Sophos Managed Service Provider Agreement
Please click to view convenience translations of the terms and conditions (German, Spanish, French, Japanese, Traditional Chinese, Simplified Chinese).
ONLY AN AUTHORIZED OFFICER CAN CLICK ‘AGREE’ ON BEHALF OF THE MSP.
BY CLICKING THE ‘AGREE’ OPTION IN THE REGISTRATION PROCESS, THE MSP WARRANTS THAT IT HAS FULL CORPORATE POWER AND AUTHORITY TO ENTER INTO THIS AGREEMENT AND DO ALL THINGS NECESSARY IN THE PERFORMANCE OF THIS AGREEMENT.
IF YOU DO NOT AGREE WITH ANY OF THE TERMS OR CONDITIONS OF THIS AGREEMENT, YOU WILL NOT HAVE THE STATUS OF A SOPHOS MSP AND YOU ARE NOT AUTHORIZED TO SELL THE PRODUCTS TO BENEFICIARIES.
‘Appliance’ means a Sophos product which consists of Hardware together with Licensed Product(s).
‘Beneficiary’ means a third party organization for which MSP is providing managed services in accordance with an agreement.
‘Beneficiary’s Internal Business Purpose’ means the internal business purpose of a Beneficiary relating specifically to the integrity of its systems, networks, documents, emails and other data.
'Computer' means any computing environment which benefits from the Licensed Product (for example, environments connected to an email server, an internet proxy or a gateway device, or a database). The Licensed Product does not have to be physically installed on the computer environment to provide benefit, nor is there a requirement for the computing hardware to be owned by the MSP or the Beneficiary. The term Computer as defined herein includes, without limitation, non-persistent deployments, electronic devices that are capable of retrieving data, and virtual machines.
‘Credentials’ means a system to restrict access including usernames and passwords containing as a minimum 6 characters and a mixture of numbers and letters.
‘Documentation’ means the documentation provided to MSP by Sophos (whether electronic or printed) which accompanies the Product.
‘Hardware’ means the Appliance hardware itself, together with any related components (including but not limited to ship kits and rack mount kits).
‘Licensed Products’ means all or each (as the context so allows) of those software programs which are issued to MSP for the Beneficiary’s Internal Business Purpose (including without limitation software programs which are installed on the Hardware), together with the Documentation and any of the Upgrades and Updates to those software programs.
‘Maintenance’ means collectively (i) Upgrades and/or Updates (where applicable to the Product), and (ii) Standard Support (or Advanced Support if applicable in accordance with Clause 4).
‘Media’ means objects on which data can be stored including without limitation CD-ROMs, tapes and floppy disks or other media containing the Software provided to MSP by Sophos.
‘MSP Price List Revision 2’ means the recommended price list for MSPs who have signed this MSP Agreement Revision 2 (in the then current version applicable to the MSP’s Territory) which is available upon request.
‘Partner Portal’ means the website for Sophos partners at https://partnerportal.sophos.com (or such other URL as Sophos may advise from time to time).
‘Products’ means the Appliances, Licensed Products and services which may be supplied by Sophos to MSP, as listed in the MSP Price List Revision 2, as such may be amended by Sophos from time to time, together with applicable Documentation, Media, Upgrades and Updates.
‘RMA’ means return material authorization, as more fully described in Clause 5 of this Agreement.
‘Sanctions and Export Control Laws’ means any law, regulation, statute, prohibition, or wider measure applicable to Products and/or to either party relating to the adoption, application, implementation and enforcement of economic sanctions, export controls, trade embargoes or any other restrictive measures.
‘Server’ means a Computer upon which the Licensed Product is installed AND from which other Computers receive or retrieve data. If the data is solely generated by the Licensed Product, then the Computer is not considered a Server.
‘Server License’ means a license that permits a Server to run the Licensed Product in accordance with MSP Price List Revision 2.
‘Software’ means any program or data file supplied to MSP by Sophos including any Upgrades and Updates. The term “Software” does not include Third Party Software.
‘Sophos’ means Sophos Limited and its subsidiaries, or, as the context so applies, any of them.
‘Territory’ means the geographic area in which the MSP may provide managed services to Beneficiaries. If the MSP has its registered/principal office in the European Union, then “Territory” shall mean the European Union; or ii) if the MSP has its registered/principal office outside of the European Union then “Territory” shall mean the country in which the MSP’s registered/principal office is located or such other country that Sophos may notify to the MSP from time to time; or iii) if the MSP has offices both within and outside of the European Union, then “Territory” shall mean the European Union, the country in which the MSP’s registered/principal office is located, and any other country notified by Sophos from time to time.
‘Update’ means an update to the library of rules and/or identities made available to MSP by Sophos; and/or other updates to the software filters, including but not limited to an update to the IP address reputation libraries made available to MSP by Sophos.
‘Upgrade’ means any enhancement or improvement to the functionality of the Product (excluding Updates) made available to MSP by Sophos at its sole discretion from time to time but excluding any software and/or updates marketed and licensed by Sophos as a new product or bundle where such new product or bundle is provided to Sophos’s customers generally for a separate fee.
‘User’ means an employee, consultant or other individual who uses a Computer which benefits from the Product licensed to MSP for the Beneficiary’s Internal Business Purpose, and ‘Users’ shall be construed accordingly.
‘User License’ means a license which permits a User or Server (or other chargeable unit as identified by MSP Price List Revision 2) to benefit from the Products in accordance with Clause 3.3 below.
2.1.1 Sophos retains title to the Hardware until such time as any evaluation period described in Clause 3.1 (if applicable) expires and Sophos receives the fees payable for such Hardware in full. Unless and until Sophos has received such fee in full, MSP agrees to keep the Hardware free and clear of all claims, liens, and encumbrances except those of Sophos, and any act by MSP, either voluntary or involuntary, purporting to create a claim, lien or encumbrance on the Hardware shall be void. Upon receipt by Sophos of payment in full, title to the Hardware shall pass to MSP.
