This Master Agreement is by and between Burton Computer Resources, Inc. (“Service Provider”, “Provider”, “we” or “us”) and the client (“Client” or “you”) upon signing below or digitally, or receiving and signing a Schedule of Services (“Services”, “Order”, “Quote”, “Proposal”), subject to these terms and conditions and if you have met the requirements set forth by the Services Addendum, we shall provide the Services described in the Schedule of Services.

When we use the term “Agreement” or “Service Agreement” in any of these documents, we are referring collectively to the Master Agreement, Services Addendum and the Schedule of Services.

This Agreement is effective from the time you sign the Schedule of Services, or we prepare or submit an order or version of the Schedule of Services as we have prepared and made available to you, either physically or digitally. In the event of any conflict between the Schedule of Services and this Agreement, the terms of the Schedule of Services will prevail over this Agreement.

1. TERM. The Term of this Agreement shall commence as of Effective Date of Signing a Schedule of Services, Quote, or a similar order and shall remain in force for a Service Period of one (1) year and renewed automatically for successive one-year Periods beginning on each anniversary of Effective Date unless either party gives the other written notice of its intent not to renew Service Contract at least thirty (30) days prior to the expiration of the Service Period then in effect.
2. SELECTED SERVICES AND ASSOCIATED FEES TO BE PROVIDED BY A SCHEDULE OF SERVICES. Except in the procurement of Hardware only, the Client will select, and service provider will provide the services or products designated by the Schedule of Services, whereupon Client has affixed a signature by physical, digital or other lawful means, contingent upon Client’s timely payment of required fees in accordance with the payment schedule set forth in each Schedule of Services hereinafter. Schedule of Services become attached to this Master Agreement upon execution.
3. PAYMENT TERMS AND CONDITIONS.
   1. All services and service products provided by Service Provider to Client shall be billed monthly to Client and will be due and payable in accordance with the Net Terms and due date indicated on the monthly invoice.
   2. The purchase of any hardware or software will be billed upon delivery or completion of the installation. Service Provider may require a downpayment prior to installation or delivery and will set payment terms for hardware purchases based upon Service Provider’s reasonable estimation of Client’s credit worthiness. Service Provider reserves the right to request payment upfront for hardware purchases.
   3. Service Provider is responsible for collecting all applicable sales tax pursuant to state and local sales tax law. Client shall pay any such taxes unless a valid exemption or direct pay certificate is furnished. Service Provider will only waive sales tax upon receiving a valid Sales Tax exemption or where Mississippi State law does not require tax collection, such as out of state sales.
   4. Client agrees that Service Provider has the right to suspend all services provided under the Agreement without recourse if payment is not received by the due date indicated on the invoice, but such action does not relieve Client from the fees incurred under the Agreement.
   5. Client shall pay Service Provider by check, ACH, or agreed upon electronic payment, and not by credit or debit card, unless special arrangement has been agreed to by Service Provider who may charge additional handling fees.
   6. Any balance unpaid after thirty (30) days past the due date will be subject to a monthly finance charge of 1.5 %. A $40.00 service charge will be assessed for all returned checks or other rejected payment form.
   7. Client agrees to be responsible for all of Service Provider’s reasonable attorney’s fees and court costs in the event it becomes necessary for Service Provider to take legal action for the collection of delinquent amounts.
4. THIRD-PARTY SERVICE PROVIDERS. “Third-Party Service Providers” means Services provided by an entity or a Party other than the Service Provider in fulfillment of the Requested Services requirements whose terms and conditions Service Provider and/or Client may be legally bound. Client’s right to use the Third-Party Services is subject to Client’s understanding of, compliance with and consent to this Agreement and of any Third-Party agreements, which Service Provider does not have authority to vary, alter or amend. Therefore, Service Provider may utilize a Third-Party Service Provider in its discretion to provide the to provide the Services in accordance with these Terms. The Third-Party Service Provider may require the Service Provider to sign a contract with the Third-Party Service Provider for its services (“Third-Party Contract”) and the terms of the Third-Party Contract may impose conditions and requirements upon Client. Access to the terms and conditions of any such Third-Party Contract(s) will be provided to Client or appear on our website which identifies the Third-Party Service Provider and a link to its terms and conditions or EULA. Client hereby agrees to review all Third-Party Terms and Conditions, and consent to those Third-Party Terms and Conditions which Client has consented Service Provider to contract upon its behalf.
   1. THIRD-PARTY PRODUCT VENDORS. “Third-Party Product Vendors” means software, machinery, equipment, services, and/or products inclusive of component parts purchased from vendors in fulfillment of the Schedule of Services. Service Provider will use reasonable efforts to assign, transfer and facilitate all warranties (if any) for the Third-Party Product Vendor to Client, but will have no liability whatsoever for the quality, functionality or operability of any Third-Party Products, and Service Provider will not be held liable as an insurer or guarantor of the performance, downtime or usefulness of any Third-Party Product. Where applicable, a Third-Party Product Vendor may require the Service Provider to sign a contract with the Third-Party Product Vendor for its products (“Third-Party Contract”) and the terms of the Third-Party Contract may impose certain conditions and requirements upon Client. Client hereby agrees to review all Third-Party terms and conditions, and consent to those Third-Party terms and conditions which Client has consented Service Provider to contract upon its behalf.
   2. THIRD-PARTY PRODUCTS. Unless otherwise stated in the Schedule of Services, all hardware, software, peripherals or accessories purchased through Service Provider (“Third-Party Products”) are nonrefundable once the applicable Schedule of Services or Quote is placed in our queue for delivery. Unless otherwise expressly stated in the applicable Third-Party Product Vendor’s terms and conditions of the Third-Party Products, all Third-Party Products are provided “as is” and without any warranty whatsoever as between Service Provider and Client (including but not limited to implied warranties). If, in Service Provider’s sole discretion, a hardware or software issue requires vendor or OEM support, Service Provider may contact the vendor or OEM (as applicable) on Client’s behalf and pass through to Client all fees and costs incurred in connection with that process. If such fees or costs are anticipated in advance or exceed $100, Service Provider will obtain Client permission before incurring such expenses on behalf of Client, unless exigent circumstances require Service Provider, in Service Provider’s sole discretion, to proceed otherwise without Client’s prior permission. Notwithstanding the foregoing, Client acknowledges and agrees that, in order for the Service Provider to provide uninterrupted services and support under this Agreement, it is the Client’s sole responsibility to maintain valid and current maintenance agreements with all software vendors providing software covered under these Terms or any Schedule of Service or other order. The Client must renew and pay for these maintenance agreements to ensure uninterrupted support. The Service Provider is not liable for service disruptions or delays caused by the Client’s failure to maintain these agreements. If a maintenance agreement lapses or a vendor discontinues support, the Client must notify the Service Provider, and the Service Provider is not obligated to continue support until a valid agreement is reinstated. The Client will cooperate with the Service Provider to resolve any issues arising from lapsing agreements.
