The URL can be used to link to this page

Home My WebLink AboutContracts & Agreements_125-2025Docusign Envelope ID: 05CA277F-009C-4398-ADD4-0439EFE4AC62 ENDPOINT SECURITY SERVICES PURCHASE This SERVICES AGREEMENT ("Agreement") for Endpoint Security Services ("ESS") is made by and between the Center for Internet Security, Inc. ("CIS"), located at 31 Tech Valley Drive, East Greenbush, New York 12061-4134, a Maryland nonprofit corporation and City of Redlands, a municipal corporation and general law city ("Entity") with its principal place of business at: 35 Cajon Street, Redlands, California 92373. CIS and Entity are referred to herein collectively as the "Parties". In consideration of the mutual covenants contained herein, the Parties do hereby agree as follows: Purpose The purpose of this Agreement is to set forth the mutual understanding between the Entity named above and CIS, with respect to CIS' provision of ESS and selected Add -on Services to the Entity. II. Definitions A. Security Operation Center (SOC): CIS' 24 X 7 X 365 watch and warning center that provides cybersecurity infrastructure monitoring, dissemination of cyber threat warnings and vulnerability identification and mitigation recommendations. B. Endpoint Security Services ("ESS"): Endpoint Security Services (ESS) includes the following services: 1. Next Generation Antivirus (NGAV): A solution aimed at preventing cyber- attacks that is deployed on endpoint devices and has the following capabilities: • Detect malicious activity using signature -based and behavior -based threat detection methods with the capability to automate- prevention (block attacks); • Deny/allow indicators list management to include anomalous behavior - based indicators; • Endpoint and file quarantine functionality; • Threat notification and alerts; and • Web -based management interface with a cloud -based data administration component for enterprise deployment. 2. Endpoint Detection & Response (EDR): Deployment and maintenance of an EDR software agent on Entity's identified endpoint devices, which will (a) block malicious activity at a device level if agreed to by the Entity; (b) remotely isolate compromised systems after coordination with the Entity; (c) identify threats on premise, in the cloud, or on remote systems; (d) inspect network traffic in a decrypted state on the endpoint for the limited purpose of identifying malicious activity; and (e) identify and remediate malware infections. Docusign Envelope ID: 06CA277F-009C-4398-ADD4-0439EFE4AC62 IV. Term of this Agreement This Agreement will commence on the date it is signed by both Parties (the "Effective Date"), and shall continue in full force and effect for the period specified in the order attached as Exhibit 1 (the "Term"). V. Responsibilities Appendix A, which is attached hereto and incorporated herein, contains the specific responsibilities of Entity and CIS regarding Endpoint Security Services and Add -on Services. Entity understands and agrees that, as a condition to commencement of services under this Agreement, it must comply with the terms and conditions set forth in Appendix A. VI. Payment Terms A. Initial ESS Purchase. In consideration for receipt of ESS and any Add -on Services, Entity agrees to pay the sum set forth in the order, in U.S. Dollars (USD). Payment shall be due and payable within thirty (30) days of the Effective Date. Payment may be made by: (i) EFT transfer; (ii) check made payable to Center for Internet Security and mailed to CIS Accounts Receivable, 31 Tech Valley Drive, East Greenbush, NY 12061; or (iii) credit card transaction according to the instructions provided to Entity by CIS. The amount payable shall not be reduced by any taxes or fees to be collected by a taxing jurisdiction, financial institution or payment processor incidental to the payment to CIS. B. Purchase of ESS for Subsequent Terms. At least sixty (60) days prior to the - expiration of the Term, CIS will provide Entity an order setting forth pricing for a subsequent Term. Payment associated with a subsequent Term shall be due to CIS no later than the last day of the then -current Term, and may be made using any of the methods described in Section VI(A) above. If such payment is not made prior to the end of the applicable Term, CIS may elect not to renew this Agreement for a subsequent Term. VII. Title The Endpoint Security Services include use of software that is licensed to CIS by a third -party provider, CrowdStrike, Inc. ("CrowdStrike"). All title and ownership rights of the software