Cyberknowledge General Terms and Conditions in effect as at 1st July 2023
1. Performance of Services
1.1 Provision or the Services
(a) These general terms and conditions apply to:
(i) any Proposal or Quote that is submitted to, and is accepted by, the Client; or
(ii) any SOW that references and incorporates these general terms and conditions.
(b) During the Term, Cyberknowledge agrees to perform the Services as set out in a Proposal, Quote or SOW (as relevant) and any acceptance and delivery will only be in accordance with the terms of this Agreement, and no other terms or conditions contained in any other Client document will apply or be incorporated. The Client acknowledges and agrees that the Services may be performed and invoiced by Cyberknowledge or any of its Related Bodies Corporate.
(c) In performance of any Services specified in an Agreement, Cyberknowledge agrees to:
(i) provide suitably qualified, experienced and competent Personnel;
(ii) comply with all reasonable directions of the Client and all applicable Laws in performance of its obligations;
(iii) comply with all reasonable health and safety policies of the Client whilst on the Client's site as provided to Cyberknowledge prior to commencing the work; and
(iv) use reasonable endeavours to have any specific personnel identified in a Proposal, Quote or SOW available to perform the Services and will provide the Client with reasonable notice if it intends to replace or reassign such personnel.
(d) The Client agrees to act in good faith to facilitate and cooperate Cyberknowledge's supply of any Services or Products, including:
(i) providing Cyberknowledge with safe and timely access and authorisation to access and use the Client's Systems personnel, facilities, site and utilities as reasonably required;
(ii) providing Cyberknowledge with any requested information relevant to the provision of the Services in a timely and accurate manner;
(iii) ensuring the Client's Systems are virus free and backed-up prior to, and at all times during, the performance of the Services; and
(iv) complying with all reasonable requests or directions of Cyberknowledge for the purpose of facilitating the supply of the Services and Products.
(e) Client acknowledges that, due to the nature of some Services, Cyberknowledge's proper performance of those Services may have an impact on Client's Systems.
1.2 Use of subcontractors
(a) Cyberknowledge will be liable for:
(i) the performance of obligations by its subcontractors; and
(ii) provision of the Services by its subcontractors.
1.3 Provision of Products
(a) At any time during the Term the Client may request to purchase any Products offered for sale by Cyberknowledge by submitting a purchase order to Cyberknowledge.
(b) The purchase order must explicitly reference these general terms and conditions and set out the type and quantity of the Product/s to be purchased and the desired date for delivery of the Products.
(c) Cyberknowledge will provide the Client with written notification of acceptance or rejection of the purchase order, the proposed delivery date along with any variable price changes (including exchange rate, delivery or third-party pricing changes) as relevant for the purchase of the Products. Failure by Cyberknowledge to confirm receipt of the purchase order is not an acceptance of that purchase order.
(d) All risk in any Products transfers to the Client upon delivery to the Client and title passes on payment in full.
1.4 Access and delays
(a) Where Cyberknowledge reasonably requests information or access to any Client premises or Systems necessary for any of the Services at least 5 Business Days prior to commencement of the applicable Services, and that information or access is not available at time of scheduled commencement of those Services, Cyberknowledge will be entitled to charge the Client for any resulting delays based on reasonable rates until that information or access is provided.
(b) If the Client requests Cyberknowledge to cancel, delay, reschedule or suspend the Services with less than 3 Business Days' notice, the Client must pay Cyberknowledge its reasonable costs associated with such cancelation, delay, rescheduling or suspension.
(c) Cyberknowledge will endeavour to meet the desired dates for delivery of Products or Services, however, any dates contained in a Proposal, Quote or SOW are indicative dates intended for planning and estimating purposes only and are not contractually binding. Any estimates of time for completion of the Services are given on the assumption that Cyberknowledge receives co-operation, diligence and commitment from the Client or its designated representatives (including employees, contractors and consultants) who are required to provide Cyberknowledge with accurate and complete information in a timely manner as requested by Cyberknowledge from time to time in relation to the provision of the Services. For the avoidance of any doubt, Cyberknowledge will not be liable for any failure or delay in performing the Services or delivering the Products.