5. AUTHORIZED CONTACTS. Client understands and agrees that Service Provider will be entitled to rely on any directions or consent provided to Service Provider by any of the Client’s authorized contracts (“Client Authorized Contacts”), as indicated to us by Client during onboarding. If no Client Authorized Contact is available, then Client Authorized Contact will be the person(s) who signed the applicable Schedule of Services. If Client desires to change the Authorized Contact(s), please notify Service Provider of such changes in writing which, unless exigent circumstances are stated in the notice, will take effect three (3) business days thereafter.
6. SHARED ADMINISTRATOR CREDENTIALS. If Client shares server, network, or software application administrative credentials, Service Provider will not be held legally liable or responsible for any outages, errors, breaches, data loss and misconfiguration since multiple administrators from different companies jeopardizes the integrity of the support outlined in this Agreement.
7. RIGHT TO REFUSE SERVICE. Service Provider reserves the right, regardless of fees prepaid, to refuse service to any Client. Conditions for refusal include, but are not limited to:
   1. Non-Compliance: Failure to comply with the terms and conditions of the Agreements.
   2. Illegal Activities: If Client engages in, or is suspected of engaging in illegal activities, including but not limited to, fraud, hacking, piracy, cybercrime, or any activities that violate local, state, federal, or international laws.
   3. Abusive Behavior: If Client exhibits abusive, threatening, rude, or harassing behavior towards Service Provider’s employees, contractors, or representatives.
   4. Security Risks: If Client does not follow Service Provider’s recommendations for security or Client’s actions or inactions pose a security risk to the Service Provider’s systems, networks, or other clients.
   5. Safety Concerns: If Client’s locations, or any other site that may need access by Service Provider’s employees, contractors, or representatives in order to provide services, appears to place Service Provider’s employees, contractors, or representatives in an unsafe environment not disclosed when service request was made so that reasonable safety precautions can be taken.
   6. Ethical Concerns: If the Service Provider determines, in its sole discretion, that providing services to Client would be unethical or would harm the Service Provider’s reputation.
   7. Service Provider will provide written notice at the time of refusal to Client specifying the reasons for the refusal of service. The Client will have the opportunity to address and rectify the issue within a reasonable timeframe, as determined by the Service Provider. If the issue is not resolved to the Service Provider’s satisfaction, the Service Provider may terminate this Agreement without further notice.
8. WARRANTIES.
   1. TO THE EXTENT ALLOWED BY LAW, the service provider’s services and technology are provided “as is,” without any expressed or implied warranties, including but not limited to merchantability, fitness for a particular purpose, functionality, performance, non-infringement, and title. The service provider and its third-party licensors explicitly disclaim all warranties, whether express, implied, or statutory. This includes warranties of merchantability, fitness for a particular purpose, non-infringement, and any warranties arising from trade usage, course of dealing, or course of performance.
   2. TO THE EXTENT ALLOWED BY LAW, the service provider and its third-party licensors do not guarantee the accuracy, completeness, sequence, timeliness, or availability of the services or service provider technology. No sales personnel, employees, agents, or representatives are authorized to make any warranties on behalf of the service provider or its third-party licensors. Additional oral statements should not be relied upon and are not part of the agreement.
   3. TO THE EXTENT ALLOWED BY LAW, the service provider and its affiliates or third-party licensors do not represent or warrant that the services or service provider technology will be uninterrupted or error-free. The customer acknowledges that using the services or service provider technology is at their sole risk, and the service provider and its third-party licensors are not responsible for any interruptions, delays, or errors caused by the transmission or delivery of the services, data, or any other information or by any communication service providers. This section remains effective even after the termination or expiration of the agreement.
   4. Product, software, or third-party service warranties, if any, are provided by the product manufacturer, software publisher, or third-party service provider.
   5. TO THE EXTENT ALLOWED BY LAW, Service Provider makes no warranties, whatsoever. Service Provider’s sole obligation (and Client’s sole remedy) in the event of any warranty claim shall be limited to the manufacturer, publisher, or third-party service provider’s applicable warranty terms and conditions. Service Provider is not obligated to mitigate warranty issues on Client’s behalf.
   6. Service Provider hereby warrants that any products or materials to be installed by technicians of Service Provider shall be installed in a workman-like manner consistent with generally prevailing industry standards for comparable services, and in compliance with this Agreement.
   7. This section shall survive termination or expiration and non-renewal of the Agreement.
9. LIMITATION OF LIABILITY.
   1. TO THE EXTENT ALLOWED BY LAW, in no event shall the service provider be liable for any incidental, consequential, special, indirect, punitive or third-party damages or claims, including but not limited to, lost profits, lost savings, cost of capital, fines or penalties of any kind, lost productivity, lost or corrupted data or software, loss of use of systems or network, loss of business opportunity, service provider products/services or third-party products/services not being available for use by client, loss of data, loss of communications, fraudulent communication charges, and loss from interruption of business, or any other commercial damages or losses arising out of or related to client’s use or inability to use the service provider’s services or automation, even if previously advised of their possibility and regardless of whether the form of action is in contract, tort or otherwise.
   2. TO THE EXTENT ALLOWED BY LAW, in no event shall Service Provider’s total liability to Client for all damages exceed the amounts paid by Client for services giving rise to such claim during the immediately preceding ninety-day period. These limitations apply even if a party has been advised of the possibility of such damages or the remedies fail of their essential purpose and that, without these limitations, the fee for the services provided hereunder would be higher. The foregoing limitations will apply even if the above stated remedy fails of its essential purpose. Client waves any and all other remedies and claims, whether arising under contract, tort, strict liability, product liability, misrepresentation, fraud or other theory of law or statute.
   3. TO THE EXTENT ALLOWED BY LAW, however, the monetary limitation set forth above shall not apply to claims for Service Provider’s gross negligence, willful misconduct, or fraudulent misrepresentation.
   4. TO THE EXTENT ALLOWED BY LAW, neither party shall be liable under any circumstances for damages resulting from breaches of security that result in unintended disclosure of confidential information of the other party, including costs associated with notification, recovery, or mitigation of such disclosure.
   5. TO THE EXTENT ALLOWED BY LAW, Service Provider shall not be held liable for any security breach arising out of the removal of, disabling, or misuse of any security feature installed or made available for the purpose of securing Client’s data and systems, whether knowingly or unknowingly and whether the Service Provider has been made aware of the removal of the security feature.
10. CONFIDENTIALITY.
    1. In the performance of the services to be provided hereunder, Client and Service Provider may have access to or be exposed to information of the other party not generally known to the public including, but not limited to, software, product plans, marketing and sales information, customer lists and account information, “know-how,” or trade secrets which may be designated as being confidential or which, under the circumstances surrounding the disclosure, ought to be treated as confidential.