shall remain with CrowdStrike. The Entity shall own all right, title and interest in data that it provides to CIS pursuant to this Agreement. Entity hereby grants CIS a non-exclusive, non- transferable license to access and use such data as is necessary to provide ESS and any Add -on Services under this Agreement. VIII. Warranty A. Warranty. CIS warrants to Entity that, throughout the applicable Term: (i) the Endpoint Security Services and any Add -on Services will operate without Error; and (ii) industry standard techniques have been used to prevent the ESS Docusign Envelope ID: 05CA277F-009C4398-ADD4-0439EFE4AC62 and Add -on Services, at the time of installation, from injecting malicious software viruses into endpoints covered by this Agreement. Entity must notify CIS of any warranty claim during the Term. Entity's sole and exclusive remedy, and the entire liability of CIS, for a breach of this warranty will be for CIS, at its own expense and election, to implement one of the following solutions: (a) use commercially reasonable efforts to provide a work -around or correct such Error; or (b) terminate this Agreement and Entity's access to and use of ESS and Add - on Services, and refund the prepaid fee, prorated for the unused period of the Term. CIS shall have no obligation to Entity regarding Errors reported after the end of the applicable Term. B. Exclusions. The warranties do not apply if the ESS or Add -on Services: (i) have been modified, except by CIS or CrowdStrike, or (ii) have not been installed, used, or maintained in accordance with this Agreement or the Documentation. C. Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES IN THIS SECTION VIII, CIS MAKES NO OTHER WARRANTIES RELATING TO THE ESS OR THE ADD -ON SERVICES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF NON - INFRINGEMENT OF THIRD -PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE, OR MERCHANTABILITY. ENTITY ACKNOWLEDGES, UNDERSTANDS AND AGREES THAT CIS DOES NOT GUARANTEE OR WARRANT THAT USE OF ESS AND/OR THE ADD -ON SERVICES WILL FIND, LOCATE OR DISCOVER ALL SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND ENTITY WILL NOT HOLD CIS RESPONSIBLE THEREFOR. ENTITY AGREES NOT TO REPRESENT TO ANY THIRD PARTY THAT CIS HAS PROVIDED SUCH GUARANTEE OR WARRANTY. IX. Amendments to this Agreement This Agreement may only be amended if agreed to in writing by both Parties. X. No Third Party Rights Nothing in this Agreement shall create or give to third parties any claim or right of action of any nature against Entity or CIS. XI. Confidentiality Obligation CIS acknowledges that information regarding the infrastructure and security of Entity's information systems, assessments and plans that relate specifically and uniquely to the vulnerability of customer information systems, Personal Data (as defined herein below), specific vulnerabilities identified as part of the Endpoint Security Services or Add -on Services, or information otherwise marked as confidential by Entity ("Confidential Information") may be provided by Entity to CIS in connection with this Agreement. The Entity acknowledges that it may receive from CIS trade secrets and confidential and proprietary information Docusign Envelope ID: 05CA277F-009C-4398-ADD4-0439EFE4AC62 ("Confidential Information"). Both Parties agree to hold each other's Confidential Information in confidence to the same extent and the same manner as each party protects its own confidential information, but in no event will less than reasonable care be provided and a party's information will not be released in any identifiable form without the express written permission of such party or as required pursuant to lawfully authorized subpoena, court order or similar compulsive directive or is required to be disclosed by law. CIS further agrees that any third party involved in providing Endpoint Security Services shall be required to protect Entity's Confidential Information to the same extent as required under this Agreement. CIS shall, however, be permitted to disclose relevant aspects of such Confidential Information to its officers, employees, agents and CIS' cyber security partners, including federal partners, provided that such partners have agreed to protect the Confidential Information to the same extent as required under this Agreement. Entity shall be permitted to disclose relevant aspects of such Confidential Information to its officers, employees, and agents in order to assist in the performance of this Agreement. Subject to the limitations contained in this