Skip to main content
APT SECURITY MANAGEMENT

Legal

Master Services Agreement

This Master Services Agreement (the “Agreement”) governs the provision of managed security services by APT SECURITY MANAGEMENT LLC, a United States limited liability company (the “Service Provider” or “MSSP”), to any customer (“Client”) that enters into a Statement of Work, service order, or quote (collectively, an “SOW”) that references or links to this Agreement. By executing such an SOW, the Client agrees to be bound by the terms of this Agreement as of the effective date stated in the SOW or, if none is stated, the date of the Client’s acceptance (the “Effective Date”). The Service Provider and the Client are each a “Party” and together the “Parties.”


1. Definitions  


For purposes of this Agreement, the following terms have the meanings set forth below:

  • “Services” – The managed security and consulting services provided by MSSP under this Agreement, including without limitation: Offensive Security services (e.g., penetration testing as a service, red team exercises, purple team engagements), Defensive Security services (e.g., managed detection and response (MDR), endpoint security management, incident response, network/cloud/email security, identity and access management (IAM), Zero Trust architecture implementation, asset and vulnerability management), and Security Management & Compliance services (e.g., Compliance-as-a-Service, asset management services, vulnerability management services, security audit preparation and advisory). The specific Services to be delivered will be described in one or more Statements of Work or Service Orders (each, an “SOW”) executed by the Parties and referencing this Agreement. Each SOW shall be governed by the terms of this Agreement.

  • “Token” – A unit of prepaid credit purchased by Client and redeemable for MSSP’s Services. Each Token represents a monetary value that can be exchanged for a defined quantity of service time or deliverables, as specified in an SOW. Tokens serve as the medium of payment for all Services under this Agreement, and all pricing and fees for Services are denominated in Tokens.

  • “Confidential Information” – Any non-public information disclosed by one Party (“Disclosing Party”) to the other (“Receiving Party”) in connection with this Agreement that is identified as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information includes, but is not limited to, business plans, technical data, product designs, client data, security findings, personal information, and any proprietary methodologies. (Confidential Information does not include information that is or becomes publicly available without breach of this Agreement, was already lawfully in Receiving Party’s possession without obligation of confidentiality, is independently developed without use of the Disclosing Party’s information, or is rightfully obtained from a third party without duty of confidentiality.)

  • “Deliverables” – Any tangible work product, report, analysis, software script, configuration, or other materials that MSSP specifically prepares for Client as a result of the Services, as identified in an SOW. Deliverables do not include MSSP’s tools, templates, proprietary methodologies, or any general know-how that MSSP may use or develop in the course of providing Services, which shall remain MSSP’s intellectual property (with Client receiving usage rights as described in this Agreement).

(Additional terms may be defined elsewhere in the text of this Agreement. All definitions apply equally to their singular and plural forms.)


2. Scope of Services  


2.1. Engagement of Services. During the term of this Agreement, MSSP will perform the Services described in each mutually executed SOW. Each SOW will detail the scope of work, expected deliverables, an estimate or allocation of required Tokens, and any service-specific terms (e.g., project timeline, service levels if applicable, or special conditions). This Agreement establishes the master terms and conditions governing the overall relationship; each SOW is incorporated herein by reference. In the event of a conflict between this Agreement and any SOW, the terms of this Agreement shall govern unless the SOW expressly overrides specific provisions of this Agreement.


2.2. Offensive Security Services. If an SOW includes offensive security testing (such as penetration testing, red teaming, or purple team exercises), Client understands that these activities are inherently invasive and are conducted in a controlled manner to improve Client’s security posture. Client shall provide written authorization for MSSP to perform such testing on the assets in scope and, if applicable, shall obtain any third-party permissions required for assets not wholly owned by Client. Offensive Security Services will be carried out consistent with industry best practices and the parameters agreed in the SOW, and MSSP will use commercially reasonable efforts to avoid or minimize damage or disruption to Client’s systems during testing. The Parties will cooperate in scheduling and conducting these activities safely.


2.3. Defensive Security Services. If an SOW includes defensive security operations (such as managed detection and response, monitoring of networks, endpoints, cloud or email security, incident response services, etc.), MSSP will provide such Services on a 24x7 basis or as otherwise specified. The SOW will define the systems, environments, or accounts to be monitored or managed by MSSP, and any technology platforms or agents to be deployed. Client acknowledges that effective delivery of defensive Services may require Client to implement certain software or hardware (e.g., security agents, sensors, network equipment) and to grant MSSP the necessary access privileges (VPN access, administrative credentials, API tokens, etc.) to perform monitoring and remediation actions. MSSP will monitor Client’s environment for indicators of compromise and will use commercially reasonable efforts to detect, investigate, and respond to threats as described in the SOW. Incident response services (whether continuous or on-demand) will be provided in accordance with agreed procedures. MSSP does not guarantee that every cyber attack or threat will be detected or prevented, but will utilize industry-standard practices and tools in delivering these defensive services (see Warranties & Disclaimers below, e.g., security cannot be absolutely guaranteed).


2.4. Security Management & Compliance Services. If an SOW includes Security Management & Compliance Services (such as Compliance-as-a-Service for frameworks like ISO, PCI, HIPAA, etc., Vulnerability Management-as-a-Service, Asset Management-as-a-Service, or other security and compliance services), MSSP will provide qualified personnel to assist Client in managing and maintaining its security and compliance posture. Such services may include compliance program development and implementation, vulnerability management and remediation, asset management and inventory, risk assessments and mitigation strategies, audit preparation and evidence collection, and compliance program guidance and support. MSSP will provide these services in a consultative and supportive manner, with the goal of assisting Client in achieving and maintaining compliance with relevant laws, regulations, and industry standards. However, ultimate responsibility for compliance with any legal, regulatory, or industry requirements remains with Client (Client is responsible for making final decisions and ensuring its business practices meet applicable standards). Unless explicitly stated in an SOW, MSSP is not providing legal advice, and any information or templates provided are for Client’s consideration in the context of Client’s compliance obligations.


2.5. Changes and Out-of-Scope Work. Any material changes to the scope of Services under an SOW (e.g., adding new systems to monitor, expanding a penetration test scope, or additional tasks not originally agreed) must be documented and approved in writing by both Parties, for example through a change order or an amendment to the SOW. Such changes may require the purchase of additional Tokens by Client if the current Token balance is insufficient to cover the expanded scope. MSSP is only obligated to perform Services that have been agreed in an SOW and funded via Tokens as described below.


