Compliancy Group LLC – THE GUARD^TM: 

LICENSE, IMPLEMENTATION AND SERVICES AGREEMENT

THE PARTIES ACKNOWLEDGE THAT THEY HAVE READ THIS AGREEMENT, UNDERSTAND AND AGREE TO BE BOUND BY THE TERMS AND CONDITIONS STATED HEREIN. 

IN WITNESS WHEREOF, the parties hereto have duly executed this Agreement as of the day, month, and year first written below.

Compliancy Group, LLC (“Licensor”) and (“Licensee”, “You”) hereby enter into this License, Implementation and Services Agreement (“Agreement”), under which Licensor will provide one or more software licenses to its proprietary, SaaS compliance tracking solution, The Guard^TM, on the following terms and conditions:

Purchase of the license for The Guard^TM is on an annual, per-subscription basis. Purchase of a license entitles Licensee to a limited, nonexclusive, non-transferable right to access and use The Guard^TM. 

This Agreement for a subscription(s) to The Guard^TM will be executed under the following financial terms and conditions:

The Agreement will be effective for a period of one (1) year from the date of its execution (“Initial Year”). The Agreement will thereafter Auto-Renew on an annual basis, unless Licensee provides written notice of termination not less than thirty (30) days prior to the end of the then-current term. 

Schedule 1: Outline of Application Services

1. The Guard^TM – HIPAA Compliance Tracking Solution 

• Self-Auditing, Gap Identification, and Remediation Plans
• Administrative, Privacy, and Security Risk Assessments 
• Incident Management (see “Definitions,” below)
• Business Associate Management
• Policy & Procedure, Training, and BAA Templates 
• Document and Version Control 
• Training and Attestations Tracking
• Unlimited HIPAA Hotline support, including our Audit Response Program (see “Definitions,” below)
• Seal of Compliance 

Our Compliance Coaches will work with you, through your Designated Representative, to achieve, illustrate, and maintain HIPAA compliance.  You will receive up to 4 (four) – one hour coaching sessions.  These sessions are for use within the first year of the initial sign-up for the service.  You are entitled to up to 2 (two) – one hour coaching sessions in each Auto-Renew year.  

If Licensee successfully completes all required HIPAA coaching and training for The Guard^TM, Licensor will issue the Seal of Compliance to Licensee.

A Licensee who has been awarded the Seal of Compliance will have the right to display the Seal of Compliance on the Licensee’s website.  The Seal of Compliance is meant to Illustrate to auditors, patients, and partners that a licensee’s organization has taken the necessary steps toward achieving HIPAA compliance. 

Additional Application Services: Additional services are listed in the Invoice/Proposal (see Schedule 2).

Schedule 2: Pricing and Additional Services: See Proposal or Invoice 

This License, Implementation and Services Agreement (“Agreement”) is entered between you (“Licensee”) and Compliancy Group LLC (“Licensor”).

SECTION 1: LICENSE

A. The services provided (hereinafter referred to as “The Guard^TM” or “Application Services”) are a Licensor proprietary Internet-based suite of software made available as a service, as described in Schedule 1 (above) and Schedule 2 (Invoice/Proposal). Upon payment of the license fees set forth in the Invoice or Proposal (attached as Schedule 2), Licensor hereby grants to Licensee a limited, nonexclusive, non-transferable right to access and use (and to permit Licensee’s Authorized Users (as defined below) to access and use) the Application Services for Licensee’s own internal business purposes and the internal business purposes of its Affiliates (as defined herein), each in accordance with the terms and conditions of this Agreement and any user documentation provided online. For the purposes of this Agreement, an “Affiliate” of an entity, is any entity controlled by, controlling, or under common control with such entity.

B. “Authorized Users” are those employees and contractors of Licensee and its Affiliates who are authorized to use the Application Services and have been assigned an individual user ID by Licensor.  Licensee shall require any contractors that are designated as Authorized Users to be bound by confidentiality and license provisions that are substantially as protective of Licensor’s Confidential Information and Application Services as those provisions are set forth in this Agreement.  Licensor agrees to provide Authorized Users with access to the Application Services via the URL https://www.compliancy-group.com and any successor site thereto or such other web sites as may be designated by Licensor (“Web Site”).  Licensee is responsible for providing Internet access, Web browsers, and appropriate hardware and software to all Authorized Users as necessary for access to the Application Services.

C. Designated Representative for HIPAA Compliance Tracking Solution. Licensee shall appoint an individual to serve as Licensee’s Designated Representative. Licensee shall provide the name and contact information of this person to Licensor. This individual shall, in addition to performing any specific duties mentioned herein, attend all Guard Coaching and Training sessions. This person shall ensure that Licensee uses good-faith efforts in the process of learning The Guard^TM, and during Licensor-provided training for The Guard^TM. Licensee shall, at all times, use reasonable efforts to avoid changing the Designated Representative. In the event a change of Designated Representative is required, Licensee shall use reasonable efforts to provide Licensor with at least at least 10 days prior written notice of any change in the Designated Representative. If Licensee fails to use reasonable efforts to avoid changing the Designated Representative, or fails to provide the required written notice, Licensor reserves the right to charge for any additional (or next) session at the rate of $200 per session. Licensor reserves the right to reject Licensee’s choice of replacement Designated Representative, should Licensor determine the choice to be unsuitable. 