Section XI, the Parties agree to use all reasonable steps to ensure that Confidential Information received under this Agreement is not disclosed in violation of this Section XI. XII. Notices A. All notices permitted or required hereunder shall be in writing and shall be transmitted either: 1. via certified or registered United States mail, return receipt requested; 2. by personal delivery; 3. by expedited delivery service; or 4. by e-mail with acknowledgement of receipt of the notice. Such notices shall be addressed as follows or to such different addresses as the Parties may from time -to -time designate: CIS Address: CIS Services Center for Internet Security, Inc. 31 Tech Valley Drive East Greenbush, NY 12061-4134 Telephone: (518) 880-0766 E-Mail: Services(a,)cisecurity-org with cc to: legalnotices(&cisecurity.org Entity Name: Title: System Administrator Address: 35 Cajon st Redlands, California 92373 Telephone (909) 307-7305 Number: E-Mail ggonzalezC?cityofredlands.org Docusign Envelope ID: 06CA277F-009C-4398-ADD4-0439EFE4AC62 Address: B. Any such notice shall be deemed to have been given either at the time of personal delivery or, in the case of expedited delivery service or certified or registered United States mail, as of the date of first attempted delivery at the address and in the manner provided herein, or in the case of facsimile transmission or email, upon receipt. C. The Parties may, from time to time, specify any new or different contact information as their address for purpose of receiving notice under this Agreement by giving fifteen (15) days written notice to the other Party sent in accordance herewith. The Parties agree to mutually designate individuals as their respective representatives for the purposes of receiving notices under this Agreement. Additional individuals may be designated in writing by the Parties for purposes of implementation and administration, resolving issues and problems and/or for dispute resolution. XIII. Insurance and Indemnification The following insurance coverage required by this Agreement shall be maintained by Consultant for the duration of its performance of the Services. Consultant shall not perform any Services unless anduntilthe required insurance listed below is obtained by Consultant. Consultant shall provide City with certificates of insurance and endorsements evidencing such insurance prior to commencement of the Services. Insurance policies shall include a provision prohibiting cancellation or modification of the policy except upon thirty (30) days prior written notice to City. -- - A. - -Workers` Compensation and Employer's Liability insurance in the amount that meets statutory requirements with an insurance carrier acceptable to City, or certification to City that Consultant is self -insured or exempt from the workers' compensation laws of the State of California. Consultant shall execute and provide City with Exhibit " ," titled "Workers' Compensation Insurance Certification," which is attached hereto and incorporated herein by this reference, prior to performance of the Services. B. Comprehensive General Liability insurance with carriers acceptable to City in the minimum amount of One Million Dollars ($1,000,000) per occurrence and Two Million Dollars ($2,000,000) aggregate, for public liability, property damage and personal injury is required. City shall be named as an additional insured and such insurance shall be primary and non-contributing to any insurance or self-insurance maintained by City. C. Consultant shall secure and maintain professional liability insurance throughout the term of this Agreement in the amount of One Million Dollars ($1,000,000) per claim made. Docusign Envelope ID: 05CA277F-009C-4398-ADD4-0439EFE4AC62 D. Business Auto Liability coverage, with minimum limits of One Million Dollars ($1,000,000) per occurrence, combined single limit bodily injury liability and property damage liability. This coverage shall include all Consultant owned vehicles used in connection with Consultant's provision of the Services, hired and non -owned vehicles, and employee non -ownership vehicles. City shall be named as an additional insured and such insurance shall be primary and non-contributing to any insurance or self- insurance maintained by City. E. Except as expressly noted in this Agreement, Consultant is expressly prohibited from assigning or subcontracting any of the Services without the prior written consent of City. XIV. Consultant shall defend, indemnify and hold harmless City and its elected and