STANDARD TERMS AND CONDITIONS
THE LICENSOR, CYBERNATICS PTE LTD PROVIDES LICENSED SOFTWARE TO
LICENSEE (CUSTOMER) AS DEFINED IN CLAUSE 1 BELOW UNDER THIS END
USER LICENSE AGREEMENT (THE “AGREEMENT”). THIS AGREEMENT GOVERNS
LICENSEE’S INSTALLATION AND USE OF THE VERSION OF THE LICENSED
SOFTWARE IDENTIFIED IN THE APPLICABLE PURCHASE ORDER, OR IF NOT
ACQUIRED VIA A PURCHASE ORDER, LICENSEE’S INSTALLATION OR USE OF THE
LICENSED SOFTWARE CONSTITUTES ACCEPTANCE OF THIS AGREEMENT.
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE PROCEEDING, AS IT MAY
CONTAIN RESTRICTIONS ON YOUR USE OF THE SOFTWARE. THIS AGREEMENT
SUPERSEDES AND CONTROLS OVER ANY OTHER TERMS PROVIDED TO
LICENSEE REGARDING LICENSEE’S USE OF THE LICENSED SOFTWARE,
WHETHER WRITTEN OR ORAL, AS PART OF A SIGNED AGREEMENT (INCLUDING,
BUT NOT LIMITED TO, MASTER AGREEMENTS AND PORTFOLIO TERMS, UNLESS
A DIFFERENT AGREEMENT IS EXPRESSLY REFERENCED IN A PURCHASE ORDER
OR EXECUTED BY LICENSOR AND LICENSEE SPECIFYING THAT IT APPLIES TO
THE VERSION OF THE LICENSED SOFTWARE TO WHICH THIS AGREEMENT
RELATES), A CLICK-WRAP AGREEMENT PROVIDED WITH THE LICENSED
SOFTWARE OR OTHERWISE (SUCH TERMS REFERRED TO AS THE “OTHER
AGREEMENT”), EVEN IF SUCH OTHER AGREEMENT WAS EMBEDDED WITHIN
PREVIOUSLY LICENSED SOFTWARE.
LICENSOR RESERVES THE RIGHT TO UPDATE, AMEND, AND/OR MODIFY THIS
AGREEMENT FROM TIME TO TIME, AND MAY INCLUDE SUCH UPDATED
AGREEMENT WITH OR EMBEDDED IN FUTURE VERSIONS OF THE LICENSED
SOFTWARE.
PLEASE DIRECT ANY QUESTIONS TO THE CYBERNATICS PTE LTD’S LEGAL
DEPARTMENT AT LEGAL@FOCUS.SG.
ENTERING INTO THIS AGREEMENT DOES NOT CONSTITUTE A SALES
TRANSACTION. THE SALE OF A LICENSE TO SOFTWARE PRODUCTS TAKES
PLACE UNDER PURCHASE ORDER(S) WHICH (UNLESS OTHERWISE STATED IN
THE PURCHASE ORDER) INCORPORATE THE TERMS OF THIS AGREEMENT.
1. Parties to this Agreement
1.1. “Cybernatics Pte Ltd”, “we”, “us” or “our” means Cybernatics Pte Ltd or its Affiliate(s)
who execute or assent to the Purchase Order. “You” or “your” means the Customer who is the
licensee who signs and agrees to the services specified in the Purchase Order (where
applicable) as defined in clause 1.2 below.
1.2. The specific cybersecurity software, software-as-a-service, hardware and/or services
for which you have contracted including but not limited to any security information and event
management or SIEM-related services (the “Cybersecurity Services”) will be identified in a
print or electronic document identified as Purchase Order or such other named form which
serves the same purpose as a Purchase Order (the “Purchase Order(s)”). Such Purchase Order,
where applicable, may identify each transaction’s contracting entities, pricing and related
provisions and may reference or link to supplemental terms, agreements or policies and
references to Purchase Order includes such documents. The Purchase Order, together with
these Cybersecurity Services Terms and Conditions (“Cybersecurity Terms and Conditions”),
form a single contract (the “Agreement”).