The Client authorises Cyberknowledge and Cyberknowledge's Personnel to access and use the Client's networks and systems as reasonably required by Cyberknowledge for the provision of the Services for all purposes, including in connection with the Criminal Code Act 1995 (Cth).
3. Security Testing and Cyberknowledge Software
To the extent the Services include:
(a) Security Testing Services, the terms in Schedule 1 apply; and
(b) Cyberknowledge Software, the terms in Schedule 2 apply, and the terms of each schedule will take precedence over all others.
4. Governance Risk and Compliance
(a) To the extent the Services include governance, risk or compliance services, this clause 4 applies.
(b) The Client must ensure that the specifications relating to the Products and Services, and the use of the Products and Services, satisfies all of the Client's legal and regulatory obligations and any other Client compliance requirements including, without limitation, compliance by the Client with any Law, corporate governance matters and internal company policies.
(c) Nothing in this Agreement requires Cyberknowledge to ensure recommend or facilitate the Client's compliance with any matter referred to in this clause, except to the extent prescribed in the specifications Proposal, or SOW and the Client acknowledges that it has obtained its own advice on such compliance matters.
Unless otherwise terminated in accordance with clause 14, this Agreement commences on the earlier day of Cyberknowledge providing the Services, the acceptance by Cyberknowledge of a Client purchase order or as otherwise agreed in writing and continues for the duration set out in the applicable Proposal, Quote or SOW (Term).
6. Invoices & Payments
(a) The Client agrees to pay Cyberknowledge for the provision of the Services, Cyberknowledge Software and/or for the supply of any Products, as set out in a valid tax invoice issued by Cyberknowledge.
(b) All fees are exclusive of expenses and disbursements and the Client agrees to pay Cyberknowledge’s reasonable travel and accommodation costs incurred in connection with the Services. Any special expense arrangements will be as agreed and set out in the applicable Proposal, Quote or SOW.
(c) Cyberknowledge will issue invoices as set out in an applicable Proposal, Quote or SOW, or otherwise upon acceptance of a purchase order.
(d) The Client must pay all invoices within 30 days of the invoice date by electronic funds transfer to an account as specified by Cyberknowledge in the invoice.
(e) All fees and prices provided in a Proposal, Quote or SOW are exclusive of all applicable taxes, duties, goods and services tax and government charges (Taxes).
(f) If Taxes are payable for, or charged on, any supply made by Cyberknowledge under this Agreement, Client must pay an amount equal to the amount of Taxes charged on such supply, at the same time as the amounts due.
(g) The Client may not set-off, counterclaim or deduct any amount from an amount owing to Cyberknowledge, unless it has notified Cyberknowledge in writing of any disputed invoices within 5 Business Days of receipt detailing the amount and the reason for the dispute. In such circumstances the Client must pay Cyberknowledge the portion of the invoiced amounts not in dispute on the due date for payment.
7. Intellectual Property
7.1 Intellectual Property in Deliverables and provision of Services
(a) Subject to clauses 7.2 and 7.3, all intellectual property rights in the Deliverables, the Services, Client Feedback, Cyberknowledge Software and any other material created by Cyberknowledge in delivering the Services remain the property of Cyberknowledge.
(b) Subject to clause 7.3, Cyberknowledge grants the Client a non-exclusive, non-transferable, non-sub licensable, royalty-free (excluding any payments due under clause 6) licence to use in Australia the intellectual property rights in the Deliverables, the Services, Cyberknowledge Software and any other material created by Cyberknowledge in delivering the Services for the sole and limited purpose of enjoying the benefit of the Services as set out in the Proposal, Quote or SOW.
7.2 Background IP
Each party retains all title and ownership in its own its Background IP.
7.3 Third party intellectual property
(a) In providing the Services, Cyberknowledge may provide the Client with software, Services or Deliverables that are, or include, software or other material which is owned by or is proprietary to a third party (Third Party Material). The Client agrees that:
(ii) title in any Third Party Material remains at all times with the third party unless provided otherwise in a Third Party Licence.
