be limited to, any intentional or negligent act committed by you, or any acts or omissions of any governmental authority, natural disaster, disease, act of a public enemy, acts of terrorism, riot, sabotage, disputes or differences with workmen, power failure, communications delays/outages, delays in transportation or deliveries of supplies or materials, cyberwarfare, cyberterrorism, or hacking, malware or virus-related incidents that circumvent then-current anti-virus or anti-malware software, and acts of God. 

i)        Non-Solicitation.  You acknowledge and agree that during the term of this Agreement and for a period of one (1) year following the termination of this Agreement, you will not, individually or in conjunction with others, directly or indirectly solicit, induce or influence any of Certified CIO’s employees or subcontractors to discontinue or reduce the scope of their business relationship with Certified CIO, or recruit, solicit or otherwise influence any employee or agent of Certified CIO to discontinue such employment or agency relationship with Certified CIO. In the event that you violate the terms of the restrictive covenants in this Section 13(i), you acknowledge and agree that the damages to Certified CIO would be difficult or impracticable to determine, and you agree that in such event, as Certified CIO’s sole and exclusive remedy therefore, you will pay Certified CIO as liquidated damages and not as a penalty an amount equal to fifty percent (50%) percent of that employee or subcontractor’s first year of base salary with you (including any signing bonus).  In addition to and without limitation of the foregoing, any solicitation or attempted solicitation for employment directed to any of Certified CIO’s employees by you will be deemed to be a material breach of this Agreement, in which event Certified CIO shall have the right, but not the obligation, to terminate this Agreement or any then-current SOW immediately For Cause. 

j)        Survival.  The provisions contained in this Agreement that by their context are intended to survive termination or expiration of this Agreement will survive. 

k)      Insurance.  Certified CIO and you will each maintain, at each party’s own expense, all insurance reasonably required in connection with this Agreement or any SOW, including but not limited to, workers compensation and general liability.  Certified CIO agrees to maintain a general liability policy with a limit not less than $1,000,000 per occurrence.  Client shall secure and maintain for the duration of the contract Cyber Liability Insurance to insure Client cyber exposures. Specific limits and coverages should be evaluated by a qualified insurance broker or risk manager to determine Client specific coverage and policy limit requirements. A minimal $1,000,000 Policy per occurrence/aggregate limit is required.  Furthermore, if Client is supplied with Certified CIO Equipment, including Procured Equipment, Client agrees to acquire and maintain, at its sole cost, insurance for the full replacement value of that equipment.  Certified CIO shall be listed as an additional insured on any policy acquired and maintained by Client hereunder, and the policy shall not be canceled or modified without prior notification to Certified CIO.  Upon Certified CIO’s request, Client agrees to provide proof of insurance to Certified CIO, including proof of payment of any applicable premiums or other amounts due thereunder.  All of the insurance policies described herein will not be canceled, materially changed or renewal refused until at least thirty (30) calendar days written notice has been given to the other party by certified mail. TO THE EXTENT PERMITTED BY LAW, EACH PARTY WAIVES ALL RIGHTS AGAINST THE OTHER FOR RECOVERY OF DAMAGES TO THE EXTENT THESE DAMAGES ARE COVERED BY THE WORKERS COMPENSATION (TO THE EXTENT PERMITTED BY LAW) AND EMPLOYERS LIABILITY, PROFESSIONAL LIABILITY, GENERAL LIABILITY, PROPERTY INSURANCE, COMMERCIAL UMBRELLA/EXCESS, CYBER OR OTHER COMMERCIAL LIABILITY INSURANCE OBTAINED BY EITHER PARTY. CLIENT WILL NOT HOLD MSP ITS SUBCONTRACTORS AND/OR THIRD-PARTY SERVICE PROVIDERS RESPONSIBLE FOR SUCH LOSSES AND WILL CONFIRM THAT CLIENT INSURANCE POLICIES REFERENCED ABOVE PROVIDE FOR THE WAIVER OF SUBROGATION INCLUDED IN THE TERMS OF SERVICE.   

