Cloudistics Software and Cloudistics Services Terms and Conditions
Last updated 5 June 2019. Prior versions of these Terms are available by emailing [email protected].
THESE CLOUDISTICS SOFTWARE AND CLOUDISTICS SERVICES TERMS AND CONDITIONS (THESE “TERMS”) ARE A LEGAL AGREEMENT BETWEEN YOU (“CUSTOMER”) AND CLOUDISTICS, INC. (“CLOUDISTICS”). BY CLICKING THE “I ACCEPT” BUTTON, EXECUTING AN ORDER FORM THAT INCLUDES THESE TERMS BY REFERENCE, OR USING THE CLOUDISTICS SERVICES, CUSTOMER ACKNOWLEDGES THAT CUSTOMER HAS REVIEWED AND ACCEPTS THESE TERMS. IF YOU ARE AGREEING TO THESE TERMS AS A REPRESENTATIVE OF AN ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND THAT ENTITY AND “CUSTOMER” REFERS TO THAT ENTITY AND ALL THE USERS OF THAT ENTITY ACCESSING OR USING THE CLOUDISTICS SERVICES. IF CUSTOMER DOES NOT AGREE WITH ALL OF THESE TERMS, DO NOT ACCESS OR OTHERWISE USE THE CLOUDISTICS SERVICES. CLOUDISTICS MAY MAKE CHANGES TO THE CLOUDISTICS SERVICES AT ANY TIME. IN ADDITION, CLOUDISTICS MAY MAKE CHANGES TO THESE TERMS AT ANY TIME, AND CLOUDISTICS WILL POST NOTICE OF THE CHANGES AND THE UPDATED TERMS OR SEND E-MAIL NOTIFICATION TO THE E-MAIL ADDRESS OF RECORD FOR CUSTOMER. CUSTOMER’S CONTINUED USE OF THE CLOUDISTICS SERVICES AFTER SUCH CHANGES HAVE BEEN POSTED WILL SIGNIFY CUSTOMER’S ASSENT TO AND ACCEPTANCE OF THE REVISED TERMS.
1.1. Product Definitions. The following definitions describe the three core components of the Cloudistics product (Equipment, Embedded Software, and Management Portal), as well as associated services (Documentation, Support Services, and SaaS Management Portal).
“Cloudistics Services” means collectively, access to and use of the SaaS Management Portal (if applicable), Documentation, and related Support Services.
“Cloudistics Software” refers to any of, or collectively to all of, the software components of the Management Portal and/or the Embedded Software.
“Embedded Software” means the proprietary software installed, embedded, and otherwise integrated into the Equipment, in object code form only.
“Equipment” means the server, storage, and networking hardware on which the Embedded Software is initially installed. Equipment may be marketed and distributed by Cloudistics or its Distributor under the brand name Cloudistics and ordered by Customer pursuant to an Order Form. Equipment may also be marketed and distributed by an OEM Partner under the OEM Partner’s brand.
“Management Portal” means the proprietary software used to manage and access Equipment, Embedded Software, and related Support Services, whether provided by Cloudistics to Customer on a hosted software-as-a-service basis (“SaaS Management Portal”), or provided to Customer in object form only for on-premise deployment if explicitly enumerated on the Order Form.
“Platform Administration Data” means all data that is not Production Data that is submitted, stored, posted, displayed, or otherwise transmitted by or on behalf of Customer or any User by or through use of the Management Portal or Support Services.
“Production Data” is data that physically resides on the Customer’s Equipment and may be presented logically to virtual machines as virtual disks.
“Support Services” means the support and maintenance services offered by Cloudistics and purchased by Customer pursuant to an Order Form, as further described in Appendix C.
“Documentation” means the online user instructions and help files made available by Cloudistics for use with the Equipment, Embedded Software, and Management Portal, as may be updated from time to time by Cloudistics.
“Users” means Customer’s or its Affiliates’ employees, consultants, contractors, agents and third parties with whom Customer may transact who are authorized by Customer or its Affiliates to access and use the Cloudistics Services, and who have been supplied user identifications and passwords for such purpose by Customer.
1.2. Other Definitions
“Activation Date” means the date on which the Equipment is ready for activation and the Management Portal is made available to Customer, including the commencement of any testing and evaluation period.
“Affiliate” means any entity, now or hereafter existing that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with the subject entity. For purposes of this definition, “control” means direct or indirect possession of the power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract or otherwise. An entity shall be considered an “Affiliate” only so long as that entity meets the foregoing definition.
“Customer System” means Customer’s internal website(s), servers, and other equipment and software used in the conduct of Customer’s business.
“Distributor” means a third-party distributor or reseller authorized by Cloudistics to sell Equipment, Cloudistics Software, and/or Cloudistics Services referenced herein with whom the Customer placed the order.
“End User” means any third-party end user accessing or using services offered by Customer that are based in whole or in part on use by Customer of Equipment provided under these Terms.
“Intellectual Property Rights” means all intellectual property rights or similar proprietary rights, including (a) patent rights and utility models, (b) copyrights and database rights, (c) trademarks, trade names, domain names and trade dress and the goodwill associated therewith, (d) trade secrets, (e) mask works, and (f) industrial design rights; in each case, including any registrations of, applications to register, and renewals and extensions of, any of the foregoing in any jurisdiction in the world.
“Malicious Code” means viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs.
“OEM Partner” means a third-party equipment manufacturer such as Dell or Lenovo that provides hardware warranty and support services to the Customer. An OEM Partner may also be a Distributor.
“Open Source Software” means all software that is available under the GNU Affero General Public License (AGPL), GNU General Public License (GPL), GNU Lesser General Public License (LGPL), Mozilla Public License (MPL), Apache License, BSD licenses, or any other license approved by the Open Source Initiative (www.opensource.org).
“Order Form” means the ordering documents for Equipment, Cloudistics Software, and/or Cloudistics Services, purchased from Cloudistics or from a Distributor, that are entered into by Customer from time to time. Order Forms shall be deemed incorporated herein. Affiliates of Customer may purchase licenses to access and use the Cloudistics Software and Cloudistics Services subject to these Terms by submitting Order Forms; by entering into such an Order Form, such Affiliate of Customer shall be bound by these Terms as if it were an original party hereto.
“Subscription Term” means the subscription period for Customer’s use of the Cloudistics Services set forth in an Order Form.
“Third-Party Offerings” means certain software or services delivered or performed by third parties including business application subscription services and any associated offline products provided by third parties, that interoperate with or are purchased by Customer through the Management Portal.
2. ORDERS AND EQUIPMENT.
2.1. Orders. Subject to the terms and conditions contained in these Terms, Customer may purchase Equipment, Cloudistics Software, and/or Cloudistics Services pursuant to Order Forms.
2.2. Equipment Purchase and Support. Customer and Cloudistics acknowledge and agree that these Terms relate solely to Cloudistics Software and Cloudistics Services. Warranty and support of Equipment will be governed by separate terms and conditions published by the OEM Partner. Dell’s terms and conditions, as may be updated from time to time, may be accessed at http://www.dell.com/ServiceContracts. If purchased from Cloudistics, ownership of and title to Equipment shall pass to Customer upon full payment of the Equipment; Cloudistics retains a right of repossession until full payment is received.