(b) Subject to clause 7.3(a), Cyberknowledge warrants that to the best of its knowledge and belief, all materials and Deliverables created by Cyberknowledge in delivering the Services, when used by the Client in accordance with this Agreement, do not infringe any intellectual property rights of any third party.
(a) Client will not directly or indirectly obtain or attempt to obtain at any time, any right, title or interest by registration or otherwise in or to the Cyberknowledge Marks. Client acknowledges that the goodwill associated with the Cyberknowledge Marks belongs exclusively to Cyberknowledge and, upon request, Client will modify or cease its use of any Cyberknowledge Marks.
(a) Each party agrees that where it, its Personnel, or its Related Bodies Corporate, are the recipient of Confidential Information (Recipient) of the other party (Disclosing Party), the Recipient must:
(i) subject to clause 8(b), treat all Confidential Information as confidential and not use it except as reasonably necessary for the purposes of this Agreement;
(ii) ensure that the Confidential Information is held in strict confidence and is not disclosed to any third party (subject to any legal requirement on the Recipient to disclose the Confidential Information), except to a member of that party's Personnel who needs such Confidential Information in order to perform his or her duties and provided that such member has a legal or contractual obligation to maintain the confidentiality of such Confidential Information;
(iii) immediately notify the Disclosing Party in writing if the Recipient suspects that any Confidential Information may have been accessed by any unauthorised party;
(iv) use, at a minimum, the same degree of care with respect to its obligations under this Agreement as it employs with respect to its own confidential or proprietary information, but in no event less than reasonable care; and
(v) upon request by the Disclosing Party or termination of this Agreement, promptly deliver to the Disclosing Party all written documents or other physical embodiments containing the Confidential Information then in its custody, control or possession and must deliver within 10 days after such termination or request a written statement to the Disclosing Party certifying to such action.
(b) Nothing in this Agreement is intended to oblige the Cyberknowledge to return or destroy any document, data or information incorporated into or annexed to anything which must be retained for compliance purposes, contained in systems, archives or backups which cannot be practicably deleted or information which must be retained as required by Law, any accounting standard or the rules of any stock exchange or for sound corporate governance purposes.
(c) Unless otherwise agreed in writing by the Disclosing Party, the obligations of confidentiality in clause 8(a)(i) do not apply to the extent the Confidential Information:
(i) has been lawfully disclosed to the Recipient by a third party free from obligations of confidentiality;
(ii) or is in the public domain (other than through a breach of this Agreement).
(d) The provisions of this clause 8 shall continue in force indefinitely following the termination of this Agreement.
(a) Both parties agree to comply with the Privacy Laws in relation to the provision and use of the Services.
(b)Without limiting clause 9(a), the Client must ensure that where it discloses Personal Information (Client Personal Information) to Cyberknowledge, or permits Cyberknowledge to collect, access, or generate otherwise use, disclose or handle Client Personal Information under this Agreement, it has obtained, will continue to obtain, and will maintain, any authorisations from individuals necessary under all applicable Privacy Laws (Necessary Authorisations). Cyberknowledge will only collect, access, otherwise use, disclose or handle Client Personal Information to the extent necessary for performance of the Services.
(c) The Client will be liable for all Losses (including legal costs on a full indemnity basis) suffered or incurred by Cyberknowledge or its Related Bodies Corporate arising from any actions, claims, proceedings, demands that may be brought against Cyberknowledge or its Related Bodies Corporate or which Cyberknowledge may pay, sustain or incur as a direct or indirect result of Client not securing the Necessary Authorisations.
(d) The Client accepts that:
(i) it may be necessary for Cyberknowledge to access Client Personal Information in order to provide the Services; and
10. Data Security
(a) Cyberknowledge will take reasonable precautions within its own control to prevent any Security Breach of Cyberknowledge's Systems.
(b) Each party shall promptly notify the other of any breach of any Security Breach and provide reasonable assistance to the other in managing such Security Breach and/or handling any requests in relation to Personal Information.