1.3 These Cybersecurity Terms and Conditions take precedence over any other terms in the
Agreement with regards to Cybersecurity Services and any conflicts shall be resolved in favour
of these Cybersecurity Terms and Conditions.
1.4 For purposes of these Cybersecurity Terms and Conditions, an “Event” means any act
or attempt to disrupt, misuse, or gain unauthorised access to any system or electronic facilities
or operations that results in a loss, alteration or disclosure of data, system downtime or
degradation or loss of operation or services relating to the Cybersecurity Services.
2. Grant of License
2.1 Subject to the terms and conditions of this Agreement, the Licensor hereby grants you,
the Licensee a non-exclusive, non-transferable right to access and use the Cybersecurity
Services as provided by the Licensor under the Purchase Order. This license is solely for the
Licensee’s internal use and is limited to the duration of the subscription or service period
specified in the Purchase Order.
2.2 You as the Licensee, agree not to:
a. Copy, reproduce, modify, distribute, or create derivative works based on the software
application, except as expressly authorised by the Licensor;
b. Reverse engineer, decompile, disassemble, or attempt to derive the source code of the
software application:
c. Use the software application in any manner that violates applicable laws, regulations, or the
rights of third parties;
d. Share, transfer, sublicense, or assign the license or access to the software application without
prior written consent from the Licensor.
Shared Responsibility, Remedy, and Warranties.
3.1 You acknowledge and agree that Cybernatics Pte Ltd provides professional judgment,
technical expertise, and advice to you regarding your cyber risk management program. You
acknowledge and agree that you recognise your own responsibility (as further detailed below
in 3.3 of this Agreement) with respect to your cyber risk management program and that
Cybernatics Pte Ltd provides highly integrated Cybersecurity Services to you. As ultimate
system performance and security are subject to multiple factors outside of our control, we do
not warrant or guarantee the Cybersecurity Services will prevent or mitigate every Event. You
agree and understand that we cannot and do not prevent Events (either actual or attempted), or
that by working with us, you will not experience such actual or attempted Events. Instead, you
agree and expressly acknowledge that you must participate in your own defence and work with
us to create a prioritised, flexible, repeatable, performance-based, and cost-effective approach
to establish an ongoing process to identify, assess, and manage cyber risk throughout your
enterprise. Though this Agreement specifies certain responsibilities that you must accept, any
such list should not be considered absolute. Our sole liability and your exclusive remedy in
respect of an Event is: (a) if the Event was caused by defective products or services
provided by us, replacement or repair of defective products, or re-performance of
defective services under the applicable warranty in the Agreement.
Cybernatics Pte Ltd’s Representations and Warranties
3.2 Cybernatics Pte Ltd represents and warrants (i) that it will perform the Cybersecurity
Services using personnel of required skill, experience and qualifications in a professional
manner leveraging generally recognised industry standards for similar services and will devote
adequate resources to meet its obligations under this Schedule; and (ii) that the Cybersecurity
Services will be made available and performed on a professional, best effort basis. Cybernatics
Pte Ltd makes no guarantees regarding the effectiveness of the Cybersecurity Services with
respect to your overall cybersecurity program due to Cybernatics Pte Ltd’s lack of control over
numerous aspects of your operations, personnel, and Information Systems. Cybernatics Pte Ltd
is thus not responsible or liable for any issues, problems, unavailability, delay, or Events arising
from or related to: (i) force majeure events as described below; (ii) the public internet and
communications networks; (iii) data, software, hardware, services, telecommunications,
infrastructure, or networking equipment not provided by us or acts or omissions of third parties
you retain; (iv) your negligence or failure to use the latest version or follow published
documentation; (v) modifications or alterations not made by us or services we do not perform;
(vi) breach, loss or corruption of data; (vii) unauthorised access via your credentials; or (viii)
your failure to use commercially reasonable administrative, physical and technical safeguards
to protect your systems, facilities, operations or data or follow industry-standard or other
mutually agreed upon security practices.