3. LICENSES AND RESTRICTIONS
3.1. Embedded Software License. Subject to Customer’s compliance with the terms and conditions contained in these Terms, Cloudistics hereby grants to Customer, a perpetual, limited, revocable, non-exclusive, non-transferable, non-sublicensable right and license to use the Embedded Software, solely as embedded in and for execution on the Equipment, and solely for the internal business purposes of Customer or Customer’s End Users. Customer’s sole interest in the Embedded Software is the license and right to use the Embedded Software as installed on the Equipment and in accordance with these Terms. Cloudistics uses and distributes certain third-party components in its Embedded Software. Customer shall have such rights and/or licenses to use these third-party embedded components as are set forth in the relevant terms available in Appendix A.
3.2. Management Portal Use and Access License. Subject to Customer’s compliance with the terms and conditions contained in these Terms, Cloudistics hereby grants to Customer, during the applicable Subscription Term, a limited, revocable, non-exclusive, non-transferable, non-sublicensable right and license to use the Management Portal (or, as applicable, a limited, revocable, non-exclusive, non-transferable, non-sublicensable right to access the SaaS Management Portal) in accordance with the Documentation, solely for the internal business purposes of Customer or Customer’s End Users.
3.3. Restrictions. Customer shall not, directly or indirectly, and Customer shall not permit any User, End User or other third party to: (a) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code or underlying ideas or algorithms of the Cloudistics Software; (b) modify, translate, or create derivative works based on any element of the Cloudistics Software or Cloudistics Services; (c) except as provided in these Terms, rent, lease, distribute, sell, resell, assign, or otherwise transfer its rights to use the Cloudistics Software or Cloudistics Services; (d) use the Cloudistics Software or Cloudistics Services for the benefit of any person or entity other than for the benefit of Customer and End Users; (e) remove any proprietary notices from the Documentation or Equipment; (g) use any of the Cloudistics Software or Cloudistics Services for any purpose other than its intended purpose; (h) interfere with or disrupt the integrity or performance of the Cloudistics Software; (i) introduce any Open Source Software into the Cloudistics Software or Cloudistics Services; or (j) attempt to gain unauthorized access to Cloudistics Software, Cloudistics Services, or Cloudistics systems or networks.
3.4. Mandatory Terms; End Users. Customer will require all End Users to accept the terms of a binding contractual agreement with Customer (which can be in the form of an end user license), which agreement must provide substantially the same protections for Cloudistics, Cloudistics Services, Cloudistics Software, and Cloudistics’ Confidential Information (as defined below) as are provided by these Terms, and which agreement must, at a minimum: (a) restrict access to and use of the Cloudistics Software to machine-readable, executable, object-code form only; (b) restrict use of the Embedded Software to the copy thereof as embedded in the Equipment; (c) prohibit causing or permitting the reverse engineering, disassembly or decompilation of the Cloudistics Software; (d) expressly disclaim any passing of title to the Cloudistics Services or Cloudistics Software to the relevant End User; (e) cause Cloudistics to be a third party beneficiary of Customer’s rights under such agreement with respect to such End User’s use of and/or rights related to the Cloudistics Services or Cloudistics Software, with full rights to enforce such rights against the relevant End User; and (f) disclaim any and all direct warranties or liabilities of Cloudistics to such End User for all damages, whether direct or indirect, incidental or consequential, arising from the use of the Cloudistics Services or Cloudistics Software (collectively, the “Mandatory Terms”). If Customer makes any claim, representation or warranty regarding the Cloudistics Services or Cloudistics Software that is different from or in addition to those set forth in these Terms, Customer shall be solely and exclusively responsible for such claim, representation or warranty and Cloudistics shall have no liability for any such claim, representation or warranty. As between Cloudistics and Customer, Customer is responsible for all acts and omissions of its End Users in connection with their use of any Cloudistics Services or Cloudistics Software. Any act or omission by such End Users that, if undertaken by Customer, would constitute a breach of these Terms shall be deemed a breach of these Terms by Customer. Customer will reasonably cooperate with Cloudistics in connection with any prohibited activities of any End User in connection with the Cloudistics Services or Cloudistics Software. Customer will promptly notify Cloudistics if Customer becomes aware of any such prohibited activities.
3.5. Reservation of Rights. Except as expressly granted in these Terms, there are no other licenses granted to Customer, express, implied or by way of estoppel. All rights not granted in these Terms are reserved by Cloudistics.
3.6. Open Source Software. Cloudistics may distribute certain Open Source Software with the Cloudistics Software, and such Open Source Software shall be subject to different terms than those set forth in these Terms. Customer understands and acknowledges that such Open Source Software is not licensed to Customer pursuant to the provisions of these Terms and that these Terms may not be construed to grant any such right and/or license. Customer shall have only such rights and/or licenses, if any, to use the Open Source Software as are set forth in the license applicable to such Open Source Software as set forth and identified at Appendix B.
3.7. User’s Personal Data. Some Platform Administration Data (including user names, email addresses, phone numbers, IP addresses, and log files) are considered “personal data” under the data privacy laws of certain countries including the European Union’s GDPR. Customer is the “controller” of such data, and hereby grants permission on behalf of its Users for Cloudistics, the “processor,” to move Platform Administration Data to the United States. Customer acknowledges that Cloudistics may contract with certain “subprocessors” in its use of Platform Administration Data. The Data Protection Agreement in Appendix D will govern the relationship between the Customer and Cloudistics as it pertains to data control and processing.
4. THIRD-PARTY OFFERINGS.
4.2 Exclusion of Certain Damages. CLOUDISTICS WILL HAVE NO LIABILITY UNDER THESE TERMS, REGARDLESS OF THE NATURE OF THE CLAIM OR THE NATURE OF THE CLAIMED OR ALLEGED DAMAGES, INCLUDING, WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, FOR ANY CLAIM ARISING FROM OR RELATED TO CUSTOMER’S USE OF THE THIRD-PARTY OFFERINGS, AND CLOUDISTICS DISCLAIMS ANY AND ALL REPRESENTATIONS AND WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, WITH RESPECT TO ANY AND ALL SUCH THIRD-PARTY OFFERINGS, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SYSTEM INTEGRATION, DATA ACCURACY, TITLE, NON-INFRINGEMENT, QUIET ENJOYMENT, AND/OR NON-INTERFERENCE. Customer acknowledges and agrees that the foregoing disclaimers, limitations and exclusions of liability form an essential basis of the bargain between the parties, and that, absent such disclaimers, limitations, and exclusions, these Terms, including, without limitation, the economic terms, would be substantially different.
4.3. Integration with Third-Party Offerings. The Management Portal may contain features designed to interoperate with Third-Party Offerings. To use such features, Customer may be required to obtain access to such Third-Party Offering from their providers. If the provider of any Third-Party Offering ceases to make the Third-Party Offering available for interoperation with the corresponding Management Portal features on reasonable terms, Cloudistics may cease providing such features without entitling Customer to any refund, credit, or other compensation.
5. PASSWORDS; SECURITY.
5.1. Passwords. Customer is solely responsible for issuing user logins and passwords to the Management Portal in accordance with Cloudistics policies and procedures. Customer is solely responsible for any and all access and use of the Management Portal that occurs using logins and passwords Customer issues to Users. Customer shall, and shall ensure that Customer’s Affiliates, restrict their Users from sharing passwords. Customer agrees to immediately notify Cloudistics of any unauthorized use of any account or login and password issued to Customer’s or Customer’s Affiliates’ Users, or any other breach of security known to Customer. Cloudistics shall have no liability for any loss or damage arising from Customer’s failure to comply with the terms set forth in this Section.
