|This version of the Sophos Managed Service Provider Agreement is archived and is no longer in effect. View the current version here.|
ONLY AN AUTHORIZED OFFICER CAN CLICK ‘AGREE’ ON BEHALF OF MSP.
BY CLICKING THE ‘AGREE’ OPTION IN THE REGISTRATION PROCESS, MSP WARRANTS THAT IT HAS FULL CORPORATE POWER AND AUTHORITY TO ENTER INTO THIS AGREEMENT AND DO ALL THINGS NECESSARY IN THE PERFORMANCE OF THIS AGREEMENT.
IF YOU DO NOT AGREE WITH ANY OF THE TERMS OR CONDITIONS OF THIS AGREEMENT, YOU WILL NOT HAVE THE STATUS OF A SOPHOS MSP AND YOU ARE NOT AUTHORIZED TO USE THE PRODUCTS OR SUB-LICENSE THE PRODUCTS TO BENEFICIARIES.
‘Beneficiary’ means a third party organization for which MSP is providing managed services in accordance with an agreement.
‘Beneficiary’s Internal Business Purpose’ means the internal business purpose of a Beneficiary relating specifically to the integrity of its systems, networks, documents, emails and other data.
‘Credentials’ means a system to restrict access including usernames and passwords.
‘Documentation’ means the formal Product documentation (whether electronic or printed) published by Sophos for each Product.
‘Hardware’ means the hardware Product itself, together with any related components (including but not limited to power supply modules, disk drives in carriers, ship kits and rack mount kits).
‘Licensed Products’ means all or each (as the context so allows) of those software programs which are issued to MSP (including without limitation software programs which are installed on the Hardware), together with the Documentation and any of the Upgrades and Updates to those software programs.
‘Maintenance’ means collectively (i) Upgrades and/or Updates (where applicable to the Product), (ii) SMS message processing (where applicable to the Product), and (ii) Enhanced Partner Support.
‘Partner Portal’ means the website for Sophos partners at https://partnerportal.sophos.com (or such other URL as Sophos may advise from time to time).
“Price List” means the Sophos recommended price list for Products (in the then current version applicable to MSP’s Territory) which is available via the Partner Portal or otherwise upon request.
‘Products’ means the Licensed Products and Hardware.
‘Sanctions and Export Control Laws’ means any law, regulation, statute, prohibition, or similar measure applicable to the Products and/or to either party relating to the adoption, application, implementation and enforcement of economic sanctions, export controls, trade embargoes or any other restrictive measures, including but not limited to those administered and enforced by the European Union, the United Kingdom, and the United States, each of which shall be considered applicable to the Products.
‘Schedule’ means the order confirmation or license certificate issued by Sophos which details the type, quantity and duration for the Product(s) licensed by MSP via an advanced subscription.
‘Sophos’ means Sophos Limited, a company registered in England and Wales number 2096520, with its registered office at The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP, UK.
‘Territory’ means the geographic area in which MSP may provide managed services to Beneficiaries. If MSP has its registered/principal office in the European Economic Area or Switzerland, then “Territory” shall mean the European Economic Area and Switzerland; or ii) if MSP has its registered/principal office elsewhere then “Territory” shall mean the country in which MSP’s registered/principal office is located or such other country that Sophos may notify to MSP from time to time.
‘Update’ means an update to the library of rules and/or identities and/or other updates to the detection data or software (excluding Upgrades) made available to MSP by Sophos at its sole discretion from time to time, but excluding any updates marketed and licensed by Sophos for a separate fee.
‘Upgrade’ means any enhancement or improvement to the functionality of the Product, Product version or Product feature made available to MSP by Sophos at its sole discretion from time to time, but excluding any software and/or upgrades marketed and licensed by Sophos for a separate fee.
‘User’ means an employee, consultant or other individual who benefits from the Product licensed to MSP.
2. INTELLECTUAL PROPERTY RIGHTS AND OWNERSHIP
The Products, including without limitation all know-how, concepts, logic and specifications, are proprietary to Sophos and its licensors and are protected throughout the world by copyright and other intellectual property rights. MSP hereby agrees not to remove any product identification or notices of proprietary restrictions. Further, MSP hereby acknowledges and agrees that the right, title and interest in the Products and in any modifications made by MSP to the Products is retained by Sophos. No license, right or interest in Sophos’ logos or trademarks is granted to MSP under this Agreement. Licensed Products are licensed, not sold. Except as expressly stated in this Agreement, no license or right is granted directly or by implication, inducement, estoppel, or otherwise.
3. RIGHTS AND RESTRICTIONS
3.1 Evaluation. Where expressly agreed in writing by an authorized representative of Sophos, MSP may use a Product for evaluation purposes only, in a Beneficiary’s test environment, without payment of a fee for a maximum of 30 days or such other duration as is specified by Sophos at its sole discretion. The Product is provided “AS IS” during such evaluation period and Clauses 3.2 and 5 below do not apply to such evaluation.
3.2 Rights. In consideration for receipt by Sophos of the fees due and subject to MSP meeting the obligations set forth in this Agreement, Sophos hereby grants MSP a limited and non-exclusive right within the Territory only, to (i) sub-license use of the Products to Beneficiaries for the Beneficiary’s Internal Business Purpose, (ii) use the Products on behalf of Beneficiaries for the Beneficiary’s Internal Business Purpose as part of MSP’s provision of managed services to such Beneficiaries, and (iii) receive Maintenance in respect of the Products and use such Maintenance for the benefit of Beneficiaries, subject to the terms and conditions contained within this Agreement.
