1. Performance of Services
1.1 Provision of the Services
- These general terms and conditions apply to:
- any Proposal or Quote that is submitted to, and is accepted by, the Client; and
- any SOW that references and incorporates these general terms and conditions,
- During the Term, CyberCX agrees to perform the Services as set out in a Proposal, Quote or SOW (as relevant) and any acceptance and delivery will only be in accordance with the terms of this Agreement, and no other terms or conditions contained in any other Client document will apply or be incorporated. The Client acknowledges and agrees that the Services may be performed and invoiced by CyberCX or any of its Related Companies.
- CyberCX agrees to:
- comply with all reasonable directions of the Client and all applicable Laws in connection with the performance of its obligations;
- comply with all reasonable health and safety policies of the Client whilst on the Client’s site as provided to CyberCX prior to commencing the work; and
- use reasonable endeavours to have any specific personnel identified in a Proposal, Quote or SOW available to perform the Services and will provide the Client with reasonable notice if it intends to replace or reassign such personnel.
- The Client agrees to cooperate with CyberCX in CyberCX’s supply of the Services or any Products, including:
- providing CyberCX with safe and timely access and authorisation to access and use the Client’s Systems, personnel, facilities, site and utilities as reasonably required;
- providing CyberCX with any requested information relevant to the provision of the Services in a timely and accurate manner;
- ensuring the Client’s Systems are virus free and backed-up prior to, and at all times during, the performance of the Services; and
- complying with all reasonable requests or directions of CyberCX for the purpose of facilitating the supply of the Services and Products.
- Without limiting CyberCX’s obligations under this Agreement, the Client acknowledges and agrees that CyberCX will not be in breach of the Agreement if the Services impact the Client’s Systems.
1.2 Use of subcontractors
- Subject to clause 1.2(b), CyberCX may subcontract the performance of all or some of its duties, obligations and powers under this agreement (including the provision of any Service) without the Client’s prior approval.
- CyberCX will be liable for:
- the performance of obligations by its subcontractors; and
- provision of the Services by its subcontractors.
1.3 Provision of Products
- At any time during the Term the Client may request to purchase any Products offered for sale by CyberCX by submitting a purchase order to CyberCX.
- The purchase order must explicitly reference these general terms and conditions and set out the type and quantity of the Product/s to be purchased and the desired date for delivery of the Products.
- CyberCX will provide the Client with written notification of acceptance or rejection of the purchase order, the proposed delivery date along with any variable price changes (including exchange rate, delivery or third party pricing changes) as relevant for the purchase of the Products. Failure by CyberCX to confirm receipt of the purchase order cannot be taken to be an acceptance of that purchase order.
- All risk in any Products transfers to the Client upon delivery of the Product to the Client and title (except intellectual property rights as provided under clause 6.1) passes on payment in full.
1.4 Access and delays
- Where CyberCX reasonably requests information or access to any Client premises or Systems necessary for any of the Services at least five (5) Business Days prior to commencement of the applicable Services, and that information or access is not available at time of scheduled commencement of those Services, CyberCX will be entitled to charge the Client for any resulting delays based on reasonable rates until that information or access is provided.
- If the Client requests CyberCX to cancel, delay or reschedule the Services with less than three (3) Business Days’ notice before the commencement of the Services, the Client must pay CyberCX its reasonable costs associated with such cancellation, delay or rescheduling. The Client acknowledges that the costs payable under this clause are a genuine pre-estimate of the damages that CyberCX is likely to suffer as a result of the Client’s failure to give CyberCX adequate notice of a cancellation, delay or rescheduling of the start date.
2. Security Testing Services and Digital forensic Services
To the extent the Services include:
- Security Testing Services, the Security Testing Services Terms below apply; and
- Digital Forensic Services, the Digital Forensic Services Terms below apply.
3. Governance Risk and Compliance
- To the extent the Services include governance, risk or compliance services, this clause 3 applies.