5.2. No Circumvention of Security. Neither Customer nor any of Customer’s Affiliates nor any User may circumvent or otherwise interfere with any user authentication or security of the Management Portal. Customer will immediately notify Cloudistics of any breach, or attempted breach, of security known to Customer.
5.3. Security. Cloudistics will use commercially reasonable efforts to maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of Platform Administration Data. Customer acknowledges that it shall be responsible for maintaining any access, user logins, passwords, and all rules and permission levels established within the Management Portal. Customer further acknowledges that it shall be solely responsible for protecting and maintaining all access to Equipment and any Production Data stored on any Equipment. Customer acknowledges that, notwithstanding any security precautions deployed by Cloudistics, the use of, or connection to, the Internet provides the opportunity for unauthorized third parties to circumvent such precautions and illegally gain access to the Management Portal, Platform Administration Data, and Production Data. Cloudistics cannot and does not guaranty the privacy, security, integrity or authenticity of any information transmitted over or stored in any system connected to or accessible via the Internet or otherwise or that any such security precautions will be adequate or sufficient. Except as otherwise provided in these Terms, Cloudistics shall not (a) disclose Platform Administration Data except as compelled by law or as expressly permitted in writing by Customer, or (b) access Platform Administration Data, except to provide Cloudistics Services, prevent or address service or technical problems, or at Customer’s request in connection with customer support matters.
6. CUSTOMER OBLIGATIONS.
6.1. Installation. Customer is responsible for: (a) installing, deploying, and maintaining the Equipment in accordance with the Documentation or other instructions provided by or referenced by Cloudistics; (b) contracting with third party internet service provider, telecommunications service provider, and other service providers to access and use the Management Portal via the Internet, if applicable; (c) paying all third party fees and access charges incurred in connection with the foregoing; and (d) establishing proper data protection design including disaster recovery to a redundant storage block and backup to a third party device. Cloudistics does not guarantee the availability or survivability of data stored on the Equipment. Except as specifically set forth in these Terms or in an Order Form, Cloudistics shall not be responsible for supplying any hardware, software, or other equipment to Customer under these Terms.
6.2. Acceptable Use Policy. Customer shall be solely responsible for its actions and the actions of its Users while using the Cloudistics Software or Cloudistics Services. Customer acknowledges and agrees: (a) to abide by all local, state, national, and international laws and regulations applicable to Customer’s use of the Cloudistics Software or Cloudistics Services, including without limitation the provision and storage of Production Data; (b) not to send or store data on or to the SaaS Management Portal which violates the rights of any individual or entity established in any jurisdiction; (c) not to upload in any way any information or content that contain Malicious Code or data that may damage the operation of the SaaS Management Portal or another’s computer or mobile device; (d) not to interfere or disrupt networks connected to the SaaS Management Portal or interfere with other ability to access or use the SaaS Management Portal; (e) not to interfere with another customer’s use and enjoyment of the SaaS Management Portal or another person or entity’s use and enjoyment of similar services; (f) not to use the SaaS Management Portal in any manner that impairs the SaaS Management Portal, including without limitation the servers and networks on which the SaaS Management Portal is provided; (g) to comply with all regulations, policies and procedures of networks connected to the SaaS Management Portal and Cloudistics’ service providers; and (h) to use the Management Portal only in accordance with the Documentation. Customer acknowledges and agrees that Cloudistics neither endorses the contents of any Customer communications, Platform Administration Data, or Other Information (as defined in Section 12.2 below) nor assumes any responsibility for any offensive material contained therein, any infringement of third-party Intellectual Property Rights arising therefrom or any crime facilitated thereby. Cloudistics does not guarantee, and does not and is not obligated to verify, authenticate, monitor or edit the Platform Administration Data, Other Information, or any other information or data input into or stored in the Management Portal for completeness, integrity, quality, accuracy or otherwise. Customer shall be responsible and liable for the completeness, integrity, quality and accuracy of Platform Administration Data and Other Information input into the Management Portal. Cloudistics reserves the right to amend, alter, or modify Customer’s conduct requirements as set forth in these Terms at any time. Cloudistics may upon written notice to Customer amend this Section 6.2.
6.3. Accuracy of Customer’s Contact Information; Notices. Customer agrees to provide accurate, current and complete information as necessary for Cloudistics to communicate with Customer from time to time regarding the Cloudistics Software or Cloudistics Services, to accept payment, or contact Customer for other account-related purposes. Customer agrees to keep any account information current and inform Cloudistics of any changes in Customer’s legal business name, address, email address and phone number. In addition, Customer agrees that Cloudistics may rely and act on all information and instructions provided to Cloudistics by Users associated with such account information.
6.4. Temporary Suspension. Cloudistics may temporarily suspend Customer’s, its Affiliates’ or their respective Users’ access to the Cloudistics Software or Cloudistics Services in the event that either Customer, its Affiliates or any of their Users is engaged in, or Cloudistics in good faith suspects Customer, its Affiliates’ or any of their Users is engaged in, any unauthorized conduct (including, but not limited to any violation of these Terms). Cloudistics will attempt to contact Customer prior to or contemporaneously with such suspension; provided, however, that Cloudistics’ exercise of the suspension rights herein shall not be conditioned upon Customer’s receipt of any notification. A suspension may take effect for Customer’s entire account and Customer understands that such suspension would therefore include its Affiliates and User sub-accounts. Customer agrees that Cloudistics shall not be liable to Customer, any of its Affiliates or Users, or any other third party if Cloudistics exercises its suspension rights as permitted by this Section. Upon determining that Customer has ceased the unauthorized conduct leading to the temporary suspension to Cloudistics’ reasonable satisfaction, Cloudistics may reinstate Customer’s, its Affiliates and their respective Users’ access and use of the Cloudistics Software or Cloudistics Services. Notwithstanding anything in this Section to the contrary, Cloudistics’ suspension of access to the Cloudistics Software or Cloudistics Services is in addition to any other remedies that Cloudistics may have under these Terms or otherwise, including but not limited to termination of these Terms for cause. Additionally, if there are repeated incidences of suspension, regardless of the same or different cause and even if the cause or conduct is ultimately cured or corrected, Cloudistics may, in its reasonable discretion, determine that such circumstances, taken together, constitute a material breach.
6.5. Evaluations. At Cloudistics’ request, Customer will provide Cloudistics with written or oral report(s) of the results of Customer’s evaluation of the Cloudistics Software or Cloudistics Services, including, but not limited to, a report of any errors that Customer has discovered in the Management Portal. Performance and benchmarking data, results of testing, and related documentation related to the Cloudistics Software or Cloudistics Services or the Equipment prepared by Customer or at Customer’s request (“Customer Evaluations”) shall not be published, disseminated, cited or disclosed by Customer unless Cloudistics consents in writing to such disclosure.
7. SUPPORT SERVICES.
Cloudistics will provide Customer the Support Services based on Customer’s Order Form.
8. FEES AND PAYMENT.
8.1. Fees. Customer agrees to pay all fees specified in all Order Forms using one of the payment methods Cloudistics supports. Except as otherwise specified in these Terms or in an Order Form, (a) fees are quoted and payable in United States dollars, and (b) fees are based on the Equipment, Subscription Term, and Cloudistics Services purchased, regardless of actual usage. All amounts payable under these Terms will be made without setoff or counterclaim, and without any deduction or withholding.