2.1.2 If MSP purchases from Sophos directly, all Appliances are delivered Ex Works. Risk of loss passes to MSP upon shipment. Insurance, if any, covering the Appliance shall be MSP’s responsibility. If MSP purchases via a third party distributor or reseller then MSP and such third party shall agree the delivery arrangements.
2.1.3 Sophos and any third party suppliers shall retain any and all intellectual property rights in the Hardware.
2.1.4 MSP acknowledges that the Appliance is sold hereunder solely as the medium for delivery and operation of the Licensed Products.
2.2 Software. In accordance with Section 2.1, MSP owns only the Hardware on which the Software is installed. MSP does not own the Software itself. The Software is the exclusive property of Sophos and its licensors. The Software and the Documentation including without limitation all know-how, concepts, logic and specifications, are proprietary products of Sophos and its licensors and are protected throughout the world by copyright and other intellectual property rights.
2.3 Modifications. MSP hereby acknowledges and agrees that the right, title and interest in any modifications made by MSP to the Products, as provided for below, is retained by Sophos.
2.4 Logos and Trademarks. No license, right or interest in Sophos’s logos, or trademarks is granted to MSP under this Agreement. MSP hereby agrees not to remove any product identification, product branding, or notices of proprietary restrictions.
3. RIGHTS AND RESTRICTIONS
3.1 Evaluation. Where expressly agreed in writing by an authorized representative of Sophos, MSP may use a Product for evaluation purposes only in a test environment without payment of a fee for a maximum of 30 days or such other duration as is specified by Sophos at its sole discretion. The Software is provided “AS IS” during such evaluation period and Clauses 3.2 and 5 below do not apply to such evaluation.
3.2 Rights. In consideration for receipt by Sophos of the fees due and subject to MSP meeting the obligations set forth in this Agreement, Sophos hereby grants MSP a limited and non-exclusive right within the Territory only, to (i) sub-license use of the Products to Beneficiaries for the Beneficiary’s Internal Business Purpose, (ii) use the Products on behalf of Beneficiaries for the Beneficiary’s Internal Business Purpose as part of MSP’s provision of managed services to such Beneficiaries, and (iii) receive Maintenance in respect of the Products, subject to the terms and conditions contained within this Agreement.
3.3.1 Within ten (10) working days of the start of each calendar month, the MSP must submit a report to its authorized distributor or reseller (or to Sophos if MSP purchases directly), by enabling automated reporting (where available) or otherwise by submitting a consolidated manual report in CSV format. Such report must detail the following: (i) MSP name, (ii) MSP country, (iii) name/identifier of each MSP end customer, (iv) city/state identifier for each MSP end customer location, (v) number of Users and Servers (and other chargeable units where applicable in accordance with MSP Price List Revision 2) per MSP end customer during the previous calendar month.
3.3.2 THE MSP MUST PURCHASE A LICENCE FOR EVERY USER AND EVERY SERVER (AND EVERY OTHER CHARGEABLE UNIT WHERE APPLICABLE IN ACCORDANCE WITH MSP PRICE LIST REVISION 2).
3.3.3 Where MSP purchases directly from Sophos, MSP agrees to pay fees in accordance with MSP Price List Revision 2 and Appendix 1. Sophos may change MSP Price List Revision 2 from time to time without notice. Where MSP does not purchase from Sophos directly, the MSP shall agree the amount of the fee with and make payment of such agreed fee to the authorized distributor or reseller.
3.3.4 If MSP has committed to a monthly or other minimum payment, the MSP must also pay for any actual usage in excess of such minimum payment.
3.3.5 For the avoidance of doubt, fees are payable in full whether or not MSP collects monies from any Beneficiary and whether or not any refunds are given by MSP to the Beneficiary.
3.3.6 MSP shall permit Sophos or an independent certified accountant appointed by Sophos access to MSP’s premises and MSP’s books of account and records at any time on written notice during normal business hours for the purpose of inspecting, auditing, verifying or monitoring the manner and performance of MSP’s obligations under this Agreement including without limitation the payment of all applicable license fees. Sophos shall not be able to exercise this right more than once in each calendar year. If an audit reveals that MSP has underpaid fees, MSP shall be invoiced for and shall pay to Sophos within 30 days of the date of invoice an amount equal to the shortfall between the fees due and those paid by MSP. If the amount of the underpayment exceeds 5% of the fees due or the audit reveals a violation of any license restrictions pursuant to this Agreement then, without prejudice to Sophos’s other rights and remedies, MSP shall also pay Sophos’s reasonable costs of conducting the audit.
3.3.7 It is expressly acknowledged that MSP may transfer Hardware and licenses between Beneficiaries.
3.4 For software-only Licensed Products, MSP may make one copy of the Licensed Products or any part thereof for backup purposes provided that MSP reproduces Sophos’s proprietary notices on any such backup copy. Such restriction shall not prevent MSP or Beneficiary from backing up or archiving Beneficiary’s data.
