Service Description—Sophos Managed Threat Response Essentials (Early Access Program)

This Service Description describes Sophos Managed Threat Response Essentials (“Service”).  All capitalized terms in this Service Description have the meaning ascribed to them in the Agreement (defined below) or in the Definitions section below.

This Service Description is part of and incorporated into, as applicable: (i) Customer’s or Managed Service Provider’s manually or digitally‐signed agreement with Sophos covering the purchase of a Service subscription; (ii) Managed Service Provider’s manually or digitally-signed agreements with Sophos covering its purchase of  Offerings of which the Service is a part; or (iii) if no such signed agreement exists, then this Service Description will be governed by the terms of the Sophos Services Agreement posted at https://www.sophos.com/en-us/legal (collectively referred to as the “Agreement”). To the extent there is a conflict between the terms and conditions of the Agreement and this Service Description, the terms and conditions of this Service Description will take precedence.

Notwithstanding anything to the contrary in the Agreement, Customer/MSP acknowledges and agrees that: (i) Sophos may modify or update the Service from time to time without materially reducing or degrading its overall functionality; and (ii) Sophos may modify or update this Service Description at any time to accurately reflect the Service being provided, and any updated Service Description will become effective upon posting to https://www.sophos.com/en-us/legal.  

I. DEFINITIONS

1. “Active Threat” is an infection, compromise, or un-authorized access of asset(s) that is attempting to circumvent controls to compromise a Managed Endpoint.

2. “Case” is a Detection or set of Detections that is generated by a Managed Endpoint for review by Security Services Team.

3. “Detection” is a condition where data generated by a Managed Endpoint has been identified as an indicator of malicious or suspicious activity.

4. “Managed Endpoint” is a desktop/laptop or server system where the Service Software is installed, up-to-date, and operational in support of Service delivery.

5. “Security Services Team” is the Sophos team conducting investigation and Response Actions.

6. “Response Action” is an interaction with Managed Endpoints to investigate the Case by conducting data collection to validate an Active Threat.

II. SCOPE OF SERVICE

1. The Service is provided on Managed Endpoints and includes the following activities:

1.1 Onboarding. During the onboarding process, the following activities must occur as a precondition to delivery of the Service:

1. Customer/MSP will (i) provide contact information and (ii) determine Customer/MSP communication preferences (i.e. email, phone, Sophos Central portal).  MSP must act as the contact for any Service to be provided to a Beneficiary. 
2. MSP is solely responsible for: (i) obtaining any consents or information required from its Beneficiaries in order for Sophos to perform the Service, (ii) ensuring that Beneficiaries take all actions required of Customers in this Service Description; (iii) advising Beneficiaries of the risks and potential impacts of the Service.
3. The Customer, MSP, or Partner will install the required Service Software on all Managed Endpoints to be covered by the Service.

1.2 Investigations and Response.  Sophos will monitor the Managed Endpoints for Detections, and the following investigation and analysis activities for Detections will be conducted:

1. Investigate Cases to determine if an Active Threat exists.
2. Provide recommendations to Customer/MSP regarding suggested remediation. No remediation actions are taken by the Security Services Team.
3. A formal investigation framework is utilized to supplement Cases with attack intelligence, drive continuous enrichment of Case details, and provide situational awareness throughout the investigation lifecycle.
4. Escalation: information about the Case is shared with the Customer/MSP.
5. All monitoring, investigation and Response Actions described in this Section 1.2 will be provided on a 24/7/365 basis. 
6. The following service level targets are utilized to provide Customers/MSPs with guidelines around timing expectations for Case creation resulting from investigations.

1.3. Reporting. Periodically, the Customer/MSP will be provided with reports relating to Detections and Cases.

III. CUSTOMER/MSP RESPONSIBILITIES.

Customer/MSP acknowledges and agrees that, in addition to the actions set out in Section II. 1.1 above, Customer/MSP must take the following actions to facilitate and enable delivery of the Service, and Sophos shall have no liability for any degraded, incomplete, or failed Service delivery which may result from Customer/MSP’s failure to do so. Sophos reserves the right to suspend Service delivery until such time as Customer/MSP performs the required actions. 

1. Onboarding. Customer/MSP will (i) provide contact information, and (ii) determine Customer/MSP communication preferences (i.e. email, phone, Sophos Central portal). MSP must act as the contact for any Service to be provided to a Beneficiary of MSP’s. 

1. Installation Requirements. Customer/MSP/Beneficiary must: a) have a valid and active Sophos Central account, b) deploy and configure the Service Software to Managed Endpoints, and c) meet minimum system requirements to install Sophos Software.
2. Remediating Active Threats. Customer/MSP must make reasonable efforts to timely remediate any Active Threats reported by Sophos or by other third-party technologies that Customer/MSP/Beneficiary utilizes for cybersecurity detection and protection.
3. Time and Date Settings. Customer/MSP must ensure that all Managed Endpoints have accurate time and date settings.  Sophos will not be responsible for errors, issues, and residual risk experienced or incurred by Customer/MSP for Detections generated by Managed Endpoints with inaccurate time and date settings.
4. Customer/MSP Personnel. Customer/MSP must identify an appropriate number of suitably skilled personnel who will work with Sophos during the provision of the Service. Customer/MSP’s personnel must have the necessary technical and business knowledge and authority to make decisions concerning the Service.
5. Timely Response. Customer/MSP must promptly acknowledge receipt of Sophos communications in writing and must timely respond to Sophos’s requests.
6. Actions Outside the Scope of Service. Customer/MSP is solely responsible for taking any actions suggested by Sophos that are outside of the scope of the Service (e.g., Sophos’s suggestions regarding on-site response, litigation and e-Discovery support, and collaboration with law enforcement).
7. MSP Additional Responsibilities.  MSP is solely responsible for: (i) obtaining any consents or information required from its Beneficiaries in order for Sophos to perform the Service, (ii) ensuring that Beneficiaries take all actions required of Customers in this Service Description; (iii) ensuring that its Beneficiaries understand the risks associated with performance of this Service, and (iv) that any Beneficiary for which MSP performs this Service has agreed to accept all such risks.  MSP will indemnify and hold Sophos harmless for any claim brought against Sophos by a Beneficiary if such claim results, in whole or in part, from MSP’s failure to fully perform its obligations under this Service Description or the Agreement with respect to the Service. 

Revision Date: 2 February 2021