- The Client must ensure that the specifications relating to the Products and Services, and the use of the Products and Services, satisfies all of the Client’s legal and regulatory obligations and any other Client compliance requirements including, without limitation, compliance by the Client with any Law, corporate governance matters and internal company policies.
- Nothing in this Agreement requires CyberCX to ensure, recommend or facilitate the Client’s compliance with any matter referred to in this clause, except to the extent prescribed in the specifications Proposal, or SOW and the Client acknowledges that it has obtained its own advice on such compliance matters.
Unless otherwise terminated in accordance with clause 13, this Agreement commences on the earlier day of CyberCX providing the Services, the acceptance by CyberCX of a Client purchase order or as otherwise agreed in writing and continues for the duration set out in the applicable Proposal, Quote or SOW (Term).
5. Invoices & Payments
- The Client must pay CyberCX for the provision of the Services and for the supply of any Products, as set out in a valid tax invoice issued by CyberCX.
- CyberCX will issue invoices for Services as set out in an applicable Proposal, Quote or SOW, or otherwise at the end of the month in which the Services are delivered, or at milestones or in respect of Products, upon acceptance of a purchase order for the Products order.
- The Client must pay all invoices within 30 days of the invoice date by electronic funds transfer to an account as specified by CyberCX in the invoice.
- All fees and prices are provided exclusive of all applicable taxes, duties, goods and services tax (GST) and government charges (Taxes). If GST is, or any other Taxes are, charged on any supply made by CyberCX under this Agreement, Client must pay an amount equal to the amount of GST or such other Taxes charged on such supply, at the same time as the other amounts due.
- If CyberCX does not receive payment strictly in accordance with clause 5(c), CyberCX may charge the Client interest at the Late Payment Rate, and interest will be charged from the date on which payment of that amount falls overdue up to but excluding the date on which payment of the overdue amount is made in full. Interest at the Late Payment Rate will be applied on a daily basis, compounding monthly.
- The Client may not set-off, counterclaim or deduct any amount from an amount owing to CyberCX.
- The Client must notify CyberCX in writing of any disputed invoices within 5 Business Days of receipt detailing the amount and the reason for the dispute. The Client must pay CyberCX the portion of the invoiced amounts not in dispute on the due date for payment.
6. Intellectual Property
6.1 Intellectual Property in Deliverables and provision of Services
- Subject to clauses 6.2 and 6.3, all intellectual property rights in the Deliverables, the Services and any other material created by CyberCX in delivering the Services remain the property of CyberCX.
- Subject to clause 6.3, CyberCX grants the Client a non-exclusive, non-transferable, non-sub licensable, royalty-free (excluding any payments due under clause 5) licence to use in New Zealand the intellectual property rights in the Deliverables, the Services and any other material created by CyberCX in delivering the Services for the sole and limited purpose of enjoying the benefit of the Services as set out in the Proposal, Quote or SOW.
6.2 Background IP
Each party at all times retains all title and ownership in its own Background IP.
6.3 Third party intellectual property
- In providing the Services, CyberCX may provide the Client with software or Deliverables that are, or include, software or other material which is owned by or is proprietary to a third party (Third Party Material). The Client agrees that:
- title in any Third Party Material remains at all times with the third party unless provided otherwise in a Third Party Licence.
- Subject to clause 6.3(a), CyberCX warrants that to the best of its knowledge and belief, all materials and Deliverables created by CyberCX in delivering the Services do not infringe any intellectual property rights of any third party.
- Each party agrees that where it, its Personnel, or its Related Companies, are the recipient of Confidential Information (Recipient) of the other party (Disclosing Party), the Recipient must:
- subject to clause 7(b), treat all Confidential Information as confidential and not use it except as reasonably necessary for the purposes of this Agreement;
- ensure that the Confidential Information is held in strict confidence and is not disclosed to any third party (subject to any legal requirement on the Recipient to disclose the Confidential Information), except to the extent that such third party is a member of that party’s Personnel;
immediately notify the Disclosing Party in writing if the Recipient suspects that any Confidential Information may have been accessed by any unauthorised party;
- use, at a minimum, the same degree of care with respect to its obligations under this Agreement as it employs with respect to its own confidential or proprietary information, but in no event less than reasonable care; and
- upon request by the Disclosing Party or termination of this Agreement, promptly deliver to the Disclosing Party all written documents or other physical embodiments containing the Confidential Information then in its custody, control or possession and must deliver within 10 days after such termination or request a written statement to the Disclosing Party certifying to such action.