Failure to cancel a session within 24 hours will result in loss of that session. Licensor reserves the right to charge for additional sessions at the rate of $200 per new session.

D. Licensee acknowledges and agrees that it is possible to link to third party applications and services (“Third Party Services”).  Such Third Party Services are not part of the Application Services, and Licensor disclaims all responsibility, warranties and liability pertaining to same.  Any such Third Party Service shall be provided to Licensee pursuant to the terms and conditions offered (and if applicable, for the fees charged) by such Third-Party Services provider, and Licensor is not a party to any such agreement.

SECTION 2: CHARGES AND TAXES

A. License Fee.  The annual subscription fee entitles the Licensee’s Authorized Users to the following for a period of one year: (i) the use of the Application Services; (ii) technical support via email and support tickets; (iii) periodic Application Services updates; and (iv) access to the user documentation.

B. Additional Fees. Licensee shall be responsible for any charges for Application Services incurred or authorized through use of any USER ID assigned to Authorized Users even if beyond the terms set forth in a proposal or signed Order Form.

C. Consulting Services OUTSIDE THE SCOPE OF THE GUARD^TM, if required. The Guard^TM annual subscription fee entitles users to the use of services outlined in Schedule 1, and to the use of additional services as outlined in the Invoice (see Schedule 2).  The annual subscription fee does not cover fees for, or include, Consulting Services.  The scope of any Consulting Services shall be determined on an individual case basis, based upon the unique requirements involved, and are charged on a separate basis in accordance with a STATEMENT OF WORK order form (“SOW”). Licensee shall only be charged for said Consulting Services if the said services and costs/expenses are pre-approved and clearly set forth in a signed SOW Form. Licensee shall reimburse Licensor for all reasonable expenses incurred by Licensor in connection with Consulting Services, when applicable, including but not limited to, travel and lodging expenses, communications charges, and the cost of supplies.

D. Additional Subscriptions. Each additional subscription to an Application Service shall be charged at the rate outlined in Schedule 2. If Licensee purchases one or more additional subscriptions during an existing license term, the cost of the additional subscription or subscriptions will be pro-rated for that license term. 

E. Price Increase. Upon annual license renewal, Licensor reserves the right to implement a price increase, not to exceed 5% in a given contract year. This increase shall apply to all subscriptions and Application Services purchased by licensee. Additional subscriptions to an Application Service, purchased by Licensee after the Initial Term, shall be charged at the price in effect at the time of such purchase(s).  

F. Taxes.  Licensee shall be solely liable for payment of any state or local sales, use, excise, value-added or other taxes of a similar nature, if any, that may be due on account of Licensee’s and Authorized Users’ use of the Application Services, and if applicable, the Consulting Services.

G. Invoicing.  All payments hereunder shall be made in U.S. dollars.  Unless otherwise stated in the Order Form, all amounts invoiced hereunder shall be due and payable thirty (30) days after the date of the invoice.  Not more than once every twelve months during the term of the Agreement, Licensor reserves the right to institute new or additional fees, and to change its policies, methods, or procedures with respect to pricing and billing, upon not less than sixty (60) days’ notice to Licensee. During any such notice period, Licensee shall have the option to terminate access to the Application Services rather than pay the increased fees. 

H. Failure to Pay.  If Licensee fails to pay any outstanding balance for one (1) month following the date upon which such charge was due, Licensor reserves the right to suspend its performance of the Application Services (and, if applicable, the Consulting Services) without notice to Licensee and without any liability for any damages incurred as a result of such suspension.  If Licensor elects to suspend such performance, upon payment of the appropriate balance (and, if requested by Licensor, receipt of adequate assurances of future payment from Licensee) Licensor may, at its sole discretion, reinstate its performance within thirty (30) days of suspension.

SECTION 3: TERM, AUTOMATIC RENEWAL & TERMINATION

A. Term.  The initial license term shall commence upon the date the Order Form for the Application Services is executed by the parties (“Initial License Year”). At the end of the Initial License Year, this Agreement will renew (“Auto-Renew”) for a period of one (1) year, and each year thereafter (“Auto Renew Term”), unless Licensee provides written notice of termination not less than thirty (30) days prior to end of the then-current term. Pricing is outlined in Schedule 2.  To terminate, please call 855.854.4722 option 4 Monday through Friday, 9:00 a.m. until 5:00 p.m. (EST) or email [email protected]. 

B.  Mutual Termination Rights. In the event that either party is in breach of any material obligation set forth in this Agreement, that party shall notify the other party in writing. If the breaching party has not cured its breach within sixty (60) days following such notice, then the other party may elect to terminate this Agreement. In the event of termination by Licensor, Licensee shall be entitled to a pro rata refund.

C. Bankruptcy. If one of the parties is declared insolvent or bankrupt, either party may immediately terminate this Agreement. 

D. Licensor may terminate this Agreement for certain Licensee conduct or convenience. If Licensor determines that Licensee uses or seeks to use the Application Services in a manner that is unlawful, or that is inconsistent with Licensee’s rights, duties, and obligations hereunder, Licensor may immediately terminate this Agreement. 