(a) Each party warrants:
(i) it has the power, capacity and authority to enter into and observe its obligations under this Agreement; and
(ii) this Agreement has been duly executed by that Party and is a legal and binding agreement, enforceable against it in accordance with the terms of this Agreement.
(b) To the extent permitted by law, Cyberknowledge makes no warranty or representation, express or implied, in relation to Products or any third-party hardware or software. In relation to third party hardware or software, Cyberknowledge will ensure Client enjoys the benefit of, and Client agrees to comply with, the relevant third party's standard terms and conditions.
(c) Cyberknowledge warrants that:
(i) the Services will be provided by exercising the same degree and skill, care and diligence that would be exercised by a professional services provider of similar size in the same industry in similar circumstances; and
(ii) it and its personnel are appropriately trained and experienced to provide the Services.
(d) Nothing in this Agreement excludes, restricts or modifies any condition, guarantee, warranty, right or remedy conferred on the parties by the Competition and Consumer Act 2010 (Cth) or any other applicable law that cannot be excluded, restricted or modified by agreement.
(e) To the fullest extent permitted by law, the liability of Cyberknowledge for a breach of a non-excludable condition, guarantee, warranty right or remedy referred to in clause 11(d) is limited, at Cyberknowledge's option, to:
(i) the replacement, resupply or repair of the relevant Products;
(ii) the resupply of the relevant Services; or
(iii) the payment of the cost of having the relevant Services or Products resupplied or repaired.
(f) Except in relation to non-excludable obligations and the warranty in (c) above, all conditions, warranties, guarantees, rights, remedies, liabilities or other terms that may be implied in this Agreement by legislation, common law, equity, trade, custom or usage are expressly excluded to the maximum extent permitted by law.
(a) Subject to clauses 12(b) to 12(e) and any applicable third party licensor's restrictions, Cyberknowledge indemnifies the Client for any direct Loss suffered by the Client arising from or related to third party intellectual property claims against the Client arising from the Client's use of the Deliverables or other materials provided to the Client by Cyberknowledge in the performance of its Services under this Agreement (other than third party hardware or software), except Cyberknowledge will not be liable for any such Loss caused or contributed to by:
(i) the Client or another party modifying the Deliverables or materials provided by Cyberknowledge;
(ii) the Client using the Deliverables or materials provided by Cyberknowledge not in accordance with any directions given by Cyberknowledge, not in accordance with the purpose provided to the Client under this Agreement;
(iii)the Client's breach or failure to comply with, any Third Party Licence; or
(iv) the Client's failure to take all reasonable steps (and ensuring its Personnel take all reasonable steps) to mitigate any Loss on becoming aware of any such third-party intellectual property claims,
and is subject to:
(v) the Client (and its Personnel, where relevant) permitting Cyberknowledge to manage any relevant claim or action in the name of the Client (or any relevant Personnel).
(b) Cyberknowledge's total aggregate liability to the Client in respect of any and all Losses incurred by the Client (whether for breach of contract, in tort (including negligence) or otherwise) arising out of or in connection with the carrying out of the Services or supply of Deliverables and/or Products under this Agreement is limited to the amount paid by the Client to Cyberknowledge under the applicable Proposal, Quote or SOW in the 12 months preceding the event giving rise to the Loss, to a maximum of $100,000.
(c) Cyberknowledge's limit on liability in clause 12(b) does not apply to the following Losses:
(i) personal injury or death of a party or person; or
(ii) damage to tangible property,
to the extent caused by Cyberknowledge's negligent acts or omissions.
(d) To the maximum extent permitted by law, Cyberknowledge is not responsible and excludes all liability for any Loss to the Client's Systems or any data or information of the Client arising from or in connection with the supply of the Services and/or Deliverables and/or Products by Cyberknowledge.
(e) Notwithstanding anything in this Agreement, Cyberknowledge will not be liable under this Agreement for any indirect or consequential Loss that does not arise naturally (that is, according to the usual course of things) from the event giving rise to the Loss or any loss of profits, loss of production, loss of revenue, loss of business, loss of goodwill, damage to reputation, loss of opportunity, loss or corruption of data or wasted overheads.