- Nothing in this Agreement is intended to oblige the Supplier to return or destroy any document, data or information incorporated into or annexed to anything which must be retained for compliance purposes, contained in systems, archives or backups which cannot be practicably deleted or information which must be retained as required by Law, any accounting standard or the rules of any stock exchange or for sound corporate governance purposes.
- Unless otherwise agreed in writing by the Disclosing Party, the obligations of confidentiality in clause 7(a)(i) do not apply to the extent the Confidential Information:
- has been lawfully disclosed to the Recipient by a third party free from obligations of confidentiality; or
- is in the public domain (other than through a breach of this Agreement).
- Both parties agree to comply with the Privacy Laws in relation to the provision and use of the Services.
- Without limiting clause 8(a), the Client must ensure that where it discloses Personal Information to CyberCX, or permits CyberCX to collect, access or generate Personal Information under this Agreement, it has:
- provided, and will continue to provide, all privacy notices; and
- has obtained, and will continue to obtain, any authorisations from individuals,
necessary under all applicable Privacy Laws, for CyberCX to collect, process or otherwise use, disclose and handle such Personal Information for the purposes of providing the Services and performing its obligations under this Agreement.
- The Client will be liable for all Losses (including legal costs on a full indemnity basis) suffered or incurred by CyberCX or its Related Companies arising from any actions, claims, proceedings, demands that may be brought against CyberCX or its Related Companies or which CyberCX may pay, sustain or incur as a direct or indirect result of any breach or non-performance of the Client’s obligations under this clause 8, except that the Client’s liability will be proportionally reduced to the extent caused or contributed to by CyberCX’s gross negligence.
- The Client acknowledges and agrees that:
- it may be necessary for CyberCX to access Personal Information held by the Client in order to provide the Services; and
9. Data Security
- CyberCX will take reasonable precautions within its own control to prevent any unauthorised access to or alteration of the Client Data.
- Each party shall promptly notify the other of any breach of any confidentiality, data or security obligations, Laws, requirements or standards, including a “privacy breach” as defined under the Privacy Act, (Security Breach) affecting the other party’s Confidential Information or, in the case of the Client, the Client Data, and provide reasonable assistance to the other in managing such Security Breach and/or handling any requests in relation to Personal Information.
- Each party warrants:
- it has the power, capacity and authority to enter into and observe its obligations under this Agreement; and
- this Agreement has been duly executed by that Party and is a legal and binding agreement, enforceable against it in accordance with the terms of this agreement.
- To the extent permitted by law, CyberCX makes no warranty or representation, express or implied, in relation to Products or third party supplied software.
- Any representation, warranty, condition or undertaking that would be implied in this Agreement by legislation, common law, equity, trade, custom or usage is excluded to the maximum extent permitted by law.
- Subject to clauses 11(b) to 11(e) and any applicable third party licensor’s restrictions, CyberCX indemnifies the Client for any direct Loss suffered by the Client arising from or related to third party intellectual property claims against the Client arising from the Client’s use of the Deliverables or other materials provided to the Client by CyberCX in the performance of its Services under this Agreement, except CyberCX will not be liable for any such Loss to the extent that:
- the Client has modified the Deliverables or other such materials provided by CyberCX;
- the Client has used the Deliverables or other such materials provided by CyberCX in a form that is not in accordance with any directions given by CyberCX, or is used in a form that is not in accordance with the purpose for which the Deliverables or other such materials are provided by CyberCX to the Client in connection with the Services provided under this Agreement;
- the Client has not agreed to, or has breached or not complied with, any Third Party Licence relating to the use of that third party intellectual property; or
- the Client has not taken all reasonable steps (and ensuring its Personnel take all reasonable steps) to mitigate any Loss on becoming aware of any such third party intellectual property claims,and is subject to:
- the Client (and its Personnel, where relevant) permitting CyberCX to manage any relevant claim or action in the name of the Client (or any relevant Personnel).