3. Tokens, Fees and Payment


3.1. Token Purchase and Pricing. All Services are procured on a pre-paid “Token” basis. Client shall purchase Tokens from MSSP in advance, in increments of whole Tokens. An initial Token purchase (or “retainer” of Tokens) will typically be specified in the SOW or proposal for the Services. Thereafter, if additional Tokens are required to continue or complete the Services, MSSP will notify Client and may require Client to purchase additional Tokens before proceeding further. Tokens are the sole currency for Services under this Agreement – i.e., Client’s purchase of service hours or deliverables is accounted for in Tokens, and MSSP’s entitlement to compensation for Services is realized through the redemption of those Tokens. Both Parties acknowledge and agree that the Token system described herein is a valid and binding payment mechanism: Client’s obligation is to pay for Tokens in advance, and MSSP’s obligation is to perform Services in exchange for debiting the corresponding Token amount from Client’s balance.


3.2. Payment Terms. Unless otherwise specified in an SOW, payment for Tokens is due in advance of service delivery. MSSP will invoice Client for Tokens to be purchased (or provide an online purchase mechanism), and Client must pay each such invoice on or before its due date (payment may be required immediately or within a short period such as 15 days, as stated on the invoice, with initial retainers typically due upfront prior to any Services). MSSP is under no obligation to begin or continue performing Services until the required Token purchase payment has been received (Tokens must be paid in full to be activated for use). Tokens are valued in U.S. Dollars and payments shall be made in U.S. Dollars, by ACH, wire transfer, credit card, or other methods accepted by MSSP. If Client fails to timely pay for a Token invoice, it shall constitute a default under this Agreement, and MSSP may suspend Services until payment is made (and ultimately terminate for breach if payment is not cured – see Termination section).


3.3. Token Usage Accounting. Tokens will be deducted from Client’s balance as MSSP performs Services or delivers work product. Each SOW or service catalog may specify the Token rate for particular services (for example, a certain number of Tokens per month of MDR service, or per penetration test engagement, or a Token hourly rate for consulting tasks). MSSP will track the time spent and tasks completed under an SOW and the corresponding Tokens consumed. MSSP shall make usage records available to Client upon reasonable request (e.g., a summary of hours or tasks vs. Tokens used) and will notify Client when the Token balance is low relative to work remaining. Client may also request a detailed accounting of Token utilization in writing, and MSSP will provide such an accounting within a reasonable time (e.g., within 15 days). Both Parties shall cooperate in good faith to manage the Token consumption: MSSP will use Tokens efficiently and only for legitimate billable work, and Client will promptly address any need for additional Tokens to avoid work stoppages.


3.4. No Refunds; Token Expiration.Tokens are non-refundable. Once purchased, a Token cannot be redeemed for cash or credit back to Client, except to apply toward Services. Any Services performed by MSSP that exceed Client’s Token balance (e.g., due to urgent work done with Client’s approval) must be reconciled by additional Token purchases or other payment by Client. Unused Tokens: Tokens purchased by Client should ideally be used within a reasonable time. Unless otherwise agreed in an SOW or written amendment, any Tokens that remain unused 12 months after the date of purchase will expire and be forfeited (i.e. a “use it or lose it” policy applies to encourage timely utilization of services). Likewise, upon termination or expiration of this Agreement (or a particular SOW), any unused Tokens associated with the terminated engagement will expire, except as expressly provided otherwise herein. No refunds or credits will be issued for unused Tokens or prepaid amounts, except in the limited situation where MSSP terminates this Agreement for convenience as provided in Section 11.2 (in which case MSSP will refund the pro-rata value of any unused Tokens to Client). Client acknowledges that the Token model is a pricing structure that provides flexibility in consuming various services, and that the no-refund policy is a material aspect of this model.


3.5. Taxes. All Token fees and other charges are exclusive of any sales, use, value-added, or similar taxes, duties or levies imposed by any authority, domestic or foreign, arising from the transactions and Services under this Agreement (except taxes on MSSP’s own income or property). Client is responsible for any such taxes applicable to its purchases hereunder. If MSSP is required to collect or pay any taxes on Client’s behalf, MSSP will invoice Client for those amounts unless Client provides valid proof of tax exemption. Client shall indemnify and hold MSSP harmless from any liabilities or expenses incurred by MSSP due to Client’s failure to pay required taxes (e.g., if Client claims an exemption and it is rejected by authorities).


3.6. Price Adjustments. MSSP may adjust the Token price or other rate structures for Services for future purchases, for example in connection with contract renewals or annual price reviews. Any such adjustment will not affect Tokens already purchased and will be communicated to Client with at least 30 days’ notice before new rates take effect. Any SOW spanning multiple years may include a schedule of rate adjustments or will be subject to mutual agreement on rate changes at renewal.


4. Client Responsibilities  

Client acknowledges that successful delivery of Services requires its ongoing cooperation and certain responsibilities. In addition to any specific Client obligations detailed in an SOW, Client shall:


4.1 Provide Access and Information: Provide MSSP timely access to personnel, facilities, equipment, systems, accounts, and data as needed for MSSP to perform the Services. This includes, for example, supplying up-to-date network diagrams, asset inventories, credentialed access for monitoring tools, and any architecture or policy information MSSP reasonably requests. Client will ensure that MSSP is provided with all necessary authorizations to access and test the systems in scope (for offensive security engagements, Client will secure prior permission from any third-party hosting providers or partners as needed to avoid claims of unauthorized access).


4.2 Maintain Communication: Assign a capable primary contact (or project manager) to liaise with MSSP and be available for communications. Client’s personnel shall respond promptly to inquiries, meeting requests, and information or approval requests from MSSP. Client understands that delays in providing information, decisions, or access may impact MSSP’s ability to deliver Services on schedule; MSSP is not liable for any failure to meet a timeline or deliverable to the extent caused by Client’s lack of timely cooperation or communication. If Client’s key contact or stakeholders become unavailable for an extended period, Client will designate alternates to avoid project stall.


4.3 Client Infrastructure and Resources: Be responsible for the readiness and condition of Client’s own IT environment as it may affect the Services. For example, Client will maintain proper backup systems for any critical data (MSSP is not responsible for performing or validating backups unless explicitly stated), and will ensure that requisite baseline security controls (such as up-to-date patches, basic firewall configurations, etc.) are in place as a foundation for MSSP’s Services. Where MSSP deploys any software agents or appliances in Client’s network, Client will provide a suitable environment for those tools (power, network connectivity, etc.) and not interfere with their operation.