3.3.1 The Products are licensed by User or other applicable units, as specified in the Price List.
3.3.2 Sophos shall monitor MSP’s usage of Products from the Sophos partner dashboard known as Sophos Central - Partner. Where insufficient information is available, Sophos may require MSP to submit a report to Sophos (or the authorized distributor as applicable) detailing the following: (i) MSP name, (ii) MSP country, (ii) name of each Beneficiary, (iii) country and city/state identifier for each Beneficiary, (iv) license number(s) allocated to each Beneficiary (applicable to MSP Connect Standard only), and (iv) number of Users (or other applicable units) per Beneficiary during the previous calendar month.
3.3.3 MSP must purchase an advance subscription to meet MSP’s licensing requirements for each individual Beneficiary. The Schedule specifies the number of Users or other applicable units for which MSP has subscribed for such Beneficiary. If the Beneficiary’s usage of the Products exceeds the units purchased, MSP must immediately purchase additional units for the remainder of the subscription term specified on the Schedule. MSP may change the allocation of a Schedule to an alternative Beneficiary provided that each Schedule is allocated to no more than one Beneficiary at any time and MSP remains the licensor.
3.3.4 MSP Connect with Flex. As an alternative to Clause 3.3.3 above, MSP may elect to pay for MSP’s total actual usage for an individual Beneficiary each calendar month in arrears, provided that Sophos (and the distributor if applicable) has approved MSP‘s participation in Sophos MSP Connect with Flex in writing. Actual usage may vary from month to month. In the event that MSP fails to pay Sophos or the relevant distributor by the due date, in addition to Sophos’ other rights, Sophos may require that MSP reverts to the purchase of advance subscriptions in accordance with Clause 3.3.3 above.
3.3.5 MSP may not assign or transfer the licenses to a Beneficiary or third party without the prior written consent of Sophos.
3.3.6 Where MSP purchases directly from Sophos, MSP agrees to pay fees in accordance with the Price List and Appendix 3. Where MSP does not purchase from Sophos directly, MSP shall agree the amount of the fee with and make payment of such agreed fee to the authorized distributor. Any prices that Sophos recommends for resale are guidelines only. Accordingly, the Distributor is free to determine its own pricing to MSP, and MSP is free to determine its own pricing to Beneficiaries.
3.3.7 For the avoidance of doubt, fees are payable in full whether or not MSP collects monies from any Beneficiary and whether or not any refunds are given by MSP to the Beneficiary.
3.3.8 MSP shall permit Sophos or an independent certified accountant appointed by Sophos access to MSP’s premises and MSP’s books of account and records at any time on reasonable written notice during normal business hours for the purpose of inspecting, auditing, verifying or monitoring the manner and performance of MSP’s obligations under this Agreement including without limitation the payment of all applicable license fees. Sophos shall not be able to exercise this right more than once in each calendar year. If an audit reveals that MSP has underpaid fees, MSP shall be invoiced for and shall pay to Sophos within 30 days of the date of invoice an amount equal to the shortfall between the fees due and those paid by MSP. If the amount of the underpayment exceeds 5% of the fees due or the audit reveals a violation of any license restrictions pursuant to this Agreement then, without prejudice to Sophos’ other rights and remedies, MSP shall also pay Sophos’ reasonable costs of conducting the audit.
3.4 MSP may make a reasonable number of copies of the Licensed Products or any part thereof for backup or disaster recovery purposes provided that MSP reproduces Sophos’ proprietary notices on any such copies. Such restriction shall not prevent MSP or Beneficiary from backing up or archiving Beneficiary’s data.
MSP is NOT permitted to:
3.5.1 use the Products for the provision of any service for the benefit of third parties other than Beneficiaries;
3.5.2 modify or translate the Products (i) except as necessary to configure the Licensed Products using the menus, options and tools provided for such purposes and contained in the Product; (ii) except as necessary to develop custom filters using the Application Programming Interfaces (APIs) where contained in the Licensed Product or provided directly by Sophos for such purposes; and, (iii) in relation to the Documentation, except as necessary to produce and adapt manuals and/or other documentation for any Beneficiary’s Internal Business Purpose;
3.5.3 reverse engineer, disassemble or decompile the Products or any portion thereof or otherwise attempt to derive or determine the source code or the logic therein except to the extent that such restriction is prohibited by applicable law;
3.5.4 transmit or provide access to the Products save as provided in this Agreement;
3.5.5 use or sub-license Products for which Sophos has not received the applicable fees;
3.5.6 sub-license, rent, sell, lease, distribute or otherwise transfer the Products save as provided under this Agreement unless MSP obtains a separate license from Sophos for such purposes (for example, MSP may not embed the Licensed Products into another application and then distribute such combined product to third parties unless MSP first acquires an OEM license from Sophos);
3.5.7 use or allow use of the Products in or in association with safety critical applications such as, without limitation, medical systems, transport management systems, vehicle and power generation applications including but not limited to nuclear power applications; and/or
3.5.8 use or allow use of the Products for the purposes of competing with Sophos, including without limitation competitive intelligence (except to the extent that this restriction is prohibited by applicable law).
3.6 Use of the Sophos UTM Network Security Product. MSP acknowledges and agrees that the functionality of the Sophos UTM Product requires the complete erasure of the hard disk of the target device during installation, including without limitation the operating system resident thereon. By installing or enabling the Beneficiary to install the aforementioned Product, MSP expressly agrees that it shall ensure that the device on which such Product is to be installed does not contain any valuable data, the loss of which would cause damage to the Beneficiary, and Sophos expressly disclaims any liability for losses of any kind related to MSP’s failure to comply with this warning.
4. MAINTENANCE AND SUPPORT
4.1 MSP shall receive Maintenance including Enhanced Partner Support (as described in the documentation on the Partner Portal or otherwise provided upon request) during the term of this Agreement.