8.2. Payment. All fees for the Equipment, Cloudistics Software, and Cloudistics Services will be paid in full via the payment method specified in the applicable Order Form. Customer is responsible for providing complete and accurate billing and contact information to Cloudistics and notifying Cloudistics of any changes to such information. In the event that Customer’s payment method is declined, Cloudistics will make reasonable attempts to reach Customer for setting up an alternate method of payment. Per Section 8.4 (Suspension of Service), Cloudistics reserves the right to suspend services until Customer’s account is brought into good standing. Any fees incurred as a result of Customer’s payment method being declined may be charged back to Customer by Cloudistics.
8.3. Overdue Charges. If Cloudistics does not receive fees by the due date, then at Cloudistics’ discretion, such charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid.
8.4. Suspension of Service. If any amounts owed by Customer to Cloudistics or Distributor are fifteen (15) days or more overdue, Cloudistics may, without limiting Cloudistics’ other rights and remedies, suspend Customer’s and its Users’ access to the Cloudistics Software or Cloudistics Services until such amounts are paid in full.
8.5. Payment Disputes. Cloudistics agrees that it will not exercise its rights under Section 8.3 (Overdue Charges) or Section 8.4 (Suspension of Service) if the applicable charges are under reasonable and good-faith dispute and Customer is cooperating diligently to resolve the dispute.
8.6. Taxes “Taxes” means all taxes, levies, imposts, duties, fines or similar governmental assessments imposed by any jurisdiction, country or any subdivision or authority thereof including, but not limited to federal, state or local sales, use, property, excise, service, transaction, privilege, occupation, gross receipts or similar taxes, in any way connected with these Terms or any instrument, order form or agreement required hereunder, and all interest, penalties or similar liabilities with respect thereto, except such taxes imposed on or measured by a party’s net income. Notwithstanding the foregoing, Taxes shall not include payroll taxes attributable to the compensation paid to workers or employees and each party shall be responsible for its own federal and state payroll tax collection, remittance, reporting and filing obligations. Fees and charges imposed under these Terms, or under any Order Form or similar document ancillary to or referenced by these Terms, shall not include Taxes except as otherwise provided herein. Customer shall be responsible for all of such Taxes. If, however, Cloudistics has the legal obligation to pay Taxes and is required or permitted to collect such Taxes for which Customer is responsible under this Section, Customer shall promptly pay the Taxes invoiced by Cloudistics unless Customer has furnished Cloudistics with valid tax exemption documentation regarding such Taxes at the execution of these Terms or at the execution of any subsequent instrument, order form or agreement ancillary to or referenced by these Terms. Customer shall comply with all applicable tax laws and regulations. Customer hereby agrees to indemnify Cloudistics for any Taxes and related costs paid or payable by Cloudistics attributable to Taxes that would have been Customer’s responsibility under this Section 8.6 if charged to Customer. Customer shall promptly pay or reimburse Cloudistics for all costs and damages related to any liability incurred by Cloudistics as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligation under this Section 8.6 shall survive the termination or expiration of these Terms.
9. REPRESENTATIONS AND WARRANTIES; DISCLAIMER.
9.1. Mutual Representations and Warranties. Each party represents, warrants and covenants that: (a) it has the full power and authority to enter into these Terms and to perform its obligations hereunder, without the need for any consents, approvals or immunities not yet obtained; and (b) its acceptance of and performance under these Terms shall not breach any oral or written agreement with any third party or any obligation owed by it to any third party to keep any information or materials in confidence or in trust.
9.2. Limited Warranty. Cloudistics warrants that the Embedded Software will substantially comply with Cloudistics’ published specifications under normal use and service for a period of three years from the Activation Date, provided that such warranty will not apply: (a) to damage caused by Customer’s negligence, accident, abuse or misuse or misapplication, (b) to damage caused by service performed by anyone other than Cloudistics or a Cloudistics-certified service representative, (c) to Embedded Software that has been modified without the written permission of Cloudistics or (d) any use of the Embedded Software other than in accordance with the published specifications. Deviations from published specifications which do not materially affect performance of the Embedded Software covered hereby shall not be deemed to constitute defects of material or workmanship or a failure of the Embedded Software to comply with such specifications. Warranty covers labor costs incurred by Cloudistics or Cloudistics-certified service representatives and reasonable costs for return of the Embedded Software, if any. Notwithstanding any other provision of these Terms, Customer acknowledges and agrees that Customer’s sole and exclusive remedy, and Cloudistics’ sole and exclusive obligation, with respect to any breach of the foregoing warranty shall be to correct defects in such Embedded Software if the applicable warranty period has not expired.
9.3. Disclaimer. EXCEPT FOR THE WARRANTIES SET FORTH IN THIS SECTION 9, THE CLOUDISTICS SERVICES AND CLOUDISTICS SOFTWARE ARE PROVIDED ON AN AS-IS BASIS. CUSTOMER’S USE OF THE CLOUDISTICS SERVICES OR CLOUDISTICS SOFTWARE ARE AT ITS OWN RISK. CLOUDISTICS DOES NOT MAKE, AND HEREBY DISCLAIMS, ANY AND ALL OTHER EXPRESS AND IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, TITLE, QUIET ENJOYMENT, DATA ACCURACY, SYSTEM INTEGRATION AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. NO AGENT OF CLOUDISTICS IS AUTHORIZED TO ALTER OR EXPAND THE WARRANTIES OF CLOUDISTICS AS SET FORTH HEREIN. CLOUDISTICS DOES NOT WARRANT THAT: (A) THE USE OF THE CLOUDISTICS SERVICES OR CLOUDISTICS SOFTWARE WILL BE SECURE, TIMELY, UNINTERRUPTED OR ERROR-FREE OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM OR DATA; (B) THE CLOUDISTICS SERVICES OR CLOUDISTICS SOFTWARE WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS; (C) ANY STORED DATA WILL BE ACCURATE OR RELIABLE; (D) THE QUALITY OF ANY INFORMATION OR OTHER MATERIAL OBTAINED BY CUSTOMER THROUGH THE MANAGEMENT PORTAL WILL MEET CUSTOMER’S REQUIREMENTS OR EXPECTATIONS; (E) THE CLOUDISTICS SERVICES OR CLOUDISTICS SOFTWARE WILL BE ERROR-FREE OR THAT ERRORS OR DEFECTS IN THE SERVICES WILL BE CORRECTED; OR (F) THE SERVER(S) THAT MAKE THE SAAS MANAGEMENT PORTAL AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. THE SAAS MANAGEMENT PORTAL MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. CLOUDISTICS IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS.
10.1. Cloudistics Indemnity.
(a) General. Cloudistics, at its expense, shall defend Customer and its Affiliates and their respective officers, directors and employees (the “Customer Indemnified Parties”) from and against all actions, proceedings, claims and demands by a third party (a “Third-Party Claim”) alleging that Customer’s use of the Cloudistics Software or Cloudistics Services as permitted by these Terms infringes any United States patent issued as of the Activation Date or any copyright or misappropriates any trade secret and shall pay all damages, costs and expenses, including attorneys’ fees and costs (whether by settlement or award of by a final judicial judgment) incurred by the Customer Indemnified Parties from any such Third-Party Claim. Cloudistics’ obligations under this Section are conditioned upon (i) Cloudistics being promptly notified in writing of any claim under this Section, (ii) Cloudistics having the sole and exclusive right to control the defense and settlement of the claim, and (iii) Customer providing all reasonable assistance (at Cloudistics’ expense and reasonable request) in the defense of such claim. In no event shall Customer settle any claim without Cloudistics’ prior written approval. Customer may, at its own expense, engage separate counsel to advise Customer regarding a Claim and to participate in the defense of the claim, subject to Cloudistics’ right to control the defense and settlement.