- CyberCX’s total aggregate liability to the Client in respect of any and all Losses incurred by the Client (whether for breach of contract, in tort (including negligence) or otherwise) arising out of or in connection with the carrying out of the Services or supply of the Products under this Agreement is limited to the amount paid by the Client to CyberCX under the applicable Proposal, Quote or SOW in the 12 months preceding the event giving rise to the Loss, to a maximum of $250,000.
- CyberCX’s limit on liability in clause 11(b) does not apply to the following Losses:
- personal injury or death of a party or person; or
- damage to tangible property,
to the extent caused by CyberCX’s negligent acts or omissions.
- To the maximum extent permitted by law, CyberCX is not responsible and excludes all liability for any Loss to the Client’s Systems or any data or information of the Client arising from or in connection with the supply of the Services or the Products by CyberCX.
- Notwithstanding anything to the contrary in this Agreement, neither party will be liable for any indirect or consequential Loss that does not arise naturally (that is, according to the usual course of things) from the event giving rise to the Loss or any loss of profits, loss of production, loss of revenue, loss of business, loss of goodwill, damage to reputation, loss of opportunity, loss or corruption of data or wasted overheads.
12. New Zealand Consumer Laws
- The Products and Services supplied by CyberCX and acquired by the Client pursuant to this Agreement are supplied and acquired in trade for the purposes of the Fair Trading Act 1986 (FTA) and Consumer Guarantees Act 1993 (CGA), and:
- the Client will not assert or attempt to assert any rights or claims against CyberCX under the provisions of the CGA; and
- the Client agrees that sections 9, 12A, and 13 of the FTA will not apply.
- For the avoidance of doubt, nothing in this Agreement is intended to exclude, restrict or modify rights which the Client may have under any Laws (including the FTA and the CGA), which may not be excluded, restricted or modified by agreement.
- Either party may terminate the Agreement with immediate effect if the other party is:
- in material breach of the Agreement and such breach is incapable of remedy, or such breach is remediable but that defaulting party fails to remedy the breach within 14 days of receiving notice of the breach;
- subject to an Insolvency Event; or
- subject to an Event of Force Majeure that continues for a period of at least 90 days.
- Upon termination of this Agreement for any reason:
- CyberCX will cease providing the Services and Products; and
- the Client must pay to CyberCX all outstanding amounts for Services actually performed or Products ordered by the Client.
- Termination of this Agreement does not affect a liability or any obligation of a party arising prior to termination nor affect any damages or other remedies which a party may be entitled under this Agreement.
- On expiry or termination of this Agreement:
- Clauses 7 (Confidentiality), 8 (Privacy), 9(Data Security), 10 (Warranties), 11 (Liability), 13(b) (Termination) and 14 (Non-solicitation) continue in full force and effect; and
- all rights, obligations and liabilities a party has accrued before expiry or termination continue.
During the Term and for a period of 12 months after completion of the Term, the Client must not, and must procure its affiliates do not, offer work to, solicit or induce for employment, employ, or contract with, CyberCX’s Personnel who are involved with the provision of the Services, without first obtaining the written consent of CyberCX (which may be withheld by CyberCX at its absolute discretion).
- If any provision of this Agreement is deemed to be unenforceable, invalid or illegal, the interpretation is to be applied to reflect the intention of the parties as far as possible whilst not affecting the validity of the remainder of the Agreement.
- Neither party may assign its rights under this Agreement without the other party’s prior written consent, provided however CyberCX can assign its rights under this Agreement to a Related Company if it wants for so long as it requires to do so.
- The Client acknowledges and agrees that (i) some or all of the Services may be provided by CyberCX New Zealand Limited and /or its Related Companies, and (ii) client data may be stored or accessed from locations outside of New Zealand.