13. Australian Consumer Law
(a) This clause 13 applies if the Client is a deemed a Consumer.
(b) Clause 12 does not apply to any liability of Cyberknowledge for failure to comply with a Consumer Guarantee.
(c) In respect of any goods supplied under this Agreement, subject to clause 13(e), unless the goods are goods 'of a kind ordinarily acquired for personal, domestic or household use or consumption' (as that expression is used in section 3 of the Australian Consumer Law), the liability of Cyberknowledge for Loss, however caused (including by the negligence of Cyberknowledge), suffered or incurred by the Client because of a failure to comply with a Consumer Guarantee is limited to (at Cyberknowledge's election):
(i) replacing the goods or supplying equivalent goods;
(ii) repairing the goods;
(iii) paying the cost of replacing the goods or of acquiring equivalent goods; or
(iv) paying the cost of having the goods repairs;
(d) In respect of the Services supplied under this Agreement, subject to clause 13(e), unless the Services are 'services of a kind ordinarily acquired for personal, domestic or household use or consumption', as that expression is used in section 3 of the Australian Consumer Law, the liability of Cyberknowledge for Loss, however caused (including by the negligence of Cyberknowledge), suffered or incurred by the Client because of a failure to comply with a Consumer Guarantee is limited to (at Cyberknowledge's election):
(i) resupplying the Services; or
(ii) paying the cost of having the Services supplied again.
(e) Clauses 13(c) and 13(d) do not apply in relation to a guarantee pursuant to any of sections 51, 52 or 53 of the Australian Consumer Law or if it is not 'fair or reasonable' for the purposes of section 64A of the Australian Consumer Law for Cyberknowledge to rely on them.
(f) Nothing in this Agreement is intended to exclude, restrict or modify rights which the Client may have under the Australian Consumer Law which may not be excluded, restricted or modified by agreement.
(a) Either party may terminate the Agreement with immediate effect if the other party is:
(i) in material breach of the Agreement and such breach is incapable of remedy, or such breach is remediable but that defaulting party fails to remedy the breach within 14 days of receiving notice of the breach;
(ii) subject to an Insolvency Event; or
(iii) subject to an Event of Force Majeure that continues for a period of at least 90 days.
(b) Upon termination of this Agreement for any reason:
(i) Cyberknowledge will cease providing the Services and Products: and
(ii) the Client must pay to Cyberknowledge all outstanding amounts for Services actually performed or Products ordered by the Client or amounts that Cyberknowledge has paid or owes to third parties that it cannot reasonably get out of paying in connection with this Agreement.
(c) Termination of this Agreement does not affect a liability or any obligation of a party arising prior to termination nor affect any damages or other remedies which a party may be entitled under this Agreement.
(d) On expiry or termination of this Agreement:
(i) Clauses 8 (Confidentiality), 8(d) (Privacy), 10 (Data Security), 11 (Warranties), 12 (Liability), 14(b) (Termination) and 15 (Non-solicitation) continue in full force and effect; and
(ii) all rights, obligations and liabilities a party has accrued before expiry or termination continue.
During the Term and for a period of 24 months after completion of the Term, the Client must not, and must procure its affiliates do not, offer work to, solicit or induce for employment, employ, or contract with, Cyberknowledge's Personnel who are involved with the provision of the Services, without first obtaining the written consent of Cyberknowledge (which may be withheld by Cyberknowledge at its absolute discretion).
(a) If any provision of this Agreement is deemed to be unenforceable, invalid or illegal, the interpretation is to be applied to reflect the intention of the parties as far as possible whilst not affecting the validity of the remainder of the Agreement.
(b) Neither party may assign its rights under this Agreement without the other party’s prior written consent, provided however Cyberknowledge can assign its rights under this Agreement to a Related Body Corporate if it wants for so long as it requires to do so.
(c) The Client acknowledges and agrees that (i) some or all of the Services may be provided by Cyberknowledge and/or its subcontractors, and (ii) client data may be stored or accessed from locations outside of Australia.