4.4 Implementation of Recommendations:Acknowledge and manage risk decisions – Client is ultimately responsible for deciding which of MSSP’s security recommendations or remediation guidance to implement. MSSP will advise on priorities and expected efficacy, but Client retains authority over its security posture and must accept any risk of not following a recommendation. Client agrees to promptly evaluate and (as appropriate) implement remediation steps or controls that MSSP suggests to address identified vulnerabilities or threats. If Client elects to delay or decline certain actions, or if Client’s policies or environment prevent implementation of certain measures, Client assumes any resulting increased risk. MSSP’s responsibility is to use best efforts to advise and mitigate, but cannot force changes in Client’s environment.


4.5 Legal and Policy Compliance: Ensure that its use of the Services (and MSSP’s activities performed at Client’s direction) are compliant with all applicable laws and regulations. This includes obtaining any necessary regulatory approvals for security testing, ensuring that engaging MSSP does not violate any third-party contracts or software licenses, and that any data provided to MSSP for analysis has been collected and may be shared in accordance with privacy laws. Client is also responsible for any industry-specific compliance obligations it has (e.g., HIPAA for healthcare data, GDPR for EU personal data, PCI-DSS for cardholder data) – MSSP’s Services can support compliance but do not replace Client’s own compliance programs. If Client is subject to specific regulations requiring a separate agreement (such as a Business Associate Agreement for HIPAA-regulated data or a GDPR Data Processing Agreement), Client will inform MSSP and the Parties will cooperate in good faith to put such an agreement in place as needed. By default, MSSP is not assuming the role of a regulated data “processor” or “covered entity” under this Agreement except as separately agreed.


4.6 Security Responsibilities and No Misuse: Use the Services only for legitimate and lawful business purposes. Client shall not request MSSP to perform any task or attack that would violate law or the rights of any third party. Client confirms that any targets of offensive security testing are owned or lawfully controlled by Client and that testing them will not exceed authorization. Client will not use MSSP’s Services or Deliverables to engage in or facilitate any illegal activity. MSSP is not liable for Client’s own illegal or unethical acts, and Client agrees to indemnify MSSP for any third-party claims arising from Client’s unlawful use of the Services or Deliverables (see Indemnification).


4.7 Payment and Tokens: Ensure that adequate Tokens are purchased and available for MSSP to perform the requested Services. Client acknowledges that lack of Token funds may result in work stoppage. Client will timely pay all invoices and maintain any required retainer balance as agreed. If any billing disputes arise, Client will promptly notify MSSP and the Parties will work in good faith to resolve them; however, Client shall not unreasonably withhold payment of any undisputed amounts.


5. Confidentiality and Data Protection  


5.1. Confidentiality Obligations.Each Party agrees to keep all Confidential Information of the other Party strictly confidential and to use such information solely for the purpose of fulfilling its obligations under this Agreement. The Receiving Party shall protect the Disclosing Party’s Confidential Information with at least the same degree of care it uses to protect its own confidential information of similar nature, and in no event less than a reasonable standard of care. Confidential Information shall only be disclosed to the Receiving Party’s employees, agents, or subcontractors on a need-to-know basis and who are bound by written confidentiality obligations at least as protective as those herein. The Receiving Party shall not disclose the Disclosing Party’s Confidential Information to any third party without the Disclosing Party’s prior written consent, except as permitted in this section.


5.2. Exceptions and Permitted Disclosures. The obligations of non-disclosure in this Agreement do not apply to information that the Receiving Party can demonstrate meets one of the exclusions set forth in the Definitions section (public domain, prior knowledge, independently developed, or rightfully obtained without confidentiality obligation). In addition, a Receiving Party may disclose Confidential Information to the extent required by law, regulation, or court order, provided that (to the extent legally permissible) the Receiving Party gives prompt written notice to the Disclosing Party to enable it to seek a protective order or otherwise contest the disclosure. Information that is required to be disclosed by law or regulatory authority (e.g., a subpoena or security breach notification law) will still remain Confidential Information for all other purposes and the Receiving Party will only disclose the minimum amount of information necessary to comply.


5.3. Data Security and Protection Measures. MSSP acknowledges that in performing Services, it may have access to sensitive information residing on Client’s systems or networks, which may include personal data such as PII, PHI, or PCI data (personally identifiable information, protected health information, or payment card information) as part of monitoring logs, security alerts, or test results. MSSP does not require possession of raw client datasets containing such sensitive information for its work (and Client agrees not to unnecessarily transmit full databases or large extracts of PII/PHI to MSSP). To the extent MSSP does come into contact with any personal or regulated data during Services, MSSP will not copy, store, or mine that data outside of Client’s systems except as strictly necessary for the performance of Services (for example, including a relevant log excerpt in an incident report). MSSP will follow industry-standard practices to protect any Client Confidential Information in its possession, including administrative, physical, and technical safeguards appropriate to the sensitivity of the information. These safeguards include, at minimum, access controls such as authentication and encryption for data in transit, secure storage for any data at rest, and personnel training on data handling. MSSP will promptly report to Client any confirmed unauthorized access or misuse of Client Confidential Information that MSSP becomes aware of, and will cooperate with Client’s reasonable requests in investigating and remediating any such incident.


5.4. No Independent Data Use; Return/Destruction. MSSP shall not use Client’s Confidential Information or any personal data observed during the Services for any purpose other than providing Services to Client. MSSP will not sell, monetize, or otherwise exploit Client data. At any time upon Client’s request, and in any event upon termination of this Agreement, MSSP will return or securely destroy (at Client’s choice) all Confidential Information of Client in MSSP’s possession or control, except that MSSP may retain archival copies for legal compliance, internal record-keeping, or dispute resolution purposes, provided such retained copies remain confidential. MSSP’s Privacy Practices: As MSSP does not intend to act as a data controller for any of Client’s personal information, MSSP’s role is generally limited to a service provider using data only as directed by Client. Each Party will comply with applicable data protection laws in connection with this Agreement. If the nature of the Services or applicable law (such as GDPR or HIPAA) requires the Parties to enter into a data processing addendum, business associate agreement, or similar instrument, the Parties will promptly execute such an agreement. In absence of such specific addendum, MSSP provides the Services under the representation that it is not meant to take custody of or determine the purposes and means of processing Client’s regulated personal data, and any exposure to such data is incidental to the security services being provided.