    2. Confidential information may not be shared with third parties unless such disclosure is to the personnel of Service Provider or Client, including employees, agents, and subcontractors, on a “need-to-know” basis in connection with its performance of this Agreement, so long as such personnel have agreed to treat such confidential information under terms at least as restrictive as those herein.
    3. Each party agrees to take the necessary precautions to maintain the confidentiality of confidential information by using at least the same degree of care as such party employs with respect to its own confidential information of a like-kind nature, but in no case less than a commercially reasonable standard of care to maintain confidentiality and shall only make such information available to its employees on a “need-to-know” basis.
    4. Confidential information excludes information that:
       1. Was known by one party prior to its receipt by the other party or is or becomes public knowledge without the fault of the recipient;
       2. Is received by the recipient from a source other than the other party to this Agreement;
       3. A party is required to disclose in response to an Order by a court or governmental agency, provided that advanced notice of the disclosure is provided to the other party;
       4. Is independently developed by the receiving party without use of or reference to the confidential information of the other party; or
       5. Was in the public domain at the time disclosure or became publicly available after disclosure without breach of this Agreement.
11. NON-SOLICITATION/HIRING OF EMPLOYEES. The Client agrees not to hire or attempt to hire any Service Provider employee, contractor, or former employee within two years of termination of employment, as full-time or part-time employee, contractor, or any other such position without the written consent of Service Provider. Client understands and agrees that Service Provider shall suffer such irreparable harm in such event that Client shall, if such breach should occur, immediately pay to Service Provider an amount equal to the employee’s annual compensation (including salary and expected bonuses) at the time of breach.
12. FORCE MAJEURE. Neither party shall be held liable for any delay or failure in performance of all or a portion of the services to be provided pursuant to this Agreement from any cause beyond its control and without its fault or negligence, including, but not limited to, acts of God, acts of civil or military authority, government regulations, embargoes, epidemics, war, terrorists attacks, riots, insurrections, fires, explosions, earthquakes, nuclear accidents, floods, power blackouts affecting facilities other than facilities of a kind commonly protected by redundant power systems, unless its redundant power systems are also affected by any force majeure condition, unusually severe weather conditions, inability to secure products or services of other persons or transportation facilities, acts or omissions of transportation common carriers, defects or malfunctions in any hardware/software which adversely affects Service Provider’s ability to perform the services, problems caused by Client resources not under Service Provider’s management, changes made to Client’s networks or IT environment which Client fails to communicate to Service Provider, service failures that result from actions or inactions of Client contrary to Service Provider’s recommendations, and loss of internet connectivity to Client’s site. In such event, however, the delayed party must promptly provide the other party with written notice of the force majeure. The delayed party’s time for performance will be excused for the duration of the force majeure, but if the force majeure events last longer than thirty (30) days, the other party may immediately terminate this Agreement by giving written notice to the delayed party. In no event shall Service Provider or its subcontractors, whether under this Agreement or any other work, be liable in contract, tort, third-party liability, breach of statutory duty or otherwise, in respect of any direct, indirect or consequential losses or expenses, including without limitation loss of anticipated profits, company shut-down, third-party loss or injury, any loss because of data breach, any loss of personally identifiable or protected information, goodwill, use, market reputation, business receipts or contracts or commercial opportunities, whether or not foreseeable, if such loss was the result of a cyberattack or any other event not contemplated by this Agreement.
13. INDEMNIFICATION. TO THE EXTENT ALLOWED BY LAW, and specifically exempting state and local government clients with legal prohibitions from one or more individual provisions of this indemnification clause:
    1. Client shall defend, indemnify and hold Service Provider harmless from any third-party claim or action arising out of the failure of Client to obtain the appropriate license, intellectual property rights, or any other permissions, regulatory certifications or approvals associated with Client-provided software, technology or other components related to the services provided by this Agreement, as well as software directed or requested by Client to be installed or integrated as part of the services of this Agreement. Client agrees to provide Service Provider with proof of licensing upon its request.
    2. In connection with this Agreement, if any lawsuit, claim or proceeding is filed or if any fine or penalty is assessed against Service Provider that arises out of Client’s act or omission, Client shall indemnify and hold harmless Service Provider against liability for damages, reasonable expenses and legal fees incurred in the investigation and defense of any such action, except to the extent or degree that Service Provider was liable as a result of having caused or contributed to Client’s act or omission, or having assumed any liability, incurred any expense or made any payment in compromise or settlement of the action without Client’s prior written consent. Service Provider shall give Client, within twenty (20) business days, immediate written notice of any action and shall fully cooperate with Client. If Service Provider fails to do so, Client’s obligation to indemnify Service Provider hereunder shall not apply. Client shall have the right regarding such an action to assume or associate itself in the defense of the action.
    3. Each party agrees to indemnify and hold harmless the other party from any third-party claim or action for personal injuries, including death, resulting from the indemnifying party’s ordinary negligence, gross negligence, or willful misconduct incident to this Agreement. This section states each party’s exclusive remedies for any third-party claim or action, and nothing herein will obligate either party to provide any greater indemnity to the other.
14. LICENSE AGREEMENTS. Services or products provided to Client by Service Provider my require Client to accept the terms of one or more third party End User License Agreements (“EULAs”). If the acceptance of a EULA is required to provide the services or products to Client, then Client hereby grants Service Provider permission to accept the EULA on Client’s behalf. EULAs may contain service levels, warranties, and/or liability limitations that are different than those contained in the Agreements. Client agrees to be bound by the terms of such EULAs. If, while providing services or products, Service Provider is required to comply with a third-party EULA and the third-party EULA is modified or amended, Service Provider reserves the right to modify or amend any applicable Schedule of Services with Client to ensure its continued compliance with the terms of the third-party EULA. Client agrees to hold harmless and indemnify Service Provider against Client violation of any of the terms and conditions included in the third-party service’s or product’s EULA. Third-party EULAs will be provided upon request by Client.
15. SERVICE PROVIDER’S LICENSE/INTELLECTUAL PROPERTY. Subject to this Agreement, Service Provider grants Client a perpetual, non-exclusive, non-transferable license to use all programming, documentation, reports, and any other product provided as part of the Services solely for Client’s own internal use and no other purpose. Further;