MSP is NOT permitted to:
3.5.1 use the Products for the provision of any service for the benefit of third parties other than Beneficiaries;
3.5.2 modify or translate the Products except (i) as necessary to configure the Licensed Products using the menus, options and tools provided for such purposes and contained in the Product; (ii) as necessary to develop custom filters using the Application Programming Interfaces (APIs) where contained in the Licensed Product or provided directly by Sophos for such purposes; and, (iii) in relation to the Documentation, except as necessary to produce and adapt manuals and/or other documentation for any Beneficiary’s Internal Business Purpose;
3.5.3 reverse engineer, disassemble or decompile the Products or any portion thereof or otherwise attempt to derive or determine the source code or the logic therein except to the extent and for the express purposes authorized by applicable law;
3.5.4. install and/or run on the Appliance any software applications other than the Licensed Products and Third Party Software installed by Sophos;
3.5.5 transmit or provide access to the Products save as provided in this Agreement;
3.5.6 use or sub-license Products for which Sophos has not received the applicable fees;
3.5.7 sub-license, rent, sell, lease, distribute or otherwise transfer the Products save as provided under this Agreement unless MSP obtains a separate license from Sophos for such purposes (for example, MSP may not embed the Licensed Products into another application and then distribute such to third parties unless MSP first acquires an OEM license from Sophos);
3.5.8 use or allow use of the Products in or in association with safety critical applications such as, without limitation, medical systems, transport management systems, vehicle and power generation applications including but not limited to nuclear power applications; and/or
3.5.9 use or allow use of the Products for the purposes of competing with Sophos, including without limitation competitive intelligence.
3.6 Use of the Sophos UTM Network Security Product. MSP acknowledges and agrees that the functionality of the Sophos UTM Product requires the complete erasure of the hard disk of the target Computer during installation, including without limitation the operating system resident thereon. By installing or enabling the Beneficiary to install the aforementioned Product, MSP expressly agrees that it shall ensure that the Computer on which such Product is to be installed does not contain any valuable data, the loss of which would cause damage to the Beneficiary, and Sophos expressly disclaims any liability for losses of any kind related to MSP’s failure to comply with this warning.
4.1 MSP shall receive Maintenance including Standard Support (as described in the documentation on the Partner Portal or otherwise provided upon request) during the term of this Agreement.
4.2 MSP may receive Advanced Support (as described in the documentation on the Partner Portal or otherwise provided upon request) if Sophos receives the additional fee for Advanced Support.
5. SOPHOS WARRANTIES
5.1 For a warranty period of ninety (90) days from the execution of this Agreement, Sophos warrants that: (i) if properly used and installed, the Licensed Products will perform substantially in accordance with the Documentation on the designated operating system(s), and (ii) the Documentation adequately describes the operation of the Licensed Products in all material respects.
5.2 Sophos warrants that the Hardware shall be free of defects in materials and workmanship under normal use and service and shall substantially conform to the Documentation for a warranty period of three (3) years from date of purchase.
5.3 If Sophos is notified in writing of a breach of the warranty described in Clauses 5.1 or 5.2 above during the applicable warranty period, Sophos’s entire liability and MSP’s sole remedy shall be (at Sophos’s option and to the maximum extent permitted by applicable law) to correct, repair or replace the Hardware, Licensed Products and/or Documentation, as applicable, within a reasonable time or provide or authorize a pro rata refund of the fee.
5.4 Upon discovery of any failure of the Hardware and/or any component parts, MSP is required to contact Sophos to seek a return materials authorization (“RMA”) number. MSP may also be required to provide proof of purchase. Upon Sophos’s determination that the warranty claim is valid, Sophos will issue the requested RMA and will ship replacement Hardware and/or component part(s) which may be an equivalent or a later revision (the “Advance Replacement Hardware”).
5.5 If a valid Hardware claim is reported to Sophos within the first thirty (30) days from purchase, the Hardware is classified as dead on arrival (“DOA”). In DOA cases, Sophos will provide new Advance Replacement Hardware via express delivery (or local equivalent) at the cost of Sophos.
5.6 For all valid Hardware claims other than DOA units, Sophos will provide new or refurbished (at Sophos’s option) Advance Replacement Hardware at the cost of Sophos. If the MSP has purchased Advanced Support, Sophos shall use express delivery, and in all other cases delivery shall be standard.
5.7 While Sophos will endeavor to ship Advance Replacement Hardware within a reasonable period, the MSP acknowledges and agrees that transport delays, import and export requirements, and other factors outside of Sophos’s control may affect delivery timescales.
5.8 Risk in the Advance Replacement Hardware will pass to the MSP upon delivery.
5.9 If Sophos requests the return of the allegedly defective Hardware, title to such Hardware shall pass to Sophos upon issuance of the RMA, and MSP shall send such Hardware (carriage and insurance prepaid by Sophos) to the return location indicated by Sophos within fifteen (15) days, securely and properly packaged (in the packaging provided with the Advance Replacement Hardware), with the RMA number prominently displayed on the exterior of the packaging.
5.10 Should (i) the Hardware or component parts returned by MSP be deemed not to be defective or ‘no fault found’, or (ii) a returned Appliance be missing any Hardware or component parts, or (iii) MSP fail to return allegedly defective Hardware or any component parts requested by Sophos within the time limit required under Clause 5.9, Sophos will invoice and MSP agrees to pay the cost of the Hardware and/or component parts, as applicable.
5.11 Title to the Advanced Replacement Hardware shall pass to MSP upon the later of (i) delivery, or (ii) receipt by Sophos of the allegedly defective Hardware and component parts (if requested by Sophos), or (iii) MSP’s payment of the invoice for failure to return such Hardware and component parts in accordance with Clause 5.10 above.
5.12 Sophos shall not be responsible for maintaining or protecting any configuration settings or data found on the returned hardware or component part(s).
5.13 Any Advanced Replacement Hardware will be warranted for the remainder of the original warranty period.
5.14 The warranties contained in this Agreement do not apply to repair or replacement caused or necessitated by: (i) accident; unusual physical, electrical or electromagnetic stress; neglect; misuse; fluctuations in electrical power beyond those set out in the specifications; failure of air conditioning or humidity control; improper maintenance, or any other misuse, abuse or mishandling; (ii) force majeure including without limitation natural disasters such as fire, flood, wind, earthquake, lightning or similar disaster; (iii) governmental actions or inactions; (iv) strikes or work stoppages; (v) MSP’s failure to follow applicable use or operations instructions or manuals; (vi) MSP’s failure to implement, or to allow Sophos or its agents to implement, any corrections or modifications to the Appliance made available to MSP by Sophos; or (vii) such other events outside Sophos’s reasonable control.