5.5. Confidentiality of Agreement and Deliverables. The terms of this Agreement, as well as the content of any Deliverables (like security reports, findings, or recommendations), shall be treated as Confidential Information of both Parties. Client may share Deliverables internally among its workforce or contractors who have a need to know for implementing security measures, but agrees not to disclose MSSP’s reports or proprietary methodologies to any third party (except, for example, to Client’s regulator or auditors under appropriate confidentiality protections) without MSSP’s consent. MSSP shall not disclose the existence or results of any security assessment or services performed for Client to any third party (except its subcontractors or personnel under confidentiality, or as needed to fulfill the work) without Client’s consent. However, MSSP may use the fact of Client’s identity as a customer (name and logo) in MSSP’s marketing materials or client list, unless Client notifies MSSP in writing of its preference not to be included.


5.6. Duration of Confidentiality. The obligations in this Section 5 shall commence on the Effective Date and survive for a period of at least five (5) years after termination of this Agreement, or indefinitely with respect to any trade secrets or sensitive personal data, as required by law. The Parties agree that any breach of confidentiality may cause irreparable harm not adequately compensable by monetary damages, and that the injured Party shall be entitled to seek injunctive relief to prevent or mitigate any unauthorized disclosure.


6. Intellectual Property and Ownership of Deliverables  


6.1. Pre-Existing IP. Each Party retains all right, title, and interest in and to any intellectual property it owned or developed prior to, or independently of, this Agreement. No rights or licenses are granted by either Party except as expressly set forth herein. MSSP’s methodologies, frameworks, templates, software tools, scripts, and know-how used in providing the Services (“MSSP Tools”) are and shall remain the sole property of MSSP or its licensors, and nothing in this Agreement shall be construed to transfer ownership of any MSSP Tools to Client. To the extent MSSP utilizes any of its pre-existing intellectual property or MSSP Tools in the course of performing Services or embedding them in a Deliverable, MSSP hereby grants Client a non-exclusive, royalty-free, perpetual license to use and reproduce those MSSP Tools solely as part of the Deliverables or in connection with Client’s internal use of the Deliverables. Client shall not resell, license, or distribute MSSP Tools to third parties, and MSSP does not by virtue of this license waive any rights to use its Tools for other clients or purposes.


6.2. Ownership of Deliverables. Subject to the foregoing pre-existing IP, the specific Deliverables produced by MSSP for Client under an SOW (for example, a penetration test report, risk assessment report, policy document, or other bespoke work product identified as a Deliverable) shall be the property of Client upon full payment of all amounts due for that Deliverable or the SOW in which it is provided. MSSP hereby assigns to Client all intellectual property rights in such Deliverables that are created specifically for Client, with the exception that MSSP retains a copy of Deliverables for its records and retains all rights to any general knowledge, skills, experience, and ideas developed or improved during the project that are of general applicability (and not containing Client’s Confidential Information). MSSP may reuse generalized learnings or techniques (e.g., a generic script or anonymized finding) in its business, provided that no Confidential Information of Client or sensitive details specific to Client are disclosed. In cases where a Deliverable incorporates MSSP Tools or third-party materials such that MSSP is not free to assign full ownership, MSSP will specify those components and instead grant Client a license as described in 6.1.


6.3. License to Use Deliverables. Notwithstanding ownership, Client grants MSSP a limited license to use and reference the Deliverables for internal and portfolio purposes – for example, MSSP may use a sanitized summary of a project in its experience listings or for quality improvement, and MSSP may retain an archival copy for defense in case of legal or compliance questions. MSSP will not share or publish any Deliverable externally without Client’s consent, except as permitted under Section 5 (Confidentiality) or required by law.


6.4. Third-Party Materials. If any Deliverable or Service output includes third-party software, reports, or content (for example, vulnerability scanning tools, platform dashboards, or vendor-provided analysis), Client’s rights to use such third-party materials will be subject to the license terms of the respective third party. MSSP will pass through or facilitate any such licenses as needed. MSSP does not convey any greater rights in third-party materials than it has authorization for. For instance, if MSSP provides Client with a security platform’s output, Client may need to have a subscription or abide by that platform’s terms for continued use of the data or tool. MSSP will inform Client of any third-party terms that materially impact the use of Deliverables or Services.


7. Third-Party Vendors and Partners  


7.1. Vendor-Agnostic Service Delivery. Client acknowledges that MSSP works with and utilizes various third-party security technologies, vendors, and platforms (such as EDR software, SIEM tools, cloud security platforms, etc.) in the course of delivering Services. MSSP may recommend certain third-party products or services that are compatible with or enhance the Services, but MSSP does not mandate the use of any specific vendor’s solution. This Agreement does not grant any exclusive right or commitment to use any particular third-party product. Client retains the flexibility to choose or approve the security technologies used in its environment, and MSSP will make commercially reasonable efforts to accommodate Client’s existing tools or preferred vendors when feasible. The Parties may identify in an SOW the specific third-party products to be provided or managed by MSSP as part of the Services (for example, MSSP might resell a vendor’s software license or manage a cloud security service on Client’s behalf).


7.2. Third-Party Product Terms and Performance. If an SOW includes MSSP supplying or managing third-party software, hardware, or services for Client, then: (a) Third-Party Terms: Client may be required to agree to the end-user license or terms of service of that third-party as a condition of use. MSSP will facilitate providing those terms to Client. For any third-party products that MSSP resells or sublicenses, MSSP will pass through to Client the benefit of any warranties or indemnities provided by the product manufacturer/supplier to the extent allowed. Except to the extent expressly stated in an SOW, all third-party products are provided “as-is” from the supplier, and any warranty claims or support for those products will be subject to the supplier’s terms. MSSP will reasonably assist Client in claiming warranty support from the third-party if needed. (b) No MSSP Warranty of Vendors: MSSP does not independently warrant the performance, functionality, or suitability of any third-party product or service that it does not itself manufacture. While MSSP may configure or manage such tools, ultimate responsibility for flaws or failures in those tools lies with the third-party vendor, not MSSP. MSSP’s responsibility is limited to deploying and administering third-party products with due care as part of the Services. MSSP shall not be liable for downtime, errors, or security gaps attributable to third-party products or infrastructure, except to the extent that such issues result from MSSP’s failure to exercise due diligence or follow the vendor’s instructions in configuring the product (in other words, MSSP will stand behind its own services and configuration work, but cannot guarantee the inherent quality of a third-party offering beyond what the vendor provides).