appointed officials, employees and agents from and against any and all claims, losses or liability, including attorneys' fees, arising from injury or death to persons or damage to property occasioned by any negligent act or omission by, or the willful misconduct of, Consultant, or its officers, employees and agents in performing the Services. Docusign Envelope ID: 05CA277F-009C-4398-ADD4-0439EFF4AC62 The foregoing has been agreed to and accepted by the authorized representatives of each party whose signatures appear below: City of Redlands By: Charles M. Duggan Jr Signature 6/I7/25 Date Signed Contract version date : 02/07/24 Attest: Je e Donaldson, City Clerk Center for Internet Security, Inc. By: Laurie Hester Printed Name Signed by, [ I ! Signature C53OD89779C3418... 6/2/2025 Date Signed Docusign Envelope ID; 05CA277F-009C-4398-ADD4-0439EFE4AC62 EXHIBIT I S- Canter for Internet sg<uflty' Order Address Information Bill To: City of Redlands 35 Cajon st Redlands, California 92373 United States Buying Contact: Shawn Mac Gavin Buying Email: smacgavin@cityofrediands.org Related Information Currency: USD Service Lines Service Center for Internet Security, Inc. 31 Tech Valley Drive East Creenbush, New York 12061 United States Product Code Ship To: City of Redlands 35 Cajon st Redlands, California 92373 United States ORDER for City of Redlands Order: SO-250519-0064998 Created Date: 5/19/2025 Valid Through: 9/16/2025 Prepared by: Ashanti Hoyles Phone: (518) 516-3070 Shipping Contact: Shawn Mac Gavin Shipping Email: smacgavin@cityofredlands.org CIS Services MDR -Advanced powered CIS-MDR-ADV-CS-CISS by CrowdStrike CIS Services MDR Spotlight powered CIS-MDR-SPOT-CS-CISS by CrowdStrike Standard Terms Billing Frequency: One -Time Date City Term List Sales NET Price Price 711/2025 - 6/30/2026 700 12 Mon $5.00 $5.00 $42,000.00 7/1/2025 - 6/30/2026 700 12 Mon $0.50 $0.50 $4,200.00 List Price Total: $46,200.00 Sales Price Total: $46,200.00 Net Amount: $46,200.00 Balance Due Amount: $46,200.00 Please note that if the purchase(s) listed above are related to a new product/service, the Date(s) are determined based upon both the order being approved and all pre service requirements met. If the purchase(s) listed above are for a renewing productlservice, the Date(s) reflect the actual term. The fees are listed in USD and do not include any taxes (including but not limited to VAT or withholding taxes) or fees to be collected by a taxing jurisdiction, financial institution or payment processor incidental to the payment of the Balance Due Amount. If Customer is located in a country with applicable VAT1Withholding taxes, Customer is required to declare and make the VATIWithholding payment. Once Customer makes the required VATMIthholding payment, a copy of the receipt will be provided to CIS for our records. Your acceptance of this Order shall constitute your intent to proceed with the purchase of the product or service listed above. Customer: City of Redlands Signature & tiq �Q'_"Z2 Name Charles M. Duggan Jr. Title City Manager Date 6 / 17 / 25 Page 1 of 2 Docusign Envelope ID: 05CA277F-009C-4398-ADD4-0439EFE4AC62 EXHIBIT "2" WORKERS' COMPENSATION INSURANCE CERTIFICATION Every employer, except the State, shall secure the payment of compensation in one or more of the following ways: (a) By being insured against liability to pay compensation by one or more insurers duly authorized to write compensation insurance in this State. (b) By securing from the Director of Industrial Relations, a certificate of consent to self -insure, either as an individual employer, or as one employer in a group of employers, which may be given upon furnishing proof satisfactory to the Director of Industrial Relations of ability to self -insure and to pay any compensation that may become due to his or her employees. CHECK ONE _/ I am aware of the provisions of Section 3700 of the Labor Code which requires every employer to be insured against liability for Workers' Compensation or to undertake self-insurance in accordance with the provisions of that Code, and I will comply with such provisions before commencing the performance of the work and activities required or permitted under this Agreement. (Labor Code § 1861). I affirm -that at all times, in performing the work and activities required or permitted under this Agreement, I shall not employ any person in any manner such that I become subject to the workers' compensation laws of California. However, at any time, if I employ any person such that I become subject to the