5.15 THE ABOVE HARDWARE WARRANTIES ARE NULL AND VOID IF (i) ANY WARRANTY STICKERS ARE TAMPERED WITH OR ARE MISSING, (ii) THE HARDWARE WAS REPAIRED OR ALTERED BY PERSONNEL OTHER THAN THOSE AUTHORISED BY SOPHOS, (iii) THE HARDWARE HAS BEEN USED WITH ANY SOFTWARE OTHER THAN THE LICENSED PRODUCTS, OR (iv) THE HARDWARE HAS BEEN USED FOR ANY PURPOSE OTHER THAN THE BENEFICIARY’S INTERNAL BUSINESS PURPOSE.
5.16 To the maximum extent permitted by applicable law, the warranties in this Clause 5 are personal to MSP and are not transferable to Beneficiaries or other third parties.
6. MSP WARRANTIES
6.1 MSP warrants and agrees that it shall:
6.1.1 remain wholly responsible for the compliance by Beneficiaries and Users with this Agreement and with all applicable laws and regulations;
6.1.2 ensure that all Beneficiaries are bound by a contract for MSP’s managed services, the terms of which are no less protective of Sophos than these terms and conditions;
6.1.3 not distribute any Credentials provided by Sophos to Beneficiaries or any other third parties;
6.1.4 ensure that Beneficiaries cease to access and/or use the Products if they no longer have a valid agreement with MSP for the supply of managed services or if this Agreement is terminated;
6.1.5 ensure that Beneficiaries receive Updates and Upgrades promptly and in any event within 24 hours following Sophos making such Updates and Upgrades available;
6.1.6 provide all first line technical support to Beneficiaries and ensure that Beneficiaries and Users do not contact Sophos directly. Where Beneficiaries or Users do contact Sophos directly, Sophos shall be entitled to charge an administration fee of $100 (or equivalent in local currency) for each and every such occurrence. In the event of ongoing Beneficiary or User contact with Sophos support, Sophos reserves the right to terminate this Agreement;
6.2 MSP shall hold harmless, defend and fully and effectively indemnify Sophos against any claims, actions, proceedings, damages, costs, expenses or other liability whatsoever arising out of, resulting from or relating to MSP’s and each Beneficiary’s use of the Products (including without limitation breach of MSP’s warranties in this Clause 6).
7.1 Sophos shall indemnify and keep MSP fully and effectively indemnified on demand from and against any and all losses, claims, damages, costs, charges, expenses and liabilities which arise from any claim or proceeding alleging that MSP’s use, possession or distribution of the Licensed Products in the country where MSP’s head office is located (provided that such country is a party to the World Intellectual Property Organization (WIPO) treaties on patents, trademarks and copyrights) in accordance with the terms of this Agreement infringes any third party patent, trademark or copyright in the country where MSP’s head office is located. MSP shall not be entitled to the benefit of this indemnity if:-
7.1.1 MSP fails to notify Sophos in writing within ten (10) days of any claim being made or proceedings being issued against MSP or a Beneficiary; or
7.1.2 MSP and its Beneficiaries do not at the written request of Sophos forthwith cease to use the Licensed Product on any such claim being made; or
7.1.3 MSP or its Beneficiaries shall have, without the prior written consent of Sophos, acknowledged the validity of the claim or proceedings of such third party or taken any action which would or might impair the ability of Sophos to contest the claim or proceedings of the third party if it so elects and in any such case Sophos shall be entitled to terminate this Agreement forthwith by notice to MSP.
7.2 Sophos shall have no liability under Clause 7.1 or otherwise if the alleged infringement arises due to:
7.2.1 modification of the Licensed Product by anyone other than Sophos; or
7.2.2 use of the Licensed Product with any hardware, software or other component not provided by Sophos in circumstances where use of the Licensed Product without such other hardware, software or component would not have led to liability under Clause 7.1; or
7.2.3 use of the Licensed Product other than in accordance with the Documentation.
7.3 If any such claim referred to in Clause 7.1 is made against MSP or a Beneficiary, then Sophos shall have:
7.3.1 the absolute discretion to decide whether to defend or settle any proceedings in relation to such third party’s claims or to initiate counter-proceedings;
7.3.2 the sole control of any defense, settlement or counter-proceedings;
7.3.3 the right to require, if it considers it necessary or desirable, MSP to join in any such proceedings at Sophos’s cost;
7.3.4 the right to require MSP’s full co-operation (at Sophos’s expense) in defending or settling the claim;
7.3.5 the right to procure a license so that MSP’s use, possession and distribution of the Licensed Products in accordance with the terms of this Agreement does not infringe any third party patents, trademarks or copyrights;
7.3.6 the right to modify the Licensed Products so that they no longer infringe a third party’s patents, trademarks or copyrights; and
7.3.7 the right to terminate this Agreement forthwith by notice to MSP if Sophos cannot obtain a license or modify the Licensed Products in the manner referred to in Clauses 7.3.5 and 7.3.6 in a manner which Sophos considers commercially feasible and refund a pro rata amount of any fees paid by MSP for the Licensed Products which relates to the period after termination (if any);
7.4 MSP will in any event mitigate MSP’s losses incurred under or in relation to this Clause 7 as far as possible.
7.5 THIS CLAUSE 7 SETS OUT MSP’S SOLE REMEDY AND THE WHOLE LIABILITY OF SOPHOS IN THE EVENT THAT THE PRODUCTS INFRINGE THE PATENTS, TRADEMARKS, COPYRIGHTS OR OTHER INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.
