Sophos MSP Partner Terms and Conditions

BY CLICKING A BOX INDICATING ACCEPTANCE OR AGREEMENT, OR BY ACCESSING OR USING AN OFFERING, THE MANAGED SERVICE PROVIDER (“MSP”) AGREES TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. AN INDIVIDUAL ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT IS ACCEPTING ON BEHALF OF THE MSP AND REPRESENTS THAT S/HE HAS THE AUTHORITY TO BIND THE MSP TO THIS AGREEMENT.

IF YOU DO NOT AGREE WITH ANY OF THE TERMS OR CONDITIONS OF THIS AGREEMENT, YOU WILL NOT HAVE THE STATUS OF A SOPHOS MSP AND YOU ARE NOT AUTHORIZED TO ACCESS OR USE, OR PERMIT BENEFICIARIES TO ACCESS OR USE, THE OFFERINGS.

If you wish to view the Sophos Managed Service Provider Agreement in another language, visit any of the following pages: Spanish, French, Italian, German, Japanese.

1. DEFINITIONS

1.1 ‘Affiliate’ means, with respect to each party, an entity that controls, is controlled by, or is under common control with such party. For the purposes of this definition, “control” means the beneficial ownership of more than fifty percent (50%) of the voting power or equity in an entity.

1.2 ‘Beneficiary’ means an end user customer with whom MSP has entered into a Beneficiary Agreement (i) for whose benefit the MSP is acquiring or licensing an Offering so MSP may provide MSP Services, or (ii) where the MSP Services include an Offering and MSP is requesting that Sophos and its Affiliates provide the Offering directly to the Beneficiary as the ultimate recipient of the Offering.

1.3 ‘Beneficiary Agreement’ means a written agreement between MSP and a Beneficiary for MSP Services, including the Offerings, which contains terms and conditions at least as protective of Sophos as the terms and conditions in the Sophos End User Terms.

1.4 ‘Beta Offering’ means any Offering (or portion of an Offering) that Sophos identifies as beta, pre-release, early access, or preview, and that is not made generally available for use.

1.5 ‘Confidential Information’ means any non-public, confidential, or proprietary information of the disclosing party that is clearly marked confidential or reasonably should be assumed to be confidential given the nature of the information and the circumstances of disclosure.

1.6 ‘Credentials’ means a system to restrict access, including usernames and passwords.

1.7 ‘Documentation’ means the online help content, user manuals, formal documentation, or similar materials (whether electronic or printed) pertaining to the implementation, operation, access, and use of the Offerings published by Sophos, as may be revised by Sophos from time to time.

1.8 ‘Hardware’ means the hardware appliance, together with any related components (including but not limited to power supply modules, disk drives in carriers, ship kits and rack mount kits).

1.9 ‘Licensed Products’ means the software programs which are issued to MSP (including Sophos Central and software programs which are installed on the Hardware, but excluding Service Software), together with the Documentation and any Upgrades and Updates to those software programs.

1.10 ‘Maintenance’ means collectively (i) Upgrades and/or Updates (where applicable to the Offering), (ii) SMS message processing (where applicable to the Offering), and (iii) Enhanced Partner Support.

1.11 ‘MSP Content’ means all software, data (including personal data as described in Clause 12.7), or non-Sophos or third-party applications; any other content, communications, or material, in any format; and any system, network, or infrastructure provided or made accessible by MSP, a Beneficiary, or a User to Sophos in connection with a Beneficiary’s or MSP’s access and use of the Offerings.

1.12 ‘MSP Services’ means MSP’s technology, consulting, integration, managed, hosted, and other service offerings which include the Offerings and are provided by MSP to a Beneficiary for the Beneficiary’s internal information security purposes.

1.13 ‘MSP Trademark’ means any trade marks and service marks for which registrations have been filed, and registrations obtained in some cases, with the appropriate official industrial property registry, trade names, logos, emblems, trade dress, and other insignias of origin, and other commercial symbols, which MSP now or hereafter uses or authorizes others to use to identify goods and services offered by MSP, including MSP Services.

1.14 ‘Offerings’ means the Products and Services.

1.15 ‘Partner Portal’ means the website for Sophos partners at https://partnerportal.sophos.com or such other URL as Sophos may advise from time to time.

1.16 ‘Price List’ means the then-current, Sophos-recommended price list for Offerings applicable to MSP’s Territory and which is available via the Partner Portal or otherwise upon request.

1.17 ‘Products’ means the Licensed Products and Hardware.

1.18 ‘Sanctions and Export Control Laws’ means any law, regulation, statute, prohibition, or similar measure applicable to the Offerings and/or to either party relating to the adoption, application, implementation and enforcement of economic sanctions, export controls, trade embargoes or any other restrictive measures, including, but not limited to, those administered and enforced by the European Union, the United Kingdom, and the United States, each of which shall be considered applicable to the Offerings.

1.19 ‘Schedule’ means the order confirmation or license certificate issued by Sophos, or other equivalent documentation, that details the applicable access and usage rights and entitlement, including the type, quantity, and duration of the Offerings licensed or acquired by MSP via advance subscriptions.

1.20 ‘Services’ means Sophos’s managed service offerings and cloud service offerings as defined in the Sophos services agreement available at https://www.sophos.com/en-us/legal, including those made available as a Beta Offering or Trial Offering, that MSP is authorized to access, use, and make available under the terms of this Agreement, including any applicable support and Maintenance services, and associated Service Software and Documentation.

1.21 ‘Service Description’ means Sophos’s description of a managed service’s features, including any additional Service-specific terms and requirements, available at https://www.sophos.com/en-us/legal.

1.22 ‘Service Software’ means any software agent, application, or tool made available by Sophos for use in connection with a Service, including any Updates and Upgrades.

1.23 ‘Sophos’ means Sophos Limited, a company registered in England and Wales number 2096520, with its registered office at The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP, UK.

1.24 ‘Sophos End User Terms’ means the Sophos end user license agreement, services agreement, or other terms of access and use applicable to each Offering that accompanies the Offering, is published on https://www.sophos.com/en-us/legal, or is otherwise delivered to MSP.

1.25 ‘Sophos Materials’ means (i) all Sophos proprietary materials, any written or printed summaries, analyses or reports generated in connection with an Offering, including written reports that are created in the course of Sophos providing an Offering; and (ii) data generated by Sophos in the course of providing an Offering, including, but not limited to, detections, threat data, indicators of compromise and any contextual data (but excluding MSP Content).

1.26 ‘Sophos Trademark’ means any trade marks and service marks for which registrations have been filed, and registrations obtained in some cases, with the appropriate official industrial property registry, trade names, logos, emblems, trade dress, and other insignias of origin, and other commercial symbols, which Sophos now or hereafter uses or authorizes others to use to identify the Offerings.

1.27 ‘Territory’ means the geographic area in which MSP may provide MSP Services to Beneficiaries. If MSP has its registered/principal office in the European Economic Area or Switzerland, then ‘Territory’ shall mean the European Economic Area and Switzerland; or if MSP has its registered/principal office elsewhere, then ‘Territory’ shall mean the country in which MSP’s registered/principal office is located or such other country that Sophos may notify to MSP from time to time.

1.28 ‘Third Party Software’ has the meaning set forth in Clause 9.1 below.

1.29 ‘Third Party Services’ has the meaning set forth in Clause 9.4 below.

1.30 ‘Trial Offering’ has the meaning set forth in Clause 3.2 below.

1.31 ‘Update’ means an update to the library of rules and/or identities and/or other updates to the detection data, Products, or Service Software made available to MSP by Sophos in its sole discretion from time to time, but excluding Upgrades and any updates marketed, licensed, or made available by Sophos for a separate fee.

1.32 ‘Upgrade’ means any enhancement or improvement to the functionality or feature of the Products or Service Software made available to MSP by Sophos in its sole discretion from time to time, but excluding any upgrades marketed, licensed, or made available by Sophos for a separate fee.

1.33 ‘Usage Data’ means any diagnostic and usage-related information from the use, performance, and operation of the Offerings, including, but not limited to, type of browser, Offering features, and systems that are used and/or accessed, and system and Offering performance-related data.