    1. Service Provider retains all intellectual property rights in and to any property invented or composed in the course of or incident to Service Provider’s performance of the Agreement, as well as any software, materials, or methods created prior to or after conclusion of Service Provider’s Services (“Intellectual Property”). Client acquires no right or interest in or to any such Intellectual Property, by virtue of this Agreement or the Services performed under this Agreement by Service Provider, other than the limited license stated above. And;
    2. Client may only use and disclose Intellectual Property in accordance with this Agreement and Services. Service Provider reserves all rights in and to the Intellectual Property not expressly granted in this Agreement. Client may not disassemble or reverse engineer any Intellectual Property or decompile or otherwise attempt to derive any software source code within the Intellectual Property from executable code, except to the extent expressly permitted by applicable law despite this limitation or provide a third-party with the results of any functional evaluation, or benchmarking or performance tests on the Intellectual Property, without Service Provider’s prior written approval. Except as expressly authorized in this Agreement or Services, client may not (a) distribute the Intellectual Property to any third-party (whether by rental, lease, sublicense or other transfer), or (b) operate the Intellectual Property by outsourcing the product to process the data of third parties. Additional usage restrictions may apply to certain third-party files or programs embedded in the Intellectual Property.
16. SERVICE PROVIDER INSURANCE. Service Provider agrees to maintain insurance coverage that is reasonably required in connection with this Agreement or any Schedule of Services or other order, including but not limited to, workers compensation and general liability. Service Provider agrees to maintain a general liability and cyber liability errors and omissions insurance policy with a limit not less than $1,000,000 per occurrence. Upon request by Client, Service Provider shall provide certificates of insurance evidencing such insurance signed by an authorized representative of the insurer.
17. CLIENT INSURANCE. Client agrees to maintain, at its sole cost and expense, insurance coverage that is reasonably required by Service Provider in connection with this Agreement or Schedule of Services, including, without limitation, workers compensation, general liability, and cyber and privacy liability. Upon request by Service Provider, Client shall provide certificates of insurance evidencing such insurance signed by an authorized representative of the insurer, including proof of payment of any applicable premiums or amounts due thereunder. In the event Client fails to maintain the required insurance coverage, Service Provider may, at its sole discretion, suspend the Requested Services until Client provides evidence of the required insurance or may terminate the Agreement or Schedule of Services for a material breach. If Client is supplied with any Service Provider equipment, Client agrees to acquire and maintain, at its sole cost, insurance for the full replacement value of that equipment.
    1. CYBER AND PRIVACY INSURANCE. Client acknowledges that Client is solely responsible for obtaining and maintaining, for the duration of this Agreement, its own Cyber and Privacy Liability Insurance to adequately insure its cyber exposures. Client acknowledges that Service Provider does not provide Client with any form of Cyber and Privacy Liability or other insurance coverage in connection with the Services or an executed Schedule of Services and that Client’s use of the Services does not, in any way: (i) replace a Cyber and Privacy Liability policy, (ii) mitigate Client’s need for Cyber and Privacy Liability insurance coverage or (iii) relieve Client’s responsibility for obtaining its own Cyber and Privacy Insurance coverage.
    2. COMMERCIAL PROPERTY INSURANCE. Client shall secure at Client’s own cost and expense property insurance for the full replacement value of Client’s System(s) and equipment that may be applicable to this Agreement or Schedule of Services.
    3. MUTUAL WAIVER OF SUBROGATION. TO THE EXTENT PERMITTED BY LAW, EACH PARTY WAIVES ALL RIGHTS AGAINST THE OTHER PARTY FOR RECOVERY OF DAMAGES TO THE EXTENT THESE DAMAGES ARE COVERED BY THE WORKER’S COMPENSATION AND EMPLOYER’S LIABILITY, PROFESSIONAL LIABILITY, GENERAL LIABILITY, PROPERTY INSURANCE, COMMERCIAL UMBRELLA/EXCESS, CYBER AND PRIVACY OR OTHER COMMERCIAL LIABILITY INSURANCE OBTAINED BY EITHER PARTY. CLIENT WILL NOT HOLD SERVICE PROVIDER, ITS SUBCONTRACTORS AND/OR THIRD-PARTY SERVICE PROVIDERS RESPONSIBLE FOR SUCH LOSSES AND WILL CONFIRM THAT CLIENT INSURANCE POLICIES REFERENCED ABOVE PROVIDE FOR THE WAIVER OF SUBROGATION INCLUDED IN THE TERMS OF SERVICE.
18. GOVERNING LAW. This Agreement shall be governed by, interpreted, and enforced according to the laws of the State of Mississippi without regard to conflict-of-law provisions.
19. ARBITRATION. Except specifically exempting state and local government clients, all controversies and claims arising out of this Agreement (whether in contract, tort or otherwise) shall be determined and settled solely by arbitration in Laurel, Mississippi in accordance with the then applicable rules of the American Arbitration Association. The arbitrator(s) shall be bound by the terms of this Agreement and shall not apply any principles of equity nor allow any claims not permitted by this Agreement. Otherwise, the laws of the State of Mississippi shall apply. The expenses of arbitration, including arbitration fees, shall be added to the award in favor of the prevailing party. Judgment upon the award rendered by the arbitrator(s) may be entered by any court having jurisdiction thereof and shall be final and binding upon the parties as if rendered by a court having jurisdiction of the matter.  
20. SEVERABILITY. The provisions of this Agreement shall be separate and severable each from the other to the extent that if any portion or any one provision or a portion thereof is held to be an inoperative or unenforceable in any jurisdiction, then the remainder of this Agreement shall remain binding upon and enforceable by the parties hereto in that jurisdiction and shall be construed as if the Agreement had been executed without such inoperative or unenforceable provision or portion thereof, provided that the provision so severed shall not material affect the remainder of this Agreement.
21. ENTIRE AGREEMENT. This Agreement, including all Schedule of Services, Addendums, exhibits and documents incorporated herein by reference, constitutes the complete and exclusive agreement between the parties with respect to the subject matter hereof, and supersedes and replaces any and all prior or contemporaneous discussions, negotiations, understandings and agreements, written and oral, regarding such subject matter. Its terms and conditions shall prevail should there be any variance with the terms and conditions of any order submitted by Client. If Client has made any change to the Agreement documents that you did not bring to Service Provider’s attention in a way that is reasonably calculated to put Service Provider on notice of the change, the change shall not become part of the Agreement.
22. Assignment. Neither party may assign its rights or delegate its duties under this Agreement either in whole or in part without the prior written consent of the other party, except that each party may assign this Agreement in whole as part of a corporate reorganization, consolidation, merger, or sale of substantially all of its assets. Any attempted assignment or delegation without such consent will be void. This Agreement will bind and inure to the benefit of each party’s successors and permitted assigns.
23. Usage of Data. Service Provider or its suppliers may:
    1. use uploaded data from installed licensed Software to improve products and services
    2. share data that has been identified as malicious or unwanted content with affiliates and security partners
    3. use and disclose uploaded data for analysis or reporting purposes only if any such use, sharing or disclosure does not identify Client or include any information that can be used to identify any individual person
24. MISCELLANEOUS TERMS. Client and Service Provider are independent contractors, and no partnership, joint venture or franchise is created.
25. EFFECT OF HEADINGS. The subject headings of this Agreement are included for purposes of convenience only and shall not affect the construction or interpretation of any of the provisions of this Agreement.