(d) All notices and consents must be sent by email to the email addresses on the front page of this Agreement.
(e) This Agreement is governed by the laws of the State of New South Wales, Australia.
(f) Cyberknowledge will not be liable for any delay or failure to supply the Services or Products if such a delay or failure was due to an Event of Force Majeure.
(g) Any dispute relating to the subject matter of this Agreement shall be submitted to mediation prior to any other dispute resolution process being invoked. The parties will agree a mediator within 21 days of either party giving the other written notice of intention to invoke mediation. If the parties cannot agree on a mediator then the dispute will be referred to the Australian Disputes Centre (ADC). All mediation proceedings will be conducted in accordance with the ADC's ADR Guidelines.
(h) No party is authorised to bind another party and nothing in this Agreement is construed as creating a relationship of principal and agent, partners, trustee and beneficiary, or employer and employee.
(i) This Agreement may only be amended or replaced with the written agreement of all parties.
(j) This Agreement constitutes the entire agreement between the parties and supersedes any prior conduct, arrangement, representation, agreement or understanding in relation to its subject matter.
(k) This Agreement can be signed in counterparts. If an electronic signature is used, it shall have the same effect as a handwritten signature.
17. Definitions and interpretation
All capitalised terms have either the meanings given to that term in the Proposal, Quote or SOW, the definitions in this clause 17.1 or where otherwise set out in the Agreement:
Agreement means these general terms and conditions and, as relevant:
(a) the Proposal, Quote or SOW to which they are attached, referenced or attached (including any agreed written variation).
(b) any purchase order submitted and accepted in accordance with clause 1.3;
Australian Consumer Law is as set out in schedule 2 to the Competition and Consumer Act 2010 (Cth); and the corresponding provisions as applicable in each of the Australian States and Territories.
Background IP means a party's intellectual property rights in any materials developed independently of, or prior to, the provision of the Services and the Deliverables and includes any third party licensed intellectual property.
Business Day means a day that is not a Saturday, Sunday, public holiday or bank holiday in the location where the Services are being provided (unless expressed otherwise in a Proposal, Quote or SOW).
Client means the customer who has requested the Services to be performed by Cyberknowledge.
Client Data means the data owned or supplied by the Client which is accessed by Cyberknowledge (including its Related Bodies Corporate) or its subcontractors in the course of performing the Services.
Client Feedback means any and all suggestions, ideas, feedback, reports, error identifications or other information related to the Services and/or Cyberknowledge Software that is provided by the Client to Cyberknowledge but shall not include information or material provided by Client where such information is Client Confidential Information.
Confidential Information means any and all information (in any form or media) of a confidential nature that is made available directly or indirectly, and before, on or after the date of this Agreement including financial, client, employee and supplier information, product specifications, policies and procedures, processes, statements, formulae, trade secrets, Client Data, drawings and data which is not in the public domain (except by virtue of a breach of the confidentiality obligations arising under this Agreement).
Consumer has the same meaning as in section 3 of the Australian Consumer Law.
Consumer Guarantee means a Consumer guarantee applicable to this Agreement under the Australian Consumer Law.
Cyberattack means any breach of (or attempted or threatened breach of) or unauthorised access to the Client's Systems, including identity or intellectual property theft, exploitation of ICT systems, phishing, spamming, denial-of-service (including distributed), stolen hardware, or website defacement.
Cyberknowledge means Cyberknowledge Pty Ltd (ABN 56 666 675 485) and any of its Related Bodies Corporate.
Cyberknowledge Marks means any Cyberknowledge name, logo, mark, image or tagline.
Cyberknowledge Software means Cyberknowledge’s proprietary software (including all modifications or derivative works), spreadsheets, databases and electronic tools developed and owned by Cyberknowledge.
Deliverables means the materials, reports and other deliverables (including where appropriate Cyberknowledge Software) to be provided by Cyberknowledge as set out in the relevant Proposal, Quote or SOW.