1.34 ‘User’ means an employee, contractor, or other similar personnel who benefits from the Offerings used by or made available to MSP, Beneficiaries, and/or their Affiliates.

2. INTELLECTUAL PROPERTY RIGHTS AND OWNERSHIP

2.1 Sophos Ownership; Use of Sophos Materials. Sophos retains all right, title, and interest, including all intellectual property rights, in and to the Offerings and Sophos Materials, including all improvements, enhancements, modifications, derivative works, logos, and Sophos Trademarks. Sophos reserves all rights in and to the Offerings and Sophos Materials that are not expressly granted under this Agreement. Except as expressly stated in this Agreement, no license or right is granted directly or by implication, inducement, estoppel, or otherwise. During the Agreement term, Sophos grants to MSP a limited, non-exclusive license to access and use Sophos Materials solely for MSP to receive the Services and provide MSP Services to Beneficiaries.

2.2 MSP Ownership; Use of MSP Content. Except as expressly provided otherwise in this Agreement, as between Sophos and MSP, MSP retains all right, title, and interest in and to MSP Content and MSP Trademarks. MSP grants to Sophos a non-exclusive, worldwide, royalty-free license to access and use the MSP Content to exercise its rights and perform its obligations (including to provide the Offerings) under this Agreement.

3. USE OF OFFERINGS AND RESTRICTIONS

3.1 Rights. Subject to MSP’s compliance with the terms of this Agreement, during the term of this Agreement Sophos grants to MSP a limited, non-exclusive right within the Territory as part of providing MSP Services, to (i) access and use the Offerings; (ii) sub-license use of the Products and Service Software; (iii) provide access to the Services; (iv) provide Maintenance; and (v) request that Sophos and its Affiliates provision and/or deliver the Services directly to Beneficiaries as the ultimate recipient of the Services in accordance with the Sophos End User Terms and as described in the Service Description.

3.2 Trial Offerings; Beta Offerings.

3.2.1 If permitted by Sophos, MSP may conduct a free trial or evaluation of an Offering (each a “Trial Offering”) in its own environment or in a Beneficiary’s environment for thirty (30) days or such other duration specified by Sophos in writing.

3.2.2 From time to time, Sophos may invite MSP to try a Beta Offering, for a period specified by Sophos and at no charge, which MSP may accept or decline in MSP’s sole discretion. MSP will comply with testing guidelines that Sophos provides in connection with MSP’s access and use of a Beta Offering and will make reasonable efforts to provide Feedback in accordance with Clause 13.3. Sophos may discontinue a Beta Offering at any time in its sole discretion and may not make it generally available.

3.2.3 Trial Offerings and Beta Offerings are provided solely for internal testing and evaluation by MSP and Beneficiaries.

3.2.4 TRIAL OFFERINGS AND BETA OFFERINGS ARE PROVIDED “AS IS” WITHOUT ANY SUPPORT, INDEMNITY, LIABILITY, OR REMEDY OF ANY KIND. TO THE EXTENT ALLOWED BY APPLICABLE LAW, SOPHOS EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY, CONDITION, OR OTHER IMPLIED TERM AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF TRIAL OFFERINGS AND BETA OFFERINGS.

3.2.5 The terms of this Clause 3.2 apply, and prevail over any conflicting terms in this Agreement, with respect to access and use of Trial Offerings and Beta Offerings.

3.3 Access and Usage.

3.3.1 The Offerings are licensed or made available by User, Service unit or meter, or other applicable unit, as specified in the Price List and Licensing Guidelines at https://www.sophos.com/en-us/legal (“Licensing Guidelines”).

3.3.2 MSP is solely responsible for: (a) accessing and using the Offerings, and ensuring Beneficiaries access and use the Offerings, in accordance with the Documentation; (b) determining the suitability of the Offerings for MSP’s and Beneficiaries’ use; (c) configuring the Offerings appropriately; (d) complying with any regulations and laws (including, without limitation, export, data protection, and privacy laws) applicable to MSP Content and MSP’s and Beneficiaries’ use of the Offerings; (e) MSP’s access and use of the Offerings; (f) all activity occurring under MSP’s Offering and support accounts; (g) providing all reasonable information and assistance required for Sophos to deliver the Offerings or enable MSP’s or Beneficiaries’ access and use of the Offerings; (h) using reasonable means to protect the account information and Credentials (including passwords and devices or information used for multi-factor authentication purposes) used by MSP and Beneficiaries to access the Offerings; and (i) promptly notifying Sophos of any unauthorized account use or other suspected security breach, or unauthorized use, copying, or distribution of the Offerings, Sophos Materials, or MSP Content.

3.3.3 MSP Content. MSP is solely responsible for all MSP Content, including but not limited to its accuracy, quality, and legality. MSP represents and warrants that it: (a) has the legal rights to provide MSP Content to Sophos; (b) has provided any required notices and has obtained any consents and/or authorizations (including any required from Beneficiaries and Users) related to its access and use of the Offering and the processing of and access to MSP Content by Sophos; and (c) will comply with all applicable laws and regulations for collecting and processing MSP Content, and transferring MSP Content to Sophos. MSP is responsible for taking and maintaining appropriate steps to protect the confidentiality, integrity, and security of MSP Content, including but not limited to: (i) controlling access that MSP provides to Beneficiaries and Users; and (ii) backing up MSP Content.

3.3.4 Unless otherwise authorized as part of the MSP Connect with Flex program described in Clause 3.3.5 below, MSP must purchase an advance subscription to meet MSP’s Offering usage requirements for each individual Beneficiary. The Schedule specifies the number of Users or other applicable units for which MSP has subscribed in advance for each Beneficiary. If the Beneficiary’s usage of the Offerings exceeds the entitlement as set forth in the Schedule, MSP must immediately purchase the additional entitlement for the remainder of the subscription term specified on the Schedule.

3.3.5 MSP Connect with Flex. As an alternative to Clause 3.3.4 above, for those eligible Offerings authorized by Sophos, MSP may elect to pay for MSP’s total actual usage for an individual Beneficiary each calendar month in arrears, provided that Sophos (and the authorized Sophos distributor, if applicable) has approved MSP’s participation in Sophos MSP Connect with Flex in writing. Actual usage may vary from month to month. If MSP fails to pay Sophos or the relevant distributor by the due date, in addition to Sophos’s other rights, Sophos may require that MSP revert to the purchase of advance subscriptions in accordance with Clause 3.3.4 above.

3.3.6 MSP may not assign or transfer licenses or subscriptions to an Offering to a Beneficiary or third party without Sophos’s prior written consent.

3.3.7 Where MSP purchases directly from Sophos or a Sophos Affiliate, MSP agrees to pay fees in accordance with the Price List and Appendix 2. Where MSP purchases through an authorized Sophos distributor, MSP shall agree to the amount of the fee with, and make payment of the agreed fee to, such distributor. Any prices that Sophos recommends for resale or sublicensing are guidelines only.

3.3.8 For the avoidance of doubt, fees are payable in full by MSP whether or not MSP collects monies from any Beneficiary and whether or not any refunds are given by MSP to the Beneficiary.

3.3.9 MSP acknowledges that Sophos monitors use of the Offerings to: (a) track usage and entitlements; (b) provide support and Maintenance; (c) monitor the performance, integrity, and stability of the Offerings; (d) prevent or remediate technical issues; and (e) detect and address illegal acts or violations of Clause 3.5 (Restrictions). Where insufficient information is available, upon Sophos’s request MSP will provide a report to Sophos (or the authorized distributor, as applicable) detailing the following: (i) MSP name, (ii) MSP country, (iii) name of each Beneficiary, (iv) country and city/state identifier for each Beneficiary, (v) license number(s) allocated to each Beneficiary (where applicable), and (vi) number of Users (or other applicable units) per Beneficiary during the previous calendar month.

3.3.10 No more than once a year, MSP shall permit Sophos or an independent certified accountant appointed by Sophos access to MSP’s premises and MSP’s books of account and records at any time on reasonable written notice during normal business hours for the purpose of inspecting, auditing, verifying, or monitoring the manner and performance of MSP’s obligations under this Agreement, including without limitation the payment of all applicable fees. If an audit reveals that MSP has underpaid fees, MSP shall be invoiced for and shall pay to Sophos within thirty (30) days of the date of invoice an amount equal to the shortfall between the fees due and those paid by MSP. If the amount of the underpayment exceeds five percent (5%) of the fees due or the audit reveals a violation of the restrictions in Clause 3.5 below, without prejudice to Sophos’s other rights and remedies, MSP shall also pay Sophos’s reasonable costs of conducting the audit.