E. 30-day Cancellation. If Licensee is not satisfied with the Application Services, Licensee may cancel for up to thirty (30) days from the date of execution of this agreement for no charge.  Upon such cancellation, Licensee may not use any of Licensor’s copyrighted material, policies, procedures, training, templates, agreements, or work product, from or through the use of The Guard^TM.

F. Effect of Termination.  Upon termination of the Application Services, Licensee shall no longer be permitted access to the Application Services and each Authorized User ID shall be deactivated. Termination, for whatever reason, shall not affect Licensor’s entitlement to any sums due for Application Services or Consulting Services performed prior to such termination.

G. Transition Assistance.  Prior to and for a period not to exceed thirty (30) days following any termination or expiration of this Agreement, Licensor agrees to cooperate in good faith with Licensee at Licensee’s request in connection with transition matters, including the transfer to Licensee or an entity designated by Licensee of all Licensee Data that may be stored, housed, or hosted by Licensor or on the Application Services.  During the applicable transition period, Licensor will cooperate and work in consultation with Licensee to provide for the orderly transfer of the operations to the Designated Representative of Licensee. Notwithstanding the foregoing, in the event of any termination of this Agreement due to a breach by Licensee of its obligations to pay Licensor fees that are due and outstanding, Licensor will not be responsible to provide the transition assistance set forth in this Section until such time as Licensee has paid all undisputed fees that are due and outstanding in accordance with the terms of this Agreement.

SECTION 4: USER ID AND PASSWORD PROTECTION POLICIES

All Authorized Users of the Application Services and Web Site will be given unique USER IDs.  Authorized Users shall maintain as personal and confidential the assigned unique USER IDs and activating passwords for the Application Services. Authorized Users are prohibited from transferring or sharing the Licensee-assigned unique USER IDs and from revealing the activating passwords to any other person(s). Any violation of the foregoing may result in an immediate termination of Licensee’s access rights to the Application Services.  Licensee is responsible for all use or misuse of the Application Services by the Authorized Users of any third party using the USER ID and password of an Authorized User. Licensee and each Authorized User are responsible for maintaining the security and confidentiality of the USER IDs and passwords assigned to them for access to the Application Services.  Licensee shall be responsible for assigned account USER IDs, active passwords, and/or granting permissions, and authorizing vendor/client account associations in the Application Services.

SECTION 5: LICENSOR RESERVATION OF RIGHTS; RESTRICTIONS

A. Licensee acknowledges that the Application Services are, at all times, owned by Licensor, and constitute valuable intellectual property of Licensor. Licensor reserves all rights in the Application Services not expressly granted to Licensee or any Authorized Users hereunder. Neither Licensee nor any Authorized User may: (a) modify, translate, reverse engineer, decompile, disassemble, creative derivative works of, or otherwise attempt to derive any source code of the Application Services; (b) alter or copy, or permit a third party to alter or copy, any part of the Application Services; (c) use the Application Services to provide services to third parties; (d) incorporate the Application Services into other software; (e) use the Application Services except as described herein; or (f) sublicense, distribute, sell, assign (except as provided in Section 12, below), transfer, lease, loan, pledge, or rent the Application Services to any third party.

B. Seal of Compliance:  The Seal of Compliance Illustrates to auditors, patients, and partners that your organization has taken the necessary steps toward achieving HIPAA compliance, and has documentation to support its good-faith efforts to achieve HIPAA compliance. Licensor reserves the right to not issue the Seal if the Licensee fails to satisfy the requirements of The Guard^TM methodology and process. Licensor may refuse to issue the Seal of Compliance if, in the exercise of its reasonable discretion, Licensor determines that Licensee is not making good-faith efforts in its use of The Guard^TM to achieve compliance.

SECTION 6: DATA RETENTION AND OWNERSHIP OF LICENSEE INFORMATION

Licensor shall maintain all transaction and customer data throughout the lifetime of a Licensee’s subscription.  Licensor does not own, nor will Licensor use or disclose to any third party, any data, information, or material (“Licensee Data”) that Authorized Users submit to the Application Services. The Guard^TM does not require input of protected health information (PHI) by a Licensee. Licensee is responsible for not storing any protected health information (PHI) on the Application Services. 

The Licensee has sole responsibility for the accuracy, quality, integrity, lawfulness, reliability, and appropriateness of all Licensee Data.  Licensee hereby grants to Licensor a limited, non-exclusive, non-transferable license to access, host, copy, format, display, distribute, store and use (and to permit Licensor’s subcontractors to do the same) Licensee Data for the sole and exclusive purpose of providing the Application Services (and, if applicable, the Consulting Services) for the benefit of Licensee in accordance with this Agreement. Licensee hereby grants Licensor access to Licensee’s business associate and vendor contact information.

Licensor will within ninety (90) days and at no additional charge provide Licensee with all Licensee Data in Licensor’s possession in the native format of such data within the Application Services. If Licensee requires such Licensee Data to be provided in a different format, or as a subset of Licensee Data (as opposed to all Licensee Data), such work shall be performed for additional charges at Licensor’s then-current fee for such services.  In such event, the Licensee Data shall be provided to Licensee within sixty (60) days after request and payment of the additional fees for such services.