Event of Force Majeure means any event or circumstance, or a combination of events or circumstances, which is beyond the reasonable control of an affected party (but does not excuse any obligation to make payment).
Insolvency Event means:
(a) bankruptcy proceedings are commenced against the relevant party, or the relevant party is declared bankrupt;
(b) any step is taken to appoint a receiver, a receiver and manager, a trustee in bankruptcy, a liquidator, a provisional liquidator, an administrator or other like person to the relevant party or to the whole or any part of the relevant party's assets or business;
(c) if the relevant party is in a partnership, the partnership is dissolved or an application is made to dissolve the partnership;
(d) the relevant party is or becomes unable to pay its debts as they fall due or is presumed pursuant to section 95A of the Corporations Act 2001(Cth) to be unable to pay its debts as they fall due; or
(e) a relevant party has something having substantially similar effect to any of the events specified above occur in any jurisdiction under or in respect of any law.
Laws means all laws including rules of common law, statutes, regulations, subordinate legislation, proclamations, ordinances, by laws, rules, regulatory principles and requirements, mandatory codes of conduct, writs, orders, injunctions, judgments and any awards, which are applicable from time to time in the jurisdiction in which Cyberknowledge or its Personnel perform their obligations under this Agreement.
Loss means any loss, cost, liability or damage, including reasonable legal costs on a solicitor/client basis.
Personal Information has the meaning given to that term in the Privacy Act.
Personnel means, in relation to a party, its employees, Related Bodies Corporate, secondees, officers, agents, advisers and contractors.
Privacy Act means the Privacy Act 1988 (Cth).
Privacy Laws means the Privacy Act and all other applicable privacy and data protection Laws as may be in force from time to time which regulate the collection, use, disclosure, storage of and granting of access rights to Personal Information.
Product means any third party products or goods supplied pursuant to the Agreement.
Proposal means a proposal prepared by Cyberknowledge for Services to be provided to the Client by Cyberknowledge that references or incorporates these general terms and conditions.
Quote means a quote prepared by Cyberknowledge for Services to be provided to the Client by Cyberknowledge that references or incorporates these general terms and conditions.
Rates means the hourly or daily rates payable by the Client for the provision of Services by Cyberknowledge, as set out in a Proposal, quote or SOW.
Related Body Corporate is as defined in the Corporations Act 2001 (Cth).
Security Breach means any unauthorised access to, or alteration of, Client Data.
Security Testing Services means penetration testing, red teaming, intrusion techniques, code reviews, security threats and risks assessment and any other security testing or assessment activities carried out for a Clients under a Proposal, Quote or SOW.
Services means the services to be provided to the Client by Cyberknowledge, as set out in a relevant Proposal, quote, or SOW.
Statement of Work or SOW means a statement of work setting out the Services and/or Products to be provided to the Client by Cyberknowledge and which has been signed by both Cyberknowledge and the Client.
Systems includes networks, software, applications, computers, servers, mobile devices, cloud services (including storage, software, platforms and infrastructure as a service), industrial control systems, and any other IT systems or equipment.
Term has the meaning given to that term in clause 5.
In this Agreement, unless the context requires otherwise:
(a) clause and subclause headings are for reference purposes only;
(b) the singular includes the plural and vice versa;
(c) words denoting any gender include all genders;
(d) a reference to a person includes any other entity recognised by law and vice versa;
(e) where a word or phrase is defined, its other grammatical forms have a corresponding meaning;
(f) any reference to a party to this Agreement includes its successors and permitted assigns;
(g) any reference to any agreement or document includes that agreement or document as amended at any time;
(h) the use of the word includes or including is not to be taken as limiting the meaning of the words preceding it;
(i) the expression at any time includes reference to past, present and future time and performing any action from time to time;
(j) no provision of this Agreement will be construed adversely to a party because that party was responsible for the preparation of this agreement or that provision;
(k) a reference to any legislation includes all delegated legislation made under it and amendments, consolidations, replacements or re-enactments of any of them; and
(l) an agreement, representation or warranty by two or more persons binds them jointly and severally and is for the benefit of them jointly and severally.