Your Representations and Warranties.
3.3 You represent and warrant that you will (i) use commercially reasonable administrative,
physical and technical safeguards to protect your systems, facilities, operations or data or
follow industry-standard or other mutually agreed upon security practices; (ii) update to the
latest version of relevant software and follow the current documentation for the same; (iii)
make no modifications or alterations to any hardware or software comprising the Cybersecurity
Services without our express written permission; (iv) designate two (2) or more employees,
executives, or agents (the “Contact Person(s)”) who you guarantee will respond to any Events
and take recommended actions to mitigate harm to your network; (v) develop and adopt a
written governance, risk and compliance policy or policies, approved by a senior officer or
your board of directors (or an appropriate committee thereof) or equivalent Singapore body,
setting forth your policies and procedures for the protection of its information systems and non-
public information stored on those information systems (the “Cybersecurity Policy”); (vi)
develop and adopt written incident response plan (“IRP”) that is exercised and/or practiced
with key scenario driven evaluations on at least an annual basis; and (vii) provide us with copies
of your Cybersecurity Policy, IRP, and business continuity or disaster recovery plans upon our
request.
4. Third-Party Products.
To the extent that we provide, use and deploy third-party products, software, hardware, or
services (“Third- Party Products”) as notified to you and agreed by you in relation to the
Cybersecurity Services, then notwithstanding any other terms agreed to between us, you agree
that all Third-Party Products are provided subject to the Third-Party Product supplier’s terms
and conditions (including any applicable software license terms) in effect at the time such
Third-Party Products are delivered to you. We have no liability with respect to the
performance or non-performance of such Third-Party Products, including but not
limited to any liability arising out of any Events caused by defects or failures of such
Third-Party Products.
5. Indemnification
Cybernatics Pte Ltd shall defend, indemnify, and hold you harmless from and against any and
all losses, damages and costs (including reasonable attorneys’ fees) incurred in connection with
any third-party claim, action, suit, or proceeding (each a “Claim”) made or brought against you
arising out of or related to any claim that the Cybersecurity Services, when used in accordance
with this Agreement and documentation, infringes any valid patent, copyright, or trademark of
a third-party. Cybernatics Pte Ltd shall have no indemnification obligation whatsoever that
arises out of or is related to any claims arising from the combination or use of the Cybersecurity
Services with any other software, products, hardware, materials, and/or processes not provided
by Cybernatics Pte Ltd and/or your failure to adhere to and comply with all documentation and
other specifications and instructions; and/or your modification of any component of the
Cybersecurity Services, or any other unauthorised or unapproved use of the Cybersecurity
Services. If any aspect of the Cybersecurity Service becomes, or in Cybernatics Pte Ltd’s
opinion may become, subject to a Claim, Cybernatics Pte Ltd shall at its option and at its own
expense: (a) procure for you the right to continue using the Service; (b) replace or modify the
relevant component of the Cybersecurity Service with a functionally equivalent non-infringing
substitute service; or (c) modify the Cybersecurity Services so they become non-infringing
while remaining functionally equivalent. THIS CLAUSE 5 SETS FORTH CYBERNATICS
PTE LTD’S SOLE LIABILITY, AND CUSTOMER’S EXCLUSIVE REMEDY, FOR
INTELLECTUAL PROPERTY INFRINGEMENT RELATED TO THE CYBERSECURITY
SERVICES. THIS SHALL BE THE SOLE INDEMNIFICATION OBLIGATION FOR THE
CYBERSECURITY SERVICES REGARDLESS OF ANY ADDITIONAL OR SEPARATE
AGREEMENTS BETWEEN YOU AND CYBERNATICS PTE LTD.