SECTION 7: CONFIDENTIALITY; SECURITY

A. Definition.  “Confidential Information” shall mean any information, whether provided or retained in writing, verbally, by electronic or other data transmission, or in any other form or media whatsoever or obtained through on-site visits and whether furnished or made available before or after the date of this Agreement, that is confidential, proprietary, or otherwise not generally available to the public, including without limitation, trade secrets, marketing and sales information, product information, technical information and technology, personally identifiable information, supplier information, information about trade techniques and other processes and procedures, financial information and business information, compliance information, and/or plans and prospects.

B. Protection of Confidential Information.  Neither party shall disclose to any third party during the term or after the termination or expiration of this Agreement, and each party shall keep confidential, all Confidential Information of the other, protecting the confidentiality thereof with the same level of efforts that it employs to protect the confidentiality of its own proprietary and confidential information of like importance to it, and in any event, by reasonable means.  Each party may, however, disclose the Confidential Information of the other to those of such party’s personnel engaged in a use permitted by this Agreement and with a need to know, provided that such personnel (i) are directed to treat such Confidential Information confidentially and not to use it other than as permitted by herein, or (ii) are subject to any legal duty to maintain the confidentiality thereof.  Neither party shall use the Confidential Information of the other party except as necessary in and during the performance of this Agreement, or as expressly permitted hereunder.  Each party shall be responsible and liable for any improper use or disclosure of any Confidential Information of the other by such party’s officers, partners, principals, employees, agents or independent contractors (including individuals who hereafter become former partners, principals, employee agents or independent contractors).  Licensee acknowledges that elements of the Confidential Information of Licensor, including, without limitation, the Application Services, and the terms, conditions and fees under this Agreement, are trade secrets of Licensor.

C. Confidentiality Exceptions.  The obligations of this Section shall not apply (i) to any Confidential Information for a period longer than it is legally permissible to restrict disclosure of that item of Confidential Information, or (ii) to any Confidential Information that a party can demonstrate was: (a) at the time of disclosure to such party, in the public domain or commonly known in either party’s industry; (b) after disclosure to such party, published or otherwise entered the public domain through no fault of such party; (c) in the possession of such party at the time of disclosure to it, if such party was not then under an obligation of confidentiality with respect thereto; (d) received after disclosure to such party from a third-party who had a lawful right to disclose such Confidential Information to it; (e) independently developed by such party without reference to Confidential Information of the other party; or (f) disclosed with the prior written approval of the other party.

D. Required Disclosure.  Either party may disclose Confidential Information (including, as applicable, Licensee Data) to the extent required by law or by order of a court or governmental agency, provided, however, that the recipient of such Confidential Information shall give the owner of such Confidential Information prompt notice, and shall provide reasonable cooperation to the owner of such Confidential Information if the owner wishes to obtain a protective order or otherwise protect the confidentiality of such Confidential Information. The owner of such Confidential Information reserves the right to obtain, and shall be solely responsible for obtaining, a protective order, order to quash, or other similar form of protection for the confidentiality of such Confidential Information.

E. Notification; Survival.  In the event of any unauthorized disclosure or loss of Confidential Information, the receiving party shall immediately notify the disclosing party.  Notwithstanding anything in this Agreement to the contrary, the obligations of the parties set forth in Section 7(A)-(E) with respect to Confidential Information will remain in effect during the term of this Agreement, and (i) with respect to Confidential Information that does not qualify as a trade secret under applicable law, for a period of three (3) years following the expiration or termination of this Agreement, and (ii) with respect to trade secrets, for so long as such Confidential Information remains a trade secret.

F. Security. Licensor will use all commercially reasonable (i.e., standard in the industry) efforts, to implement and maintain website security features and standards to protect the confidentiality and integrity of Licensee’s Confidential Information.  In addition, Licensor will implement the following policies and practices.

(1) All physical access to the Web Site and Application Services where nonpublic personal and Licensee information is maintained, shall be controlled and monitored by security systems.

(2) The security systems will offer a high degree of resistance to tampering and circumvention.  These systems will limit data access to Licensor staff and contract staff on a “need-to-know” basis for maintaining The Guard^TM system and will control an individual Authorized User’s ability to access and alter records within the Web Site and Application Services.

(3) Licensor will record interactions by individual users with the Application Services and Web Site. Said identifiers will be deleted sixty (60) days after the end of the applicable Term or Auto Renewal Term.

SECTION 8: WARRANTIES AND INDEMNITIES BY LICENSOR

A. Licensor represents and warrants that it has the legal right to enter into this Agreement and to perform its obligations hereunder.

B. Licensor warrants that the hardware, software, and the latest federal standards utilized by Licensor in providing the Application Services are adequate to allow Licensor to provide the Application Services in accordance with this agreement.

C. Licensor will not be held responsible in any way for limitations, if any, in Licensee’s hardware or software. Licensor is not responsible for loss of data in transmission, improper transmission by Licensee, or failure by Licensee or any third party to act on any communication transmission to or by Licensee through the Application Services.

D. Indemnification.

(1) Licensor shall defend, indemnify, and hold harmless Licensee  from and against any and all damages, losses, fines, penalties, costs, and other amounts (including reasonable attorney’s fees and expenses) (collectively, “Losses”) arising from or in connection with third party claims based on or arising from any allegations that the Application Services as delivered by Licensor hereunder and used by Licensee in accordance with the terms and conditions of this Agreement, infringes upon or misappropriates the United States patent, copyright, trademark, trade secret, or other intellectual property rights of such third party.