4.2 All requests for technical support from Sophos must come from MSP and not from the Beneficiary.
4.3 Any custom or sample code, files or scripts (“Fixes”) provided by Sophos as part of the provision of technical support which do not form part of its standard commercial offering may only be used in conjunction with the Product for which such scripts were developed.
5. LICENSED PRODUCT WARRANTIES
5.1 For a warranty period of ninety (90) days from the execution of this Agreement, Sophos warrants that: (i) if properly used and installed, the Licensed Products will perform substantially in accordance with the Documentation on the designated operating system(s), and (ii) the Documentation adequately describes the operation of the Licensed Products in all material respects.
5.2 If MSP notifies Sophos of a breach of the warranty described in Clause 5.1 above during the applicable warranty period, Sophos’ entire liability and MSP’s sole remedy shall be (at Sophos’ option and to the maximum extent permitted by applicable law) to correct, repair or replace the Licensed Products and/or Documentation, as applicable, within a reasonable time or provide or authorize a pro rata refund of the fee.
5.3 The warranty in Clause 5.1 shall not apply if (i) the Licensed Product has not been used in accordance with the terms and conditions of this Agreement and the Documentation, (ii) the issue has been caused by failure of MSP to apply Updates, Upgrades or any other action or instruction recommended by Sophos, (iii) the issue has been caused by the act or omission of, or by any materials supplied by, MSP, a Beneficiary or any third party, or (iv) the issue results from any cause outside of Sophos’ reasonable control.
5.4 To the maximum extent permitted by applicable law, the warranties in this Clause 5 are personal to MSP and are not transferable to Beneficiaries or other third parties.
6. MSP WARRANTIES
6.1 MSP warrants and agrees that it shall:
6.1.1 remain wholly responsible for the compliance by Beneficiaries and Users with this Agreement and with all applicable laws and regulations;
6.1.2 ensure that all Beneficiaries are bound by a contract for MSP’s managed services, the terms of which are no less protective of Sophos than these terms and conditions;
6.1.3 not distribute any Credentials provided by Sophos to Beneficiaries or any other third parties;
6.1.4 ensure that Beneficiaries cease to access and/or use the Products if they no longer have a valid agreement with MSP for the supply of managed services or if this Agreement is terminated;
6.1.5 ensure that Beneficiaries receive Updates and Upgrades promptly and in any event within 24 hours following Sophos making such Updates and Upgrades available;
6.2 MSP shall hold harmless, defend and fully and effectively indemnify Sophos against any claims, actions, proceedings, damages, costs, expenses or other liability whatsoever arising out of, resulting from or relating to MSP’s and each Beneficiary’s use of the Products (including without limitation breach of MSP’s warranties in this Clause 6).
7.1 Subject to Clauses 7.2 to 7.4 inclusive below, Sophos shall defend, indemnify, and hold MSP harmless from any claim or proceeding alleging that MSP’s use or sub-licensing of the Licensed Product in the Territory in accordance with the terms and conditions of this Agreement infringes any third party patent, trademark or copyright.
7.2 MSP shall not be entitled to the benefit of the indemnity in Clause 7.1 if (i) MSP fails to notify Sophos in writing within ten (10) days of MSP being notified of any such claim or proceeding, (ii) MSP and the Beneficiaries do not at the written request of Sophos immediately cease to use or possess the Product on any such claim being made, (iii) MSP, without the prior written consent of Sophos, acknowledges the validity of or takes any action which might impair the ability of Sophos to contest the claim or proceedings if it so elects, (iv) the infringement arises due to modification of the Product by anyone other than Sophos, use of the Product other than in accordance with the Documentation, or use of the Product with any hardware, software or other component not provided by Sophos, and the infringement would not have arisen without such use or modification, or (v) the claim is raised based on use or possession in a country that is not a party to the World Intellectual Property Organization (WIPO) treaties on patents, trademarks and copyrights.
7.3 If any such claim or proceeding referred to in Clause 7.1 is made against MSP, Sophos alone shall have the right (in its sole discretion):
7.3.1 to defend and/or settle any such third party claim or proceedings and/or to initiate counter-proceedings, and to require MSP to join and co-operate with the defense, settlement and/or counter proceedings at Sophos’ reasonable cost. If Sophos elects to not assume the defense of, settle such claims and/or initiate counter-proceedings, MSP may proceed with defending the claim in good faith and Sophos will reimburse all claims, damages, charges, expenses and liabilities (including reasonable counsel fees and costs) finally awarded or agreed to in a monetary settlement. Sophos shall have the right to approve MSP’s chosen counsel under this Clause 7.3.1, such approval not to be unreasonably withheld.
7.3.2 to (i) procure a license so that MSP’s use and sub-licensing of the Product in accordance with the terms and conditions of this Agreement does not infringe any third party patents, trademarks or copyrights, or (ii) modify or replace the Product with a functionally equivalent Product so that it no longer infringes a third party’s patents, trademarks or copyrights. If Sophos cannot achieve Clause 7.3.2 (i) or (ii) above on a commercially reasonable basis, Sophos may terminate the license to use the Product upon notice to MSP and provide a pro rata refund of Fees paid for such Product which (i) relates to the period after the date of termination in the case of subscription term Products, and (ii) is depreciated on a straight line five (5) year basis commencing on the date of purchase in the case of perpetual term Products.
7.4 CLAUSES 7.1, 7.2 AND 7.3 SET OUT MSP’S SOLE REMEDY AND THE WHOLE LIABILITY OF SOPHOS IN THE EVENT THAT THE PRODUCTS INFRINGE THE PATENTS, TRADEMARKS, COPYRIGHTS OR OTHER INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY. MSP WILL IN ANY EVENT MITIGATE MSP’S LOSSES AS FAR AS POSSIBLE.