8. DISCLAIMER OF WARRANTIES
8.1 EXCEPT FOR THE EXPRESS WARRANTIES FOR THE LICENSED PRODUCTS AND HARDWARE CONTAINED IN CLAUSES 5.1 AND 5.2 ABOVE, SOPHOS AND ANY OF ITS THIRD-PARTY LICENSORS AND SUPPLIERS AND THE CONTRIBUTORS OF CERTAIN INCLUDED SOFTWARE MAKE NO WARRANTIES, CONDITIONS, UNDERTAKINGS OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE IN RELATION TO THE PRODUCT OR ANY THIRD PARTY SOFTWARE INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR ARISING FROM COURSE OF DEALING, USAGE OR TRADE. SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO MSP AND MSP MAY HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE OR BY JURISDICTIONS.
8.2 WITHOUT LIMITATION TO THE FOREGOING, SOPHOS DOES NOT WARRANT THAT THE PRODUCT WILL MEET MSP’S OR BENEFICIARIES’ REQUIREMENTS OR THAT THE OPERATION OF THE PRODUCT WILL BE ERROR FREE OR UNINTERRUPTED OR THAT DEFECTS IN THE PRODUCT WILL BE CORRECTED. SOPHOS DOES NOT WARRANT THAT THE PRODUCTS WILL DETECT AND/OR CORRECTLY IDENTIFY AND/OR DISINFECT ALL THREATS, APPLICATIONS (WHETHER MALICIOUS OR OTHERWISE) OR OTHER COMPONENTS. FURTHER, SOPHOS DOES NOT WARRANT OR REPRESENT THAT MSP OR ANY BENEFICIARY IS ENTITLED TO BLOCK ANY THIRD PARTY APPLICATIONS OR THAT MSP OR BENEFICIARY IS ENTITLED TO ENCRYPT OR DECRYPT ANY THIRD PARTY INFORMATION.
8.3 MSP FURTHER ACKNOWLEDGES AND AGREES THAT MSP AND THE BENEFICIARY SHALL BE SOLELY RESPONSIBLE FOR PROPER BACK-UP OF ALL DATA AND THAT MSP AND THE BENEFICIARY SHALL TAKE APPROPRIATE MEASURES TO PROTECT SUCH DATA. SOPHOS AND ITS THIRD PARTY LICENSORS ASSUME NO LIABILITY OR RESPONSIBILITY WHATSOEVER IF DATA IS LOST OR CORRUPTED.
9. LIMITATION OF LIABILITY
9.1 MSP AND EACH BENEFICIARY USES THE PRODUCT AT MSP’S AND SUCH BENEFICIARY’S OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL SOPHOS OR ANY OF ITS THIRD PARTY LICENSORS AND SUPPLIERS OR THE CONTRIBUTORS OF CERTAIN INCLUDED SOFTWARE BE LIABLE TO MSP OR BENEFICIARIES (OR TO THOSE CLAIMING THROUGH MSP) FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR SPECIAL DAMAGE OR LOSS OF ANY KIND INCLUDING, BUT NOT LIMITED TO, LOSS OF PROFITS, LOSS OF CONTRACTS, BUSINESS INTERRUPTIONS, LOSS OF OR CORRUPTION OF DATA HOWEVER CAUSED AND WHETHER ARISING UNDER CONTRACT OR TORT, INCLUDING WITHOUT LIMITATION NEGLIGENCE, (INCLUDING BUT NOT LIMITED TO ANY LOSS OR DAMAGE RELATED TO ANY THIRD PARTY SOFTWARE), EVEN IF SOPHOS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9.2 IF ANY LIMITATION, EXCLUSION, DISCLAIMER OR OTHER PROVISION CONTAINED IN THIS AGREEMENT IS HELD TO BE INVALID FOR ANY REASON BY A COURT OF COMPETENT JURISDICTION AND SOPHOS BECOMES LIABLE THEREBY FOR LOSS OR DAMAGE THAT MAY LAWFULLY BE LIMITED, SUCH LIABILITY WHETHER IN CONTRACT, TORT (INCLUDING WITHOUT LIMITATION NEGLIGENCE) OR OTHERWISE, WILL NOT EXCEED THE GREATER OF THE FEES PAID BY MSP FOR ANY 12 MONTH PERIOD OR USD $10,000.
10. THIRD PARTY SOFTWARE
The Products may operate or interface with software or other technology that is licensed to Sophos from third parties (“Third Party Licensors”), which is not proprietary to Sophos, but which Sophos has the necessary rights to license to MSP and Beneficiaries (“Third Party Software”). MSP agrees that (a) MSP and the Beneficiaries will use such Third Party Software in accordance with this Agreement, (b) no Third Party Licensor makes any warranties, conditions, undertakings or representations of any kind, either express or implied, to MSP or the Beneficiaries concerning such Third Party Software or the Products themselves, (c) no Third Party Licensor will have any obligation or liability to MSP or the Beneficiaries as a result of this Agreement or use of such Third Party Software, (d) such Third Party Software may be licensed under license terms which grant MSP and the Beneficiaries additional rights or contain additional restrictions in relation to such materials, beyond those set forth in this Agreement, and such additional license rights and restrictions are described or linked to in the applicable Documentation, the relevant Sophos webpage, or within the Product itself.