6. Limitation of Liability
WITH RESPECT TO ALL CYBERSECURITY SERVICES(S) AND EVENTS, WE ARE
NOT LIABLE FOR INDIRECT, INCIDENTAL, EXEMPLARY, PUNITIVE, SPECIAL OR
CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS AND REVENUES. OUR
CUMULATIVE AND AGGREGATE LIABILITY TO YOU WITH RESPECT TO ALL
CYBERSECURITY SERVICES AND ANY CYBERSECURITY EVENT IS LIMITED TO
DIRECT DAMAGES IN AN AMOUNT NOT TO EXCEED TO THE CONTRACTED
AMOUNT OF THE CYBERSECURITY SERVICES IN QUESTION. THE LIMITATIONS
AND EXCLUSIONS APPLY TO ALL CLAIMS AND CAUSES OF ACTION ARISING
OUT OF OR IN RELATION TO THE AGREEMENT REGARDLESS OF FORM. THIS CAP
SHALL APPLY TO A BREACH OF YOUR CONFIDENTIAL INFORMATION CAUSED
BY LOSS, CORRUPTION, OR ACCESS TO YOUR DATA.
7. Data
You retain all ownership or other rights over data that you or persons acting on your behalf
input, upload, transfer, or make available in relation to, or which is collected from, your devices
or equipment (“Input Data”). We have the right to duplicate, analyse, transfer, modify, and
otherwise use Input Data to provide, improve, or develop our offerings. Input Data may also
be used by us in connection with your use of the portal. You have sole responsibility for
obtaining all consents and permissions (including providing notices to Users or third parties)
and satisfying all requirements necessary to permit our use of Input Data. You will, at your
cost and expense, defend, indemnify and hold harmless us and our Affiliates, subcontractors,
and licensors from and against all losses, awards, and damages (including lawyers’ fees) arising
out of claims by third parties related to our possession, processing, or use of Input Data in
accordance with the Agreement or you or Users’ infringement, misappropriation, or violation
of our or a third party’s IPR. Unless agreed in writing, we do not archive Input Data for your
future use. You acknowledge and agree that your Input Data may be transferred outside the
country or territory.
8. Intellectual Property Rights
All right, title, and interest, including, but not limited to, all intellectual property rights
(including copyrights, trademarks, and patents), proprietary rights (including trade secrets and
know-how), throughout the world (“IPR”) and all derivative works, modifications, and
improvements, are retained by us and are our confidential information. We shall own all IPR
that is: (i) developed by us or our Affiliates by processing or analysis of Input Data (excluding
Input Data itself but including derived data that is sufficiently different from Input Data so that
Input Data cannot be identified from analysis or further processing of such derived data); or
(ii) generated through support, monitoring, or other observation of your and your Users’ use of
the Cybersecurity services.
9. Licenses
We may use open-source software (“OSS”) and to the extent required by the licenses covering
OSS, the terms of such licenses will apply to OSS in lieu of this Agreement. To the extent the
licenses applicable to OSS: (i) prohibit any restriction with respect to such OSS, such restriction
will not apply to such OSS; and (ii) require us to make an offer to provide source code or related
information in connection with the OSS, such offer is hereby made. If required by our written
contract with them, certain of our licensors are third-party beneficiaries of the Agreement.
10. Warranty and Disclaimer
EXCEPT AS OTHERWISE EXPRESSLY SET FORTH IN THE AGREEMENT, SIEM, THE
PORTAL, AND SUPPORT ARE PROVIDED WITH NO WARRANTIES OR
REPRESENTATIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR
STATUTORY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE EXPRESSLY
DISCLAIM ALL WARRANTIES AND REPRESENTATIONS INCLUDING
MERCHANTABILITY AND FITNESS FOR PURPOSE. WE DO NOT WARRANT THAT
SIEM WILL MEET YOUR REQUIREMENTS, OR THAT IT WILL OPERATE WITHOUT
INTERRUPTION, OR BE ERROR FREE.
11. Handling and Protection of Personal Data
11.1 Compliance with PDPA. We shall comply with all our obligations under the Personal
Data Protection Act 2012 in relation to you and under this Clause 11 only if we have access to
and are in control of any Customer’s personal data that are provided to us at the Customer’s
written request.