8. DISCLAIMER OF WARRANTIES
8.1 EXCEPT FOR THE EXPRESS WARRANTIES FOR THE LICENSED PRODUCTS AND HARDWARE CONTAINED IN CLAUSE 5 ABOVE, SOPHOS AND ANY OF ITS THIRD-PARTY LICENSORS AND SUPPLIERS AND THE CONTRIBUTORS OF CERTAIN INCLUDED SOFTWARE MAKE NO WARRANTIES, CONDITIONS, UNDERTAKINGS OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE IN RELATION TO THE PRODUCT OR ANY THIRD PARTY SOFTWARE INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR ARISING FROM COURSE OF DEALING, USAGE OR TRADE. SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO MSP AND MSP MAY HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE OR BY JURISDICTIONS.
8.2 WITHOUT LIMITATION TO THE FOREGOING, SOPHOS DOES NOT WARRANT THAT THE PRODUCT WILL MEET MSP’S OR BENEFICIARIES’ REQUIREMENTS OR THAT THE OPERATION OF THE PRODUCT WILL BE ERROR FREE OR UNINTERRUPTED OR THAT DEFECTS IN THE PRODUCT WILL BE CORRECTED. SOPHOS DOES NOT WARRANT THAT THE PRODUCTS WILL DETECT AND/OR CORRECTLY IDENTIFY AND/OR DISINFECT ALL THREATS, APPLICATIONS (WHETHER MALICIOUS OR OTHERWISE) OR OTHER COMPONENTS. FURTHER, SOPHOS DOES NOT WARRANT OR REPRESENT THAT MSP OR ANY BENEFICIARY IS ENTITLED TO BLOCK ANY THIRD PARTY APPLICATIONS OR THAT MSP OR BENEFICIARY IS ENTITLED TO ENCRYPT OR DECRYPT ANY THIRD PARTY INFORMATION.
8.3 MSP FURTHER ACKNOWLEDGES AND AGREES THAT MSP AND THE BENEFICIARY SHALL BE SOLELY RESPONSIBLE FOR PROPER BACK-UP OF ALL DATA AND THAT MSP AND THE BENEFICIARY SHALL TAKE APPROPRIATE MEASURES TO PROTECT SUCH DATA. SOPHOS AND ITS THIRD PARTY LICENSORS ASSUME NO LIABILITY OR RESPONSIBILITY WHATSOEVER IF DATA IS LOST OR CORRUPTED.
9. LIMITATION OF LIABILITY
9.1 MSP AND EACH BENEFICIARY USES THE PRODUCT AT MSP’S AND SUCH BENEFICIARY’S OWN RISK. SUBJECT TO CLAUSE 9.4 AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL SOPHOS OR ANY OF ITS THIRD PARTY LICENSORS AND SUPPLIERS OR THE CONTRIBUTORS OF CERTAIN INCLUDED SOFTWARE BE LIABLE TO MSP OR BENEFICIARIES (OR TO THOSE CLAIMING THROUGH MSP) FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL OR SPECIAL DAMAGE OR LOSS OF ANY KIND INCLUDING, BUT NOT LIMITED TO, LOSS OF PROFITS, LOSS OF CONTRACTS, BUSINESS INTERRUPTIONS, LOSS OF OR CORRUPTION OF DATA HOWEVER CAUSED AND WHETHER ARISING UNDER CONTRACT OR TORT, INCLUDING WITHOUT LIMITATION NEGLIGENCE, (INCLUDING BUT NOT LIMITED TO ANY LOSS OR DAMAGE RELATED TO ANY THIRD PARTY SOFTWARE), EVEN IF SOPHOS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9.2 IF ANY LIMITATION, EXCLUSION, DISCLAIMER OR OTHER PROVISION CONTAINED IN THIS AGREEMENT IS HELD TO BE INVALID FOR ANY REASON BY A COURT OF COMPETENT JURISDICTION AND SOPHOS BECOMES LIABLE THEREBY FOR LOSS OR DAMAGE THAT MAY LAWFULLY BE LIMITED, SUCH LIABILITY WHETHER IN CONTRACT, TORT (INCLUDING WITHOUT LIMITATION NEGLIGENCE) OR OTHERWISE, WILL NOT EXCEED THE GREATER OF THE FEES PAID BY MSP FOR ANY 12 MONTH PERIOD OR USD $10,000.
9.3 SUBJECT TO CLAUSE 9.4, IN NO EVENT SHALL SOPHOS’ AGGREGATE LIABILITY TO MSP ARISING OUT OF OR IN CONNECTION WITH THIS LICENSE AGREEMENT, FROM ALL CAUSES OF ACTION AND THEORIES OF LIABILITY (INCLUDING WITHOUT LIMITATION NEGLIGENCE), EXCEED A SUM EQUAL TO THE FEES PAID BY MSP FOR ANY 12 MONTH PERIOD.
9.4 SOPHOS DOES NOT LIMIT OR EXCLUDE ITS LIABILITY FOR (i) DEATH OR PERSONAL INJURY CAUSED BY NEGLIGENCE, (ii) FRAUDULENT MISREPRESENTATION, OR (iii) ANY OTHER LIABILITY TO THE EXTENT THAT SUCH LIABILITY CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW.