3.4 MSP may make a reasonable number of copies of the Licensed Products and Service Software or any part thereof for backup or disaster recovery purposes provided that MSP reproduces Sophos’s proprietary notices on any such copies. Such restriction shall not prevent MSP or a Beneficiary from backing up or archiving Beneficiary’s data.

3.5 Restrictions.

Except as specifically permitted in this Agreement, MSP will not directly or indirectly (and will not allow Beneficiaries, Users, or a third party to):

3.5.1 use the Offerings to provide any service for the benefit of third parties other than Beneficiaries;

3.5.2 modify, adapt, or translate the Offerings except as necessary to (i) configure the Offerings using the menus, options, and tools provided for such purposes and contained in the Offerings; and (ii) develop custom filters using the Application Programming Interfaces (APIs) where contained in the Offerings or provided directly by Sophos for such purposes;

3.5.3 modify the Documentation except as necessary to produce or adapt manuals and/or other documentation for MSP’s or a Beneficiary’s internal information security purposes;

3.5.4 reverse engineer, disassemble, decompile, or create derivative works of the Offerings or otherwise attempt to derive or determine the source code or the logic therein, except to the extent that such restriction is prohibited by applicable law;

3.5.5 use, sub-license, or provide access to Offerings for which Sophos has not received the applicable fees;

3.5.6 sub-license, resell, rent, lease, distribute, market, or commercialize all or any portion of the Offerings except as provided under this Agreement, unless MSP enters into a separate agreement with Sophos for such purposes;

3.5.7 use or allow use of the Offerings in or in association with safety critical applications where the failure of the Offerings to perform can reasonably be expected to result in a physical injury, loss of property, or loss of life;

3.5.8 remove, alter, or obscure any proprietary rights notices contained in or affixed to the Offerings;

3.5.9 attempt to disrupt, degrade, impair, or violate the integrity, security, or performance of the Offerings;

3.5.10 use the Offerings to store, transmit, or propagate any viruses, software routines, or other code designed to permit unauthorized access; to disable, erase, or otherwise harm software, hardware, or data; or to perform any other harmful actions;

3.5.11 in relation to the Services, take any action that imposes or may impose an unreasonable or disproportionately large load on Sophos’s infrastructure, as determined by Sophos in its sole discretion;

3.5.12 disable or circumvent any monitoring or billing mechanism related to the Offerings; or

3.5.13 access or use, or provide access and use of, the Offerings in a manner that violates applicable law or regulation, infringes third party rights, or violates the terms and conditions of this Agreement.

3.6 The Offerings are not designed for the storage of regulated data of any kind, including but not limited to health or payment card data. Furthermore, if MSP’s or a Beneficiary’s access and use of the Offerings requires MSP or a Beneficiary to comply with industry-specific data security or data protection obligations, MSP will be solely responsible for such compliance. MSP may not use the Offerings in a way that would subject Sophos to those industry-specific regulations without obtaining Sophos’ prior written agreement.

3.7 Use of Sophos Trademarks.

3.7.1 Sophos grants to MSP a non-exclusive, royalty-free license during the term of this Agreement to use and display the Sophos Trademarks in the Territory solely for the purpose of using, marketing, and promoting the Offerings in compliance with the terms and conditions of this Agreement, including to use and display Sophos Trademarks on Sophos Materials.

3.7.2 MSP acknowledges Sophos’s exclusive ownership of the Sophos Trademarks and that use of any of the Sophos Trademarks by MSP will inure to the sole benefit of Sophos. MSP will not do or permit to be done any act or thing inconsistent with such ownership and will not acquire or claim, or assist third parties in acquiring or claiming, any title in or to any of the Sophos Trademarks, including by virtue of this Agreement or through MSP’s use of the Sophos Trademarks. In addition, MSP hereby agrees that it will not directly or indirectly undertake any action that in any manner might question, contest, challenge, infringe or impair the validity, enforceability, scope of rights or title of Sophos in any of the Sophos Trademarks at any time during the term of this Agreement and thereafter.

3.7.3 During the term of this Agreement and thereafter, MSP will not adopt or use any word, name, mark, symbol, other designation or trade style which, in Sophos’s sole and reasonable opinion, is likely to cause confusion or dilute any of the Sophos Trademarks, and will not make any unlicensed use of trademarks or service marks which, in Sophos’s sole and reasonable opinion, is confusingly similar to or dilutive of any of the Sophos Trademarks. In addition, MSP agrees that it will not use any of the Sophos Trademarks in combination with any word, name, mark, symbol, other designation or trade style so as to create a composite mark, unless Sophos explicitly authorizes such use in writing. MSP will not apply for or register as domain names any trademarks or domain names identical or confusingly similar to the Sophos Trademarks.

3.7.4 MSP agrees that any goods or services (including MSP Services) offered by MSP in connection with the Sophos Trademarks will be at least equal in quality to Sophos’s goods and services. Sophos will have the right to audit MSP’s use of the Sophos Trademarks and the quality of the goods and services (including MSP Services) offered in connection with the Sophos Trademarks. Upon Sophos’s request, MSP will provide Sophos with samples of any marketing or other materials containing, or identified by, the Sophos Trademarks. If Sophos notifies MSP that any such materials or offerings do not comply with this Agreement or Sophos’s then-current marketing and trademark guidelines (available at https://www.sophos.com/brand and upon request, and as modified from time to time by Sophos in its sole discretion), MSP will immediately correct and remedy any defects in its use of the Sophos Trademarks or cease use of the Sophos Trademarks.

3.8 Use of MSP Trademarks. MSP grants to Sophos a non-exclusive, royalty-free license during the term of this Agreement to use and display the MSP Trademarks as provided or enabled by MSP solely for the purpose of using, marketing, and promoting the Offerings as requested by MSP, including to use and display MSP Trademarks on Sophos Materials upon MSP’s request. With Sophos’s prior consent, during the term of this Agreement MSP may use and display MSP Trademarks on Sophos Materials in compliance with the terms and conditions of this Agreement.

4. MAINTENANCE AND SUPPORT

4.1 Sophos will provide Maintenance including Enhanced Partner Support (as described in the Documentation on the Partner Portal or otherwise provided upon request) to MSP during the term of this Agreement. Additional technical support packages may be available for an additional fee.

4.2 All requests for technical support from Sophos must come from MSP and not from a Beneficiary.

4.3 Any custom or sample code, files or scripts (“Fixes”) provided by Sophos as part of the provision of technical support which do not form part of its standard commercial offering may only be used in conjunction with the Offering for which such Fixes were developed.

4.4 From time to time, Sophos performs scheduled maintenance to update the servers, software, and other technology that are used to provide the Services and will use commercially reasonable efforts to provide prior notice of such scheduled maintenance. MSP acknowledges that, in certain situations, Sophos may need to perform emergency maintenance of the Services without providing prior notice.

5. SOPHOS WARRANTIES; DISCLAIMER OF WARRANTIES

5.1 Warranty for Licensed Products. For a warranty period of ninety (90) days from the execution of this Agreement (“Warranty Period”), Sophos warrants to MSP only that: (i) if properly used and installed, the Licensed Products will perform substantially in accordance with the Documentation on the designated operating system(s), and (ii) the Documentation will adequately describe the operation of the Licensed Products in all material respects.

5.2 Warranty for Services. Sophos warrants to MSP only that: (i) it will provide Services using commercially reasonable skill and care, and (ii) the Services will materially conform to the Documentation.

5.3 Exclusions. The above warranties will not apply if: (i) the Licensed Product or Service has not been used in accordance with the terms and conditions of this Agreement and the Documentation; (ii) the issue has been caused by failure of MSP (as applicable) to apply Updates, Upgrades, or any other action or instruction recommended by Sophos; (iii) the issue has been caused by the act or omission of, or by any materials supplied by, MSP, a Beneficiary, or any third party; (iv) the issue results from any cause outside of Sophos’s reasonable control; or (v) MSP fails to notify Sophos of a breach of the Licensed Products warranty within the Warranty Period or MSP fails to promptly notify Sophos of a breach of the Services warranty.