(2) Licensor shall not indemnify or defend Licensee under this provision or any other indemnity provision hereunder or be liable for any claim or Losses under this Section if the finding of infringement is based on (i) the use of a superseded or altered release of the Application Services, if the infringement would have been avoided by the use of a current unaltered release of the Application Services which Licensor made available to Licensee; (ii) the modification of the Application Services by Licensee or any third party not authorized in writing by Licensor to do so; (iii) the use of the Application Services other than in accordance with its documentation and this Agreement or in combination with any intellectual property, hardware, software, data or technology not supplied by Licensor or approved by Licensor in writing; or (iv) any intellectual property supplied by Licensee (including, but not limited to, the Licensee Data).

(3) If Licensee is enjoined or otherwise prohibited, or is reasonably likely in the opinion of Licensor to be enjoined or prohibited, from using the Application Services or any part thereof, due to a claim covered by Licensor’s indemnification obligations under this Section, then Licensor shall, at its sole expense and option: (i) attempt to procure for Licensee the right to continue using the infringing portion of the Application Services; (ii) modify the infringing portion of the Application Services so as to render it non-infringing while maintaining substantially similar functionality; or (iii) replace the infringing portion of the Application Services with a functionally substantially similar non-infringing item.  If Licensor is unable to procure any of the foregoing after using commercially reasonable efforts to do so, Licensor shall grant Licensee a refund of all prepaid but unused sums paid to Licensor for such infringing item, and Licensee shall cease using such infringing portion of the Application Services. This Section 8(D) states Licensor’s entire liability and Licensee’s sole exclusive remedy for any claim of infringement.

SECTION 9: INDEMNITY OF LICENSEE

Except as provided in the foregoing Section 8D, Licensee shall to the fullest extent allowed by law, defend, indemnify and hold harmless Licensor, any Third-Party provider and any third-party contributor to the Application Services, from and against any and all claims and Losses arising from Licensee’s use of the Application Services or Consulting Services, except that this indemnity shall not apply where such third-party claim or Losses would not have occurred but for the gross negligence or the willful misconduct of Licensor, any Third-Party Service provider, or any third-party contributor to the Application Services or Consulting Services.

SECTION 10: INDEMNIFICATION PROCEDURES

With respect to any claims to which the indemnification provisions of this Agreement apply, the Parties shall comply with the following procedures: Promptly after receipt of notice by any entity entitled to indemnification under this Agreement of the commencement or threatened commencement of any claim in respect of which a party entitled to be indemnified hereunder (each an “Indemnified Party”) will seek indemnification under this Agreement, the Indemnified Party shall notify the party obligated to indemnify the Indemnified Party (the “Indemnifying Party”) of such claim in writing. Failure to so notify the Indemnifying Party shall not relieve the Indemnifying Party of its obligations under this Agreement except to the extent that it can demonstrate that its rights have been prejudiced as a result of such failure.  Provided that the Indemnifying Party promptly and appropriately performs its indemnification obligations hereunder, the Indemnifying Party shall be entitled to have sole control over the defense and settlement of such claim.  The Indemnified Party shall provide reasonable cooperation (at the Indemnifying Party’s expense) and full authority to defend or settle the Claim. The Indemnifying Party shall keep the Indemnified Party fully informed about the status of any litigation, negotiations, or settlements of any such Claim.  The Indemnified Party shall be entitled, at its own expense, to participate in any such litigation, negotiations and settlements with, counsel of its own choosing.  The Indemnifying Party shall not have the right to settle any Claim if such settlement arises from or is part of any criminal action or proceeding, or contains a stipulation to, or an admission or acknowledgement of, any wrongdoing (whether in tort or otherwise) on the part of the Indemnified Party, unless  the Indemnified Party provides prior written consent to such settlement.

SECTION 11: OWNERSHIP

The Application Services are valuable, confidential, copyrighted, and trade secret property of Licensor or third parties that have contributed to the Application Services.  As between the parties, Licensor owns all right, title and interest in and to the Application Services, including without limitation, all ancillary and interface software, all current and future enhancements, modifications, revisions, new releases and updates thereof and any derivative works based thereon and all documentation thereto, all copyrights, trade secrets, and patents therein.  Nothing in this provision shall preclude Licensor from implementing features, ideas, processes or technology suggested by a customer, and promoting the implements to the marketplace. Licensor shall own any rights, intellectual property, and title to the code associated with said implementation.  Except as expressly permitted hereby, copying of any portion of the content and intellectual property included in the Application Services is prohibited.  Licensee shall not remove any trademark or copyright notices from the Application Services or any provided documentation. Any documentation provided by Licensor for use by Licensee on its website, documenting successful completion of The Guard^TM, shall be used only during the term of this Agreement, and only for the period of time Licensor provides for in writing. Use of The Guard^TM and Licensor’s marks after the term of this Agreement and without documentation of successful compliance tracking solution completion and annual re-assessment, constitutes a material breach of this Agreement.  Upon any cancellation, termination, or expiration of this Agreement for any reason, the Licensee may not sell any products or services using the Licensor’s marks, without the express written consent of Licensor.