(b) Mitigation. If any claim which Cloudistics is obligated to defend has occurred, or in Cloudistics’ determination is likely to occur, Cloudistics may, in its sole discretion and at its option and expense (i) obtain for Customer the right to use the Cloudistics Software or Cloudistics Services (as applicable), (ii) substitute a functionality equivalent, non-infringing replacement for such Cloudistics Software or Cloudistics Services, (iii) modify the Cloudistics Software or Cloudistics Services to make it non-infringing and functionally equivalent, or (iv) terminate these Terms and refund to Customer any prepaid amounts attributable to the period of time between the date Customer was unable to use the Cloudistics Software or Cloudistics Services due to such claim and the remaining days in the then-current Subscription Term.
(c) Exclusions. Notwithstanding anything to the contrary in these Terms, the foregoing obligations shall not apply with respect to a claim of infringement if such claim arises out of (i) Customer’s use of infringing Production Data; (ii) use of the Cloudistics Software or Cloudistics Services in combination with any software, hardware, network or system not supplied by Cloudistics where the alleged infringement relates to such combination (unless such combination is contemplated by the Documentation); (iii) any modification or alteration of the Cloudistics Software or Cloudistics Services other than by Cloudistics; (iv) Customer’s continued use of the Cloudistics Software or Cloudistics Services after Cloudistics notifies Customer to discontinue use because of an infringement claim; (v) use of Open Source Software; (vi) Customer’s violation of applicable law; and (vii) Customer Systems.
(d) Sole Remedy. THE FOREGOING STATES THE ENTIRE LIABILITY OF CLOUDISTICS WITH RESPECT TO THE INFRINGEMENT OF ANY INTELLECTUAL PROPERTY OR PROPRIETARY RIGHTS BY THE CLOUDISTICS SERVICES OR OTHERWISE, AND CUSTOMER HEREBY EXPRESSLY WAIVES ANY OTHER LIABILITIES OR OBLIGATIONS OF CLOUDISTICS WITH RESPECT THERETO.
10.2. Customer Indemnity. Customer shall defend Cloudistics and its Affiliates, licensors and their respective officers, directors and employees (“Cloudistics Indemnified Parties”) from and against any and all Third-Party Claims which arise out of or relate to: (a) a claim or threat that the Production Data or Customer System (and the exercise by Cloudistics of the rights granted herein with respect thereto) infringes, misappropriates or violates any third party’s Intellectual Property Rights; (b) Customer’s use or alleged use of the Cloudistics Software or Cloudistics Services other than as permitted under these Terms; or (c) arising from the occurrence of any of the exclusions set forth in Section 10.1(c). Customer shall pay all damages, costs and expenses, including attorneys’ fees and costs (whether by settlement or award of by a final judicial judgment) incurred by the Cloudistics Indemnified Parties from any such Third-Party Claim. Customer’s obligations under this Section are conditioned upon (i) Customer being promptly notified in writing of any claim under this Section, (ii) Customer having the sole and exclusive right to control the defense and settlement of the claim, and (iii) Cloudistics providing all reasonable assistance (at Customer’s expense and reasonable request) in the defense of such claim. Cloudistics may, at its own expense, engage separate counsel to advise Cloudistics regarding a Third-Party Claim and to participate in the defense of the claim, subject to Customer’s right to control the defense and settlement.
11.1. Confidential Information. “Confidential Information” means any and all non-public technical and non-technical information disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”) in any form or medium, whether oral, written, graphical or electronic, pursuant to these Terms, that is marked confidential and proprietary, or that the Disclosing Party identifies as confidential and proprietary, or that by the nature of the circumstances surrounding the disclosure or receipt ought to be treated as confidential and proprietary information, including but not limited to: (a) techniques, sketches, drawings, models, inventions (whether or not patented or patentable), know-how, processes, apparatus, formulae, equipment, algorithms, software programs, software source documents, APIs, and other creative works (whether or not copyrighted or copyrightable); (b) information concerning research, experimental work, development, design details and specifications, engineering, financial information, procurement requirements, purchasing, manufacturing, customer lists, business forecasts, sales, pricing, and merchandising and marketing plans and information; (c) proprietary or confidential information of any third party who may disclose such information to Disclosing Party or Receiving Party in the course of Disclosing Party’s business; and (d) these Terms and any Order Form. Confidential Information of Cloudistics shall include the Cloudistics Software and Cloudistics Services. Confidential Information also includes all summaries and abstracts of Confidential Information.
11.2. Non-Disclosure. Each party acknowledges that in the course of the performance of these Terms, it may obtain the Confidential Information of the other party. The Receiving Party shall, at all times, both during the Term and thereafter, keep in confidence and trust all of the Disclosing Party’s Confidential Information received by it. The Receiving Party shall not use the Confidential Information of the Disclosing Party other than as necessary to fulfill the Receiving Party’s obligations or to exercise the Receiving Party’s rights under these Terms. Each party agrees to secure and protect the other party’s Confidential Information with the same degree of care and in a manner consistent with the maintenance of such party’s own Confidential Information (but in no event less than reasonable care), and to take appropriate action by instruction or agreement with its employees, Affiliates or other agents who are permitted access to the other party’s Confidential Information to satisfy its obligations under this Section. The Receiving Party shall not disclose Confidential Information of the Disclosing Party to any person or entity other than its officers, employees, affiliates and agents who need access to such Confidential Information in order to affect the intent of these Terms and who are subject to confidentiality obligations at least as stringent as the obligations set forth in these Terms.
11.3. Exceptions to Confidential Information. The obligations set forth in Section 11.2 (Non-Disclosure) shall not apply to the extent that Confidential Information includes information which: (a) was known by the Receiving Party prior to receipt from the Disclosing Party either itself or through receipt directly or indirectly from a source other than one having an obligation of confidentiality to the Disclosing Party; (b) was developed by the Receiving Party without use of the Disclosing Party’s Confidential Information; or (c) becomes publicly known or otherwise ceases to be secret or confidential, except as a result of a breach of these Terms or any obligation of confidentiality by the Receiving Party. Nothing in these Terms shall prevent the Receiving Party from disclosing Confidential Information to the extent the Receiving Party is legally compelled to do so by any governmental investigative or judicial agency pursuant to proceedings over which such agency has jurisdiction; provided, however, that prior to any such disclosure, the Receiving Party shall (i) assert the confidential nature of the Confidential Information to the agency; (ii) immediately notify the Disclosing Party in writing of the agency’s order or request to disclose; and (iii) cooperate fully with the Disclosing Party in protecting against any such disclosure and in obtaining a protective order narrowing the scope of the compelled disclosure and protecting its confidentiality.
11.4. Injunctive Relief. The Parties agree that any unauthorized disclosure of Confidential Information may cause immediate and irreparable injury to the Disclosing Party and that, in the event of such breach, the Receiving Party will be entitled, in addition to any other available remedies, to seek immediate injunctive and other equitable relief, without bond and without the necessity of showing actual monetary damages.