5.4 Remedy. Sophos’s entire liability, and MSP’s sole and exclusive remedy, for Sophos’s breach of the above warranties is for Sophos, at Sophos’s option, either to: (i) correct, repair, or replace the relevant Licensed Product, Documentation, or Service within a reasonable period of time; or (ii) provide or authorize a pro rata refund of the fees paid for the period in which Sophos was in breach of the applicable warranty.

5.5 Warranty Disclaimers.

5.5.1 EXCEPT FOR THE EXPRESS WARRANTIES CONTAINED IN THIS AGREEMENT, SOPHOS AND ITS THIRD-PARTY LICENSORS AND SUPPLIERS MAKE NO WARRANTIES, CONDITIONS, UNDERTAKINGS, OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, IN RELATION TO THE OFFERINGS, THIRD PARTY SOFTWARE, OR THIRD PARTY SERVICES, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, UNINTERRUPTED USE, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR ARISING FROM COURSE OF DEALING, USAGE OR TRADE. WITHOUT LIMITING THE FOREGOING, SOPHOS DOES NOT WARRANT THAT THE OFFERINGS WILL: (A) MEET MSP’S OR BENEFICIARIES’ REQUIREMENTS; (B) BE ERROR FREE, FAILSAFE, OR UNINTERRUPTED; OR (C) DETECT, CORRECTLY IDENTIFY, AND/OR REMEDIATE ALL THREATS OR INDICATORS OF COMPROMISE, APPLICATIONS (WHETHER MALICIOUS OR OTHERWISE), OR OTHER COMPONENTS. FURTHER, SOPHOS DOES NOT WARRANT THAT MSP OR ANY BENEFICIARY IS ENTITLED TO BLOCK ANY THIRD PARTY APPLICATIONS; THAT MSP OR ANY BENEFICIARY IS ENTITLED TO ENCRYPT OR DECRYPT ANY THIRD PARTY INFORMATION; OR THAT DEFECTS IN THE OFFERINGS WILL BE CORRECTED. SOPHOS DISCLAIMS ANY RESPONSIBILITY FOR ISSUES RELATED TO THE PERFORMANCE, OPERATION, OR SECURITY OF THE OFFERINGS THAT ARISE FROM MSP CONTENT, THIRD PARTY SOFTWARE, THIRD PARTY SERVICES, OR ANY OTHER SERVICES PROVIDED BY THIRD PARTIES, OR FOR ANY INTERCEPTION OR INTERRUPTION OF ANY COMMUNICATIONS THROUGH THE INTERNET, NETWORKS, OR SYSTEMS OUTSIDE SOPHOS’S CONTROL.

5.5.2 MSP ACKNOWLEDGES AND AGREES THAT MSP AND BENEFICIARIES SHALL BE SOLELY RESPONSIBLE FOR PROPER BACK-UP OF ALL DATA AND THAT MSP AND BENEFICIARIES SHALL TAKE APPROPRIATE MEASURES TO PROTECT SUCH DATA. SOPHOS AND ITS THIRD PARTY LICENSORS ASSUME NO LIABILITY OR RESPONSIBILITY WHATSOEVER IF DATA IS LOST OR CORRUPTED.

5.5.3 MSP FURTHER ACKNOWLEDGES AND AGREES THAT MSP IS SOLELY RESPONSIBLE FOR ANY CLAIMS, WARRANTIES, OR REPRESENTATIONS MADE BY MSP, ITS EMPLOYEES, OR AGENTS.

6. MSP WARRANTIES; MSP’S EXCLUSIVE RELATIONSHIP WITH BENEFICIARIES

6.1 MSP warrants and agrees that it shall:

6.1.1 subject to Clause 6.2, ensure that all Beneficiaries are bound by a Beneficiary Agreement;

6.1.2 ensure that each Beneficiary Agreement contains provisions permitting Sophos and its Affiliates (a) to provide Offerings to Beneficiaries as a supplier to MSP (as applicable); and (b) to access MSP Content as reasonably necessary to provide Offerings to Beneficiaries;

6.1.3 not distribute any Credentials provided by Sophos to Beneficiaries or any other third parties; and

6.1.4 ensure that Beneficiaries receive Updates and Upgrades for Products and Service Software promptly and in any event within 24 hours after Sophos makes such Updates and Upgrades available.

6.2 Sophos shall have no liability to MSP arising from the terms and conditions in a Beneficiary Agreement. MSP acknowledges and agrees that Sophos has no contractual relationship with Beneficiaries, and accordingly Sophos’s sole and exclusive liability shall be to MSP.

7. INDEMNIFICATION

7.1 Indemnification by Sophos. Sophos will: (i) defend, indemnify, and hold MSP harmless from any third party claim, action, suit or proceeding alleging that MSP’s access, use, or sub-licensing of the Offerings in accordance with the terms and conditions of this Agreement infringes such third party’s patent, trademark, or copyright; and (ii) reimburse MSP’s reasonable attorney’s fees and costs actually incurred and any damages finally awarded against MSP by a court of competent jurisdiction or agreed to by Sophos in a settlement. If any such third party claim or proceeding is made or appears likely to be made against MSP, Sophos, in its sole discretion, may: (i) procure the right for MSP to continue access, use, and sub-licensing of the applicable Offering in accordance with the terms and conditions of this Agreement; or (ii) modify or replace the applicable Offering to be non-infringing without material decrease in functionality. If Sophos, in its sole discretion, determines that neither of the foregoing options is commercially reasonable, Sophos may terminate MSP’s license and right to access, use, and sub-license the applicable Offering upon notice to MSP and provide or authorize a pro rata refund of fees paid for such Offering which (i) relate to the period after the date of termination in the case of subscription term Offerings, and (ii) is depreciated on a straight line five (5) year basis commencing on the date of purchase in the case of perpetual term Offerings.

7.2 Exclusions. Sophos will have no indemnity obligation for any claim or proceeding if: (i) MSP does not, at the written request of Sophos, promptly cease to access and use the applicable Offering and require Beneficiaries promptly to do the same; (ii) MSP, without the prior written consent of Sophos, acknowledges the validity of or takes any action which might impair the ability of Sophos to contest the claim or proceeding; (iii) the infringement arises due to modification of the Offering by anyone other than Sophos; access or use of the Offering other than in accordance with the Documentation or in a manner that violates the terms of this Agreement; or combination, operation, or use of the Offering with non-Sophos products, services, or business processes, if the claim would not have occurred but for such combination, operation, or use; (iv) the claim is raised based on access, use, or possession in or from a country that is not a party to the World Intellectual Property Organization (WIPO) treaties on patents, trademarks and copyrights; or (v) the claim is based on MSP Content, Third Party Products, or Third Party Services.

7.3 Indemnification by MSP. MSP will indemnify, defend, and hold harmless Sophos, its Affiliates, and their officers, directors, employees, contractors, and agents against any claims, liabilities, and expenses (including court costs and reasonable attorneys’ fees) that are incurred as a result of or in connection with: (i) MSP Content; (ii) a breach of Clause 3.6 or MSP’s representations and warranties under this Agreement; (iii) MSP’s or a Beneficiary’s access or use of the Offerings in a manner not expressly permitted by this Agreement; (iv) MSP’s or a Beneficiary’s violation of any third party rights; (v) MSP’s or a Beneficiary’s violation of applicable laws or regulations; or (vi) any work product created in reliance on the Offering and use of such work product by MSP, a Beneficiary, or a third party.

7.4 Indemnification Procedures. The indemnified party (“Indemnitee”) will: (i) promptly notify the indemnifying party (“Indemnitor”) in writing of any indemnifiable claim; (ii) give Indemnitor all reasonable assistance, at Indemnitor’s expense; and (iii) give Indemnitor sole control of the defense and settlement of the claim. Any settlement of a claim will not include a specific performance obligation other than the obligation to promptly cease using the Product or Service, or an admission of liability by the Indemnitee, without the Indemnitee’s consent. The Indemnitee may join in the defense of an indemnifiable claim with counsel of its choice at its own expense.