10. THIRD PARTY SOFTWARE
The Products may operate or interface with software or other technology that is licensed to Sophos from third parties (“Third Party Licensors”), which is not proprietary to Sophos, but which Sophos has the necessary rights to license to MSP and Beneficiaries (“Third Party Software”). MSP agrees that (a) MSP and the Beneficiaries will use such Third Party Software in accordance with this Agreement, (b) no Third Party Licensor makes any warranties, conditions, undertakings or representations of any kind, either express or implied, to MSP or the Beneficiaries concerning such Third Party Software or the Products themselves, (c) no Third Party Licensor will have any obligation or liability to MSP or the Beneficiaries as a result of this Agreement or use of such Third Party Software, (d) such Third Party Software may be licensed under license terms which grant MSP and the Beneficiaries additional rights or contain additional restrictions in relation to such materials, beyond those set forth in this Agreement, and such additional license rights and restrictions are described or linked to in the applicable Documentation, the relevant Sophos webpage, or within the Product itself.
11.1 Sanctions and Export Control Laws
11.1.1 agrees that in connection with MSP’s usage and sublicensing of the Products it will comply, and will ensure that its relevant personnel comply, with all Sanctions and Export Control Laws;
11.1.2 represents and warrants that neither MSP nor any party that owns or controls, or is owned or controlled by, MSP is (i) ordinarily resident in, located in, or organized under the laws of any country or region subject to economic or financial sanctions or trade embargoes imposed, administered, or enforced by the European Union, the United Kingdom, or the United States; (ii) an individual or entity on the Consolidated List of Persons, Groups, and Entities Subject to European Union Financial Sanctions; the U.S. Department of the Treasury's List of Specially Designated Nationals and Blocked Persons or Foreign Sanctions Evaders List; the U.S. Department of Commerce's Denied Persons List or Entity List; or any other sanctions or restricted persons lists maintained by the European Union, the United Kingdom, or the United States; or (iii) otherwise the target or subject of any Sanctions and Export Control Laws;
11.1.3 represents and warrants that it will not export, re-export, transfer, or otherwise make available the Products, directly or indirectly, to any country, region, individual or entity described in Clause 11.1.2 or in violation of, or for purposes prohibited by, Sanctions and Export Control Laws, including for proliferation-related end uses, and that it has adequate policies, procedures, and controls in place to comply with Clause 11.1.3;
11.1.4 agrees that it will use its best efforts to ensure that any Beneficiary who is authorized by MSP to use the Products complies with Clause 11.1.3, including, but not limited to, requiring any Beneficiary to agree to comply with the requirements of Clause 11.1.3;
11.1.5 understands and agrees that Sophos shall have no obligation to provide any Updates, Upgrades, or services related to the Products where Sophos believes the provision of such Updates, Upgrades, or services could violate Sanctions and Export Control Laws;
11.1.6 agrees to notify Sophos immediately if it becomes aware that it or any of its personnel may have breached any Sanctions and Export Control Laws in connection with its usage or sublicensing of the Products or if it becomes aware that any Product that it has provided, directly or indirectly, to a Beneficiary has been exported, re-exported, transferred, or otherwise made available in violation of Clause 11.1.3;
11.1.7 agrees to provide notice to Sophos in a commercially reasonable timeframe and manner (if not herein elsewhere stated with specificity) of any governmental action or communication MSP receives or becomes aware of concerning Sanctions and Export Control Laws relating to the Products, unless prohibited by law or compulsory government process;
11.1.8 agrees that while information about the classification of Products for export purposes is available at https://www.sophos.com/en-us/legal/export and Sophos will use reasonable endeavors to maintain the information on such webpage, it is responsible for seeking its own legal advice and ensuring its own compliance in relation to all applicable Sanctions and Export Control Laws;
11.1.9 agrees that in the event that the sale, supply, export, re-export or transfer of all or part of the Products or any part thereof to be supplied under this Agreement is subject to Sophos obtaining or using an export licence, it will provide promptly upon request all assistance or documentation required by Sophos including, as appropriate, an accurately completed end user undertaking or consignee undertaking;
11.1.10 agrees that it will be solely responsible for fulfilling all the requirements of the authorities in all jurisdictions to which the Products will be supplied for the licensing, registration or other authorisation for the sale, supply, import, re- export, transfer, use, disclosure or transport of the Products; and
11.1.11 agrees that it will indemnify and hold Sophos harmless from and against any claim, loss, liability or damage suffered or incurred by Sophos resulting from or related to MSP’s breach of this Clause 11.1, and that breach of this Clause 11.1 may be considered cause for immediate termination of this Agreement.
Further details are available at https://www.sophos.com/en-us/legal/export.
11.2 Import. MSP acknowledges and agrees that it is solely responsible for complying with any local import rules and regulations, including but not limited to obtaining any approvals and licenses that may be required.
11.3 Anti-Bribery and Fair Competition. Each party warrants that neither it nor any of its officers, employees, agents, representatives, contractors, intermediaries nor any other person or entity acting on its behalf will take any action, directly or indirectly, that would constitute an offence under (i) the United Kingdom Bribery Act 2010, the United States Foreign Corrupt Practices Act 1977 or any other applicable anti-bribery and anti-corruption laws or regulations anywhere in the world, or (ii) any rules of fair competition.
11.4 ANY BREACH OF THIS CLAUSE 11 BY MSP SHALL BE A MATERIAL BREACH INCAPABLE OF REMEDY THEREBY ENTITLING SOPHOS TO TERMINATE THIS AGREEMENT FORTHWITH. In addition, MSP agrees to indemnify and hold Sophos harmless from and against any claim, loss, liability or damage suffered or incurred by Sophos resulting from or related to violation of this Clause 11 by MSP or a Beneficiary.
12. TERM AND TERMINATION
12.1 This Agreement shall commence upon execution and continue unless and until terminated in accordance with the express provisions set out herein.