workers' compensation laws of California, immediately I shall provide the City with a certificate -of consent tor self -insure, or a certification of workers' compensation insurance. I certify under penalty of perjury under the laws of the State of California that the information and representations made in this certificate are true and correct. CENTER FOR INTERNET SECURITY, INC. Signed by: u iz y'�^ 6/2/2025 By: eN e Date: Name auri Title VP sales Operations Docusign Envelope ID: 06CA277F-009C-4398-ADD4-0439EFE4AC62 Appendix A ESS Responsibilities I. Entity Responsibilities - Entity acknowledges and agrees that CIS' ability to perform the Endpoint Security Services is subject to Entity fulfilling certain responsibilities listed below. All references to Endpoint Security Services or ESS in Appendix A shall be deemed to include Add -on Services purchased by Entity. Entity acknowledges and agrees that neither CIS nor any third -party provider shall have any responsibility whatsoever to perform the Endpoint Security Services in the event Entity fails to meet its responsibilities described below. A. For purposes of this Agreement, Entity acknowledges and agrees that the scope of this Agreement is limited to the number of endpoint devices identified in the order Form. In the event that Entity installs the ESS software agent on a greater number of endpoint devices beyond those identified in the order Form, Entity will be charged for those additional endpoints, including any associated additional charges, and that those additional endpoint devices will be subject to the requirements of this Agreement. Entity will ensure the correct functioning and maintenance of the endpoint devices receiving Endpoint Security Services. B. Entity shall at all times during the Term employ the most currently supported version of its chosen operating system software for the identified endpoint devices. :Entity acknowledges and agrees that, if it uses an unsupported version of such operating system software, CIS cannot ensure proper functioning of the affected endpoint devices. C. The following term applies only to ESS Mobile: Entity is responsible for using a Mobile Device Management (MDM) application that is supported by CIS and CrowdStrike to complete installation. D. Entity shall provide the following to CIS prior to the commencement of the Endpoint Security Services and at any time during the Term of the Agreement if the information changes: 1. A completed Pre -installation Questionnaire (PIQ), the form of which will be provided to Entity by CIS, which will identify the number and types of endpoints to be monitored during the Term, including identification of the operating systems used in the endpoints. The PIQ will need to be revised whenever there is a change that would affect CIS' ability to provide the Endpoint Security Services; 2. Each endpoint device will have access to a secure Internet channel for ESS management and monitoring by CIS; 3. Accurate and up-to-date information, including the name, email, landline, and mobile numbers for all designated, authorized Point of 10 Doeusign Envelope ID: 05CA277F-009C-4398-ADD4-0439EFE4AC62 Contact(s); and 4. Entity will be responsible for installing the ESS software agent on its endpoints; CIS will provide Entity with a link to the ESS software agent. D. During the Term of this Agreement, Entity shall provide the following: 1. Written notification to CIS SOC (SOC cr,MSISAC.ORG) at least thirty (30) days in advance of replacement of an existing endpoint device with another similar device and/or changes in operating systems for the endpoint devices that would affect CIS' ability to provide Endpoint Security Services; 2. Written notification to CIS SOC (SOC(&MSISAC.ORG) at least twelve (12) hours in advance of any scheduled Internet outages affecting the endpoint devices; 3. A completed Escalation Procedure Form in the PIQ including the name, e-mail address and 24/7 contact information for all designated Points of Contact (POC). Revised information must be submitted when there is a change in status for any POC; 4. Sole responsibility for maintaining current maintenance and technical support contracts with Entity's software and hardware vendors for any endpoint device covered by ESS; and 5. Active involvement with CIS SOC to resolve any tickets requiring Entity input or action; II. CIS Responsibilities A. CIS shall be responsible for purchase of a commercial ESS capability provided by CrowdStrike, to be incorporated into the Endpoint Security Services, and for