7.5 CLAUSES 7.1 – 7.4 SET OUT MSP’S SOLE REMEDY AND THE WHOLE LIABILITY OF SOPHOS IN THE EVENT THAT THE OFFERINGS ARE ALLEGED TO INFRINGE THE PATENTS, TRADEMARKS, COPYRIGHTS, OR OTHER INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.

8. LIMITATION OF LIABILITY

8.1 MSP AND EACH BENEFICIARY USES THE OFFERINGS AT MSP’S AND SUCH BENEFICIARY’S OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL SOPHOS, ITS AFFILIATES, OR ANY OF THEIR THIRD PARTY LICENSORS AND SUPPLIERS BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES OF ANY KIND, INCLUDING, BUT NOT LIMITED TO, LOSS OF PROFITS, LOSS OF CONTRACTS, BUSINESS INTERRUPTIONS, LOSS OF OR CORRUPTION OF DATA HOWEVER CAUSED, EVEN IF THE DAMAGES WERE FORESEEABLE OR SOPHOS OR ITS AFFILIATES HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8.2 IN NO EVENT WILL THE AGGREGATE LIABILITY OF SOPHOS OR ITS AFFILIATES FOR DIRECT DAMAGES ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE OFFERINGS EXCEED A SUM EQUAL TO THE FEES PAID OR PAYABLE BY MSP IN THE TWELVE (12)-MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

8.3 THE LIMITATIONS AND EXCLUSIONS OF LIABILITY IN THIS CLAUSE 8 APPLY: (A) WHETHER SUCH CLAIMS ARISE UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE), EQUITY, STATUTE, OR OTHERWISE; AND (B) NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY REMEDY. NOTHING IN THIS AGREEMENT LIMITS OR EXCLUDES ANY LIABILITY WHICH CANNOT BE LIMITED OR EXCLUDED UNDER APPLICABLE LAW.

9. THIRD PARTY SOFTWARE AND SERVICES

9.1 Third Party Software. The Products may operate or interface with software or other technology that is licensed to Sophos from third parties (“Third Party Software”). MSP agrees that: (i) MSP and the Beneficiaries will use such Third Party Software in accordance with this Agreement; (ii) no third party licensor makes any warranties, conditions, undertakings or representations of any kind, either express or implied, to MSP or the Beneficiaries concerning such Third Party Software or the Products themselves; (iii) no third party licensor will have any obligation or liability to MSP or the Beneficiaries as a result of this Agreement or use of such third party software; (iv) the third party licensor is a beneficiary of this Agreement and accordingly may enforce the terms and conditions herein to the extent necessary to protect its rights in relation to the Third Party Software; and (v) such Third Party Software may be licensed under license terms which grant MSP and the Beneficiaries additional rights or contain additional restrictions in relation to such materials, beyond those set forth in this Agreement, and such additional license rights and restrictions are described or linked to in the applicable Documentation, the relevant Sophos webpage, or within the Product itself. For the avoidance of any doubt, such additional rights and/or restrictions apply to the Third Party Software on a standalone basis; nothing in such third party licenses shall affect MSP’s use or Beneficiaries’ use of the Products in accordance with the terms and conditions of this Agreement.

9.2 MSP acknowledges that certain Products include Java software (“Java”) from Oracle Corporation (“Oracle”). If the Documentation indicates that the Product includes Java as part of the Licensed Product: (i) the following additional required terms from Oracle apply to MSP’s and Beneficiaries’ use of Java; and (ii) MSP’s agreement with Beneficiaries must include the following notice:

Use of the Commercial Features for any commercial or production purpose requires a separate license from Oracle. “Commercial Features” means those features that are identified as such in the Licensing Information User Manual – Oracle Java SE and Oracle Java Embedded Products Document, accessible at https://www.oracle.com/technetwork/java/javase/documentation/index.html, under the “Description of Product Editions and Permitted Features” section.

9.3 MSP acknowledges that Google Maps / Google Earth Additional Terms of Service (including the Google Privacy Policy) apply to MSP’s and Beneficiaries’ use of Sophos Central Wireless.

9.4 Third Party Services. The Services may enable or require MSP or a Beneficiary to associate its Service account with, link to, or otherwise access, third parties’ websites, platforms, content, products, services, or information (“Third Party Services”). Third Party Services are not part of the Service, and Sophos does not control and is not responsible for the Third Party Services. MSP and Beneficiaries are solely responsible for: (i) obtaining and complying with any terms of access and use of the Third Party Services, including any separate fees or charges imposed by the provider of the Third Party Services; and (ii) configuring the Third Party Services appropriately. Sophos disclaims all responsibility and liability arising from or related to MSP’s or Beneficiaries’ access or use of the Third Party Services, including any impact on Service capabilities as a result of any use of, or reliance upon, the Third Party Services.

10. COMPLIANCE

10.1 Sanctions and Export Control Laws

MSP hereby:

10.1.1 agrees that in connection with MSP’s use and sublicensing of the Offerings it will comply, and will ensure that its relevant personnel comply, with all Sanctions and Export Control Laws;

10.1.2 represents and warrants that neither MSP nor any party that owns or controls, or is owned or controlled by, MSP is (i) ordinarily resident in, located in, or organized under the laws of any country or region subject to economic or financial sanctions or trade embargoes imposed, administered, or enforced by the European Union, the United Kingdom, or the United States; (ii) an individual or entity on the Consolidated List of Persons, Groups, and Entities Subject to European Union Financial Sanctions; the U.S. Department of the Treasury's List of Specially Designated Nationals and Blocked Persons or Foreign Sanctions Evaders List; the U.S. Department of Commerce's Denied Persons List or Entity List; or any other sanctions or restricted persons lists maintained by the European Union, the United Kingdom, or the United States; or (iii) otherwise the target or subject of any Sanctions and Export Control Laws;

10.1.3 represents and warrants that it will not export, re-export, transfer, or otherwise make available the Offerings, directly or indirectly, to any country, region, individual or entity described in Clause 10.1.2 or in violation of, or for purposes prohibited by, Sanctions and Export Control Laws, including for proliferation-related end uses, and that it has adequate policies, procedures, and controls in place to comply with Clause 10.1.3;

10.1.4 agrees that it will use its best efforts to ensure that any Beneficiary who is authorized by MSP to access and use the Offerings complies with Clause 10.1.3, including, but not limited to, requiring any Beneficiary to agree to comply with the requirements of Clause 10.1.3;

10.1.5 understands and agrees that Sophos shall have no obligation to provide any Updates, Upgrades, or services related to the Offerings where Sophos believes the provision of such Updates, Upgrades, or services could violate Sanctions and Export Control Laws;

10.1.6 agrees to immediately notify Sophos if it becomes aware that it or any of its personnel may have breached any Sanctions and Export Control Laws in connection with its access and use of the Offerings, or if it becomes aware that any Offering that it has provided, directly or indirectly, to a Beneficiary has been exported, re-exported, transferred, or otherwise made available in violation of Clause 10.1.3;

10.1.7 agrees to provide notice to Sophos in a commercially reasonable timeframe and manner (if not herein elsewhere stated with specificity) of any governmental action or communication MSP receives or becomes aware of concerning Sanctions and Export Control Laws relating to the Offerings, unless prohibited by law or compulsory government process;

10.1.8 agrees that while information about the classification of Offerings for export purposes is available at https://www.sophos.com/en-us/legal/export and Sophos will use reasonable endeavors to maintain the information on such webpage, it is responsible for seeking its own legal advice and ensuring its own compliance in relation to all applicable Sanctions and Export Control Laws;

10.1.9 agrees that in the event that the sale, supply, export, re-export or transfer of all or part of the Offerings under this Agreement is subject to Sophos obtaining or using an export license, it will provide promptly upon request all assistance or documentation required by Sophos, including, as appropriate, an accurately completed end user undertaking or consignee undertaking;

10.1.10 agrees that it will be solely responsible for fulfilling all the requirements of the authorities in all jurisdictions to which the Offerings will be supplied for the licensing, registration or other authorization for the sale, supply, import, re- export, transfer, use, disclosure or transport of the Offerings; and

10.1.11 agrees that it will indemnify and hold Sophos harmless from and against any claim, loss, liability or damage suffered or incurred by Sophos resulting from or related to MSP’s breach of this Clause 10.1, and that breach of this Clause 10.1 may be considered cause for immediate termination of this Agreement.