- All notices and consents must be sent by email to the email addresses on the front page of this Agreement.
- This Agreement is governed by the Laws of New Zealand. Each Party irrevocably submits to the non-exclusive jurisdiction of the courts of New Zealand.
- CyberCX will not be liable for any delay or failure to supply the Services or Products if such a delay or failure was due to an Event of Force Majeure.
- Any dispute relating to the subject matter of this Agreement shall be submitted to mediation prior to any other dispute resolution process being invoked. The parties will agree a mediator within 21 days of either party giving the other written notice of intention to invoke mediation. If the parties cannot agree on a mediator then the dispute will be referred to the Arbitrators’ and Mediators’ Institute of New Zealand Inc. (AMINZ) for mediation. All mediation proceedings will be conducted in accordance with the AMINZ’s Mediation Protocol.
- No party is authorised to bind another party and nothing in this Agreement is construed as creating a relationship of principal and agent, partners, trustee and beneficiary, or employer and employee.
- This Agreement may only be amended or replaced with the written agreement of all parties.
- This Agreement constitutes the entire agreement between the parties and supersedes any prior conduct, arrangement, representation, agreement or understanding in relation to its subject matter.
- This Agreement can be signed in counterparts. If an electronic signature is used, it shall have the same effect as a handwritten signature.
16. Definitions and interpretation
All capitalised terms have either the meanings given to that term in the Contract Details, the definitions in this clause 16.1 or where otherwise set out in the Agreement:
Agreement means these general terms and conditions and, as relevant:
- (a) the Proposal, Quote or SOW to which they are attached, referenced or attached (including any agreed written variation); or
- (b) any purchase order submitted and accepted in accordance with clause 1.3;
Background IP means a party’s intellectual property rights in any materials developed independently of, or prior to, the provision of the Services and the Deliverables and includes any third party licensed intellectual property;
Business Day means a day that is not a Saturday, Sunday, public holiday or bank holiday in Wellington, New Zealand (unless expressed otherwise in a Proposal, Quote or SOW);
Client means the customer who has requested the Services to be performed by CyberCX;
Client Data means the data owned or supplied by the Client which is accessed by CyberCX (including its Related Companies) or its subcontractors in the course of performing the Services;
Confidential Information means any and all information (in any form or media) of a confidential nature that is made available directly or indirectly, and before, on or after the date of this Agreement including financial, client, employee and supplier information, product specifications, policies and procedures, processes, statements, formulae, trade secrets, Client Data, drawings and data which is not in the public domain (except by virtue of a breach of the confidentiality obligations arising under this Agreement);
Cyberattack means any breach of (or attempted or threatened breach of) or unauthorised access to the Client’s Systems, including identity or intellectual property theft, exploitation of ICT systems, phishing, spamming, denial-of-service (including distributed), stolen hardware, or website defacement.
CyberCX means CyberCX New Zealand Limited and any of its Related Companies;
Deliverables means the materials, reports and other deliverables to be provided by CyberCX in performing the Services, as set out in the relevant Proposal, Quote or SOW;
Digital Forensic Services includes:
- digital forensic investigation;
- digital forensic analysis;
- forensic reporting and opinions;
- threat hunting;
- cyber threat intelligence and risks assessment; and
- and other activities carried out for, or on behalf of, the Client under a Proposal, Quote or SOW.
Event of Force Majeure means any event or circumstance, or a combination of events or circumstances, which is beyond the reasonable control of an affected party (but does not excuse any obligation to make payment);
Insolvency Event means:
- bankruptcy proceedings are commenced against the relevant party, or the relevant party is declared bankrupt;
- any step is taken to appoint a receiver, a receiver and manager, a trustee in bankruptcy, a liquidator, a provisional liquidator, an administrator or other like person to the relevant party or to the whole or any part of the relevant party’s assets or business;
- if the relevant party is in a partnership, the partnership is dissolved or an application is made to dissolve the partnership;
- the relevant party is or becomes unable to pay its debts as they fall due or is presumed pursuant to section 287 of the Companies Act 1993 to be unable to pay its debts as they fall due;
- the relevant party has been removed from the New Zealand Companies Register, other than as part of an amalgamation in which that relevant party is one of the entities being amalgamated; or
- a relevant party has something having substantially similar effect to any of the events specified above occur in any jurisdiction under or in respect of any law.