providing a link for the ESS software agent to Entity for Entity to install on their endpoints. S. CIS will be responsible for the management and monitoring of the Endpoint Security Services to Entity's identified endpoint devices, including provision of the link for installation of the applicable ESS agent for the operating system of the endpoint devices, as identified by Entity in the PIQ. C. CIS will provide the following as part of the Endpoint Security Services. These obligations do not apply to CIS' provision of any Add -on Services: 1. Analysis of logs from monitored security devices for attacks and malicious traffic; 2. Analysis of security events; 11 Docusign Envelope ID: 05CA277F-Co9C-4398-ADD4-0439EFE4AC62 3. Correlation of security data/logs/events with information from other sources; 4. Notification of security events per the Escalation Procedures provided by Entity; and 5. CIS Security Operation Center. CIS will provide 24/7 telephone (1- 866-787-4722) availability for assistance with events detected by the Endpoint Security Services. D. Upon termination of this Agreement, CIS shall be responsible for the cancellation of the Endpoint Security Services. Entity will be responsible for removal of the ESS agent installed on Entity's endpoint devices. III. Third Party Provider Terms and Conditions Entity acknowledges and agrees that as part of providing ESS, CIS has contracted with the third -party provider, CrowdStrike. Entity further acknowledges and agrees that in return for receipt of ESS, it agrees to the following terms and conditions as an end user of CrowdStrike services under this Agreement: A. Access & Use Rights. Subject to the terms and conditions of this Agreement, Entity has a non-exclusive, non -transferable, non-sublicensable license to access and use the Products in accordance with any applicable Documentation solely for Entity's Internal Use. The Product includes a downloadable object -code component ("Software Component");_ Entity may install and run multiple copies of the Software Components solely for Entity's Internal Use. Entity's access and use is limited to the quantity and the period of time specified in this Agreement. B. Restrictions. The access and use rights do not include any rights to (i) employ or authorize any third party (other than Partner) to use or view the Offering or Documentation; (ii) alter, publicly display, translate, create derivative works of or otherwise modify an Offering; (iii) sublicense, distribute or otherwise transfer an Offering to any third party; (iv) allow third parties to access or use an Offering (except for Partner as expressly permitted herein); (v) create public Internet "links" to an Offering or "frame" or "mirror" any Offering content on any other server or wireless or Internet - based device; (vi) reverse engineer, decompile, disassemble or otherwise attempt to derive the source code (if any) for an Offering (except to the extent that such prohibition is expressly precluded by applicable law), circumvent its functions, or attempt to gain unauthorized access to an Offering or its related systems or networks; (vii) use an Offering to circumvent the security of another party's network/information, develop malware, unauthorized surreptitious surveillance, data modification, data exfiltration, data ransom or data destruction; (viii) remove or alter any notice of proprietary right appearing on an Offering; (ix) conduct any stress tests, competitive benchmarking or analysis on, or publish any performance data of, an Offering (provided, that this does not prevent Entity from comparing the Products to other products for Entity's Internal Use); (x) use any feature of CrowdStrike APIs for any purpose other than in the performance of, and in accordance with, this Agreement; or (xi) cause, encourage or assist any third party to do any of the foregoing. Entity agrees to use an Offering in 12 Docusign Envelope ID: 05CA277F-009C-4398-ADD4-0439EFE4AC62 accordance with laws, rules and regulations directly applicable to Entity and acknowledges that Entity is solely responsible for determining whether a particular use of an Offering is compliant with such laws. C. Third Party Software. CrowdStrike uses certain third party software in its Products, including what is commonly referred to as open source software. Under some of these third party licenses, CrowdStrike is required to provide Entity with notice of the license terms and attribution to the third party. See the licensing terms and attributions for such third party software