12. PROPRIETARY RIGHTS.
12.1. Cloudistics Services. As between Cloudistics and Customer, all right, title and interest in the Cloudistics Services and Cloudistics Software and any other Cloudistics materials furnished or made available hereunder, and all modifications and enhancements thereof, and all suggestions, ideas and feedback proposed by Customer regarding the Cloudistics Services or Cloudistics Software, including all copyright rights, patent rights and other Intellectual Property Rights in each of the foregoing, belong to and are retained solely by Cloudistics or Cloudistics’ licensors and providers, as applicable. Customer hereby does and will irrevocably assign to Cloudistics all evaluations, ideas, feedback and suggestions made by Customer to Cloudistics regarding the Cloudistics Services or Cloudistics Software (collectively, “Feedback”) and all Intellectual Property Rights in the Feedback.
12.2. Platform Administration Data. As between Cloudistics and Customer, all right, title and interest in (a) the Platform Administration Data, (b) other information input into the Management Portal by Customer (collectively, “Other Information”) and (c) all Intellectual Property Rights in each of the foregoing, belong to and are retained solely by Customer. Customer hereby grants to Cloudistics a limited, non-exclusive, royalty-free, worldwide license to use the Platform Administration Data and Other Information and perform all acts with respect to the Platform Administration Data and Other Information as may be necessary for Cloudistics to provide the Cloudistics Services to Customer. To the extent that receipt of the Platform Administration Data requires Cloudistics to utilize any account information from a third-party service provider, Customer shall be responsible for obtaining and providing relevant account information and passwords, and Cloudistics hereby agrees to access and use the Platform Administration Data solely for Customer’s benefit and as set forth in these Terms. As between Cloudistics and Customer, Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Platform Administration Data.
12.3. Aggregated Anonymous Statistics. Notwithstanding anything else in these Terms or otherwise, Cloudistics may monitor Customer’s use of the Cloudistics Software or Cloudistics Services and use data and information related to such use, Platform Administration Data, and Other Information in an aggregate and anonymous manner (which shall include the removal of identifying information such as phone number, User names and specific Customer information) including to compile statistical and performance information related to the operation of Cloudistics Software or Cloudistics Services, and to improve features and functions in these (“Aggregated Anonymous Statistics”). As between Cloudistics and Customer, all right, title and interest in the Aggregated Anonymous Statistics and all Intellectual Property Rights therein, belong to and are retained solely by Cloudistics. Customer acknowledges that Cloudistics will be compiling Aggregated Anonymous Statistics based on Platform Administration Data, Other Information, and information input by other customers into the Management Portal, and Customer agrees that Cloudistics may (a) make such Aggregated Anonymous Statistics publicly available, and (b) use such information to the extent and in any manner permitted by applicable law or regulation and for purposes of data gathering, analysis, service enhancement and marketing, provided that such data and information does not identify Customer or its Confidential Information.
13. LIMITATION OF LIABILITY.
13.1. No Consequential Damages. NEITHER CLOUDISTICS NOR ITS LICENSORS SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, OR ANY DAMAGES FOR LOST DATA, BUSINESS INTERRUPTION, LOST PROFITS, LOST REVENUE OR LOST BUSINESS, ARISING OUT OF OR IN CONNECTION WITH THESE TERMS, EVEN IF CLOUDISTICS OR ITS LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INCLUDING WITHOUT LIMITATION, ANY SUCH DAMAGES ARISING OUT OF THE LICENSING, PROVISION OR USE OF THE CLOUDISTICS SOFTWARE OR SERVICES OR THE RESULTS THEREOF. CLOUDISTICS WILL NOT BE LIABLE FOR THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES.
13.2. Limits on Liability. NEITHER CLOUDISTICS NOR ITS LICENSORS SHALL BE LIABLE FOR CUMULATIVE, AGGREGATE DAMAGES WITH RESPECT TO ANY CLOUDISTICS SERVICES, SOFTWARE OR MATERIALS GREATER THAN AN AMOUNT EQUAL TO THE AMOUNTS PAID BY CUSTOMER FOR THE EQUIPMENT IN WHICH THE EMBEDDED SOFTWARE IS EMBEDDED, WITHOUT REGARD TO WHETHER SUCH CLAIM IS BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE.
13.3. Essential Purpose. Customer acknowledges that the terms in this Section 13 (LIMITATION OF LIABILITY) SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND SHALL APPLY EVEN IF AN EXCLUSIVE OR LIMITED REMEDY STATED HEREIN FAILS OF ITS ESSENTIAL PURPOSE.
14. TERM; TERMINATION.
14.1. Term. The term of these Terms commences on the Activation Date and continues until the termination of these Terms in accordance with its terms. Notwithstanding the foregoing, the Subscription Term applicable (and Customer’s rights thereunder) with respect to the Management Portal and/or Cloudistics Services shall commence on the Activation Date and shall continue until the expiration or termination of the initial Subscription Term and all Renewal Subscription Terms (defined below) (if any), unless earlier terminated as provided in these Terms. Except as otherwise specified in the applicable Order Form, each Subscription Term and Renewal Subscription Term shall automatically renew for an additional one year term (each, a “Renewal Subscription Term”) unless Customer opts out of such renewal as provided below or Cloudistics provides notice of non-renewal before the termination of the then-current term. Cloudistics reserves the right to stop offering support services for any of its products and services five (5) years after the Activation Date. Ninety days prior to the automatic renewal date, Cloudistics will send an invoice to Customer (the “Renewal Invoice”). Customer may opt out of a Renewal Subscription Term by providing written notice to Cloudistics within 60 days following the date of the Renewal Invoice, in which case, Customer’s rights to benefit from, use and/or access the Cloudistics Services and the Management Portal will terminate as of the expiration of the applicable Subscription Term or Renewal Subscription Term.
14.2. Termination for Cause. A party may terminate these Terms (and all Subscription Term(s) and/or Renewal Subscription Term(s)) upon written notice to the other party in the event the other party (a) files a petition for bankruptcy or has a petition for bankruptcy filed against it that is not dismissed within 60 days after filing or admits its inability to pay its debts as they mature, makes an assignment for the benefit of its creditors or ceases to function as a going concern or to conduct its operations in the normal course of business and such termination shall occur immediately upon notice; or (b) commits a material breach of any provision of these Terms and does not remedy such breach within 30 days after receipt of notice from the non-defaulting party or such other period as the parties may agree. Upon any termination for cause by Customer, Cloudistics shall refund Customer any prepaid fees for the remainder of the terminated Subscription Term after the effective termination date. Upon any termination for cause by Cloudistics, Customer shall pay any unpaid fees covering the remainder of the term of all Order Forms after the effective date of termination. In no event shall any termination relieve Customer of the obligation to pay any fees payable to Cloudistics for the period prior to the effective date of termination.
14.3. Effects of Termination. Upon expiration or termination of these Terms, (a) Customer shall cease use of and access the Management Portal; (b) all Order Forms shall terminate; and (c) all fees and other amounts owed to Cloudistics shall be immediately due and payable by Customer. Upon expiration or termination of any applicable Subscription Term or Renewal Subscription Term, (a) Customer shall cease use of and access to the Cloudistics Services and Management Portal. Upon Customer’s request made within 30 days after the effective date of applicable termination or expiration of these Terms or a Subscription Term or Renewal Subscription Term (as applicable), Cloudistics shall make any Platform Administration Data available for download by Customer in the format in which it is stored in the Management Portal. After such 30-day period, Cloudistics shall have no obligation to maintain or provide any Platform Administration Data and may thereafter, unless legally prohibited, delete all Platform Administration Data in its systems or otherwise in its possession or under its control.