11.1 Sanctions and Export Control Laws
The MSP hereby agrees that:
11.1.1 it will comply, and will ensure that its relevant personnel comply, with all applicable Sanctions and Export Control Laws including, without limitation, to ensure that the Products to be supplied under this Agreement, in any form, are sold, supplied, imported, exported, re-exported, transferred, used, disclosed and/or transported only in accordance with all applicable Sanctions and Export Control Laws, including by any Beneficiary;
11.1.2 it will immediately notify Sophos if it becomes aware that it or any of its personnel may have breached any applicable Sanctions and Export Control Laws;
11.1.3 it will not supply any Sophos Products, in any form, directly or indirectly, to any person or entity based in Cuba, Iran, Syria, Sudan or North Korea;
11.1.4 while information about the classification of Products for export purposes is available at http://www.sophos.com/en-us/legal/export.aspx and Sophos will use reasonable endeavors to maintain the information on such webpage, it is responsible for seeking its own legal advice and ensuring its own compliance in relation to all applicable Sanctions and Export Control Laws;
11.1.5 in the event that the sale, supply, export, re-export or transfer of all or part of the Products or any part thereof to be supplied under this Agreement is subject to Sophos obtaining or using an export licence, it will provide promptly upon request all assistance or documentation required by Sophos including, as appropriate, an accurately completed end user undertaking or consignee undertaking;
11.1.6 it will be solely responsible for fulfilling all the requirements of the authorities in all jurisdictions to which the Products will be supplied for the licensing, registration or other authorisation for the sale, supply, import, re-export, transfer, use, disclosure or transport of the Products;
11.1.7 it will indemnify and hold Sophos harmless from and against any claim, loss, liability or damage suffered or incurred by Sophos resulting from or related to MSP’s breach of this clause.
MSP Agreement Revision 2 – 28 May 2014
Sophos reserves the right at any time to (i) request a certificate signed by an authorized representative of MSP confirming compliance with the requirements of this Clause 11.1, and/or (ii) conduct an audit of MSP upon reasonable notice and within MSP’s normal business hours in order to verify MSP’s compliance with the requirements of this Clause 11.1.
11.1.2 Information about the classification of Products for export purposes is available at http://www.sophos.com/en-us/legal/export.aspx. While Sophos will use reasonable endeavors to maintain the information on such webpage, the MSP acknowledges and agrees that MSP is responsible for seeking its own legal advice and ensuring its own compliance in relation to export control.
11.1.3 Sophos reserves the right at any time to (i) request a certificate signed by an authorized representative of MSP confirming compliance with the requirements of this Clause 11.1, and/or (ii) conduct an audit of MSP upon reasonable notice and within MSP’s normal business hours in order to verify MSP’s compliance with the requirements of this Clause 11.1.
11.2 Import. MSP acknowledges and agrees that it is solely responsible for complying with any local import rules and regulations, including but not limited to obtaining any approvals and licenses that may be required.
11.3 MSP is solely responsible for fulfilling any applicable regulatory requirements, including without limitation those that relate to the EC Directive on Waste Electrical and Electronic Equipment (2002/96/EC) (“WEEE”) and The Restriction of the Use of Certain Hazardous Substances in Electrical and Electronic Equipment Regulations (2002/95/EC) (“RoHS”) (as amended), in connection with MSP’s and any Beneficiary’s use, disclosure, transfer, transport and/or disposal of the Product.
11.4Anti-Bribery and Fair Competition. MSP warrants and represents that in entering into this Agreement neither MSP nor any of its officers, employees, agents, representatives, contractors, intermediaries nor any other person or entity acting on behalf of MSP will take any action, directly or indirectly, that would constitute an offence under (i) the United Kingdom Bribery Act 2010, the United States Foreign Corrupt Practices Act 1977 or any other applicable anti-bribery and anti-corruption laws or regulations anywhere in the world, or (ii) any rules of fair competition.
11.5 ANY BREACH OF THIS CLAUSE 11 SHALL BE A MATERIAL BREACH INCAPABLE OF REMEDY THEREBY ENTITLING SOPHOS TO TERMINATE THIS AGREEMENT FORTHWITH. In addition, MSP agrees to indemnify and hold Sophos harmless from and against any claim, loss, liability or damage suffered or incurred by Sophos resulting from or related to violation of this Clause 11 by MSP or a Beneficiary.
12. TERM AND TERMINATION
12.1 This Agreement shall commence upon execution and continue unless and until terminated in accordance with the express provisions set out herein.
12.2 Termination for Convenience. Either party may terminate this Agreement for convenience at any time upon thirty (30) days’ prior written notice, save that if MSP has committed to a monthly or other minimum payment for a specified period, such termination will not be effective until the expiry of such period.
12.3 Termination for Cause. Sophos may terminate this Agreement immediately upon written notice if: (i) Sophos does not receive the fees (in whole or in part) from MSP or the authorized distributor/reseller in accordance with the agreed payment terms, or (ii) MSP fails to comply with any of the terms and conditions of this Agreement, or (iii) MSP takes or suffers any action on account of debt or becomes insolvent.
12.4 End of Life. MSP acknowledges and agrees that it may be necessary to withdraw Products from time to time for reasons including but not limited to changes in demand and technology. Sophos will endeavor to provide (i) up to thirty 30 days’ notice of the end of sale date, and (ii) up to three (3) months’ notice of the end of support date for affected Product(s). In the unlikely event that MSP has paid in advance for the affected Product(s) for a period beyond the end of support date, Sophos’ sole liability shall be to provide a pro rata refund in respect of such advance payment. For the purposes of this Clause 12.4, notice may include but not be limited to an email and/or posting a message on the Partner Portal.
12.5 Effects of Termination.
12.5.1 MSP’s obligations under this Agreement in respect of the intellectual property and confidential information of Sophos shall survive any expiry or termination of this Agreement.
12.5.2 Termination of this Agreement shall not relieve MSP of its obligations to pay all fees that have accrued or are otherwise owed by MSP to Sophos (or its authorized resellers and distributors as applicable). Except as expressly set out in Clauses 7.3.7 and 12.4 above, all fees paid are non-refundable to the maximum extent allowed by applicable law.