This Services Addendum incorporates by reference the Master Agreement and any Schedule of Services provided by Provider to Client.

1. DEFINITIONS.
   1. Remote: Refers to services provided by the Service Provider from a distance, typically through online or virtual means, without being physically present at the client’s location.
   2. On-site: Refers to services provided by the Service Provider at the client’s physical location, involving direct interaction and support.
   3. Item: Refers to any component, device, user, or piece of equipment within the client’s IT environment that is covered under the Services Addendum.
   4. Ticket: Refers to a documented request for service or support submitted by the client to the Service Provider, which is tracked and managed through a ticketing system.
   5. Help Desk: Refers to the support service provided by the Service Provider where clients can submit requests for assistance with IT-related issues via telephone, email, or remote agent application. Help Desk also refers to Service Provider’s team of technicians and processes by which trouble tickets are remedied.
   6. Firewall: Refers to a security system designed to prevent unauthorized access to or from a private network, providing a barrier between the internal network and external threats.
   7. Patch, Packet, Hotfix: Refers to updates or fixes applied to software or systems to address security vulnerabilities, improve functionality, or resolve issues
   8. Cybersecurity: Refers to the practices and technologies used to protect systems, networks, and data from cyber threats and unauthorized access.
   9. Device: Refers to any hardware component, such as computers, servers, or mobile devices, within the client’s IT environment.
   10. User: Refers to any individual who utilizes the IT systems and services provided by the Service Provider, typically employees or authorized personnel of the client.
   11. Break/Fix: Services that fall outside the terms of the main agreement and are considered as separate, individual services. These services are billed at the service provider’s current rates for such work.
   12. Service Provider’s Equipment: Any hardware, devices, tools, or systems furnished, installed, or maintained by the Service Provider at the Client’s premises in connection with services outlined in the Schedule of Services. Such equipment remains the exclusive property of the Service Provider, is tagged accordingly, and is subject to removal upon termination or cancellation of this Agreement. The Client shall not acquire any ownership interest in these items. No lease or rent-to-own arrangement is established under this Agreement.
   13. Client’s Equipment: Any hardware, devices, tools, systems, or infrastructure owned, leased, or otherwise controlled by the Client, including those installed at the Client’s premises prior to the execution of this Agreement. Such equipment remains the exclusive property of the Client and is not subject to removal or repossession by the Service Provider. Additionally, any equipment sold and invoiced to the Client by the Service Provider shall become the sole property of the Client upon payment, irrespective of installation status.
2. DESCRIPTION. Service Provider will provide services to Client set forth in any Schedule of Services. Service Provider may change overall rates and fees from time to time after the initial Service Period, either up or down at the time of renewal or upon the execution of a new Schedule of Services or additional Schedule of Services. Changes in the count of items and associated change to billing amount shall have no effect on the Service Period of the Agreement then in effect and shall not constitute a new Agreement.
3. GENERAL PROVISIONS.
   1. Service Provider will provide services to Client for services selected in the Schedule of Services through remote or on-site means during Service Provider’s normal business hours of 8:00 a.m. until 5:00 p.m. central time, Monday-Friday, excluding Service Provider’s official company holidays.  Client may submit requests for service via telephone, email, or other electronic means 24 hours per day, subject to availability of those means.
   2. Service Provider may provide ongoing remote automated monitoring and remote access support for services for the purpose of detecting problems and providing remote access to remediate problems.  Automated monitoring, in general, will be provided 24 x 7 x 365, subject to utility power and communications outages, maintenance actions, proper operation of necessary equipment and software, and acts of God.  Service Provider, at its discretion and at a time of its choosing, may attempt to resolve any issues detected by automated monitoring. 
   3. The determination of whether an on-site visit is needed to adequately provide service to Client shall be determined by Service Provider who will, under normal conditions, first attempt service via remote means.  This provision shall not limit the quality or timeliness of services provided.
   4. Client agrees to allow Service Provider unfettered access during Service Provider’s normal business hours to the premises where Service Provider’s Equipment is located for the purposes of service, repair, inspection, installation, or removal.
   5. Support services performed outside the hours of 7:00 a.m. – 6:00 p.m. central time, Monday-Friday, and during Services Provider’s official company holidays may be provided as possible, subject to availability, and shall be fully chargeable to Client at Service Provider’s then current break/fix rates times one and one-half (1.5) during the hours of 6:00 p.m. – 10:00 p.m. central time, Monday-Friday except on Service Provider’s official company holidays, and times two (2) for all other times.
   6. Should third-party charges be required in the course of providing service to Client, such charges will be billed or charged to Client after first receiving Client’s authorization to incur them.
   7. It is understood that Services requested by Client that fall outside the terms of this Agreement may be considered as “Projects” or “Billable Service Tickets” or “Break/Fix”, and may be billed as separate, individual services at Service Provider’s then current rates for such work.
4. ONBOARDING. Prior to onboarding Service Provider will do an initial consultation to inform the Client of its I.T. Environment needs and perform an initial count of Client’s Equipment (item(s)) to be covered. After Service Provider performs initial “onboarding” of Client’s actual IT environment, if additional items are discovered Service Provider will notify Client of the need to update the item count to be reflected on the next monthly bill.  Subsequent monthly bills for the service will reflect this updated count until the count changes by properly enacted additions or deletions as follow. The initial invoice for selected services may be prorated if services are not fully onboarded before the fifteenth (15th) of the month.
5. ADDITIONS & DELETIONS. Subsequent additions or deletions of Client’s Equipment (item(s)) and services quantities, if any, will be reflected in the monthly billing fees to Client.  Client authorizes Service Provider to, on an ongoing basis, modify the count of covered items and the associated monthly service fee amount to reflect the then true current count of covered items as reported by changes from Client. Client agrees not to add any item to its IT environment without notifying Service Provider.  Service Provider will properly “onboard” any new item, adjusting billing to match new count of items. If found by Service Provider automation, visits, or audit, or found through other discovery, Service Provider will consult with Client on whether the items are to be covered.  Any item counted in monthly billings which Client directs Service Provider to remove from use within Client’s environment shall be properly off boarded from the contract by action of the Service Provider to:
   1. Remove any and all provided services from the item,
   2. disconnect the item from Client’s network and the Internet, and
   3. remove the item from the Service Provider’s count and billing of covered items, effective upon the next billing date, non-prorated.  Failure by Client to notify Service Provider of a covered item that is no longer used by Client does not obligate Service Provider to backdate the change or credit or refund any amount billed before the notification.
6. NO TROUBLE FOUND/ABUSE. Repeated requests for service where no trouble is found or incidents where Client’s user repeatedly creates issues due to unsafe Internet use, unsafe computing practices, misuse/abuse of equipment or software, or an inadequate equipment environment may result in billable charges to Client. Service Provider agrees to warn Client management before such instances result in billable charges. Client’s failure to reasonably protect Service Provider’s on-premises equipment or software from theft, disablement, damage, or modification may result in charges to Client for the replacement or repair of such equipment or software.
7. TERMINATION.
   1. After the first Service Period of this Agreement, Client may terminate any or all services covered by the Services Addendum upon thirty (30) days written notice to Service Provider without cause.
   2. Service Provider may terminate any or all services covered by the Services Addendum upon thirty (30) days written notice to Client if Service Provider terminates or suspends it business operations.
   3. Upon any termination or non-renewal, Service Provider has no obligation to but may at its sole discretion and at Client’s expense, assist Client with transition of services to another provider, or to restore services or systems disrupted by removal of Service Provider’s Equipment, software, or services. 