Schedule 1: SECURITY TESTING TERMS
1. Application of these Terms
(a) These Security Testing Terms apply if security testing and assurance services are provided by Cyberknowledge.
(b) The Client warrants that it is aware of the nature of the Security Testing Services, in particular that the Security Testing Services may include:
(i) simulating or performing controlled Cyberattacks on the Client's Systems;
(ii) deliberate attempts to penetrate the security Systems of the Client, which may be provided by a third party;
(iii) red teaming (including, but not limited to, deliberately masquerading as a hostile attacker with the intention of detecting vulnerabilities) activities in relation to the Client and its premises and Systems; or
(iv) deliberately allowing unauthorised access to the Client's network or Systems for the purpose of analysing threat vectors and origination; and
(v) acts that may put the Client in breach of its agreements including, but not limited to, third party supplier's terms of supply.
2. Acknowledgment and Liability
(a) The Client accepts that the Security Testing Services:
(i) are sample testing activities only and cannot account for all possible ways a third party could breach the Client's security measures or Systems;
(ii) do not implement any security measures and will not prevent security or data breaches, or Cyberattacks;
(iii) could result in interruptions or degradations to the Client's Systems and accepts those risks and consequences; and
(iv) although carried out by professional Cyberknowledge Personnel and tools from trusted resources, carry an element of risk that can never be fully eliminated, and the Client accepts that there is no guarantee that every vulnerability in its Systems will be identified during the Security Testing Services.
(b) In carrying out the Security Testing Services, the Client acknowledges and agrees that Cyberknowledge:
(i) as agent of the Client is considered to be party to a communication in the case of intercepting any private communication on the Client's Systems;
(ii) is expressly authorised by the Client to perform such Services (and all tests reasonably necessary to perform the Services) on the relevant network resources and IP addresses. The Client represents that, if it does not own such network resources, it has requisite consent and authority to engage Cyberknowledge to provide the Security Testing Services;
(iii) provides no warranty or guarantee as to the outcome of the Security Testing Services, all testing has limitations, and that such testing cannot guarantee discovery of all weaknesses, noncompliance issues, or vulnerabilities; and
(iv) may use various proprietary methods and software tools to probe network resources, and to detect actual or potential security flaws and vulnerability, which will not be revealed by Cyberknowledge.
Schedule 2: CYBERKNOWLEDGE SOFTWARE
1. Application of these Terms
(a) These Cyberknowledge Software Terms apply if Cyberknowledge Software is used in the Services.
(b) If Cyberknowledge has agreed to provide Cyberknowledge Software which has an end user licence agreement (EULA), then the Cyberknowledge Software will be licensed on the terms of the EULA applying to that software.
For all other Cyberknowledge Software which is not supplied with a EULA, Cyberknowledge grants the Client a non-exclusive, non-transferable license to use the Cyberknowledge Software subject to the following conditions and the Client acknowledges and agrees that it shall not (and shall not authorize any third party to):
(a) exceed the subscription term or number of users, or client access licences that are noted on the SOW (if any) and paid for by the Client;
(b) copy, decompile, disassemble, reverse assemble, reverse engineer, translate or emulate the Cyberknowledge Software or access the Cyberknowledge Software in order to (i) build a competitive product or service, or (ii) copy any ideas, features, functions or graphics of the Cyberknowledge Software;
(c) conduct, or release to a third party the results of, any benchmark tests or other comparisons of the Cyberknowledge Software, including comparisons performed for competitive purposes;
(d) make it available to any third parties and shall only disclose to those of its employees that need to use it for the purposes the Client of its internal business who have agreed to comply with the terms of this Agreement; or
(e) sublicense, assign or transfer the Cyberknowledge Software without the prior written consent of Cyberknowledge.
The Client also acknowledges and agrees that the Cyberknowledge Software:
(f) may contain components that are owned by third parties and that the third party owner shall retain exclusive right to its firmware and software;
(g) does not include any right to any updated versions of the software; and
(h) may contain copyright and other proprietary rights notices and the Client must not modify, delete or obfuscate such notices.