that CrowdStrike uses at: htt s: falcon.crowdstrike.com o ensource. D. Installation and User Accounts. For those Products requiring user accounts, only the individual person assigned to a user account may access or use the Product. Entity is liable and responsible for all actions and omissions occurring under Entity's user accounts for Offerings. E. Ownership & Feedback. The Offerings are made available for use or licensed, not sold. CrowdStrike owns and retains all right, title and interest (including all intellectual property rights) in and to the Offerings. Any feedback or suggestions that Entity provides to CrowdStrike regarding its Offerings (e.g., bug fixes and features requests) is non -confidential and may be used by CrowdStrike for any purpose without acknowledgement or compensation, provided, Entity will not be identified publicly as the source of the feedback or suggestion. F. CrowdStrike Disclaimer. PARTNER, AND NOT CROWDSTRIKE, IS RESPONSIBLE FOR ANY WARRANTIES, REPRESENTATIONS, GUARANTEES, OR OBLIGATIONS TO ENTITY, INCLUDING REGARDING THE CROWDSTRIKE OFFERINGS. ENTITY ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT CROWDSTRIKE DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, OR DISCOVER ALL OF ENTITY'S OR ITS AFFILIATES' SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND ENTITY AND ITS AFFILIATES WILL NOT HOLD CROWDSTRIKE RESPONSIBLE THEREFOR. CROWDSTRIKE AND ITS AFFILIATES DISCLAIM ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, CROWDSTRIKE AND ITS AFFILIATES AND SUPPLIERS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON- INFRINGMENT WITH RESPECT TO THE OFFERINGS. THERE IS NO WARRANTY THAT THE OFFERINGS WILL BE ERROR FREE, OR THAT THEY WILL OPERATE WITHOUT INTERRUPTION OR WILL FULFILL ANY OF ENTITY'S PARTICULAR PURPOSES OR NEEDS. THE OFFERINGS ARE NOT FAULT -TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. THE OFFERINGS ARE NOT FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY, OR PROPERTY DAMAGE. ENTITY AGREES THAT IT IS ENTITY'S RESPONSIBILITY TO ENSURE SAFE USE OF AN OFFERING IN SUCH APPLICATIONS AND INSTALLATIONS. CROWDSTRIKE DOES NOT WARRANT ANY THIRD PARTY PRODUCTS OR SERVICES. 13 Docusign Envelope ID: 05CA277F-009C-4398-ADD4-0439EFE4AC62 G. Entity Obligations. Entity represents and warrants that: (i) it owns or has a right of use from a third party, and controls, directly or indirectly, all of the software, hardware and computer systems (collectively, "Systems") where the Products will be installed or that will be the subject of, or investigated during, the Offerings, (ii) to the extent required under any federal, state, or local U.S. or non -US laws (e.g., Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq., Title III, 18 U.S.C. 2510 et seq., and the Electronic Communications Privacy Act, 18 U.S.C. § 2701 et seq.) it has authorized CrowdStrike to access the Systems and process and transmit data through the Offerings in accordance with this Agreement and as necessary to provide and perform the Offerings, (iii) it has a lawful basis in having CrowdStrike investigate the Systems, process the Entity Data and the Personal Data; (iv) that it is and will at all relevant times remain duly and effectively authorized to instruct CrowdStrike to carry out the Offerings, and (v) it has made all necessary disclosures, obtained all necessary consents and government authorizations required under applicable law to permit the processing and international transfer of Entity Data and Entity Personal Data from each Entity and Entity Affiliate, to CrowdStrike. H. Falcon Platform. The Falcon Endpoint Protection Platform ("Falcon EPP Platform") uses a crowd -sourced environment, for the benefit of all customers, to help customers protect themselves against suspicious and potentially destructive activities. CrowdStrike's Products are designed to detect, prevent, respond to, and identify intrusions by collecting and analyzing data, including machine event data, executed scripts, code, system files, log files, dll files, login data, binary files, tasks, resource information, commands, protocol identifiers, URLs, network data, and/or other executable code and metadata. Entity, rather than CrowdStrike, determines which types of data, whether Personal Data or not, exist on its systems. Accordingly, Entity's endpoint environment is unique in configurations and naming conventions and the machine event data could potentially include Personal Data. CrowdStrike uses the data to: (i) analyze, characterize, attribute, warn of, and/or respond