Late Payment Rate means the higher of:
- (a) the “official cash rate” set by the Reserve Bank of New Zealand plus 5% per annum; and
- (b) 5% per annum;
Laws means all laws including rules of common law, statutes, regulations, subordinate legislation, proclamations, ordinances, by laws, rules, regulatory principles and requirements, mandatory codes of conduct, writs, orders, injunctions, judgments and any awards, which are applicable from time to time in the jurisdiction in which CyberCX or its Personnel perform their obligations under this agreement;
Loss means any loss, cost, liability or damage, including reasonable legal costs on a solicitor/client basis;
Personal Information has the meaning given to that term in the Privacy Act;
Personnel means, in relation to a party, its employees, Related Companies, secondees, officers, agents, advisers and contractors;
Privacy Act means the Privacy Act 2020;
Privacy Laws means the Privacy Act and all other applicable privacy and data protection Laws as may be in force from time to time which regulate the collection, use, disclosure, storage of and granting of access rights to Personal Information;
Product means any products or goods supplied pursuant to the Agreement;
Proposal means a proposal prepared by CyberCX for Services to be provided to the Client by CyberCX that references or incorporates these general terms and conditions;
Quote means a quote prepared by CyberCX for Services to be provided to the Client by CyberCX that references or incorporates these general terms and conditions;
Rates means the hourly or daily rates payable by the Client for the provision of Services by CyberCX, as set out in a Proposal, quote or SOW;
Related Company of an entity means a body corporate that is related to that entity in any of the ways specified in the Companies Act 1993;
Security Breach has the meaning given to that term in clause 9(b);
Security Testing Services means penetration testing, red teaming, intrusion techniques, code reviews, security threats and risks assessment and any other security testing or assessment activities carried out for a Clients under a Proposal, Quote or SOW.
Services means the services to be provided to the Client by CyberCX, as set out in a relevant Proposal, quote, or SOW;
Statement of Work or SOW means a statement of work setting out the Services and/or products to be provided to the Client by CyberCX and which has been signed by both CyberCX and the Client;
Systems includes networks, software, applications, computers, servers, mobile devices, cloud services (including storage, software, platforms and infrastructure as a service), industrial control systems, and any other IT systems or equipment.
Term has the meaning given to that term in clause 4;
Third Party Licence has the meaning given to that term in clause 6.3(a)(i); and
Third Party Material has the meaning given to that term in clause 6.3(a).
In this Agreement, unless the context requires otherwise:
- clause and subclause headings are for reference purposes only;
- the singular includes the plural and vice versa;
- words denoting any gender include all genders;
- a reference to a person includes any other entity recognised by law and vice versa;
- where a word or phrase is defined, its other grammatical forms have a corresponding meaning;
- any reference to a party to this Agreement includes its successors and permitted assigns;
- any reference to any agreement or document includes that agreement or document as amended at any time;
- the use of the word includes or including is not to be taken as limiting the meaning of the words preceding it;
- the expression at any time includes reference to past, present and future time and performing any action from time to time;
- no provision of this Agreement will be construed adversely to a party because that party was responsible for the preparation of this agreement or that provision;
- a reference to any legislation includes all delegated legislation made under it and amendments, consolidations, replacements or re-enactments of any of them; and
- an agreement, representation or warranty by two or more persons binds them jointly and severally and is for the benefit of them jointly and severally.
SECURITY TESTING SERVICES TERMS
1. Application of these Security Testing Terms
- These Security Testing Terms apply to a Proposal, Quote or SOW if it indicates that the Services include the provision of security testing and assurance services.