SECTION 12: ASSIGNMENT 

The Agreement may not be temporarily or permanently transferred or assigned by a party without the prior consent of the non-assigning party. However, a party may, upon written notice to other party, assign this Agreement to a successor pursuant to a merger, consolidation, sale of all or substantially all of its assets, or all or a substantial portion of the business to which this Agreement relates.  Any assignee of Licensee’s rights to use the Application Services must first agree to be bound by the terms and conditions of this Agreement.

SECTION 13: LICENSEE RESPONSIBILITY

THE LICENSEE ASSUMES ALL RESPONSIBILITIES AND OBLIGATIONS WITH RESPECT TO THE SELECTION OF THE APPLICATION SERVICES TO ACHIEVE LICENSEE’S INTENDED RESULTS.

SECTION 14: DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY

EXCEPT AS EXPRESSLY PROVIDED ELSEWHERE IN THIS AGREEMENT, THE APPLICATION SERVICES AND CONSULTING SERVICES ARE PROVIDED ‘AS IS,’ AND LICENSOR HEREBY DISCLAIMS ALL OTHER WARRANTIES, ORAL OR WRITTEN, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE (INCLUDING ANY GUARANTEES OF LEGAL COMPLIANCE), ANY WARRANTIES OF NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF USAGE OF TRADE, COURSE OF DEALING, OR COURSE OF PERFORMANCE.

LICENSOR IS NOT AN INSURER WITH RESPECT TO LICENSEE’S USE OF THE APPLICATION SERVICES AND CONSULTING SERVICES AND, THEREFORE, EXCEPT AS SPECIFICALLY PROVIDED ELSEWHERE IN THIS AGREEMENT, LICENSOR SHALL NOT BE LIABLE TO LICENSEE OR TO ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR INCIDENTAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, GOVERNMENTAL COMPLIANCE, SANCTIONS, LOSS OF DATA OR OTHER INFORMATION) ARISING OUT OF, OR RELATED TO THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, LIABILITY RELATED TO THE USE OF OR UNAVAILABILITY OF THE APPLICATION SERVICES, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

THE LIMIT OF LICENSOR’S LIABILITY, INCLUDING ANY LIABILITY OF ANY LICENSOR CONTRACTOR OR AFFILIATE, TO LICENSEE OR ANY THIRD PARTY CONCERNING THE PERFORMANCE OR NON-PERFORMANCE OF LICENSOR, OR IN ANY MANNER RELATED TO THIS AGREEMENT, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, BY STATUTE, NEGLIGENCE, STRICT LIABILITY IN TORT, OR OTHERWISE, SHALL IN THE AGGREGATE BE LIMITED TO THE FEES PAID BY LICENSEE TO LICENSOR HEREUNDER DURING THE SIX (6) MONTHS IMMEDIATELY PRECEDING THE MONTH IN WHICH THE EVENT GIVING RISE TO THE CLAIM OCCURRED.

SECTION 15: SERVICE LEVEL PROVISIONS

A. NOTIFICATION AND PROBLEM REPORTING

(1) Licensor shall notify Licensee by electronic notification of any planned outages (“scheduled maintenance windows”) of the Application Services for maintenance purposes at least 24 hours prior to the planned outage.

(2) The designated Licensee representative(s) will contact Licensor Technical Support for all problems related to the Application Services.  Licensor will determine the nature of the problem, set the relative priority and open a trouble ticket to initiate the problem resolution process in accordance with subsection (3) below.  Licensor Technical Support is available via email and support tickets, 8:00 a.m. to 8:00 p.m. Eastern Time, Monday through Friday.

(3) ESCALATION PROCEDURES: In the event the availability or the functionality of the Application Services is affected due to a software problem or outage, the following escalation procedures apply: Severity of problems will be classified according to the following descriptions and administered by the Product Support Group (LEVEL 1; see below for definition) as part of their problem management processes.

• HIGH:  Problems that cause critical impact to the business function(s) of Licensee. Justifies immediate management attention and dedicated resources applying continuous efforts to resolve as soon as possible. Response within one (1) business day.
• MEDIUM: Problems causing degradation of service resulting in impact to the business function(s) of Licensee.  Justifies priority attention and application of resources to resolve in a timely manner. Response within two (2) business days.
• LOW: Problems causing low impact to the business function(s) of Licensee.  Requires timely resolution to minimize future impacts.  Resources should be allocated in accordance with normal managerial planning prioritization.  Response within three (3) business days.

Notification Levels are defined below:

• LEVEL 1: Licensor’s Technical Support Group.
• LEVEL 2: Licensor’s Software Engineering Group.  The Software Engineering liaison will then contact the Licensee’s account representative and communicate the problem resolution status, if any, and an anticipated date of resolution.

(4) AVAILABILITY AND UPTIME: Licensor shall make the Web Site available for use by the Licensee 95% of normal business hours (M-F, 8AM to 11PM ET), and 90% of off-business hours (M-F, 11PM to 8AM ET) during the term of the Agreement (“Service Levels”).