l)        Governing Law; Venue.  This Agreement and any SOW will be governed by, and construed according to, the laws of the Commonwealth of Pennsylvania.  You hereby irrevocably consent to the exclusive jurisdiction and venue of the state courts in York County, Pennsylvania, for any and all claims and causes of action arising from or related to this Agreement. YOU AND WE AGREE THAT EACH OF US WAIVES ANY RIGHT TO A TRIAL BY JURY FOR ANY AND ALL CLAIMS AND CAUSES OF ACTION ARISING FROM OR RELATED TO THIS AGREEMENT.  PROVIDED, HOWEVER, the parties mutually agree that, unless otherwise prohibited by law, any action for any matter arising out of or related to any service, this Agreement, or any SOW (except for issues of nonpayment by customer) must be commenced within six (6) months after the cause of action accrues or the action is forever barred and except for undisputed collections actions to recover fees due to Certified CIO, any dispute, claim or controversy arising from or related to this Agreement and/or a SOW, including the determination of the scope or applicability of this Agreement to arbitrate, shall be settled by arbitration before one arbitrator who is mutually agreed upon by the parties. the arbitration shall be administered and conducted by the American Arbitration Association (the “AAA”) or if there is no AAA-certified arbitrator available within a twenty (20) mile radius of Certified CIO office, then by any arbitration forum as determined by Certified CIO, pursuant to the selected forum’s arbitration rules for commercial disputes (the “rules”). in the event of any inconsistency between the rules and the procedures set forth in this paragraph, the procedures set forth in this paragraph will control. The arbitrator will be experienced in contract, intellectual property and information technology transactions. If the parties cannot agree on an arbitrator within fifteen (15) days after a demand for arbitration is filed, the arbitration venue shall select the arbitrator. The arbitration shall take place in a venue of Certified CIO’s choice. The arbitrator will determine the scope of discovery in the matter; however, it is the intent of the parties that any discovery proceedings be limited to the specific issues in the applicable matter, and that discovery be tailored to fulfill that intent. initially, the cost of the arbitration shall be split evenly between the parties; however, the party prevailing in the arbitration shall be entitled to an award of its reasonable attorneys’ fees and costs. 

m)     No Third Party Beneficiaries.  The Parties have entered into this Agreement solely for their own benefit.  They intend no third party to be able to rely upon or enforce this Agreement or any part of this Agreement.   

n)       Usage in Trade.  It is understood and agreed that no usage of trade or other regular practice or method of dealing between the Parties to this Agreement will be used to modify, interpret, supplement, or alter in any manner the terms of this Agreement. 

o)       Business Day. If any time period set forth in this Agreement expires on a day other than a business day in York County, Pennsylvania, such period will be extended to and through the next succeeding business day in York County, Pennsylvania.  

p)       Notices; Writing Requirement.  Where notice is required to be provided to a party under this Agreement, such notice may be sent by U.S. mail, overnight courier, or email as follows: notice will be deemed delivered three (3) business days after being deposited in the United States Mail, first class mail, certified or return receipt requested, postage prepaid, or one (1) day following delivery when sent by FedEx or other overnight courier, or one (1) day after notice is delivered by email.  Notice sent by email will be sufficient only if (i) the sender emails the notice to the last known email address of the recipient, and (ii) the sender includes itself in the “cc” portion of the email and preserves the email until such time that it is acknowledged by the recipient.  Notwithstanding the foregoing, any notice from you to Certified CIO regarding (a) any alleged breach of this Agreement by Certified CIO, or (b) any request for indemnification, or (c) any notice of termination of this Agreement or any SOW, must be delivered to Certified CIO either by U.S. mail or email delivery to Finance @ CertifiedCIO .com, unless such requirement is expressly and specifically waived by Certified CIO.  All electronic documents and communications between the parties will satisfy any “writing” requirement under this Agreement. 

q)       Independent Contractor.  Each party is an independent contractor of the other, and neither is an employee, partner or joint venturer of the other.  

r)        Subcontractors.  Should Certified CIO elect to subcontract a portion of the Services, Certified CIO shall guarantee all work performed by any Certified CIO-designated subcontractor as if Certified CIO performed the subcontracted work itself.  

s)       Data Access/Storage.  Depending on the Service provided, and only if not prohibited by law, a portion of your data may occasionally be accessed or stored on secure servers located outside of the United States.  You agree to notify us in the event that you require us to modify our standard access and/or storage procedures. 

t)        Attorneys’ Fees.  If Certified CIO sends your account to collections for non-payment, or if we are required to bring an action to enforce or defend the terms of this Agreement, Certified CIO shall be entitled to recover (by award, collections, or otherwise) the reasonable attorneys’ fees and costs that it incurred in the collections matter or filed action (as applicable). .  

u)     Counterparts.  The parties may sign and deliver this Agreement and any SOW in any number of counterparts, each of which will be deemed an original and all of which, when taken together, will be deemed to be one agreement.  Each party may sign and deliver this Agreement (or any SOW) electronically (e.g., by digital signature and/or electronic reproduction of a handwritten signature), and the receiving party will be entitled to rely upon the apparent integrity and authenticity of the other party’s signature for all purposes.