Further details are available at https://www.sophos.com/en-us/legal/export.

10.2 Import. MSP acknowledges and agrees that it is solely responsible for complying with any local import rules and regulations, including but not limited to obtaining any approvals and licenses that may be required.

10.3 Anti-Bribery and Fair Competition. Each party warrants that neither it nor any of its officers, employees, agents, representatives, contractors, intermediaries nor any other person or entity acting on its behalf will take any action, directly or indirectly, that would constitute an offense under (i) the United Kingdom Bribery Act 2010, the United States Foreign Corrupt Practices Act 1977 or any other applicable anti-bribery and anti-corruption laws or regulations anywhere in the world, or (ii) any rules of fair competition.

10.4 ANY BREACH OF CLAUSE 10 BY MSP SHALL BE A MATERIAL BREACH INCAPABLE OF REMEDY AND CONSIDERED CAUSE FOR IMMEDIATE TERMINATION OF THIS AGREEMENT. In addition, MSP agrees to indemnify and hold Sophos harmless from and against any claim, loss, liability or damage suffered or incurred by Sophos resulting from or related to a violation of Clause 10 by MSP or a Beneficiary.

11. TERM AND TERMINATION

11.1 This Agreement shall commence upon MSP’s acceptance of these terms and conditions and continue unless and until terminated in accordance with the express provisions set out herein.

11.2 Termination of Agreement for Convenience. Either party may terminate this Agreement for convenience at any time upon thirty (30) days’ prior written notice, except that if MSP has purchased advance subscriptions, each advance subscription shall continue under the terms and conditions of this Agreement until the expiration of the relevant subscription period as stated on the Schedule.

11.3 Termination of Agreement for Cause. Sophos may terminate this Agreement immediately upon written notice if: (i) Sophos does not receive the fees (in whole or in part) from MSP or the authorized distributor in accordance with the agreed payment terms; (ii) MSP fails to comply with any of the terms and conditions of this Agreement; or (iii) MSP takes or suffers any action on account of debt or becomes insolvent.

11.4 Effects of Termination of Agreement

11.4.1 Termination of this Agreement shall not relieve MSP of its obligations to pay all fees that have accrued or are otherwise owed by MSP to Sophos (or the authorized distributor, as applicable). All fees paid are non-refundable to the maximum extent allowed by applicable law.

11.4.2 Except as otherwise set forth in this Agreement, within one (1) month after the date of termination of this Agreement, MSP shall supply written certification to Sophos confirming (i) the destruction by MSP and all Beneficiaries of all partial and complete copies of the Licensed Products, and (ii) MSP’s termination of all Beneficiaries’ ability to access and use the Services.

11.4.3 Except as otherwise set forth in this Agreement, all rights of MSP and its Beneficiaries to access and use the Offerings and use Sophos Trademarks will automatically cease upon termination of this Agreement.

11.5 Effects of Expiration or Termination of Beneficiary Agreement. Upon expiration or termination of a Beneficiary Agreement, MSP will promptly (i) remove the Offerings from the Beneficiary’s premises, unless title to the Offering has transferred to the Beneficiary in accordance with the terms of this Agreement; (ii) immediately disable all Beneficiary access to or use of the Offerings, including removing any Beneficiary custom settings, software, and data from the Sophos network; (iii) request Sophos to stop providing Services directly to Beneficiaries (as applicable); and/or (iv) transfer the Offerings to another Beneficiary as permitted under this Agreement. For certain Products, Sophos may download and return the data upon request and for a reasonable fee to be agreed in writing in advance. Sophos reserves the right to delete data that has not been removed.

11.6 No Damages for Termination. Termination of this Agreement by either party in accordance with its terms shall not give the other party any right to compensation, damages, loss of profits or prospective profits, or incidental or consequential losses of any kind or nature whatsoever. Except as otherwise set forth in this Agreement, neither party will be liable to the other on account of expiration or termination of this Agreement for reimbursement or damages for loss of goodwill, prospective profits, or anticipated sales, or on account of any expenditures, investments, translations, localizations, leases or commitments made by either party or for any other reason based on or arising out of such expiration or termination.

11.7 Suspension of Service. Sophos may immediately suspend MSP’s and Beneficiaries’ access and use of the Service, or portions of the Service, if: (a) Sophos believes there is a significant threat to the functionality, security, integrity, or availability of the Service to MSP, Beneficiaries, or to other Sophos customers; (b) MSP or a Beneficiary accesses or uses the Service in violation of Clause 3.5 (Restrictions); (c) MSP fails to pay the fee for access and use of the Service to Sophos or the distributor (as applicable) in accordance with the agreed payment terms; or (d) Sophos reasonably believes that MSP or a Beneficiary is violating or has violated the provisions of Clause 10.1 (Sanctions and Export Control Laws) in connection with access and use of the Service. When reasonably practicable and lawfully permitted, Sophos will provide MSP with advance notice of any such Service suspension. Sophos will use reasonable efforts to re-establish the Service promptly after it determines that the issue causing the suspension has been resolved. Any Service suspension under this Clause shall not excuse MSP’s payment obligations under this Agreement.

11.8 Survival. The following Clauses, together with any terms necessary for the interpretation or enforcement of this Agreement, will survive termination or expiration of this Agreement: 1 (Definitions), 2 (Intellectual Property Rights and Ownership); 3.7.2 – 3.7.3; 5.5 (Warranty Disclaimers); 6 (MSP Warranties; MSP’s Exclusive Relationship with Beneficiaries); 7 (Indemnification); 8 (Limitation of Liability); 10 (Compliance); 11.4 (Effects of Termination of Agreement); 11.5 (Effects of Expiration or Termination of Beneficiary Agreement); 11.6 (No Damages for Termination); 12.1 for five (5) years; 12.3; 12.5 (Usage Data and Threat Intelligence Data); 13 (General); and Appendix 2.

12. CONFIDENTIALITY AND DATA PROTECTION

12.1 Each party acknowledges that it and its Affiliates (“Receiving Party”) may have access to Confidential Information of the other party and its Affiliates (“Disclosing Party”) in connection with this Agreement. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own Confidential Information of like kind (but not less than reasonable care). The Receiving Party agrees to (i) not use any Confidential Information for any purpose other than to perform its obligations and exercise its rights under this Agreement, and (ii) restrict dissemination of Confidential Information only to individuals or third parties with a “need to know” such information and who are under a substantially similar duty of confidentiality. A Receiving Party may disclose the Disclosing Party’s Confidential Information in any legal proceeding or as required as a matter of applicable law or regulation (such as in response to a subpoena, warrant, court order, governmental request, or other legal process); provided, however, that to the extent permitted by applicable law, the Receiving Party will (1) promptly notify the Disclosing Party before disclosing the Disclosing Party’s Confidential Information; (2) reasonably cooperate with and assist the Disclosing Party, at the Disclosing Party’s expense, in any efforts by the Disclosing Party to contest the disclosure; and (3) disclose only that portion of the Disclosing Party’s Confidential Information that is legally required to be disclosed. Notwithstanding the foregoing, a Disclosing Party’s Confidential Information will not include information that: (a) is or becomes a part of the public domain through no act or omission of the Receiving Party; (b) was in the Receiving Party’s lawful possession prior to the disclosure by the Disclosing Party and had not been obtained by the Receiving Party either directly or indirectly from the Disclosing Party; (c) is lawfully disclosed to the Receiving Party by a third party without restriction on the disclosure; or (d) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information.

12.2 Sophos reserves the right to disclose details of this Agreement to third parties for publicity and promotional purposes, and MSP expressly gives Sophos permission to include and publish MSP’s name and logo on lists of Sophos’s partners.