- The Client warrants that it is aware of the nature of the Security Testing Services, in particular that the Security Testing Services may include:
- simulating or performing controlled Cyberattacks on the Client’s Systems;
- deliberate attempts to penetrate the security Systems of the Client, which may be provided by a third party;
- red teaming (including, but not limited to, deliberately masquerading as a hostile attacker with the intention of detecting vulnerabilities) activities in relation to the Client and its premises and Systems; or
- deliberately allowing unauthorised access to the Client’s network or Systems for the purpose of analysing threat vectors and origination;
- acts that may put the Client in breach of its agreements including, but not limited to, its third party supplier’s terms of supply.
2. Acknowledgement and liability
- The Client acknowledges and agrees that the Security Testing Services:
- are sample testing activities only and cannot account for all possible ways a third party could breach the Client’s security measures or Systems; and
- do not implement any security measures and will not prevent security or data breaches, or Cyberattacks;
- could result in interruptions or degradations to the Client’s Systems and accepts those risks and consequences
- although carried out by professional CyberCX Personnel and tools from trusted resources, carry an element of risk that can never be fully eliminated, and the Client agrees that there is no guarantee that every vulnerability in its Systems will be identified during the Security Testing Services.
- In carrying out the Security Testing Services, the Client acknowledges and agrees that CyberCX:
- as agent of the Client is considered to be party to a communication in the case of intercepting any private communication on the Client’s Systems,
- is expressly authorised by the Client to perform such Services (and all tests reasonably necessary to perform the Services) on the relevant network resources and IP addresses. The Client represents that, if it does not own such network resources, it will have obtained consent and authorisation from the applicable third party to permit CyberCX to provide the Security Testing Services;
- provides no warranty or guarantee as to the outcome of the Security Testing Services, all testing has limitations, and that such testing cannot guarantee discovery of all weaknesses, noncompliance issues, or vulnerabilities; and
- may use various proprietary methods and software tools to probe network resources, and to detect actual or potential security flaws and vulnerability, which will not be revealed by CyberCX.
DIGITAL FORENSIC SERVICES TERMS
1. Application of these Digital Forensic Services Terms
- These Digital Forensic Services Terms apply to a Proposal, Quote or SOW if it indicates that the Services include the provision of digital forensic services.
- The Client warrants that it is aware of the nature of the Digital Forensic Services and that under New Zealand law, should we form a reasonable belief, or identify evidence of a serious criminal conduct during our engagement, including but not limited to evidence of major indictable offences, national security or secrets, CyberCX may be required to notify law enforcement.
2. Acknowledgement and liability
- The Client acknowledges and agrees that the Digital Forensic Services:
- are intended only for the Client only and outputs may not be provided to any third party without CyberCX’s prior written consent;
- are not intended to provide any specific results other than to identify factual findings, analysis of evidence, and responses to specific questions related to the provision of our expert opinion;
- are not legal advice or legal opinions and no output constitutes legal advice;
- are provided ‘as-is’; and
- are not delivered against any standards or guidelines unless otherwise agreed in writing.
- In carrying out the Digital Forensic Services, the Client acknowledges and agrees that CyberCX:
- is expressly authorised by the Client to perform such Services (and all such tasks and tests reasonably contemplated by or reasonably necessary to perform the Services) and the Client does so in compliance with all relevant Laws (including the Privacy Act)
- is acting on behalf of the Client, so in the case of intercepting any private communication on the Client’s Systems, CyberCX as agent of the Client is considered to be party to such private communication;
- provides no warranty or guarantee as to the outcome of the Digital Forensic Services, or resulting legal proceedings, and does not implement any security measures or controls;
- will rely on the information provided by the Client as true and correct, and that unless otherwise agreed, will not undertake any review, validation or audit to ascertain the completeness or accuracy of information provided; and
- leverages anonymised cyber threat intelligence gained through previous engagements for other clients. Through the course of our work, CyberCX may collect cyber threat intelligence from the Client Systems, focused on the attacker’s tools and methods. Such collection will not include information which may identify the Client organisation, networks, Systems, sensitive information, staff, customers, related parties, or include any Client confidential information.