(5) Specifically excluded from the definition of “Availability” are:

• Scheduled maintenance windows as defined in Section (15)(A)(1) above.
• Reasons of Force Majeure, as defined in Section 16, below.
• Issues associated with the Licensee’s personal computers, local area networks, or the Internet.
• Licensee’s Internet Service Provider (ISP) connections.
• Issues arising from misuse of Application Services or Web Site by the Licensee.
• Any period of unavailability lasting 15 minutes or less per day.
• Outages caused by third-party provided data and their supporting systems.

a) In order to determine Web Site availability, Licensor will utilize industry standard, third-party external web auditing tools.  These tools will provide regular monitoring of application availability from a point external to the Licensor infrastructure (i.e. as an Internet “user” of the system).  The Web Site and Application Services will be deemed to be unavailable if this external auditing tool indicates its inability to access the Application Services.  These tools will trigger alerts to Licensor Data Center Operations (DCO) staff that will then execute the above-defined notification and escalation procedures.

b) In addition, Licensor DCO performs internal best practice automated and manual monitoring for all key elements of the infrastructure.  This monitoring includes the availability to set appropriate threshold levels for system capacity and trigger alerts to DCO staff when either thresholds are exceeded, or elements of the Web Site or Application Services become unavailable.

c) In the event that the Web Site falls below 95% availability during normal business hours in any given calendar month, as measured by the third party auditing tools, Licensor agrees that upon written notice, Licensee shall be entitled to a pro-rata refund of said fees during that calendar month, which shall constitute Licensor’s sole obligation and Licensee’s sole and exclusive remedy.

B. PREDICTIVE CAPACITY PLANNING

The monitoring applications in place will supply information to allow Licensor to perform predictive capacity planning.

C. DATA RETENTION AND BUSINESS CONTINGENCY

Licensor will back up Licensee Data on a daily basis after each available calendar day.  In the event of a major system outage, Licensor will recover backed-up Licensee Data via “point in time” recovery.  Licensor will store copies of encrypted Licensee Data backups at both an on-site and a secure third party contracted offsite location.  Access to these backups will be limited to authorized personnel.

Licensor will limit restoration of backup data to instances relating to system outages.  Any special requests by Licensee for access to or restoration of backup Licensee Data as a business service is not considered part of this Agreement.  Any special request by Licensee for deletion of all records to be purged from all production and backup Licensee Data as a business service is not considered part of this Agreement.

Licensor maintains contractual service level agreements with its systems providers that allow internal recovery of impacted systems within generally accepted industry standard timeframes.

If Licensor determines it cannot continue to operate the Application Services from the Licensor data center due to catastrophic events, it will exercise a standing agreement with a third party supplier of disaster recovery services located off- premises.  Licensor will reinstate Application Services availability at the off-premises location in accordance with Licensor’s disaster recovery procedures.

D. CHANGES TO SERVICE LEVELS

Service Levels shall be reviewed periodically, and each party shall cooperate in good faith to adapt the Application Services provided as quantities increase or change in any way.  Service Levels shall not be modified, nor shall any breach hereunder be waived, unless such modification and/or waiver are in writing.  

SECTION 16: FORCE MAJEURE

Other than with respect to Licensee’s failure to make payments under this Agreement, neither Party shall be liable under this Agreement for delays, failures to perform, damages, losses or destruction, or malfunction of any equipment, or any consequence thereof, caused by, or due to any cause beyond its reasonable control, including, but not limited to acts of God, pandemic, epidemic, acts of any government, war or other hostilities, the elements, fire, explosion, power failure, telecommunications failure, industrial or labor dispute, inability to obtain supplies and the like, or breakdown of equipment or any other causes beyond its reasonable control.

SECTION 17: CHOICE OF LAW AND VENUE; SUBPOENAS

A. This Agreement shall be governed by and construed in accordance with the laws of the United States and the State of New York without giving effect to principles of conflicts of law. Licensee agrees to submit to the personal jurisdiction of the State and Federal courts located in New York County in the State of New York with respect to any legal proceedings, interpretation or disputes that may arise out of or in connection with this Agreement, the interpretation or breach of this Agreement, the Auto-Renew, or any Auto Renew Term.  

B. LICENSEE AND LICENSOR BOTH AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.

C. If Licensor is subpoenaed, with respect to services provided to Licensee, Licensee will reimburse Licensor all approved reasonable and necessary costs associated with the subpoenaed actions.

SECTION 18: SEVERABILITY

If any part of this Agreement is found void and unenforceable, it will not affect the validity of the balance of the Agreement, which shall remain valid and enforceable according to its terms.  This Agreement may only be modified in a writing signed by both parties.

SECTION 19: ENTIRE AND FINAL AGREEMENT

This Agreement and any other Exhibit, Schedules, Appendices, or other documents reference herein, constitute the entire and final  agreement between the parties with respect to the subject matter hereof, and supersede all other communications, including, but not limited to, all prior agreements or proposals, whether written or oral, between the parties with respect to such subject matter.

SECTION 20: GENERAL

A. Licensor may subcontract for the provision of custom programming services with other qualified subcontractors, but such subcontracting shall not relieve Licensor of its Service Level obligations hereunder.  For avoidance of doubt, Licensee shall only be charged for said custom programming services if the said services and costs/expenses are pre-approved by Licensee.

B. Each party is an independent contractor in the performance of services under this Agreement and, except as may be expressly set forth in a Schedule or Appendix hereto, neither party shall be, or considered to be or permitted to be, an agent, employee, joint venture, partner, or subcontractor of the other. 

C. The headings of sections of this Agreement are for convenience of reference only and will not affect the meaning or interpretation of this Agreement in any way.