12.3 MSP acknowledges and agrees that Sophos may contact Beneficiaries if: (i) this Agreement has been terminated; (ii) Sophos has not received the fees for such Beneficiary’s use of the Offerings; or (iii) MSP requests Sophos to provide Offerings directly to Beneficiaries. Sophos may, in its discretion, decide to continue to support Beneficiaries (either directly or via a third party) and allow them to use Offerings where MSP has been unable to do so for reasons of insolvency or otherwise.

12.4 MSP agrees that Sophos may send promotional emails to MSP to provide information about other goods and services in which MSP may be interested. MSP may notify Sophos that it wishes to withdraw its permission for such promotional emails at any time by sending an email to [email protected].

12.5 Usage Data and Threat Intelligence Data. Sophos may collect, access, use, process, transmit, or store Usage Data for: (a) product improvement; (b) research and development purposes; (c) performing its obligations under this Agreement and verifying MSP’s compliance with this Agreement; (d) issuing alerts and notices to MSP about incidents and product lifecycle changes; and (e) deriving statistical data using information that is aggregated, anonymized, de-identified, or otherwise rendered not reasonably associated or linked to an identifiable individual or to MSP, Beneficiaries, or Users. Sophos retains all intellectual property rights in such statistical data. Sophos may share threat intelligence data (including from MSP Content, if it is anonymized, de-identified, or otherwise rendered not reasonably associated or linked to an identifiable individual, or to MSP, Beneficiaries, or Users) with selected reputable members of the IT industry for the purposes of promoting awareness of security risks, and anti-spam and security threat research.

12.6 Sophos requires, and the MSP agrees to provide, complete and accurate identification information and (where applicable) payment information for the purposes of: (i) providing technical support, (ii) billing, (iii) verifying Credentials, (iv) issuing license expiry and renewal notices, (v) carrying out compliance checks to ensure compliance with Sanctions and Export Control Laws, and (vi) providing account management.

12.7 The Data Processing Addendum (“DPA”) located at https://www.sophos.com/en-us/legal/data-processing-addendum is incorporated by reference into this Agreement if the provision of any Offerings by Sophos to MSP hereunder constitutes any "processing" by Sophos of any "personal data", but only to the extent such processing falls within the scope of "Applicable Data Protection Laws" (each term as defined in the DPA). In the event of any conflict between the terms of the DPA and this Agreement, the terms of the DPA will take precedence.

12.8 MSP acknowledges and agrees that it may be necessary under applicable law for MSP to inform and/or obtain consent from Beneficiaries before it intercepts, accesses, monitors, logs, stores, transfers, exports, blocks access to, and/or deletes their communications. MSP is solely responsible for compliance with such laws.

12.9 MSP warrants that it has obtained all necessary consents (if any) and provided all necessary notifications to share relevant data and information with Sophos for the purposes described in this Clause 12.

12.10 Each party shall take appropriate technical and organizational measures against unauthorized or unlawful processing of personal data or its accidental loss, destruction or damage.

12.11 MSP agrees to indemnify, defend, and hold Sophos harmless from and against any and all losses, claims, damages, costs, charges, expenses, liabilities, demands, proceedings, and actions that arise in relation to MSP’s failure to comply with this Clause 12.

13. GENERAL

13.1 During the term of this Agreement, MSP shall at all times comply with the terms and conditions of this Agreement. In addition, MSP shall (i) comply with MSP enrollment, training and certification requirements as listed on the Partner Portal, and (ii) upon Sophos’s request, co-brand promotional materials (such as collateral, presentations and press releases) using the phrase “powered by Sophos” and the Sophos Trademarks in accordance with the terms of this Agreement.

13.2 No Agency. Any distributor from whom MSP may have purchased the Offerings is not appointed or authorized by Sophos as its servant or agent. No such person has any authority, either express or implied, to enter into any contract or provide MSP with any representation, warranty or guarantee or to translate or modify this Agreement in any way on behalf of Sophos, or otherwise to bind Sophos in any way whatsoever.

13.3 Feedback. MSP has no obligation to provide Sophos with ideas, suggestions, concepts, or proposals relating to the Offerings or Sophos's business (‘Feedback’). However, if MSP provides Feedback to Sophos, MSP grants Sophos a non-exclusive, perpetual, irrevocable, worldwide, sub-licensable, transferable, and royalty-free right and license to make, use, sell, market, have made, offer to sell, import, reproduce, publicly display, transmit, distribute, modify, publicly perform, and otherwise exploit such Feedback, in whole or in part, for any purpose, including combining the Feedback with other materials and/or products and making derivative works of or alterations to the Feedback in any manner or format whatsoever, without any reference, obligation, or remuneration to MSP. All Feedback shall be deemed non-confidential to MSP. MSP shall not provide to Sophos any Feedback it has reason to believe is or may be subject to the intellectual property claims or rights of a third party.

13.4 Assignment. MSP may not transfer or assign its rights or obligations under this Agreement without Sophos’s prior written consent. Sophos may in its sole discretion assign, novate, subcontract or otherwise transfer any of its rights or obligations hereunder.

13.5 Licensing and Affiliate Distribution. Sophos is the licensor of the Offerings and its group Affiliates distribute the Offerings on a regional basis. MSP shall purchase through Sophos or the relevant local Sophos Affiliate as set out in Appendix 3. Sophos or the relevant Sophos Affiliate may update Appendix 3 at any time upon written notice to MSP.

13.6 Product Changes. MSP acknowledges and agrees that Sophos may vary, Update or discontinue Products, Product versions, Product features, Product support, Product Maintenance, and support for Third Party Software (including without limitation operating systems and platforms) from time to time for reasons including but not limited to changes in demand, security and technology. Sophos will publish the date(s) of planned discontinuation at: https://www.sophos.com/en-us/support. Sophos recommends that MSP always uses the latest Product, Product version and/or Third Party Software, as applicable.

13.7 Service and Service Description Changes. MSP acknowledges and agrees that Sophos may modify or update (i) the Services from time to time without materially reducing or degrading their overall functionality, and (ii) the Service Descriptions at any time to accurately reflect the Services being provided.

13.8 Agreement Changes. SOPHOS RESERVES THE RIGHT TO UNILATERALLY MODIFY THE TERMS AND CONDITIONS OF THIS AGREEMENT AT ANY TIME BY NOTICE TO MSP. Notice includes, but is not limited to, posting a revised version of this Agreement to the Sophos website at https://www.sophos.com/en-us/legal and/or email announcements sent to MSP representatives.

13.9 Waiver. Failure by either party to enforce any particular term or condition of this Agreement shall not be construed as a waiver of any of its rights under it.

13.10 Severability. The illegality, invalidity or unenforceability of any part of this Agreement will not affect the legality, validity or enforceability of the remainder.

13.11 Entire Agreement. In the event that MSP has purchased products under a previous V1 or V2 MSP agreement between the parties, such V1 or V2 agreement shall continue to apply to those products until expiration or termination of such agreement. Otherwise, this Agreement constitutes the entire agreement between the parties in relation to the Offerings and supersedes all prior or contemporaneous oral or written communications, agreements or representations with respect to such Offerings, except for any oral or written communications, agreements or representations made fraudulently.

13.12 Certification of Compliance. MSP agrees to provide Sophos with a certification as to its compliance with this Agreement or any clause of this Agreement upon Sophos’s request and that failure to provide such certification within thirty (30) days of Sophos’s request may be considered cause for immediate termination of this Agreement.

13.13 Maintenance of Records. MSP will maintain accurate and legible records for a period of five (5) years from the date of any transaction undertaken under this Agreement and will provide Sophos with information reasonably requested by Sophos to review compliance with the terms of this Agreement. Failure to provide such information within thirty (30) days of Sophos’s request may be considered cause for immediate termination of this Agreement.

13.14 U.S. Government Agencies; Non-Waiver of Government Immunity. If MSP is an agency or other part of the U.S. Government or a U.S. state or local government agency, the Offerings and Documentation are considered “commercial computer software” and “commercial computer software documentation” for the purposes of FAR 12.212 and DFARS 227.7202, as amended, or equivalent provisions of agencies that are exempt from the FAR. Any use, modification, reproduction, release, performance, display, or disclosure of the Offerings and Documentation by the U.S. Government and U.S. state and local government agencies will be governed solely by this Agreement, and except as otherwise explicitly stated in this Agreement, all provisions of this Agreement shall apply to the U.S. Government and U.S. state and local government agencies. If MSP is a federal, state, or other governmental instrumentality, organization, agency, institution, or subdivision, the limitations of liability and MSP’s indemnity obligations herein shall apply only in the manner and to the extent permitted by applicable law, and without waiver of MSP’s constitutional, statutory, or other immunities, if any.