   4. Service Provider is hereby granted permission by Client that, upon any termination or non-renewal, Service Provider at its convenience during its business hours may enter Client’s premises for the purpose of removing Service Provider’s Equipment, devices, tools, software, or other property, and have all necessary access to any system for the purpose of removing Service Provider’s monitoring or maintenance software or applications without hindrance or delay by Client or Client’s agent.  Service Provider will not in any case nor under any circumstance pay for deposits, fees, expenses, or penalties charged by third parties or otherwise incurred by Client due to termination or non-renewal of Service Contract.
8. RESPONSE, RESOLUTION AND ESCALATION PROCEDURE.
   • Ticket is submitted via monitoring, call, email or other means of appropriate communication with Service Provider.
   • Issue is identified and documented in ticketing system.
   • Ticket is assigned to appropriate personnel.
   • Client is informed of issue and the recommended remedy.
   • Client approves response to ticket.
   • Personnel begin remote diagnosis of issue or formulate a resolution plan, which constitutes response to the request.
   • If escalation threshold is reached before significant resolution progress is made on issue, issue is escalated to the next higher Support Tier.
   • Resolution details are updated in ticketing system.
   • Issue is verified to be resolved.
   • Ticket is closed.
9. SUPPORT TIERS. See appendix A.
10. HELP DESK. If selected, Service Provider will respond to Client’s Trouble Tickets under the provisions of the Service Level Objectives “SLO” referenced in Section 10.2 of the Services Addendum and with best effort during after-hours or on holidays.  Trouble Tickets must be opened using a method and manner provided or approved by Service Provider. Each submission will be assigned a Trouble Ticket number for tracking.  Service Provider’s escalation process is described in Section 8 of this Services Addendum. Client may submit requests for service via telephone, email, or remote agent application 24 hours per day, subject to availability of those means. Selection of the Help Desk service outlined in any Schedule of Services means the Client will prepay a fixed amount for the use of the Help Desk service without regard to labor fee rates. If not selected Client may still submit trouble tickets to the Help Desk, however, services will then be considered “Break/Fix” and labor fees will apply at the then current labor rates. No SLO is provided for break/fix work.
    1. MINIMUM SERVICES PROVIDED BY HELP DESK SERVICES. See Appendix B.
    2. HELP DESK SERVICE LEVEL OBJECTIVES. See Appendix C.
11. ENDPOINT MONITORING. If selected, Service Provider will install software on Client’s Equipment (device(s)) to monitor the device’s current state and report any failures or needed updates to the Client. Client can then direct Service Provider to remedy those issues. This service is required when selecting the Help Desk Service. Client may choose to open a trouble ticket to resolve any issues found through monitoring and have Service Provider resolve issues with the understanding that ALL labor will be charged at current break/fix rates if there is no accompanying Help Desk Service in place. Service Provider will follow the Escalation Procedure in section 8. Service Provider makes no guarantee of response time or resolution times and does not provide Service Level Objectives for break/fix work.
    1. MINIMUM SERVICES PROVIDED BY ENDPOINT MONITORING. See Appendix D.
12. CYBERSECURITY SERVICES. If included in the Schedule of Services, Service Provider will provide a collection of Enterprise grade tools to secure Client’s Equipment (device(s)) where such tools can be installed and monitored. Tools include but are not limited to Privileged Access Management, Multi-Factor Authentication, and 24×7 Endpoint Detection and Response. Malicious software, if found will follow a response and remediation procedure to secure any affected devices, quarantine any malware, and lock out intruders.
    1. MINIMUM SERVICES PROVIDED BY SECURITY SERVICES. See Appendix E.
    2. SECURITY DISCLAIMER. The security tools provided by Security Services only constitute one level of device security and is not a comprehensive security solution. Under the Service Contract Service Provider agrees to provide security training materials and develop a comprehensive security plan at the request of the Client. In addition to the Master Agreement provisions, the following provisions are set forth.
       1. THERE ARE MANY FACTORS THAT MAKE DEVICES VULNERABLE TO BAD ACTORS THAT NO SOFTWARE CAN SOLVE. THESE INCLUDE BUT ARE NOT LIMITED TO: ANY MANNER OF HUMAN ERROR, UNSAFE PASSWORD HANDELING, A DEVICE USER INADVERTANTLY ALLOWING DIRECT ACCESS TO THE DEVICE, DOWNLOADING OF ILLEGAL MEDIA AND OTHER FORMS OF PIRACY, UNSAFE EMAIL PRACTICES, AND CIRCUMVENTING INSTALLED SECRUITY TOOLS AND/OR REMOVAL.
       2. CLIENT AKNOWLEDGES AND AGREES THAT THE SERVICE IS PROVIDED “AS IS”, WITH ALL FAULTS, AND “AS AVAILABLE”. CLIENT IS HEREBY NOTIFIED THAT SERVICE PROVIDER MAKES NO CLAIM THAT THE SECURITY TOOLS PROVIDED ARE IMPENETRABLE OR FOOLPROOF, AND THAT IT MAY NOT PREVENT ALL INSTANCES OF ENTITIES FROM GAINING UNAUTHORIZED ACCESS TO CONFIDENTIAL INFORMATION.
13. FIREWALL AND NETWORK MONITORING SERVICES. If included in a Schedule of Services, the services provided include firewall equipment engineered and selected for the client by the service provider, which remains the property of the service provider (Service Provider’s Equipment). These services also encompass repairs, upgrades, and replacements of firewall equipment as needed to maintain service, updates to firewall equipment firmware and licensing, gateway anti-virus, content filtering, and intrusion prevention features. Additionally, the service provider handles the installation, configuration, and customization of firewall equipment, ongoing customization to support the client’s changing environment and content filtering desires, and 24x7x365 monitoring of internet connectivity via automation services with trouble ticket issuance upon sustained outages. Liaison services between the client and the client’s internet service provider for trouble resolution, as well as configuration and support of wireless network services, if requested, are also included.
    1. FIREWALL DISCLAIMER. Service Provider’s firewall service is designed to help prevent outsiders from gaining access to internal networks and will provide an effective method to help limit access. The service provides a high standard of protection, but no system can be completely secure.  In addition to the Master Agreement provisions, the following provisions are set forth. Further;
       1. MANAGED FIREWALL AND THE FIREWALL SERVICE ARE PROVIDED “AS IS”, with all Faults, and “as available”. Client is hereby notified that service PROVIDER makes no claim THAT FIREWALL IS impenetrable nor foolproof, and THAT IT may not prevent ALL instances of entities from gaining unauthorized access to confidential information. And;
       2. CLIENT ACKNOWLEDGES AND AGREES THAT:
          1. THE MANAGED FIREWALL AND THE FIREWALL SERVICE CONSTITUTE ONLY ONE COMPONENT OF CLIENT’S OVERALL SECURITY PROGRAM AND ARE NOT A COMPREHENSIVE SECURITY SOLUTION;
          2. THERE IS NO GUARANTEE THAT THE MANAGED FIREWALL OR THE FIREWALL SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE, THAT NETWORKS OR SYSTEMS CONNECTED TO THE FIREWALL OR SUPPORTED BY THE MANAGED FIREWALL SERVICE WILL BE SECURE, OR THAT THE MANAGED FIREWALL OR SERVICE WILL MEET CLIENT’S REQUIREMENTS;
          3. THERE IS NO GUARANTEE THAT ANY COMMUNICATIONS SENT BY MEANS OF THE MANAGED FIREWALL OR THE FIREWALL SERVICE WILL BE PRIVATE;
          4. THERE IS NO GUARANTEE THAT ANY AVAILABLE CONTENT OR URL BLOCKING FEATURE WILL BLOCK ALL SITES NOT DESIRED BY CLIENT OR THAT SUCH FEATURE WILL NOT BLOCK ANY SITES THAT ARE DESIRED BY CLIENT;
          5. ANY AVAILABLE CONTENT OR URL BLOCKING FEATURE IS USED AT CLIENT’S SOLE RISK AND DISCRETION; AND
          6. there is no guarantee that any firewall antivirus feature Will block all viruses or malware.
14. DATA BACKUP SERVICES. Data Backup Services, if selected in a Schedule of Services, include backup service licensing, cloud data storage provisioning and management, configuration of backup equipment purchased by the client (Client’s Equipment), configuration of backup for target machines as selected by the client, updates and modifications of backup software and services, success/failure monitoring of backups with trouble ticket creation on failures during service provider business hours, expedited trouble ticket remediation during service provider business hours, and services to perform restores of backed-up data to the client’s working and available systems. These services do not include repairing or replacing the client’s failed servers, computers, or data storage devices such as hard disks.
    1. DATA BACKUP SERVICE DISCLAIMER. THE BACKUP SERVICES PROVIDED BY THE SERVICE PROVIDER ARE DESIGNED TO HELP ENSURE THE AVAILABILITY AND INTEGRITY OF YOUR DATA. HOWEVER, NO SYSTEM CAN BE COMPLETELY SECURE OR FOOLPROOF. THE SERVICE PROVIDER MAKES NO CLAIM THAT THE BACKUP SERVICES WILL PREVENT ALL INSTANCES OF DATA LOSS. THE BACKUP SERVICES ARE PROVIDED “AS IS,” WITH ALL FAULTS, AND “AS AVAILABLE.” THE CLIENT ACKNOWLEDGES AND AGREES THAT THE BACKUP SERVICES CONSTITUTE ONLY ONE COMPONENT OF THE OVERALL DATA PROTECTION STRATEGY AND ARE NOT A COMPREHENSIVE SOLUTION. THERE IS NO GUARANTEE THAT THE BACKUP SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT THE DATA STORED WILL BE SECURE FROM ALL THREATS. THE CLIENT IS RESPONSIBLE FOR MAINTAINING A SECURE ENVIRONMENT AND FOLLOWING BEST PRACTICES TO PROTECT THEIR DATA. THE SERVICE PROVIDER SHALL NOT BE HELD LIABLE FOR ANY DATA LOSS, CORRUPTION, OR UNAUTHORIZED ACCESS RESULTING FROM FACTORS BEYOND ITS CONTROL, INCLUDING BUT NOT LIMITED TO HUMAN ERROR, HARDWARE FAILURE, OR MALICIOUS ATTACKS.