14.4. Survival. This Section and Sections 1, 3.3, 8.3, 9.3, 10, 11, 12, 13, 14.3, 14.4 and 15 shall survive any termination or expiration of these Terms.
15.1. Notices. Cloudistics may give notice to Customer by means of a general notice through the Management Portal interface, electronic mail to Customer’s e-mail address on record with Cloudistics, or by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service to Customer’s address on record with Cloudistics. Customer may give notice to Cloudistics by written communication sent by first class postage prepaid mail or nationally recognized overnight delivery service addressed to Cloudistics Inc., at the headquarters address displayed on the Cloudistics website, Attention: Customer Service. Notice shall be deemed to have been given upon receipt or, if earlier, 2 business days after mailing, as applicable. All communications and notices to be made or given pursuant to these Terms shall be in the English language.
15.2. Governing Law. These Terms and the rights and obligations of the parties to and under this agreement shall be governed by and construed under the laws of the United States and the Commonwealth of Virginia as applied to agreements entered into and to be performed in such Commonwealth without giving effect to conflicts of laws rules or principles. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods is specifically excluded from application to these Terms. Any dispute arising out of or in connection with these Terms, including but not limited to any question regarding its existence, interpretation, validity, performance, or termination, or any dispute between the parties arising from the parties’ relationship created by these Terms, shall be referred to and finally resolved by arbitration administered by the American Arbitration Association under its rules. The number of arbitrators shall be one. The parties shall endeavor to agree upon the sole arbitrator and jointly nominate the arbitrator. If the parties cannot agree upon the sole arbitrator within a time prescribed by AAA, the parties shall request the AAA to propose five arbitrators and each party shall rank the proposed arbitrators. The AAA shall appoint an arbitrator from the list of five, based upon the parties’ rankings. The seat, or legal place of arbitration shall be Reston, Virginia, United States. Notwithstanding the foregoing, Cloudistics has the right to pursue equitable relief in the state and federal courts located in Fairfax County, Virginia, or the United States District Court for the Eastern District of Virginia, and Customer agrees to the exclusive jurisdiction and venue of such courts.
15.3. Publicity. Cloudistics has the right to reference and use Customer’s name and trademarks and disclose the nature of the Cloudistics Services provided hereunder in each case in Cloudistics business development and marketing efforts, including without limitation upon Cloudistics’ web site.
15.4. No Solicitation of Employees. Customer agrees that, so long as the Subscription Term or any Renewal Subscription Term remains in effect, and for a period of one year following the last Subscription Term and/or Renewal Subscription Term hereunder to terminate or expire, it will not directly solicit for employment the employees of Cloudistics without Cloudistics’ prior written consent; provided, however, that the foregoing prohibition shall not preclude the hiring by Customer of any individual who responds to a general solicitation or advertisement, whether in print or electronic form.
15.5. U.S. Government Customers. If Customer is a federal government entity, Cloudistics provides the Cloudistics Software and Cloudistics Services, including related software and technology, for ultimate federal government end use solely in accordance with the following: Government technical data and software rights related to the Cloudistics Software or Cloudistics Services include only those rights customarily provided to the public as defined in these Terms. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If greater rights are needed, a mutually acceptable written addendum specifically conveying such rights must be included in these Terms.
15.6. Export. The Cloudistics Software or Cloudistics Services utilize software and technology that may be subject to United States and foreign export controls. Customer acknowledges and agrees that neither the Cloudistics Software nor Cloudistics Services shall be used, and none of the underlying information, software, or technology may be transferred or otherwise exported or re-exported to countries as to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders (collectively, “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. By using the Cloudistics Software or Cloudistics Services, Customer represents and warrants that it is not located in, under the control of, or a national or resident of an Embargoed Country or Designated National. The Cloudistics Software or Cloudistics Services may use encryption technology that is subject to licensing requirements under the U.S. Export Administration Regulations, 15 C.F.R. Parts 730-774 and Council Regulation (EC) No. 1334/2000. Customer agrees to comply strictly with all applicable export laws and assume sole responsibility for obtaining licenses to export or re-export as may be required. Cloudistics and its licensors make no representation that the Cloudistics Software or Cloudistics Services is appropriate or available for use in other locations. Any diversion of the Cloudistics Software or Cloudistics Services contrary to law is prohibited. None of the Cloudistics Software or Cloudistics Services, nor any information acquired through the use of the Cloudistics Software or Cloudistics Services, is or will be used for nuclear activities, chemical or biological weapons, or missile projects.
15.7. Force Majeure. Except with respect to payment obligations hereunder, if a party is prevented or delayed in performance of any of its obligations hereunder or under any Order Form as a result of circumstances beyond such party’s reasonable control, including, by way of example, war, act of terrorism, riot, fires, strikes, floods, epidemics, or failure of public utilities or public transportation systems, such failure or delay will not be deemed to constitute a breach of these Terms. Any party so prevented or delayed from performance will perform as soon as reasonably practicable after the termination of the relevant circumstances causing such failure or delay, provided that if such party is prevented or delayed from performing for more than 90 days, the other party may terminate these Terms upon 30 days written notice.
15.8. General. Customer may assign these Terms in connection with a merger, sale, transfer, or other disposition of all or substantially all of Customer’s stock or assets. Except as permitted by the prior sentence, Customer shall not assign its rights hereunder, or delegate the performance of any of its duties or obligations hereunder without the prior written consent of Cloudistics. Any purported assignment in violation of the preceding sentence is null and void. Subject to the foregoing, theseTerms shall be binding upon, and inure to the benefit of, the successors and assigns of the parties thereto. With the exception of Affiliates of Customer who have entered into Order Forms under these Terms, there are no third-party beneficiaries to these Terms, except that each Cloudistics Indemnified Party shall be a third party beneficiary hereunder and, accordingly, shall be entitled to directly enforce and rely upon any provision of these Terms that confers a right or remedy in favor of it. Except as otherwise specified in these Terms, these Terms may be amended or supplemented only by a writing that refers explicitly to these Terms and that is signed or electronically acknowledged on behalf of both parties. Any pre-printed terms and conditions attached to additional documents from Customer, including but not limited to purchase orders, invoices or acceptance documents are null and void and not applicable to Cloudistics. No waiver will be implied from conduct or failure to enforce rights. No waiver will be effective unless in a writing signed on behalf of the party against whom the waiver is asserted. If any of these Terms is found invalid or unenforceable that term will be enforced to the maximum extent permitted by law and the remainder of the Terms will remain in full force. The parties are independent contractors and nothing contained herein shall be construed as creating an agency, partnership, or other form of joint enterprise between the parties. These Terms, including all applicable Order Forms, constitute the entire agreement between the parties relating to this subject matter and supersedes all prior or simultaneous understandings, representations, discussions, negotiations, and agreements, whether written or oral.
Appendix A: Software Terms and Conditions for Third-Party Embedded Components
Below are licensing terms, notices and disclaimers for certain third-party embedded components distributed with the Embedded Software. The below terms apply only to the software identified in the title; they do not apply to Cloudistics proprietary software.
Certain network features of Embedded Software are provided under license from Pica8, Inc. Customers agree to the terms of the Pica8 end-user license agreement located at: http://www.pica8.com/support/warranty.
Deduplication and Compression.
Certain deduplication and compression features of Embedded Software are provided under license from Permabit, Inc, subsequently acquired by Red Hat, Inc. Customers utilizing those features agree to the terms of the end-user license agreement located at: http://permabit.com/permabit-sse-eula/.