12.2 Termination for Convenience. Either party may terminate this Agreement for convenience at any time upon thirty (30) days’ prior written notice, save that if MSP has purchased advance subscriptions, each subscription shall continue under the terms and conditions of this Agreement until the expiry of the relevant subscription period as stated on the Schedule.
12.3 Termination for Cause. Sophos may terminate this Agreement immediately upon written notice if: (i) Sophos does not receive the fees (in whole or in part) from MSP or the authorized distributor in accordance with the agreed payment terms, or (ii) MSP fails to comply with any of the terms and conditions of this Agreement, or (iii) MSP takes or suffers any action on account of debt or becomes insolvent.
12.4 Effects of Termination.
12.4.1 MSP’s obligations under this Agreement in respect of the intellectual property and confidential information of Sophos shall survive any expiry or termination of this Agreement.
12.4.2 Termination of this Agreement shall not relieve MSP of its obligations to pay all fees that have accrued or are otherwise owed by MSP to Sophos (or its authorized distributor as applicable). All fees paid are non-refundable to the maximum extent allowed by applicable law.
12.4.3 Within one month after the date of termination of this Agreement, MSP must supply written certification to Sophos confirming the destruction by MSP and its Beneficiaries of the Licensed Product and all copies of all or any part of it.
12.4.4 All rights of MSP and its Beneficiaries to use the Licensed Products will automatically cease upon termination of this Agreement.
13. CONFIDENTIALITY AND DATA PROTECTION
13.1 The Products and the Price List may include confidential information that is secret and valuable to Sophos and its licensors. MSP and its Beneficiaries are not entitled to use or disclose that confidential information other than strictly in accordance with the terms of this Agreement.
13.2 Sophos reserves the right to disclose details of this Agreement to third parties for publicity and promotional purposes and MSP expressly gives Sophos permission to include and publish MSP’s name and logo on lists of Sophos’ partners.
13.3 MSP acknowledges and agrees that Sophos may contact Beneficiaries in the event that (i) this Agreement has been terminated, or (ii) Sophos has not received the fees for such Beneficiary’s use of the Products. Sophos may at its discretion decide whether to continue to support Beneficiaries (either directly or via a third party) and allow them to use Products where MSP has been unable to do so for reasons of insolvency or otherwise.
13.4 MSP agrees that Sophos may send promotional emails to MSP to provide information about other goods and services in which MSP may be interested. MSP may notify Sophos that it wishes to withdraw its permission for such promotional emails at any time by sending an email to email@example.com.
13.6 The information collected under Clause 13.5 may be used for the purposes of (i) providing the Products and performing this Agreement, (ii) verifying MSP’s compliance with this Agreement, (iii) evaluating and improving the performance of the Products, (iv) preparing statistical analysis (such as malware infection rates and the usage of Products), (v) planning development roadmaps and product lifecycle strategies, (vi) issuing alerts and notices to MSP about incidents and product lifecycle changes which affect the Products being used by MSP.
13.7 Sophos requires and MSP agrees to provide complete and accurate identification information and (where applicable) payment information for the purposes of (i) providing technical support, (ii) billing, (iii) verifying Credentials, (iv) issuing license expiry and renewal notices, (v) carrying out compliance checks to ensure compliance with Sanctions and Export Control Laws, and (vi) providing account management.
13.8 If MSP elects to send malware samples or any other materials to Sophos for review, MSP shall remove (or shall ensure that the Beneficiary removes) any regulated health and payment card data prior to submission.
13.9 In the case of personal data processed on MSP’s behalf, Sophos acts as a processor. In the case of personal data used for Sophos’s business purposes under Clauses 13.6 and 13.7, Sophos Ltd is the controller. In this Clause, the terms “processor” and “controller” shall have the meanings defined in the Regulation (EU) 2016-679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) (“GDPR”). As a global organization, the group companies, subcontractors, suppliers and third party licensors of Sophos may be located throughout the world. Sophos will process any personal data in accordance with the provisions of the GDPR.
13.10 MSP acknowledges and agrees that it may be necessary under applicable law for MSP to inform and/or obtain consent from Beneficiaries before it intercepts, accesses, monitors, logs, stores, transfers, exports, blocks access to, and/or deletes their communications. MSP is solely responsible for compliance with such laws.
13.11 MSP warrants that it has obtained all necessary consents (if any) and provided all necessary notifications to share relevant data and information with Sophos for the purposes described in this Clause 13.
13.12 Each party shall take appropriate technical and organizational measures against unauthorized or unlawful processing of personal data or its accidental loss, destruction or damage.
13.13 MSP agrees to indemnify and hold Sophos harmless from and against any liability that arises in relation to MSP’s failure to comply with this Clause 13.
14.1 During the term of this Agreement, MSP shall at all times observe and perform the terms and conditions of this Agreement. In addition, MSP shall (i) comply with MSP enrollment, training and certification requirements as listed on the Partner Portal, and (ii) co-brand promotional materials (such as collateral, presentations and press releases) using the phrase “powered by Sophos” and the Sophos logo.
14.2 Any distributor from whom MSP may have purchased the Product is not appointed or authorized by Sophos as its servant or agent. No such person has any authority, either express or implied, to enter into any contract or provide MSP with any representation, warranty or guarantee or to translate or modify this Agreement in any way on behalf of Sophos, or otherwise to bind Sophos in any way whatsoever.
14.3 MSP has no obligation to provide Sophos with ideas, suggestions, concepts, or proposals relating to Sophos' products or business ('Feedback'). However, if MSP provides Feedback to Sophos, MSP grants Sophos a non-exclusive, worldwide, royalty-free license that is sub-licensable and transferrable to any party, to make, use, sell, have made, offer to sell, import, reproduce, publicly display, distribute, modify, and publicly perform the Feedback, without any reference, obligation, or remuneration to MSP. All Feedback shall be deemed non-confidential to MSP. MSP shall not provide to Sophos any Feedback it has reason to believe is or may be subject to the intellectual property claims or rights of a third party.