7.3. No Third-Party Preference or Liability. MSSP may maintain partnerships or reseller relationships with multiple security vendors (for example, MSSP might be a certified partner of various OEMs). Client understands that these relationships do not constitute a bias or exclusive recommendation – MSSP’s suggestions are driven by Client’s best interests and requirements. MSSP is vendor-neutral and strives to support whichever tools align with Client’s needs. No vendor shall be deemed a subcontractor or agent of MSSP hereunder (unless specifically engaged by MSSP to assist, in which case see Section 12.4 on subcontractors). MSSP shall not be held responsible for any failures of underlying infrastructure (e.g., internet outages, cloud platform failures) or services outside MSSP’s control, and such events shall be treated as force majeure or Client responsibility as applicable. Client’s obligation to pay for Services is not contingent on the performance of any particular third-party, except that if a third-party product included in an SOW is permanently unavailable or materially impaired not due to Client’s actions, the Parties will negotiate in good faith an adjustment to the SOW or fees to account for the loss of that component.


7.4. Non-Exclusivity. The Parties agree that no exclusivity or non-compete arrangement is created by this Agreement. Client is free to engage other service providers for similar services, and MSSP is free to provide services to other clients, including Client’s competitors, provided that MSSP does not use Client’s Confidential Information in doing so or otherwise breach this Agreement. MSSP’s commitment to Client is as an independent contractor and trusted security advisor, but not an exclusive supplier. Likewise, any recommendations made by MSSP are not endorsements that preclude Client from considering alternative solutions.


8. Warranties and Disclaimers  


8.1. Services Warranty. MSSP warrants that it will perform the Services in a professional and workmanlike manner, with reasonable skill and care, consistent with generally accepted industry standards for similar services. MSSP further warrants that any Deliverables will materially conform to the specifications or descriptions in the applicable SOW, and that it will use appropriately trained and vetted personnel for the Services. In the event of a breach of the foregoing warranty (e.g., a Deliverable materially deviates from what was promised due to MSSP’s error, or a service was performed negligently), Client must notify MSSP in writing within 30 days of the deficient performance or delivery. MSSP’s sole obligation and Client’s exclusive remedy in such case will be for MSSP to correct or re-perform the deficient Services at no additional charge, or if correction is impracticable, to refund the Tokens or fees paid for the specific non-conforming portion of Services. This warranty remedy is conditioned on Client providing adequate detail to allow MSSP to identify the issue, and on the issue not being caused by something outside MSSP’s reasonable control (for example, errors caused by faulty Client software or inaccurate information provided by Client would not be MSSP’s responsibility).


8.2. No Other Warranties; General Disclaimer.Except as expressly provided in Section 8.1 above, MSSP makes no other warranties or guarantees, and hereby disclaims all other warranties, express or implied, to the maximum extent allowed by law. Specifically, MSSP does not warrant or guarantee that the Services will find every vulnerability in Client’s systems, or that Client’s systems will be completely secure or free of threats after MSSP’s Services, or that every attempted attack will be detected or prevented. Absolute security cannot be guaranteed in any service, and Client’s use of Services is not a substitute for all other security measures. MSSP disclaims any implied warranties of merchantability, fitness for a particular purpose, non-infringement, or arising from course of dealing or usage of trade. Any reports or advice provided as Deliverables are provided for Client’s informational purposes to help Client improve security; Client assumes final responsibility for how it implements any recommendations. MSSP does not warrant that Services will be uninterrupted or error-free, or that all errors will be corrected.


8.3. No Compliance or Regulatory Warranty.MSSP does not guarantee that use of the Services or Deliverables will cause Client to be in compliance with any specific law, regulation, or security framework (e.g., MSSP can assist with preparation for compliance audits, but cannot assure a passing result or certification). Client acknowledges that compliance involves organizational decisions and possibly external audits beyond MSSP’s control. Similarly, MSSP makes no warranty that its Services will prevent all breaches or incidents; security services are risk-reduction tools, not risk elimination. Client is solely responsible for its legal and regulatory compliance requirements and should seek independent advice for legal interpretations as needed.


8.4. Client Warranties. Client represents and warrants that: (a) it has the legal right and authority to enter into this Agreement and to permit MSSP to perform the Services on any systems, applications, or data provided or designated by Client; (b) any materials, credentials, software licenses, or information Client provides to MSSP for the performance of Services will not infringe or misappropriate the intellectual property or privacy rights of any third party, and Client has obtained all necessary consents or rights to allow MSSP to use them for the Services; and (c) Client will use the Services and Deliverables in accordance with all applicable laws and only for legitimate purposes as set forth in this Agreement. If Client is breaching any of these warranties, MSSP may suspend Services until the breach is remedied, without liability for resulting delays.


8.5. Security and Data Disclaimer. Client acknowledges that in the course of MSSP’s testing or monitoring, there is a risk of incidental system disruption (e.g., a scan causing a system to crash, or containment of malware resulting in some data loss). MSSP will take reasonable precautions to avoid such outcomes and coordinate with Client on safe timing, but shall not be liable for any unintended consequences of authorized testing or response actions performed in good faith, provided MSSP adhered to the agreed rules of engagement or response procedures. Additionally, MSSP is not responsible for pre-existing weaknesses or conditions in Client’s environment that are discovered during the engagement; any adverse events or breaches that were occurring or latent prior to MSSP’s Services are not caused by MSSP. MSSP will assist in remediation or response to such issues as part of the Services (if within scope), but responsibility for the underlying condition remains with Client.


9. Limitation of Liability  


9.1. No Indirect or Consequential Damages.To the fullest extent permitted by law, neither Party shall be liable to the other for any indirect, special, incidental, consequential, punitive, or exemplary damages of any kind in connection with or arising out of this Agreement or the Services, whether in contract, tort (including negligence), strict liability or any other theory. The foregoing exclusion includes, but is not limited to, damages for lost profits or revenue, lost or corrupted data, business interruption, loss of goodwill, failure to meet any business or compliance objectives, or costs of procuring substitute services, even if a Party has been advised of the possibility of such damages. Each Party agrees that these exclusions reflect a reasonable allocation of risk. Some jurisdictions do not allow the exclusion of incidental or consequential damages, so to that extent the above may not apply and the liability of the Parties will be limited to the maximum extent permitted by law.