D. The provisions contained in this Agreement that by their context are intended to survive termination or expiration will survive.

E. A failure or delay in enforcing an obligation or exercising a right or remedy does not amount to a waiver of that obligation, right or remedy. A waiver of a breach of a term does not amount to a waiver of a breach of any other term in the agreement. A waiver of a particular obligation in one circumstance will not prevent a party from subsequently requiring compliance with the obligation on other occasions.

F. Licensor may use the Licensee corporate name and logo for marketing purposes, such as website, articles and press releases, only during the Term, and if applicable, any Renewal Term, of this Agreement.

SECTION 21: CYBER LIABILITY INSURANCE PROGRAM

1. GENERAL 

Clients in good standing with a SENTRY or PARTNER PROGRAM subscription to The Guard will receive $100,000 of cyber liability insurance.  The insurance policy is facilitated through Compliancy Group’s partnership with the North American Data Security Program (NADSP). NADS RPG is registered in all 50 states and in the District of Columbia. The insurance program is underwritten by AXIS Insurance Company, 111 S. Wacker Drive, Suite 3500, Chicago IL, 60606, (866) 259-5435. AXIS is rated A+ by AM Best.

1. ENROLLMENT

It may take up to 90 days for a SENTRY or PARTNER PROGRAM client to receive their login to download their certificate of insurance.

1. COVERAGE AND BENEFITS

1. The cyber liability insurance contains an annual aggregate limit of liability per SENTRY or PARTNER PROGRAM business in the amount of $100,000.00. 
2. 2.The insurance policy offers the following benefits:
   1. 1. Pre-breach legal access
      2. Phishing intrusion simulation testing
      3. Risk Assessment
      4. IV.Access to a 24/7 breach response team
      5. An education module (eRisk Hub)
3. The insurance covers the following: Civil proceeding or investigation including requests for information for an actual or alleged violation of any privacy regulation (PII data) brought on behalf of any federal, state, or foreign governmental entity, including: Defense & settlement or judgment; regulatory fines and penalties (including PCI); and mandatory forensic examination.
4. The following sub-limits apply to the $100,000 coverage:

1. Ransomware – $10,000
2. Telecommunication Theft – $10,000
3. Social Engineering Fraud – $10,000
4. IV.Forensics and Legal – $25,000

1. A client may purchase additional extended coverage. Higher-limit coverage may be purchased through the website. This coverage is subject to additional terms and restrictions. To purchase additional coverage, go to https://portal.nprpg.com/compliancygroup/

1. RESTRICTIONS AND EXCLUSIONS

1. To receive coverage, a client must have active SENTRY or PARTNER PROGRAM subscription, be in good standing, and make a good-faith effort to satisfy all applicable laws.
2. Clients may decline the insurance by opting out of the coverage. Please email [email protected].
3. The cyber liability insurance is only available to:

1. 1. 1. 1. Businesses headquartered in the United States
         2. Businesses that are NOT aware of, or that have knowledge of, a potential cyber claim.

1. Restricted and excluded entities do not qualify for a discount or refund.
2. It is the responsibility of the client to comply with insurance policy terms and conditions. Any dispute arising under or about the contract must be resolved between the client and the insurer.  Compliancy Group assumes no risk or liability with respect to any insurance policy.

Definitions:

Application Services: The services made available to Licensee that are contained within The Guard^TM. Descriptions of and pricing for Application Services, are set forth in Schedule 2.

Audit Response Program: Compliancy Group’s proprietary methodology for tracking and responding to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) investigations and HIPAA audits. The Audit Response Program supports users in the event of a HIPAA investigation, providing documentation and reports pulled directly from their organization’s unique compliance program in The Guard. Through the Audit Response Program, we assist you with preparing documentation demonstrating you have made a “good-faith” effort toward achieving and illustrating HIPAA compliance. In the event your company is audited or subject to investigation by HHS, we assist you in providing this documentation to HHS, and answer any questions you may have. We also work with your organization’s Compliance Officer to meet OCR deadlines, requests for reports, and any additional follow-up documentation that may be necessary.

Compliance Coaches: The HIPAA Compliance Tracking Solution’s compliance coaches work with Licensee, through its designated representative, to achieve, illustrate, and maintain compliance.  

Designated Representative: An individual to be selected by Licensee for the HIPAA Compliance Tracking Solution.  This individual must attend all Guard Coaching and Training sessions, and ensure Licensee uses good-faith efforts in learning and using The Guard^TM.

End User License Agreement: A license agreement that must be signed by an end-user in order to use The Guard^TM.

The Guard^TM: The Guard^TM Risk Assessment and Compliancy Management Software (a/k/a the “Application Services”).

Incident Management: This feature allows employees to create an incident report by entering the type of incident, date of incident, discovery date, and description/details of the incident. Supporting documentation such as where an incident occurred, and what the employee observed, can be added in a supporting file. The employee then submits the incident through The Guard. The appropriate individuals are notified of the incident, so that an investigation may be made, and remedial action can be taken if necessary.

Subscription Fee: The fee paid by Licensee to use an Application Service for a specified license term. 

User:  A user is an employee or contractor of Licensee and its affiliates who (1) is authorized to use the Application Services; and 2) has been assigned an individual user ID by Licensor.