to threats against Entity and other customers, (ii) analyze trends and performance, (iii) improve the functionality of, and develop, CrowdStrike's products and services, and enhance cybersecurity; and (iv) permit Entity to leverage other applications that use the data, but for all of the foregoing, in a way that does not identify Entity or Entity's Personal Data to other customers. Neither Execution Profile/Metric Data nor Threat Actor Data are Entity's Confidential Information or Entity Data. I. Processing Personal Data. Personal Data may be collected and used during the provisioning and use of the Offerings to deliver, support and improve the Offerings, comply with law, or otherwise in accordance with this Agreement. Entity authorizes CrowdStrike to collect, use, store, and transfer the Personal Data that Entity provides to CrowdStrike as contemplated in this Agreement. J. Compliance with Applicable Laws. Both CrowdStrike and Entity agree to comply with laws directly applicable to it in the performance of this Agreement. K. Definitions. "CrowdStrike" shall mean CrowdStrike, Inc. 14 Docusign Envelope ID: 05CA277F-0090-4398-ADD4-0439EFE4AC62 "CrowdStrike Data" shall mean the data generated by the CrowdStrike Offerings, including but not limited to, correlative and/or contextual data, and/or detections. For the avoidance of doubt, CrowdStrike Data does not include Entity Data. "Entity Data" means the data generated by the Entity's Endpoint and collected by the Products. "Documentation" means CrowdStrike's end -user technical documentation included in the applicable Offering. "Endpoint" means any physical or virtual device, such as, a computer, server, laptop, desktop computer, mobile, cellular, container or virtual machine image. "Execution Profile/Metric Data" means any machine -generated data, such as metadata derived from tasks, file execution, commands, resources, network telemetry, executable binary files, macros, scripts, and processes, that: (i) Entity provides to CrowdStrike in connection with this Agreement or (ii) is collected or discovered during the course of CrowdStrike providing Offerings, excluding any such information or data that identifies Entity or to the extent it includes Personal Data. "Internal Use" means access or use solely for Entity's own internal information security purposes. By way of example and not limitation, Internal Use does not include access or use: (i) for the benefit of any person or entity other than Entity, or (ii) in any event, for the development of any product or service. Internal Use is limited to access and use by Entity's employees and Partner solely on Entity's behalf and for Entity's benefit. "Entity" means an Entity of Partner that has agreed in writing to be contractually bound by these Entity Terms. "Offerings" means, collectively, any Products or Product -Related Services. "Partner" means Center for Internet Security, Inc. "Personal Data" means information provided by Entity to CrowdStrike or collected by CrowdStrike from Entity used to distinguish or trace a natural person's identity, either alone or when combined with other personal or identifying information that is linked or linkable by CrowdStrike to a specific natural person. Personal Data also includes such other information about a specific natural person to the extent that the data protection laws applicable in the jurisdictions in which such person resides define such information as Personal Data. "Product" means any of CrowdStrike's cloud -based software or other products provided to Entity through Partner, the available accompanying API's, the CrowdStrike Data, any Documentation. "Product -Related Services" means, collectively, (i) Falcon OverWatch, (ii) Falcon Complete Team, (iii) the technical support services for certain Products provided by CrowdStrike, (iv) training, and (v) any other CrowdStrike services provided or sold with Products. 1F Docusign Envelope ID: 05CA277F-009C4398-ADD4-0439EFE4AC62 "Threat Actor Data" means any malware, spyware, virus, worm, Trojan horse, or other potentially malicious or harmful code or files, URLs, DNS data, network telemetry, commands, processes or techniques, metadata, or other information or data, in each case that is potentially related to unauthorized third parties associated therewith and that is collected or discovered during the course of CrowdStrike providing Offerings, excluding any such information or data that identifies Entity or to the extent that it includes Personal Data. Contract Version Date: 02/07/2024 16