13.15 Enforceability; No Third Party Rights. Sophos and its Affiliates may enforce and benefit from the terms and conditions of this Agreement. Subject to the foregoing and Clauses 9.1(iv) and 13.5, any person who is not a party to this Agreement has no right to enforce any term of this Agreement, and the parties to this Agreement do not intend that any third party rights are created by this Agreement.

13.16 Language. If there are any inconsistencies between the English language version of this Agreement and any translated version, the English language version shall prevail.

13.17 Governing Law. In the event the MSP is located in:

THE UNITED STATES OF AMERICA, CANADA, OR LATIN AMERICA, this Agreement, the relationship between MSP and Sophos, and any dispute or claim arising out of or in connection with it, including without limitation non-contractual disputes or claims, shall be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts, U.S.A., without regard to its conflict of laws principles. The parties waive any right to a jury trial in any litigation arising out of or in connection with this Agreement; and

ANY OTHER COUNTRY, this Agreement, the relationship between MSP and Sophos, and any dispute or claim arising out of or in connection with it, including without limitation non-contractual disputes or claims, shall be governed by and construed in accordance with the laws of England and Wales, without regard to its conflict of laws principles.

The UN Convention on Contracts for the International Sale of Goods (CISG) shall not apply to this Agreement or to any dispute or transaction arising out of this Agreement.

13.18 Jurisdiction. In the event the MSP is located in:

THE UNITED STATES OF AMERICA, CANADA, OR LATIN AMERICA, the federal and state courts of the Commonwealth of Massachusetts, U.S.A. shall have exclusive jurisdiction to determine any dispute or claim which may arise out of, under, or in connection with this Agreement; and

ANY OTHER COUNTRY, the courts of England and Wales shall have exclusive jurisdiction to determine any dispute or claim which may arise out of, under, or in connection with this Agreement.

13.19 Nothing in Clause 13.18 shall limit the right of Sophos to initiate proceedings against MSP in any court of competent jurisdiction where deemed necessary by Sophos to (i) protect its intellectual property rights, (ii) protect its Confidential Information, and/or (iii) recover overdue payments.

13.20 Any notices required to be given in writing to Sophos or any questions concerning this Agreement should be addressed to Sophos Limited, Attn: The Legal Department, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom, with a copy to [email protected].

13.21 Force Majeure. The failure of a party to comply with any provision of this Agreement due to an act of God, hurricane, war, fire, riot, earthquake, terrorism, an act of a public enemy, actions of governmental authorities (excepting compliance with applicable codes and regulations) or other force majeure event will not be considered a breach of this Agreement.

Appendix 1 – Hardware

This Appendix 1 only applies if MSP purchases Hardware.

1. Sophos retains title to the Hardware until such time as MSP pays and Sophos receives the Hardware fee in full. Unless and until title to the Hardware has transferred to MSP in accordance with this Clause, MSP agrees to keep the Hardware free and clear of all claims, liens, and encumbrances, and any act by MSP, either voluntary or involuntary, purporting to create a claim, lien or encumbrance on the Hardware shall be void. MSP owns only the Hardware or media, if applicable, on which the Licensed Product is installed. MSP does not own the Licensed Product itself.

2. In the event that MSP fails to pay or Sophos does not receive the fee for the Hardware, Sophos may require MSP to return the Hardware to the return location indicated by Sophos, securely and properly packaged, with carriage (and insurance at MSP’s option) prepaid. If MSP fails to return the Hardware to the indicated location promptly, upon written notice Sophos will be entitled to enter MSP’s premises during normal business hours to repossess such Hardware.

3. Risk of loss passes to MSP upon shipment of the Hardware to MSP. Insurance, if any, covering the Hardware is the MSP’s sole responsibility.

4. MSP acknowledges that the Hardware is sold hereunder solely as the medium for delivery and operation of the Licensed Products and, unless otherwise agreed by the parties in writing, Sophos at its option may provide Hardware that is either new or refurbished.

5. MSP is solely responsible for complying with any applicable governmental regulations relating to waste, health and safety, including without limitation those that relate to the EC Directive on Waste Electrical and Electronic Equipment (2002/96/EC) ("WEEE") and The Restriction of the Use of Certain Hazardous Substances in Electrical and Electronic Equipment Regulations (2002/95/EC) ("RoHS") (as amended), in connection with MSP’s use, disclosure, transfer, transport and/or disposal of the Hardware.

6. Sophos offers a limited warranty for Hardware as set out in the Hardware Warranty Policy at: https://www.sophos.com/en-us/legal.

7. Use of the Sophos UTM Network Security Product. MSP acknowledges and agrees that the functionality of the Sophos UTM Product requires the complete erasure of the hard disk of the target device during installation, including without limitation the operating system resident thereon. By installing or enabling the Beneficiary to install the aforementioned Product, MSP expressly agrees that it shall ensure that the device on which such Product is to be installed does not contain any valuable data, the loss of which would cause damage to MSP or the Beneficiary, and Sophos expressly disclaims any liability for losses of any kind related to MSP’s failure to comply with this warning.

Appendix 2 – Fees

This Appendix 2 only applies if MSP purchases directly from Sophos or a Sophos Affiliate.

1. All fees are calculated in accordance with the relevant Price List for the Territory. Sophos or the relevant Sophos Affiliate may change the Price List from time to time without notice.

2. All Products are delivered FCA warehouse nominated by Sophos or the relevant Sophos Affiliate. Accordingly, the MSP is responsible for customs duties, delivery costs, export clearances, import clearances, and insurance costs.

3. For advance subscription purchases, Sophos or the relevant Sophos Affiliate shall invoice the fee for the entire subscription period in advance.

4. MSP Connect with Flex. As an alternative to Clause 3 above, for those eligible Offerings authorized by Sophos, MSP may elect to pay for the total actual usage for an individual Beneficiary each calendar month in arrears, provided that Sophos or the relevant Sophos Affiliate has approved MSP’s participation in Sophos MSP Connect with Flex in writing. Actual usage may vary from month to month. Sophos or the relevant Sophos Affiliate reserves the right to charge MSP a minimum fee of $50 (or equivalent in local currency) each calendar month, regardless of the actual usage. Where the Sophos MSP Connect with Flex Price List contains volume bands, the band shall be determined by the MSP’s total usage across all Beneficiaries for the product category. If MSP fails to pay Sophos or the relevant Sophos Affiliate by the due date, in addition to its other rights, Sophos or the relevant Sophos Affiliate may require that MSP revert to the purchase of advance subscriptions.

5. All payments shall be made in the currency identified on the invoice.

6. Payment of the fees shall be due within thirty (30) days of the date of the invoice.

7. If any sum payable under this Agreement is not paid when due, then without prejudice to Sophos’s or the relevant Sophos Affiliate’s other rights under this Agreement, that sum will bear interest from the due date until the date when payment is received by Sophos or the relevant Sophos Affiliate, both before and after any judgment, at the rate of 1.5% per calendar month.

8. All payments, fees and other charges payable by MSP to Sophos or the relevant Sophos Affiliate under this Agreement are exclusive of all taxes, levies and assessments of any jurisdiction. MSP agrees to bear and be responsible for the payment of all such taxes, levies and assessments imposed on MSP, Sophos, or the relevant Sophos Affiliate arising out of this Agreement, excluding any tax based on Sophos’s or the relevant Sophos Affiliate’s net income. If MSP is required to pay Sophos or the relevant Sophos Affiliate a lower amount under this Agreement because of any withholding or tax, MSP shall pay to Sophos or the Sophos Affiliate such grossed-up amount as would be necessary to provide Sophos or the Sophos Affiliate the full amount of the payment due after the deduction of any such withholding or tax imposed.

Appendix 3 – List of Sophos Affiliates

Sophos Managed Service Provider Agreement (21 November 2019)

Archived Versions

• 14 August 2019