1. This Agreement is in addition to the General Client Services Agreement, and only applies to cybersecurity equipment and services provided by GNS. In the event of a direct conflict between the language of this Agreement and any Statement of Work (SOW), unless otherwise stated, the language of the SOW shall control, but only with respect to that specific SOW. In the event of a direct conflict between the language of this Agreement and the General Client Services Agreement, this Agreement shall control, but only with respect to that specific language, section or circumstance, whichever is applicable.
2. CYBERSECURITY SERVICES AND DETAILS. Client agrees the services under this agreement vary in scope and focus, and will constantly change over time as hackers find new ways to cause cybersecurity incidences. The cost for Services on any SOW is based on methods, software and tools available to GNS at the time of signing this agreement. Cybersecurity Services might include, but are not limited to the following:
a. Identification to assist in developing an understanding of cybersecurity capabilities and risks to systems, people, assets and data
b. Protection for safeguards to reduce the probability of, or contain, a potential cybersecurity event
c. Detection to identify the occurrence of a possible cybersecurity event
d. Response to take action if a cybersecurity event is detected and
e. Recovery from a cybersecurity event, should one occur.
f. Client understands and acknowledges that Cybersecurity Services mentioned above, could include vendor risk management, security scanning, testing, assessment, forensics, or remediation Services.
g. Methods and Software. Client understands that GNS may use various methods and software tools to probe network resources for security-related information and to detect actual or potential security flaws and vulnerabilities. Client authorizes GNS to perform such Security Services (and all such tasks and tests reasonably contemplated by or reasonably necessary to perform the Security Services) on identified network resources.
h. Third Party Authorization. Client represents that, if Client does not own such network resources on which GNS will provide Services, Client will have obtained consent and authorization from the applicable third party to permit GNS to provide the Security Services on such third party’s network resources.
i. Timeframe. GNS shall perform Security Services during a timeframe mutually agreed upon with Client. The Security Services, such as penetration testing or vulnerability assessments, may also entail buffer overflows, fat pings, operating system specific exploits, and attacks specific to custom coded applications but will exclude intentional and deliberate DOS (“Denial of Service”) attacks.
j. Possible Service Interruption. Furthermore, Client acknowledges that the Security Services described herein could possibly result in service interruptions or degradation regarding the Client’s systems and accepts those risks and consequences. Upon execution of the Security Services, Client consents and authorizes GNS to provide any or all of the Security Services specified in the applicable SOW with respect to the Client’s systems.
k. Restore Security. Client further acknowledges that it is the Client’s responsibility to restore systems to a secure configuration after the completion of GNS testing or Services are completed.
3. THIRD PARTY SERVICES. Client acknowledges that GNS may uses third party services to provide cybersecurity services.
4. APPLICABLE TO COMPLIANCE AND FRAMEWORK CONSULTING SERVICES. Should the SOW include compliance testing, assessment, implantation, monitoring or other similar compliance or framework advisory Services (“Compliance Services”):
a. Client acknowledges that, although GNS' Compliance Services may discuss or relate to legal issues, (i) GNS does not provide legal advice or services, (ii) none of such Compliance Services shall be deemed, construed as or constitute legal advice, and (iii) Client is ultimately responsible for retaining its own legal counsel to provide legal advice. Furthermore, the Client Reports provided by GNS in connection with any Compliance Services shall not be deemed to be legal opinions and may not, and should, not be relied upon as proof, evidence or any guarantee or assurance as to Client’s legal or regulatory compliance.
b. Client acknowledges that GNS' Compliance Services do not constitute any guarantee or assurance that security of Client’s systems, networks and assets cannot be breached or are not at risk. Compliance Services are an assessment, as of a particular date, of whether Client’s systems, networks, assets, and any compensating controls meet the applicable standard or framework. Mere compliance with a standard or framework may not be sufficient to eliminate all risks of a security breach of Client’s systems, networks and assets. Furthermore, GNS is not responsible for updating its reports and assessments or enquiring as to the occurrence or absence of such, in light of changes to Client’s systems, networks and assets after the date that GNS issues its final Client Report pursuant to the SOW, absent a Change Order or a separately signed SOW expressly requiring the same.