15. BACKUP DATA RECOVERY DEVICE AS A SERVICE. If Client has been given the option and the Service Provider and Client have agreed by affixing a signature to a Schedule of Services that includes the Backup Data Recovery Device Service or similar order, Service Provider shall provide, install, and maintain an on-premises Backup Data Recovery Device or Devices, with said system or systems remaining the property of Service Provider (Service Provider’s Equipment) and thus provided “as a service” to Client. All Backup Data Recovery Device items furnished by Service Provider at its expense are provided to Client for its use during the term of this Agreement subsequent to the payment of the agreed upon monthly fees. Upon any termination of this Service Contract, Service Provider will remove all items so furnished by the Service Provider from the Client premises. See Data Backup Service Disclaimer for additional terms.
16. MICROSOFT 365 SERVICES. If selected, Service Provider will provision and manage Microsoft 365 licenses for Client. Service Provider will install, configure, and provide ongoing support for Microsoft Exchange Plans and/or Microsoft Cloud and/or Microsoft 365 applications. Microsoft 365 applications may include, but are not limited to: Outlook, Teams, Word, Excel, PowerPoint, and SharePoint. All licenses come with email filtering to protect users from phishing and spam emails. Microsoft Licenses are subject to Microsoft Software License Terms found at https://www.microsoft.com/en-us/useterms.
17. REGULATORY COMPLIANCE. Service Provider’s services are not intended to bring Client into full regulatory compliance with any rule, regulation, or requirements mandated by any authority or governing body. Services may aid in Client’s efforts to comply with regulations, industry standards, or rules as required by law or industry standard, however, Service Provider makes no claim that it offers a comprehensive compliance solution.
18. CLIENT RESPONSIBILITY: MINIMUM IT ENVIRONMENT, FACILTY, AND PRACTICES REQUIREMENTS. For Client’s existing IT Environment to qualify for Service Provider’s services under the Agreement Client agrees at Client’s sole expense that the following requirements must be met and maintained:
    1. All software in Client’s IT environment, including operating systems, must be genuine, properly licensed, and manufacturer-supported, with proof of such status available to Service Provider.
    2. All computer servers with Microsoft Windows Server operating systems must be running a release version of the operating system still under full technical support by Microsoft and have the latest applicable Microsoft service pack and critical updates installed.
    3. All user computing devices with Microsoft Windows operating systems must be running the business or enterprise version of said operating system (no home or personal versions), be of a release version still under full technical support by Microsoft and have the latest applicable Microsoft service pack and critical updates installed.
    4. In the case of special purpose computers, such as embedded computers in other equipment, Service Provider may provide services under the Agreement without regard to operating system version/release at Service Provider’s sole discretion, to the extent possible, as a temporary exception, and with Client being hereby warned that full services may not be provided and, more importantly, such exceptions greatly increase the security and operational availability risks of Client’s entire IT environment. Client hereby acknowledges and accepts that allowing any exception to the operating system requirements of Agreement puts Client’s entire IT environment at grave and severe risk, including data loss, theft and corruption, malware including data encryption/hostage events, and other severe damages. Client hereby indemnifies Service Provider from any liabilities or claims from any party while any exceptions to the operating system requirements are in effect.
    5. All special purpose/embedded computers connected to any network or using any non-isolated internet connection must be included in the official count of systems to be covered as ordered in the Schedule of Services.
    6. The environment must have a currently licensed, up-to-date, and vendor-supported antivirus solution protecting all servers, desktops, mobile computers, and email systems.
    7. The environment must have a currently licensed, vendor-supported, Service Provider-approved data backup solution that can be monitored by Service Provider using notifications of both success and failure of each backup.
    8. The environment must have a currently licensed, vendor-supported, and Service Provider-approved data firewall between Client’s internal network and the Internet. Such firewall must include an active and properly subscribed gateway antivirus feature.
    9. All wireless data traffic in the environment must be secured. Any existing wireless network must be approved and accepted by Service Provider after examination.
    10. Client’s network must allow proper operation of Service Provider’s monitoring and service tools.
    11. Client’s practices regarding the handling of information from payment cards and all other electronic payment systems must meet current compliance standards set by Payment Card Industry requirements or other regulating authority. PCI compliance auditing and testing are not included with the managed IT services described herein.
    12. Healthcare Client’s practices regarding the handling of patient information must be compliant with the HIPAA Security Rule. HIPAA auditing and compliance services are not part of the managed IT services described herein.
19. FACILITY STANDARDS. Client agrees at Client’s sole expense to provide and properly maintain the following Facility Standards for all systems, equipment, and devices covered by Service Provider’s managed IT services as ordered in the Schedule of Services:
    1. Safe and sufficient utility electric power supplied according to applicable codes.
    2. Sufficient earth grounding for protection of equipment according to applicable codes.
    3. Reasonable protection from lightning hazards.
    4. Client must have a high-speed Internet service connection provided and maintained by a public, commercially available, reputable Internet Service Provider (ISP) with technical support agents available for troubleshooting and repair of Internet service issues. Such Internet service connection must have a fixed Internet Protocol (IP) address to qualify for services. Service Provider will provide, and Client will accept, limited service availability if Service Provider chooses to allow a non-fixed IP address at Client location.
    5. Internet service connection shall have an industry-standard, wired Ethernet connection available for connection to Service Provider’s firewall equipment at Client’s network wiring center.
    6. Communications facilities/connections as necessary to allow Service Provider’s monitoring and support systems at Client’s location to communicate adequately with Service Provider’s systems at its location.
20. SAFE COMPUTING AND INFORMATION SECURITY PRACTICES. Service Provider is committed to following a comprehensive cybersecurity framework and Client agrees at Client’s sole expense to maintain at least the following Safe Computing and Information Security Practices:
    1. Enforced policy that all users have complex passwords that expire at least every 90 days.
    2. No posted passwords.
    3. No default passwords for any network connected device.
    4. No remote access to internal network from unsecured wireless networks, outside network, or the Internet unless properly protected by a Virtual Private Network (VPN) or other highly secure method.
    5. Two factor authentication, if required by industry.
    6. Backup and disaster recovery provisions and plans.
    7. Acceptable use policy agreed to by all users.
    8. A policy that forbids users to attach foreign devices to Client’s internal network.
    9. Immediate notification to Service Provider of any user’s employment termination.
    10. All wireless data traffic in the environment must be securely encrypted.  Any existing wireless network must be approved and accepted by Service Provider after examination.
    11. Client expressly agrees not to allow the connection of any device, system, or communications channel to its networks that may introduce unprotected exposure to the Internet or other outside network without prior notification to Service Provider, who will review such connections for proper security and operation within the networks protected by Service Provider’s firewall service.
21. EXCLUSIONS. This Agreement does not cover:
    1. The cost of any supplies, parts, equipment, or shipping charges unless specifically noted in a Schedule of Services.
    2. The cost of any software, licensing, or software renewal or upgrade fees unless specifically noted in a Schedule of Services.
    3. The cost of any third-party vendor’s or manufacturer’s support or maintenance fees.
    4. The cost of manufacturer’s warranty or third-party warranty or any extended manufacturer’s warranty.
    5. The cost of any third-party services.
    6. The cost to bring Client’s environment up to minimum standards required for a covered service as listed in a Schedule of Services.
    7. Service, repair, or failure of provided services due to fire, flood, storm, other acts of God, criminal activity, acts of war or terrorism, acts by local, state, or national governments, utility failures or other adverse environmental conditions or factors.
    8. Service and repair made necessary by modifications to Client’s information technology environment other than those authorized by Service Provider, including alterations to hardware, systems, procedures, the installation or modification of software, or changes/additions/deletion of equipment made by Client, its employees, contractors, or any third party.
    9. Maintenance of application software, whether acquired from Service Provider or any other source unless as specified in a Schedule of Services.
    10. Training services of any kind unless included in a Schedule of Services.
    11. Cost of services required by the expansion or relocation of Client’s place of business, modifications to Client’s buildings, utilities or facilities, or mergers and acquisitions made by or of Client.
    12. Cost of compliance with any governmental law, act, regulation, or the like.