11.2 Process, Use and Disclosure. We shall only process, use or disclose the Customer’s
Personal Data:
a) strictly for the purposes of fulfilling its obligations and providing the services required
under this Agreement;
b) with the Customer’s prior written consent; or
c) when required by law or an order of court, but shall notify the Customer as soon as
practicable before complying with such law or order of court at its own costs.
11.3 Transfer of personal data outside Singapore. We shall not transfer Customer’s Personal
Data to a place outside Singapore without the Customer’s prior written consent. If the Customer
provides consent, we shall provide a written undertaking to the Customer that the Customer’s
Personal Data transferred outside Singapore will be protected at a standard that is comparable
to that under the PDPA. If we transfer Customer’s Personal Data to any third party overseas,
we shall procure the same written undertaking from such third party.
11.4 Security Measures
11.4.1 We shall protect Customer’s Personal Data in our control or possession by making
reasonable security arrangements(including, where appropriate, physical, administrative,
procedural and information & communications technology measures) to prevent:
a) unauthorised or accidental access, collection, use, disclosure, copying, modification,
disposal or destruction of Customer’s Personal Data, or other similar risks; and
b) the loss of any storage medium or device on which personal data is stored.
For the purposes of this Agreement, “reasonable security arrangements” include arrangements
set out below which shall not be varied without the Customer’s prior written consent:
- Operating Systems to be hardened to CIS standards;
- Communications between agent and manager are encrypted;
- Network VAPT will be conducted on the implementation and final solution
before going live.
11.4.2 We shall only permit the authorised personnel to access Customer’s Personal Data on a
need to know basis.
11.5 Access to Personal Data. We shall provide the Customer with access to the Customer’s
Personal Data that we have in our possession or control, as soon as practicable upon
Customer’s written request.
11.6 Accuracy and Correction of Personal Data. Where the Customer provides Customer’s
Personal Data to us, the Customer shall make reasonable effort to ensure that the
Customer’s Personal Data is accurate and complete before providing the same to us.
We shall put in place adequate measures to ensure that the Customer’s Personal Data in
our possession or control remain or is otherwise accurate and complete. In any case, we
shall take steps to correct any errors in the Customer’s Personal Data, as soon as
practicable upon the Customer’s written request.
11.7 Retention of Personal Data.
11.7.1 We shall not retain Customer’s Personal Data (or any documents or records
containing Customer’s Personal Data, electronic or other wise) for any period of time
longer than is necessary to serve the purposes of this Agreement.
11.7.2 We shall, upon the request of the Customer:
- return to the Customer, all Customer’s Personal Data; or
- delete all Customer’s Personal Data in its possession,
and, after returning or deleting all Customer’s Personal Data, provide the Customer with
written confirmation that it no longer possesses any Customer’s Personal Data. Where
applicable, we shall also instruct all third parties to whom it has disclosed Customer’s Personal
Data for the purposes of this Agreement to return to us or delete, such Customer’s Personal
Data.
11.8 Notification of Breach. We shall immediately notify the Customer when we become aware
of a breach of any of its obligations in Clauses 11.2 to 11.7.
12 General Terms and Conditions
12.1 Notices and Correspondence
All notices and communications by us to you may be sent or despatched to you by delivery,
post, e-mail or facsimile transmission or any other means deemed appropriate by us to your
e-mail or other address or facsimile number appearing in any of your record maintained by
us or from which any communication by you to us was despatched or issued or otherwise last
known to us. Any such notice, demand or communication addressed and so despatched to
you shall be deemed to have been received by you:
12.1.1 in the case of despatch by e-mail or facsimile transmission or other instantaneous
electronic communications, immediately upon transmission by us;
12.1.2 in the case of despatch by delivery to the address, on the date and at the time it
was so delivered or left at that address; and
12.1.3 in the case of despatch by post:
(a) to any address in Singapore, on the next day after it was posted by us; or
(b) to any address outside Singapore, on the seventh (7th) day after it was posted by us.
12.2 All notices and requests from you to us shall be in writing unless we specify to
you otherwise. We shall be entitled to regard as ineffective and invalid any notice or request
from you the receipt of which by us has not been confirmed by us to you.