9.2. Cap on Direct Damages.Each Party’s total cumulative liability to the other for direct damages arising out of or relating to this Agreement or the Services (whether in contract, tort, or otherwise) shall be limited to the total amount of fees paid (in USD equivalent of Token purchases or other payments) by Client to MSSP under this Agreement in the twelve (12) months immediately preceding the event giving rise to the claim. If the claim occurs in the first 12 months of the Agreement, the cap shall be the amount paid up to the date of the claim. For clarity, this liability cap applies aggregate to all claims and causes of action by a Party in that period – it is not per-incident. Multiple claims shall not expand the cap. The Parties acknowledge that the fees charged for Services reflect this allocation of risk and the limitation of liability herein.


9.3. Exceptions to Limitations.Nothing in this Agreement shall limit or exclude either Party’s liability for: (i) death or bodily injury or property damage caused by its gross negligence or willful misconduct (if applicable to the nature of Services), (ii) fraud or fraudulent misrepresentation, (iii) any other liability that cannot be lawfully limited or excluded. In addition, the exclusions and cap in this Section 9 shall not apply to Client’s payment obligations under this Agreement, nor to Client’s liability for misuse of MSSP’s intellectual property or breach of Section 5 (Confidentiality), nor to either Party’s indemnification obligations under Section 10, which obligations shall each be subject to the remedies and limits (if any) set forth in Section 10.


9.4. Special Consideration for Data Breach Liability. (For avoidance of doubt and to ensure fairness) The Parties acknowledge the unique risk allocation concerns in security services contracts. The liability cap in Section 9.2 is intended to be a reasonable estimation of direct damages exposure. Client should maintain appropriate cyber insurance or other coverage for residual risks. If a material security incident occurs that is directly caused by MSSP’s breach of its obligations or negligence (e.g., MSSP fails to perform a explicit security control it agreed to, leading to a breach), the Parties agree to discuss in good faith a fair allocation of costs related to such incident (such as notification costs or regulatory fines), recognizing that strict enforcement of the damage exclusions might leave Client with unrecoverable losses. However, unless and until modified by written amendment, the limitations in this Section 9 shall govern. Each Party waives any claims to the extent they exceed these limitations.


10. Indemnification  


10.1. MSSP Indemnification. MSSP shall indemnify, defend, and hold harmless Client and its affiliates, and their respective officers, directors, and employees (collectively, the “Client Indemnitees”), from and against any and all third-party claims, demands, lawsuits, or proceedings (“Claims”) and all related liabilities, losses, damages, and expenses (including reasonable attorneys’ fees and court costs) to the extent arising from: (a) an allegation that the Deliverables or any materials provided by MSSP to Client infringe the intellectual property rights (patent, copyright, trademark, trade secret) of a third party (under the law of the jurisdiction of delivery); or (b) MSSP’s gross negligence or willful misconduct in the performance of the Services, which directly causes: physical injury to persons; or tangible property damage; or a data security breach of Client’s confidential data that MSSP was responsible for safeguarding. This indemnity is contingent on Client: (i) promptly notifying MSSP in writing of the Claim (so that MSSP’s defense is not prejudiced by delay); (ii) allowing MSSP sole authority to control the defense and settlement of the Claim (provided that MSSP may not settle any Claim in a manner that admits fault on Client or imposes non-monetary obligations on Client without Client’s consent); and (iii) cooperating with MSSP (at MSSP’s expense) in the defense. For IP infringement claims, MSSP may, at its discretion, either obtain the right for Client to continue using the infringing materials, or modify/replace them so they are non-infringing, or if those remedies are impractical, accept return of the infringing Deliverables and refund to Client the amount paid for them. MSSP’s obligations under this Section 10.1 shall not apply to the extent a Claim arises from Client’s breach of this Agreement, modification or misuse of the Deliverables by Client, or use of MSSP’s materials in combination with other products not provided by MSSP (where the combination causes the infringement).


10.2. Client Indemnification. Client shall indemnify, defend, and hold harmless MSSP and its affiliates, and their respective officers, directors, and employees (collectively, the “MSSP Indemnitees”), from and against any and all Claims and related liabilities, losses, damages, and expenses (including reasonable attorneys’ fees) to the extent arising from: (a) Client’s violation of applicable law or any third-party rights (including intellectual property, privacy, or data ownership rights) through its use of the Services or Deliverables, or through MSSP’s use of Client-provided materials or access credentials in performing the Services; (b) any Claim that MSSP’s authorized penetration testing, vulnerability scanning, or other access to Client’s or third-party systems during the engagement (as directed or permitted by Client) was not actually authorized by the rightful owner or could be considered unlawful – provided that MSSP was acting within the scope of Client’s instructions, Client will bear responsibility for any lack of proper authorization; (c) Client’s breach of any material obligation, representation or warranty under this Agreement (for example, if a data breach occurs because Client failed to implement a security patch that MSSP recommended and Client agreed to apply, and a third party sues MSSP for negligence, Client would indemnify MSSP); or (d) any claim or dispute between Client and its own customers, end users, or partners arising from Client’s business practices or services, except to the extent caused by MSSP’s breach. This indemnity is contingent on MSSP giving similar prompt notice and control to Client as required in Section 10.1 above. Client may not settle any Claim against an MSSP Indemnitee that involves admission of wrongdoing or monetary payment by an MSSP Indemnitee without that Indemnitee’s consent (not to be unreasonably withheld).


10.3. Indemnification Procedure. The indemnified Party shall: (i) give prompt written notice of any Claim (and in any event notify within a time that doesn’t materially prejudice the defense – a delay in notice only relieves the indemnifier of its obligations to the extent it was prejudiced by that delay); (ii) tender to the indemnifying Party (and its insurer) control of the defense and settlement of the Claim, if the indemnifying Party agrees in writing that the Claim is indemnified hereunder (the indemnifying Party will engage competent counsel and defend diligently); and (iii) provide reasonable cooperation at the indemnifying Party’s expense. The indemnified Party may participate with its own counsel at its own expense. If the indemnifying Party fails to promptly assume the defense, the indemnified Party may do so and the indemnifying Party shall reimburse all costs and losses incurred. The indemnifying Party shall keep the indemnified Party informed of the progress of any Claim and consider in good faith any reasonable input from the indemnified Party.


10.4. Exclusive Remedy. The foregoing indemnification obligations are the Parties’ exclusive remedy for any third-party claims of the types described in Sections 10.1 and 10.2. Nothing herein shall limit a Party’s other remedies at law for the other Party’s breach or direct obligations between the Parties; however, claims by third parties will be exclusively addressed by indemnification as provided above, to the extent applicable.