14.4 Sophos may in its sole discretion assign, novate, subcontract or otherwise transfer any of its rights or obligations hereunder.
14.5 Product Changes. MSP acknowledges and agrees that Sophos may vary, Update or discontinue Products, Product versions, Product features, Product support, Product Maintenance, and support for third party products (including without limitation operating systems and platforms) from time to time for reasons including but not limited to changes in demand, security and technology. Sophos will publish the date(s) of planned discontinuation at: https://www.sophos.com/en-us/support. Sophos recommends that MSP always uses the latest Product, Product version and/or third party product, as applicable.
14.6 SOPHOS RESERVES THE RIGHT TO UNILATERALLY MODIFY THE TERMS AND CONDITIONS OF THIS AGREEMENT AT ANY TIME BY NOTICE. Notice includes, but is normally not limited to, posting a revised version of this Agreement to the Sophos website and/or email announcements sent to MSP representatives.
14.7 Failure by Sophos to enforce any particular term of this Agreement shall not be construed as a waiver of any of its rights under it.
14.8 The illegality, invalidity or unenforceability of any part of this Agreement will not affect the legality, validity or enforceability of the remainder.
14.9 This Agreement constitutes the entire agreement between the parties in relation to Products purchased after the date of execution of this Agreement, and supersedes any other oral or written communications, agreements or representations with respect to such Products, save for any oral or written communications, agreements or representations made fraudulently. The UN Convention on Contracts for the International Sale of Goods (CISG) shall not apply. In the event that MSP has purchased products under a previous MSP agreement between the parties, such agreement shall continue to apply to those products until expiry or termination of such agreement.
14.10 MSP agrees to provide Sophos with a certification as to its compliance with this Agreement or any Clause of this Agreement upon Sophos's request. Failure to provide such certification within thirty (30) days of Sophos’s request may be considered cause for immediate termination of this Agreement.
14.11 MSP will maintain accurate and legible records for a period of five (5) years from the date of any transaction undertaken under this Agreement and will provide Sophos with information reasonably requested by Sophos to review compliance with the terms of this Agreement. Failure to provide such information within thirty (30) days of Sophos’s request may be considered cause for immediate termination of this Agreement.
14.12 If MSP is an agency or other part of the U.S. Government, the Software and the Documentation are commercial computer software and commercial computer software documentation and their use, duplication and disclosure are subject to the terms of this Agreement per FAR 12.212 or DFARS 227.7202-3, as amended.
14.13 The Sophos group companies may enforce and benefit from the terms and conditions of this Agreement. Any other person who is not a party to this Agreement has no right to enforce any term of this Agreement under applicable legislation and the parties to this Agreement do not intend that any third party rights are created by this Agreement.
14.14 If there are any inconsistencies between the English language version of this Agreement and any translated version, then the English language version shall prevail.
14.15 In the event the MSP is located in:
THE UNITED STATES OF AMERICA OR CANADA, this Agreement and any dispute or claim arising out of or in connection with it, including without limitation non-contractual disputes or claims, shall be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts, U.S.A., without regard to its conflict of laws principles. The federal and state courts of the Commonwealth of Massachusetts, U.S.A. shall have exclusive jurisdiction to determine any dispute or claim which may arise out of, under, or in connection with this License Agreement. The parties waive any right to a jury trial in any litigation arising out of or in connection with this License Agreement; and ANY OTHER COUNTRY, this Agreement and any dispute or claim arising out of or in connection with it, including without limitation non-contractual disputes or claims, shall be governed by and construed in accordance with the laws of England and Wales, without regard to conflict of laws principles. The courts of England and Wales shall have exclusive jurisdiction to determine any dispute or claim which may arise out of, under, or in connection with this Agreement.
14.16 Any notices required to be given in writing to Sophos or any questions concerning this Agreement should be addressed to The Legal Department, Sophos Limited, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom.
This Appendix 1 only applies if MSP purchases Hardware from Sophos.
- Sophos retains title to the Hardware until such time as MSP pays and Sophos receives the Hardware fee in full. Unless and until title to the Hardware has transferred to MSP in accordance with this Clause, MSP agrees to keep the Hardware free and clear of all claims, liens, and encumbrances, and any act by MSP, either voluntary or involuntary, purporting to create a claim, lien or encumbrance on the Hardware shall be void. MSP owns only the Hardware or media, if applicable, on which the Licensed Product is installed. MSP does not own the Licensed Product itself.
- In the event that MSP fails to pay or Sophos does not receive the fee for the Hardware, Sophos may require MSP to return the Hardware to the return location indicated by Sophos, securely and properly packaged, with carriage (and insurance at MSP’s option) prepaid. If MSP fails to return the Hardware to the indicated location promptly, upon written notice Sophos will be entitled to enter MSP’s premises during normal business hours to repossess such Hardware.
- Risk of loss passes to MSP upon shipment of the Hardware to MSP.
- MSP acknowledges that the Hardware is sold hereunder solely as the medium for delivery and operation of the Licensed Products and, unless otherwise agreed by the parties in writing, Sophos at its option may provide Hardware that is either new or refurbished.
- MSP is solely responsible for complying with any applicable governmental regulations relating to waste, health and safety, including without limitation those that relate to the EC Directive on Waste Electrical and Electronic Equipment (2002/96/EC) ("WEEE") and The Restriction of the Use of Certain Hazardous Substances in Electrical and Electronic Equipment Regulations (2002/95/EC) ("RoHS") (as amended) in connection with MSP’s use, transport and/or disposal of the Hardware.