Appendix A. Support Tiers.

Support Tier	Description
Tier 1 Support	Issue is verified and initial hardware/software troubleshooting is initiated.  Issue is resolved or referred to Tier 2 Support.
Tier 2 Support	More complex troubleshooting or support techniques are provided by more appropriate personnel.  Issue is resolved or referred to Tier 3 Support.
Tier 3 Support	Support is provided by the most qualified and experienced personnel who use all available means to resolve the most complex issues.

Appendix B. Minimum Services Provided by Help Desk.

Description	Frequency
GENERAL
Document software and hardware changes	As Performed
Make available reports of work accomplished, work in progress, etc.	Monthly As Requested
Consult with management on technology needs, plans, schedules	As Needed
Provide general oversight of all computer/Internet technology issues	As Needed
Assist management with evaluating and selecting appropriate technology, including software	As Needed
Review, Report On, and Evaluate Key Technology Strategies and Objectives	Quarterly
SERVERS
Provide problem resolution management	As Needed
Manage and maintain core functions	Ongoing
Create and maintain data backup plan, test with restores	Ongoing
Resolve print queue issues	As Needed
Monitor critical services as appropriate	Ongoing
Manage and maintain antivirus/antispam solutions provided or approved by Service Provider	Weekly or ASAP if Urgent
Install service packs, patches and hotfixes per Service Provider guidelines and approval	Weekly as available
Review major event log issues found by monitoring and resolve as needed	Ongoing
Monitor free space on hard drives	Ongoing
Manage Exchange Server users and mailboxes	As Needed
Manage Active Directory, user groups as Client directs	As Needed
Manage SQL server as needed, if used and covered by Agreement	As Needed
Manage battery backup and related power equipment	As Needed
Defragment and error-check hard drives	As Needed
Install supported software upgrades	As Needed
Manage file system changes	As Needed
Alert Client to detected dangerous conditions, such as Low available memory; Hard drive showing signs of failure; Hard drive running out of space	As Needed
Install replacement server and transfer operations to new server; (server must be purchased from Service Provider)	Discounted replacement labor, as needed
Recovery of servers, subject to available backups and working hardware	As Needed
DESKTOP AND MOBILE COMPUTERS
Provide problem resolution management	As Needed
Install replacement computer and reestablish previous user on new computer; (new computers must be purchased from Service Provider or be given specific approval by Service Provider per incident)	As Needed
Manage and maintain core functions	Ongoing
Provide help desk support for basic operation and operating system	Ongoing
Resolve, or help resolve, Internet and email issues as possible	Ongoing
Resolve printing issues	Ongoing
Manage battery backup and related power equipment	As Needed
Manage and maintain antivirus/antispam solutions provided or approved by Service Provider	Ongoing
Install service packs, patches and hotfixes per Service Provider guidelines and approval	Weekly as available, or ASAP if Urgent
Provide help desk support for Microsoft Office and Adobe Acrobat applications	As Needed
Review event log issues found by monitoring and resolve as needed	Ongoing
Monitor free space on hard drives	Ongoing
NETWORKS
Provide problem resolution management	As Needed
Manage network printers	Ongoing
Manage other approved networked devices	Ongoing
Maintain routers and switches	As Needed
Check performance and capacity	As Needed
Monitor network communications equipment as possible; resolve outages and issues	Ongoing
Maintain connectivity to the Internet, resolve Internet issues as possible	As Needed

Appendix C. Help Desk Service Level Objectives.

Trouble	Priority	Response Time	Resolution Time	Escalation Threshold
Service not available (all users and functions unavailable).	1	Within 1 hour	ASAP – Best Effort	2 hours
Significant degradation of service (large number of users or business critical functions affected)	2	Within 2 hours	ASAP – Best Effort	4 hours
Limited degradation of service (limited number of users or functions affected, business process can continue).	3	Within 6 hours	ASAP – Best Effort	6 hours
Small service degradation (business process can continue, one user affected).	4	Within 12 hours	ASAP – Best Effort	24 hours

Appendix D. Minimum Services Provided by Endpoint Monitoring.

Description	Frequency
GENERAL
Document software and hardware changes	As Performed
Make available reports of work accomplished, work in progress, etc.	Monthly if Requested
SERVERS
Manage and maintain core functions	Ongoing
Monitor critical services as appropriate	Ongoing
Install service packs, patches and hotfixes per Service Provider guidelines and approval	Weekly as available
Review major event log issues found by monitoring and Alert Client as needed	Ongoing
Monitor free space on hard drives	Ongoing
Alert Client to detected dangerous conditions, such as Low available memory; Hard drive showing signs of failure; Hard drive running out of space	As Needed
DESKTOP AND MOBILE COMPUTERS
Install service packs, patches and hotfixes per Service Provider guidelines and approval	Weekly as available, or ASAP if Urgent
Review event log issues found by monitoring and Alert as needed	Ongoing
Monitor free space on hard drives	Ongoing

Appendix E. Minimum Services Provided by Cybersecurity.

Description	Frequency
SERVERS
Manage and maintain device security monitoring solutions provided or approved by Service Provider	Ongoing
DESKTOP AND MOBILE COMPUTERS
Manage and maintain device security monitoring solutions provided or approved by Service Provider	Ongoing
CYBERSECURITY AWARENESS AND TRAINING
Distribute Security Policies	As Needed
Training	Yearly