12.5.3 In the event that Sophos terminates this Agreement in accordance with Clause 12.3(i) above due to non-payment of fees with respect to Appliance(s), MSP is required to return the Appliance(s) to the return location indicated by Sophos, securely and properly packaged, with carriage and insurance prepaid. If MSP fails to return the Appliance(s) promptly, Sophos will be entitled to enter MSP’s premises to repossess such Appliance(s).
12.5.4 Within one month after the date of termination of this Agreement, MSP must supply written certification to Sophos confirming the destruction by MSP and its Beneficiaries of the Licensed Product and all copies of all or any part of it.
12.5.5 All rights of the MSP and its Beneficiaries to use the Products will automatically cease upon termination of this Agreement.
13. CONFIDENTIALITY AND DATA PROTECTION
13.1 The Products and MSP Price List Revision 2 may include confidential information that is secret and valuable to Sophos and its licensors. MSP and its Beneficiaries are not entitled to use or disclose that confidential information other than strictly in accordance with the terms of this Agreement.
13.2 Sophos reserves the right to disclose details of this Agreement to third parties for publicity and promotional purposes and MSP expressly gives Sophos permission to include and publish MSP’s name and logo on lists of Sophos’s partners.
13.3 MSP acknowledges and agrees that Sophos may contact Beneficiaries in the event that (i) this Agreement has been terminated, or (ii) Sophos has not received the fees for such Beneficiary’s use of the Products. Sophos may at its discretion decide whether to continue to support Beneficiaries (either directly or via a third party) and allow them to use Products where MSP has been unable to do so for reasons of insolvency or otherwise.
13.4 MSP agrees that Sophos may send promotional emails to MSP to provide information about other goods and services in which MSP may be interested. MSP may notify Sophos that it wishes to withdraw its permission for such promotional emails at any time by sending an email to firstname.lastname@example.org.
13.5 MSP acknowledges and agrees that Sophos may directly and remotely communicate with Products and Computers for the purposes of, without limitation, (i) verifying Credentials; (ii) issuing reports and alerts such as automated support requests and alert messages; (iii) providing Maintenance; (iv) applying policy and configuration changes; and (v) extracting usage information, service performance information, and infection logs. Such communications may include but not be limited to SMS text messages and other push notifications.
13.6 MSP acknowledges and agrees that it may be necessary for Sophos to collect and process certain information relating to MSP, the Beneficiaries and the individual Users in order to provide and support the Products, and that such information may include proprietary, confidential and/or personal data, including without limitation (i) names, email addresses, telephone numbers and other contact details; (ii) account usernames; (iii) IP addresses; (iv) usage information; (v) infection logs; and (vi) files suspected of being infected with malware. Such information may be used for Sophos’s business purposes which include but shall not be limited to, product support, product development and enhancement, statistical analysis, billing and reporting.
13.7 Certain Products may (at MSP’s sole option) enable MSP to configure the Product to (i) track and log the geographic location of devices; (ii) block access to devices; (iii) delete the content of devices; (iv) report on any software installed on the devices; and (v) store text and email messages that were sent and/or received by devices.
13.8 In the case of personal data processed on MSP’s behalf, Sophos acts as a Data Processor. In the case of personal data used for Sophos’s business purposes under Clause 13.6, Sophos Ltd is the Data Controller. The terms “Data Processor” and “Data Controller” shall have the meanings defined in the EU Directive 95/46 EC. In each case, Sophos will process personal data in accordance with the terms of this Agreement, the provisions of the EU Directive 95/46 EC, and the Sophos data protection policy which is available at http://www.sophos.com/en-us/legal/sophos-group-privacy-policy.aspx.
13.9 MSP acknowledges that Sophos is a global organization and that accordingly, group companies, subcontractors and third party licensors may be located anywhere in the world. If Sophos transfers any personal data to another country, Sophos will provide appropriate protection for such personal data.
13.10 MSP acknowledges and agrees that it may be necessary under applicable law to inform and/or obtain consent from individuals prior to intercepting, accessing, monitoring, logging, storing, transferring, exporting, blocking access to, and/or deleting their communications. MSP is solely responsible for compliance with such laws. MSP further warrants that it has obtained all necessary consents and provided all necessary notifications to share data and other information with Sophos for the purposes described in this Agreement.
13.11 Each party shall take appropriate technical and organizational measures against unauthorized or unlawful processing of personal data or its accidental loss, destruction or damage.
13.12 MSP agrees to indemnify and hold Sophos harmless from and against any liability that arises in relation to MSP’s failure to comply with this Clause 13.
14.1 During the term of this Agreement, MSP shall at all times observe and perform the terms and conditions of this Agreement. In addition, MSP shall (i) comply with the MSP enrolment, training and certification requirements as listed on the Partner Portal, and (ii) co-brand promotional materials (such as collateral, presentations and press releases) using the phrase “powered by Sophos” and the Sophos logo.
14.2 Any reseller or distributor from whom MSP may have purchased the Product is not appointed or authorized by Sophos as its servant or agent. No such person has any authority, either express or implied, to enter into any contract or provide MSP with any representation, warranty or guarantee or to translate or modify this Agreement in any way on behalf of Sophos, or otherwise to bind Sophos in any way whatsoever.
14.3 Sophos shall be free to use, for its own business purposes, any ideas, suggestions, concepts, know-how or techniques contained in information received from MSP or the Beneficiaries that directly relates to Sophos’s products or business. For example, Sophos shall be free to incorporate any suggested changes or modification to the Products into products licensed to other customers.
14.4 Sophos may at its sole discretion assign, subcontract or otherwise transfer any of its rights or obligations hereunder to any of its group companies, resellers, distributors or dealers, as applicable.