11. Term and Termination  


11.1. Term of Agreement. This Agreement commences on the Effective Date and shall continue in effect until terminated as provided herein. This Agreement is intended to govern multiple engagements over time. Either Party may propose to update or replace this Agreement by mutual written consent in the future (for example, to address changes in law or business practices), but in the absence of a new master agreement, this Agreement remains in force. The term of each SOW shall be as specified in that SOW (e.g., an SOW may have a defined project duration or an initial term of 12 months for ongoing services with automatic renewal). If an SOW’s term extends beyond the termination of this Agreement, this Agreement shall remain in effect solely for governing that SOW until the SOW’s completion or earlier termination, unless the Parties agree to supersede this Agreement with another contract.


11.2. Termination for Convenience. Either Party may terminate this Agreement for convenience (without cause) by providing at least thirty (30) days’ prior written notice to the other Party, provided that no SOW is currently in effect or that the termination date specified coincides with the end of all active SOWs. In other words, an active SOW will not be automatically cut short by a party’s termination of the master Agreement for convenience – instead, the Parties should mutually agree how to handle any ongoing SOW (they may allow it to complete or may mutually terminate it). Additionally, Client may terminate an individual SOW for convenience (e.g., to discontinue a particular service) by giving MSSP thirty (30) days’ written notice, subject to any early termination fee or minimum commitment specified in that SOW. If Client terminates an SOW early without cause and no specific penalty is set in the SOW, then (i) MSSP will cease work and not bill further Tokens beyond those consumed up to the effective termination date, and (ii) any unused Tokens associated with that SOW are forfeited (as Tokens are non-refundable). If MSSP terminates the Agreement or any SOW for convenience (and not due to Client’s breach), MSSP shall, at Client’s election, either continue to honor any Tokens Client has purchased by completing equivalent Services for Client before termination, or refund Client for all unused Tokens remaining for the terminated Services. MSSP will reasonably cooperate to transition or wind down Services to avoid undue disruption.


11.3. Termination for Cause. Either Party may terminate this Agreement (and any or all SOWs) immediately upon written notice if the other Party commits a material breach of this Agreement or an SOW, which breach is not cured within thirty (30) days after receiving written notice describing the breach in reasonable detail (or a shorter cure period if specifically provided elsewhere in this Agreement for certain breaches, such as nonpayment). In the case of Client’s failure to pay any invoice for Tokens or fees when due, MSSP may, in its discretion, suspend Services and give notice of default. If Client fails to pay an undisputed overdue amount within fifteen (15) days after written notice of such non-payment, MSSP may terminate this Agreement (and any or all SOWs) for breach immediately. For breaches that by their nature cannot be cured (for example, a violation of law that has already occurred, or misuse of confidential data), termination may be immediate. Termination for cause is in addition to any other remedies the terminating Party may have.


11.4. Termination for Insolvency or Legal Incapacity. Either Party may terminate this Agreement by written notice if the other Party: (i) becomes insolvent or unable to pay its debts as they mature; (ii) voluntarily files for bankruptcy, reorganization, or similar relief, or has such action commenced against it (and not dismissed within 60 days); (iii) makes an assignment for the benefit of creditors; or (iv) undergoes any other proceeding or resolution for liquidation or dissolution. The effective termination date shall be the date of such notice or any later date specified therein.


11.5. Effect of Termination. Upon expiration or termination of this Agreement for any reason: (a) MSSP will stop performing Services (except as necessary to safely transition or as required by law); (b) all outstanding undisputed payment obligations of Client through the termination date will become immediately due (including payment for any Services provided but not yet paid for via Tokens – e.g., if Client consumed more Tokens than purchased, the difference becomes due in cash); (c) Client shall promptly return or, at MSSP’s request, destroy all MSSP Confidential Information and any MSSP property or equipment in its possession; (d) MSSP shall likewise return or destroy all Client Confidential Information (subject to the retention rights in Section 5.4) and shall cooperate in transferring any active monitoring or management duties back to Client or its designee. Each Party shall certify compliance with return or destruction obligations upon request. If Client requires assistance for transition (e.g., offboarding a service, transferring knowledge to a new provider), the Parties may mutually agree on any such assistance to be provided by MSSP, potentially under a new SOW or a time-and-materials basis using Tokens.


11.6. Survival. Termination of this Agreement or any SOW shall not affect provisions which, by their nature, are intended to survive termination. Without limitation, the sections on Definitions, Confidentiality, Intellectual Property (rights that extend beyond term), Warranties and Disclaimers, Limitation of Liability, Indemnification, and General Provisions shall survive any expiration or termination. No termination shall relieve Client of its obligation to pay fees accrued or Tokens used up to the effective termination date, or alter the Parties’ rights with respect to any breach of this Agreement prior to termination.


12. General Provisions  


12.1. Independent Contractor. The relationship of MSSP to Client is that of an independent contractor. Nothing in this Agreement is intended to nor shall create any partnership, joint venture, agency, fiduciary, or employment relationship between MSSP and Client. MSSP’s personnel and subcontractors are not employees of Client, and MSSP is solely responsible for paying their wages, benefits, and any applicable taxes or insurance. Each Party retains sole responsibility for its own expenses, operations, and employees. Neither Party has the authority to bind or act on behalf of the other in any matter, except as expressly agreed in writing.


12.2. No Third-Party Beneficiaries. This Agreement is intended solely for the benefit of the Parties and their permitted successors and assigns. Nothing in this Agreement, express or implied, is intended to confer any rights, benefits, or remedies on any third party (including any employees of the Parties, customers of Client, or partners of MSSP) other than the indemnities to the extent they cover third-party claims against an Indemnitee. In particular, no end-user or customer of Client shall have any rights against MSSP under this Agreement; Client is solely responsible for its obligations to its own customers.


12.3. Assignment. Client may not assign or transfer this Agreement, in whole or in part, nor delegate any of its rights or obligations hereunder, without the prior written consent of MSSP (such consent not to be unreasonably withheld). Any attempted assignment by Client without such consent will be void and of no effect. MSSP may assign this Agreement in whole or part to an affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets related to this Agreement, upon written notice to Client. MSSP may also delegate or subcontract performance of portions of the Services to qualified third parties (e.g., MSSP may use a partner firm for specialized testing or for cloud monitoring in another region), provided that MSSP remains responsible for the performance of Services and compliance with this Agreement by any such subcontractors. This Agreement shall be binding upon and inure to the benefit of the Parties’ respective successors and permitted assigns.