12.3. Severability
Any part of this Agreement that is invalid, unenforceable or illegal shall be enforced as nearly
as possible in accordance with its terms but shall otherwise be deemed severed and shall not
affect the validity, enforceability or legality of any other part of this Agreement, which shall
continue to be valid, enforceable and legal to the fullest extent permitted by applicable Law.
12.4. Third Party Rights
Save for legal entities related to us (which shall be entitled to rely on and enforce this
Agreement), no person who is not a party to this Agreement has any right under the Contracts
(Rights of Third Parties) Act, Chapter 53B of Singapore to enforce any term of this
Agreement.
12.5. Entire Agreement
This Agreement constitutes the entire understanding and agreement between us and you
concerning its subject matter and supersedes and replaces any prior oral or written statements,
representations, agreements or understandings between the parties relating to that subject
matter.
12.6. Force Majeure
We shall not be liable or responsible to you, nor be deemed to have defaulted or breached this
Agreement, for any failure or delay in fulfilling or performing any term of this Agreement when
and to the extent such failure or delay is caused by or results from acts or circumstances beyond
our reasonable control including, without limitation, acts of God, flood, fire, earthquake, explosion,
governmental actions, war, invasion or hostilities (whether war is declared or not), terrorist threats
or acts, riot, or other civil unrest, national emergency, revolution, insurrection, epidemic, lock-outs,
strikes or other labour disputes (whether or not relating to either party’s workforce), or restraints or
delays affecting carriers or inability or delay in obtaining supplies of adequate or suitable materials,
materials or telecommunication breakdown or power outage, provided that, if the event in question
continues for a continuous period in excess of 60 days, Customer shall be entitled to give notice in
writing to us to terminate this Agreement.
12.7. Changes to Agreement
Any additions or changes to these Cybersecurity Terms and Conditions must be in the form of a
mutually agreed document signed by both parties. We have the right to analyse, transfer (including
outside of your territory or country), and otherwise use your data to provide, improve and develop
our cyber security Services. For Cybersecurity Services sold on a subscription or periodic basis,
the Agreement commences on the effective date of, and continues for the duration in the Purchase
Order. Upon termination or expiry, you must pay all amounts due under the Order Form. Your purchase
orders are identified only to authorise payment and any terms or conditions in any purchase order are
not a part of the Agreement or controlling.
12.8. Governing Law and Dispute Resolution
12.8.1 This Agreement is governed by Singapore Law.
12.8.2 Any dispute arising out of or in connection with this agreement must be submitted for
mediation at the Singapore Mediation Centre (SMC) in accordance with SMC’s Mediation
Procedure in force for the time being. Either party may submit a request to mediate to SMC
upon which the other party will be bound to participate in the mediation within 45 days thereof.
Every party to the mediation must be represented by senior executive personnel, of at least the
seniority of a Head of Department] or its equivalent, with authority to negotiate and settle the
dispute. Unless otherwise agreed by the parties, the Mediator(s) will be appointed by SMC.
The Parties agree to be bound by any settlement agreement reached.
not a part of the Agreement or controlling.
12.9 Termination
12.9.1 If the main contract or purchase order is terminated, this Agreement shall
terminate with immediate effect at the same time the applicable main contract or purchase
order is terminated.
12.9.2 If the service or this Agreement is terminated for any reason whatsoever, the
following shall become immediately due and payable by the Customer to us, without
prejudice to the Customer’s obligation to pay any other sums under this Agreement:
(a) where the termination date is the same as the expiry date of the Term, the Fees and
Charges up to and including the date of termination;
(b) where the termination date is before expiry of the Term, the Fees and Charges for the
Services up to and including the date of termination, 100% of the Fees and Charges for the
balance of the unexpired Term, and the early termination charges stated in the Statement of
Work (if any).
12.9.3 Upon termination of the service or this Agreement, the following will apply:
(a) the Customer’s Data and/or user accounts will be removed and deleted; and
(b) the registered portal account for access to the Portal will be terminated.
END OF DOCUMENT