14.5 SOPHOS RESERVES THE RIGHT TO UNILATERALLY MODIFY THE TERMS AND CONDITIONS OF THIS AGREEMENT AT ANY TIME BY NOTICE. Notice includes, but is normally not limited to, posting details at the Partner Portal and/or email announcements sent to MSP representatives. Following receipt of such notification, the MSP may terminate the Agreement within thirty (30) calendar days if the MSP objects to the notified changes. Failure to terminate within such period shall mean that the MSP expressly and unreservedly accepts all the amendments contained in the notice, which shall take effect immediately upon expiry of said thirty (30) calendar day period.
14.6 Failure by Sophos to enforce any particular term of this Agreement shall not be construed as a waiver of any of its rights under it.
14.7 The illegality, invalidity or unenforceability of any part of this Agreement will not affect the legality, validity or enforceability of the remainder.
14.8 This Agreement constitutes the entire agreement between the parties in relation to Products purchased after the date of execution of this Agreement, and supersedes any other oral or written communications, agreements or representations with respect to such Products, save for any oral or written communications, agreements or representations made fraudulently. The UN Convention on Contracts for the International Sale of Goods (CISG) shall not apply. In the event that MSP has purchased products under a previous MSP agreement between the parties, such agreement shall continue to apply to those products until expiry or termination of such agreement.
14.9 If MSP is an agency or other part of the U.S. Government, the Software and the Documentation are commercial computer software and commercial computer software documentation and their use, duplication and disclosure are subject to the terms of this Agreement per FAR 12.212 or DFARS 227.7202-3, as amended.
14.10 A person who is not a party to this Agreement has no right to enforce any term of this Agreement under applicable legislation and the parties to this Agreement do not intend that any third party rights are created by this Agreement.
14.11 If there are any inconsistencies between the English language version of this Agreement and any translated version, then the English language version shall prevail.
14.12 In the event the Sophos subsidiary from which MSP has purchased the licenses is located in:
THE UNITED STATES OF AMERICA OR CANADA this Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts and the courts of the Commonwealth of Massachusetts shall have non-exclusive jurisdiction to determine any disputes which may arise out of, under, or in connection with this Agreement; and
ALL OTHER COUNTRIES this Agreement shall be governed by and construed in accordance with the laws of England and Wales and the courts of England and Wales shall have non-exclusive jurisdiction to determine any disputes which may arise out of, under, or in connection with this Agreement.
14.13 Any notices required to be given in writing to Sophos or any questions concerning this Agreement should be addressed to The Legal Department, Sophos Limited, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom.
- 1. This Appendix 1 shall only apply if the MSP purchases from Sophos directly.
- All fees are calculated in accordance with MSP Price List Revision 2 or, in the case of Hardware, in the applicable Hardware price list for the Territory.
- If the MSP has committed to a monthly or other minimum payment (the “Minimum Payment“), Sophos will calculate MSP’s actual usage each calendar month or part thereof, and the MSP shall pay overage fees for any additional Users, Servers and other chargeable units consumed in excess of such Minimum Payment. The MSP may not transfer any unused portion of a Minimum Payment to future periods. The MSP may increase the amount of the Minimum Payment at any time. The Minimum Payment may not be decreased or cancelled during a period of twelve (12) months from the date such Monthly Minimum Period commenced or increased. Certain MSP Products (as specified in MSP Price List Revision 2) may not be allocated to the Minimum Payment and must be purchased separately in addition to such Minimum Payment.
- If the MSP has not committed to a Minimum Payment, Sophos shall invoice the MSP monthly in arrears based on the MSP’s actual number of Users, Servers and other chargeable units in the calendar month or part thereof.
- All payments shall be made in the currency identified in the MSP Price List Revision 2 version applicable to the MSP’s Territory.Credit card payments may only be made for invoices below USD$5,000 (or its equivalent in local currency).
- Payment of the fees shall be due within 30 days of the end of the period for which the fees are due. Delays in submission of usage reports will not lead to an extension of this period.
- If any sum payable under this Agreement is not paid when due or is delayed by MSP’s failure to properly report the number of Users, Servers or other chargeable units, then without prejudice to Sophos’s other rights under this Agreement, that sum will bear interest from the due date until the date when payment is received by Sophos, both before and after any judgement, at the rate of 1.5% per calendar month.
- All payments, fees and other charges payable by MSP to Sophos under this Agreement are exclusive of all taxes, levies and assessments of any jurisdiction. MSP agrees to bear and be responsible for the payment of all such taxes, levies and assessments imposed on MSP or Sophos arising out of this Agreement, excluding any tax based on Sophos’s net income. If the MSP is required to pay Sophos a lower amount under this Agreement because of any withholding or tax, the MSP shall pay to Sophos such grossed-up amount as would be necessary to provide Sophos the full amount of the payment due after the deduction of any such withholding or tax imposed.
- MSP shall purchase from the relevant local Sophos subsidiary as set out in the table below. Sophos reserves the right to transfer MSP to an alternative Sophos entity at any time in accordance with Clause 14.4:
||Sophos Pty Ltd
India, Bangladesh, Nepal, Sri Lanka, Maldives, Thailand, Pakistan
|Asia (excluding Hong Kong, Japan, India, Bangladesh, Nepal, Sri Lanka, Maldives, Thailand, Pakistan)
||Sophos Computer Security Pte. Ltd
||Sophos Hong Kong Company Ltd
||Sophos Inc. (Canadian entity)
|USA and Latin America
||Sophos Inc. (US entity)
|France and Monaco
|Germany and Austria
||Sophos Italia S.r.l.
|Spain, Portugal, Gibraltar, Andorra
||Sophos Iberia Srl
|Belgium, Luxembourg and the Netherlands
|Sweden, Finland, Norway, Denmark, Estonia, Latvia, Lithuania
|Switzerland and Liechtenstein
||Sophos Schweiz AG
|Middle East and Africa
||Sophos Ltd (Middle East Branch)
|Any other location
MSP Agreement Revision 2 - May 2014