12.4. Subcontractors. MSSP may utilize subcontractors or third-party consultants in delivering the Services (for example, security researchers or incident response specialists), but shall remain the prime contractor and liable for the work of its subcontractors as if performed by MSSP. MSSP will ensure that any subcontractor is bound by confidentiality obligations at least as restrictive as those in this Agreement and that no Client Confidential Information is shared beyond what is necessary for the subcontractor’s portion of work. MSSP will inform Client, upon request, of the general types of subcontracted tasks and the safeguards in place. If an SOW specifically requires that certain work not be subcontracted or that named individuals perform the work, MSSP will honor those requirements or discuss alternatives with Client.


12.5. Force Majeure. Except for payment obligations, neither Party shall be liable for any failure or delay in performance of its obligations under this Agreement (nor be deemed to be in breach) if such failure or delay arises out of causes beyond its reasonable control and without its fault or negligence. Such causes may include, but are not limited to: acts of God, natural disasters (e.g., floods, earthquakes), fires, epidemics or pandemics, acts of government or regulatory authorities, war, terrorism, civil unrest, strikes or labor disputes (not involving the Party’s own employees), failures of the internet or telecommunication networks, power outages, or vendor or supply chain failures not caused by the Party. The affected Party shall give prompt notice to the other of the force majeure event, and make commercially reasonable efforts to mitigate its impact and resume performance as soon as practicable. In the event a force majeure condition prevents performance for an extended period (e.g., more than 30 days), the Parties will confer about possible modifications or termination of any affected SOW. Notwithstanding the foregoing, Client’s obligation to pay for Services already rendered is not excused by force majeure. If Client’s own operations are affected by force majeure (e.g., a hurricane forcing business closure), MSSP will accommodate reasonable adjustments such as pausing Services or extending delivery timelines without additional cost.


12.6. Notices. Any formal notices or communications required or permitted under this Agreement (such as notices of breach, termination, or indemnifiable claim) shall be given in writing and delivered to the respective Parties at the addresses set forth below (or to such other address as a Party may designate by written notice to the other). Notices shall be delivered by one of the following means: (a) personal delivery (effective upon receipt evidenced by a signed delivery receipt), (b) certified or registered mail, return receipt requested (effective three business days after deposit in the mail), or (c) a recognized overnight courier service (effective one business day after dispatch). Additionally, routine communications and day-to-day operational notices may be sent via email to the Parties’ designated contacts; however, any notice of legal default, termination, indemnification claim, or other legal matter must also be sent by mail or courier to be effective. The initial notice addresses are:

  • For MSSP: APT SECURITY MANAGEMENT LLC, Attn: Legal Department, 6650 Rivers Avenue STE 100, Charleston, South Carolina, 29406. With a copy to legal@aptsecuritymanagement.com.


12.7. Governing Law and Venue. This Agreement shall be governed by and construed in accordance with the laws of the State of South Carolina, without regard to its conflict of laws principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply. Jurisdiction and Venue: The Parties agree that any dispute arising out of or relating to this Agreement shall be brought exclusively in the state or federal courts located in Charleston, South Carolina, and each Party consents to the personal jurisdiction and venue of such courts. Each Party waives any objection that such courts represent an inconvenient forum. Notwithstanding the foregoing, either Party may seek injunctive or equitable relief in any court of competent jurisdiction to protect its confidential information or intellectual property rights.


12.8. Dispute Resolution. The Parties agree to attempt in good faith to resolve any dispute or claim arising out of this Agreement by escalating it to higher management levels through negotiation. If a dispute cannot be resolved through negotiation within a reasonable time, the Parties may agree to try mediation or another alternative dispute resolution process before resorting to litigation. If they cannot agree, either Party may proceed to court. Attorney’s Fees: In any action or proceeding to enforce rights under this Agreement, the prevailing Party shall be entitled to recover its reasonable attorneys’ fees and costs from the other Party, in addition to any other relief awarded, to the extent allowed by law or by the court.


12.9. Modifications and Waivers.Amendments: Any amendment or modification to this Agreement or any SOW must be in writing and signed (or expressly agreed electronically) by authorized representatives of both Parties. This requirement includes any change to the Token pricing or any waiver of rights. Waiver: No failure or delay by either Party in exercising any right, power, or remedy under this Agreement shall operate as a waiver of that right or any other right. A waiver of any provision or breach shall be effective only if expressly made in writing and signed by the waiving Party, and shall not be construed as a waiver of any subsequent breach of the same or any other provision. Severability: If any provision of this Agreement is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be enforced to the maximum extent permissible to effect the Parties’ intent, or if incapable of such enforcement, shall be deemed severed, and the remaining provisions of this Agreement will remain in full force and effect.


12.10. Entire Agreement. This Agreement, together with all SOWs, exhibits or attachments, and any referenced schedules or policies, constitutes the entire agreement between the Parties with respect to the subject matter herein, and supersedes all prior or contemporaneous understandings, agreements, negotiations, representations and warranties, both written and oral, regarding such subject matter. The Parties acknowledge that they have not relied on any statement, representation, or warranty not expressly set out in this Agreement. In the event Client issues a purchase order or similar document for administrative convenience, any pre-printed or standard terms in such document shall be of no effect and this Agreement shall govern.


12.11. Execution and Acceptance. This Agreement may be executed in counterparts (including electronically), which together will form one binding agreement. Signatures delivered via electronic means (e.g., PDF or a recognized e-signature service) are deemed original. Alternatively, the Parties agree that this Agreement can be accepted by reference: for example, by signing an SOW or ordering document that expressly incorporates this Master Services Agreement by reference (including via hyperlink). In such case, the act of signing the SOW or order constitutes acceptance of this Agreement even if not separately signed. Each Party represents that the person signing or accepting this Agreement (or any SOW hereunder) has full authority to bind that Party.


12.12. Headings and Construction. Section headings in this Agreement are for convenience of reference only and shall not affect the interpretation of the Agreement. Terms such as “include” or “including” are deemed to be followed by “without limitation.” The Parties agree that this Agreement shall not be construed in favor of or against either Party by reason of authorship (each Party has had opportunity for input and review). If this Agreement is translated into another language, the English version shall control in the event of any conflict.


12.13. Counterparts. If this Agreement is signed, it may be signed in multiple counterparts, which taken together shall constitute one instrument. Copies of the executed Agreement shall be as effective as the original.