Sophos offers a limited warranty for Hardware as set out in the Hardware Warranty Policy at: https://www.sophos.com/en-us/legal.
This Appendix 2 only applies to Cloud Products.
- MSP shall not and shall ensure that its Beneficiaries shall not store or transmit any content through the Sophos Cloud Products that (i) is unlawful, pornographic, obscene, indecent, harassing, racially or ethnically offensive, harmful, threatening, discriminatory or defamatory, (ii) facilitates or promotes illegal activity, (iii) infringes any third party intellectual property rights, or (iv) is otherwise inappropriate (“Prohibited Content”).
- MSP acknowledges that Sophos has no control over any content stored or transmitted by MSP and its Beneficiaries, does not monitor such content and accordingly acts as a mere conduit. Sophos reserves the right to remove content from the Sophos Cloud Products immediately without prior notice where it reasonably suspects that such content is Prohibited Content. MSP shall indemnify and hold Sophos harmless from and against all damages, losses and expenses arising as a result of any third party action or claim relating to MSP’s and/or the Beneficiaries’ content.
- The Sophos Cloud Products are not designed for the storage of regulated health or payment card data, and MSP and its Beneficiaries may only store or transmit such information through Sophos Cloud Products if MSP has entered a separate written agreement with Sophos expressly permitting such purpose.
- If a Beneficiary ceases to use Cloud Products, MSP must (i) remove all Product settings from servers and other devices, and (ii) remove all of the Beneficiary’s custom settings, software and data from the Sophos network. For certain Products, Sophos may download and return the data upon request and for a reasonable fee to be agreed in writing in advance. Sophos reserves the right to delete data that has not been removed.
- With respect to the Sophos Mobile Control as a Service Advanced Product, cloud storage is limited to 5MB per User. In the event that a Beneficiary exceeds the storage allowance, MSP must purchase additional User licenses for such Beneficiary.
- This Appendix 3 shall only apply if MSP purchases from Sophos directly.
- All fees are calculated in accordance with the relevant Price List for the Territory. Sophos may change the Price List from time to time without notice.
- All Products are delivered ICC Incoterms 2010 Ex Works. Accordingly, the Licensee is responsible for customs duties, delivery costs, export clearances, import clearances, and insurance costs.
- For advance subscription purchases, Sophos shall invoice the fee for the entire subscription period in advance.
- MSP Connect with Flex. As an alternative to Clause 4 above, MSP may elect to pay for the total actual usage for an individual Beneficiary each calendar month in arrears, provided that Sophos has approved MSP‘s participation in Sophos MSP Connect with Flex in writing. Actual usage may vary from month to month. Sophos reserves the right to charge MSP a minimum fee of $50 (or equivalent in local currency) each calendar month, regardless of the actual usage. Where the Sophos MSP Connect with Flex Price List contains volume bands, the band shall be determined by the MSPs total usage across all Beneficiaries for the product category.
- All payments shall be made in the currency identified on the invoice. Credit card payments may only be made for invoices below USD$5,000 (or its equivalent in local currency).
- Payment of the fees shall be due within 30 days of the date of the invoice.
- If any sum payable under this Agreement is not paid when due, then without prejudice to Sophos’ other rights under this Agreement, that sum will bear interest from the due date until the date when payment is received by Sophos, both before and after any judgment, at the rate of 1.5% per calendar month.
- All payments, fees and other charges payable by MSP to Sophos under this Agreement are exclusive of all taxes, levies and assessments of any jurisdiction. MSP agrees to bear and be responsible for the payment of all such taxes, levies and assessments imposed on MSP or Sophos arising out of this Agreement, excluding any tax based on Sophos’ net income. If MSP is required to pay Sophos a lower amount under this Agreement because of any withholding or tax, MSP shall pay to Sophos such grossed-up amount as would be necessary to provide Sophos the full amount of the payment due after the deduction of any such withholding or tax imposed.
- Sophos Ltd is the licensor of the Licensed Products and its group subsidiaries distribute the Products on a regional basis. MSP shall purchase from the relevant local Sophos subsidiary as set out in the table below. Sophos reserves the right to transfer MSP to an alternative Sophos entity at any time.
|MSP Location - Australasia||Sophos Subsidiary|
|Australasia||Sophos Pty Ltd.|
|MSP Location - Asia||Sophos Subsidiary|
|Any country in Asia not listed below||Sophos Ltd.|
|Hong Kong||Sophos Hong Kong Company Limited|
|India||Sophos Technologies Private Limited|
|Bangladesh, Singapore, Malaysia, Philippines, Vietnam, South Korea, Indonesia, China||Sophos Computer Security Pte. Ltd.|
|MSP Location - Americas||Sophos Subsidiary|
|Canada||Sophos Inc. (Canadian entity)|
|USA and Latin America||Sophos Inc. (U.S. entity)|
|MSP Location - EMEA||Sophos Subsidiary|
|Any country in EMEA not listed below||Sophos Ltd.|
|France and Monaco, French Guiana, Martinique, Réunion||Sophos Sárl|
|Germany and Austria||Sophos Technology GmbH|
|Italy||Sophos Italia S.r.l.|
|Spain, Portugal, Gibraltar, Andorra||Sophos Iberia Srl|
|Belgium, Luxembourg and the Netherlands||Sophos B.V.|
|Sweden, Finland, Norway, Denmark, Estonia, Latvia, Lithuania||Sophos AB|
|Switzerland and Liechtenstein||Sophos Schweiz AG|
|Turkey||Sophos Turkey Technoji Ltd. Sirketi|
Sophos Managed Service Provider Agreement – MSP Connect Program (14 August 2019)