Embedded Software provided with Cloudistics Guardian Edition contains software provided under license from Red Hat, Inc. Customers utilizing these features agree to the terms of the end-user license agreement located at: https://www.redhat.com/f/pdf/licenses/GLOBAL_EULA_RHEL_English_20101110.pdf.
Appendix B: Open Source Software
|TBB||https://www.threadingbuildingblocks.org/||GPLv2 – with runtime exception|
|openSSL||https://www.openssl.org/||OpenSSL / Apache-like|
|libuv||https://github.com/libuv/libuv/||BSD 2-clause, BSD 3-clause|
|jstl||https://jstl.java.net/||CDDLv1.1 / GPL with class path|
|font-awesome||http://fortawesome.github.io/Font-Awesome/||MIT / OFLv1.1|
|GNU Standard C++ Library||https://gcc.gnu.org/libstdc++/||GPLv3 with Runtime Exception|
Appendix C: Maintenance, Support, and Services Offerings
Note: This Appendix applies for Cloudistics branded products only. Support for Lenovo’s ThinkAgile CP (powered by Cloudistics) is provided by Lenovo.
Cloudistics offers each customer a single, premium level of service including user, technical, and maintenance support. Each customer receives personal and interactive support in real time to quickly address technical questions. Support is available via online chat, email, and phone.
Contacting Cloudistics Support
Support Portal: http://support.cloudistics.com
After-hours Support Number: 1-800-685-9636
Cloudistics Main Line: 703-570-8880
Between 9AM and 5PM EST, Monday-Friday. Cloudistics’ customer advocates can answer technical questions and assist with equipment operation in real-time by clicking on the live support button on our site cloudistics.com/support.
Outside of normal business hours, customers with urgent (production-down) issues can call our support line at 1-800-685-9636 to contact our on-call customer advocates. Customers must first register on the support website at http://support.cloudistics.com.
All hardware is serviced by OEM Partners, typically provided as “next business day” replacement (or as otherwise specified on Order Forms) following troubleshooting and problem identification. Cloudistics serves as the front line for all hardware support. Cloudistics will dispatch either an OEM Partner resource or Cloudistics Field Engineer when replacing a failed component, unless a Customer decides to replace the component on their own (e.g., hot swap power supply, fan or compute node). When on-site hardware service is required, Cloudistics will work with the OEM Partner to dispatch authorized service personnel to the customer’s site to restore equipment to normal operation. Technicians will arrive on-site between 8AM and 5PM, Monday to Friday, with the exception of local holidays.
Software Updates and Upgrades
The customer is entitled to all versions of released software, including bug fixes, patches and major releases issued during the period the support contract is in effect. Customers who have a current Subscription Term will be alerted to new releases.
Cloudistics’ Support Site offers extensive product documentation, user manuals, and other helpful information located on cloudistics.com/support.
Customers may create cases at any time by entering a case on the support website at http://support.cloudistics.com or by clicking the Help/Chat button on the Management Portal or www.cloudistics.com
Outside of normal business hours, customers with urgent (production down) issues can call our support line at 1-800-685-9636 to contact our on-call customer advocates
As a Cloudistics customer, you have access to a support feature which has proven to be highly acclaimed by our customer base. Real-time chat is available during business hours, 9-5 EST. A user can either initiate a session from our Support page on our website, or more conveniently, directly from the Management Portal. Outside of these hours, initiating a support chat will flow the user to call our TFN (for service-affecting issues), or to a simple form which will generate an email and open a ticket (for non-service-affecting issues or inquiries).
Cloudistics Service Levels
Cloudistics provides service levels expected of any cloud solution, and we take pride in maintaining excellent customer ratings. Cloudistics support efforts are prioritized based on the business impact of the issue. Technical support requests within a severity level are generally processed on a first-come, first-served basis. Emergency (Sev 1) and High (Sev 2) business impact requests that require immediate response or direct help of technical support specialists may be processed out of turn.
Our response times and status cadence are defined by ticket severity type, as outlined below.
|Severity||Sev 1 – Emergency
Production applications are down or there is a major malfunction resulting in an inoperative condition
|Sev 2 – HIGH
Critical loss of functionality resulting in impaired application availability or performance
|Sev 3 – MEDIUM
Moderate loss of application functionality or performance resulting in no, or acceptable, degradation
|Sev 4 – LOW
Cosmetic issues, including errors in documentation
|Initial Response||Within 60 minutes after first contact||Within 2 hours after
|Within 1 business day after first contact||Within 2 business days after first contact|
|Ongoing Response||Every 2 hours or as agreed||Every 4 hours or as agreed||As needed or as status changes||As needed or as status changes|
Support Mode is a convenient and secure way for Cloudistics to access a Customer’s system should that level of assistance be required. Support Mode sessions are conducted while the User is logged into their Management Portal and engaged with a Cloudistics Support Engineer over the phone. Cloudistics Support Mode uniquely provides a secure, Customer-controlled access method for the Cloudistics Services Team to a Customer’s Cloudistics On-Premise Platform. Importantly, Cloudistics Support Mode can only be initiated by the Customer’s authorized user (“User”) from a session in their Cloud Controller, and never by Cloudistics. Full control of the secure connection is retained by the User while utilizing Cloudistics Support Mode: (1) He or she explicitly and exclusively initiates Cloudistics Support Mode; (2) the User Cloud Controller session persistently displays when Cloudistics Support Mode in “On”; and at any time, the User can disable it, resulting in an automatic tear down of the secure session between the Cloudistics Support Engineer and the User’s Cloudistics On-Premise Platform.
Support for Third Party Applications
Cloudistics expects its customers to run third-party workloads on the Cloudistics platform, including but not limited to Linux and Windows based applications and virtual appliances. These may be installed by the customer or deployed from the Cloudistics Application Marketplace.
Cloudistics Support will help in isolating the issue between the Cloudistics platform and the application. Full technical support will be provided if the issue is determined to be caused by the Cloudistics platform. Commercially reasonable support will be provided to all other scenarios. When an adequate solution to your issue is not achieved, you might be referred to other support channels that are available for the non-Cloudistics software.
Appendix D: Data Protection Agreement
This Data Protection Agreement (“DPA”) forms part of the agreement between the Customer and Cloudistics and shall apply where the provision of Services by Cloudistics to Customer involves the processing of Personal Data (as defined below) which is subject to Privacy Laws. Except as otherwise expressly stated, Customer is the controller and Cloudistics is the processor (as defined below) of the Personal Data processed under the Terms. In the event of a conflict between this DPA and the Terms, this DPA shall control with respect to its subject matter.
1. Definitions: References in this DPA to “controller”, “data subject”, “processor”, and “supervisory authority” shall have the meanings ascribed to them under Privacy Laws. Capitalized terms that are not defined in this DPA shall have the meaning set out in the Terms. In this DPA:
1.1 “Data Breach” means an actual breach by Cloudistics of the security obligations under this DPA leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data transmitted, stored or otherwise processed.
1.2 “Personal Data” means any information relating to an identified or identifiable natural person which is processed by Cloudistics, acting as a processor on behalf of the Customer, in connection with the provision of Services and which is subject to Privacy Laws.
1.3 “Privacy Laws” means any data protection and/or privacy related laws, statutes, directives, or regulations (and any amendments or successors thereto) to which a party to the Terms is subject and which are applicable to Services including, without limitation, the General Data Protection Regulation 2016/679.
1.4 “processing” (and its derivatives) means any operation(s) performed on personal data, whether or not by automated means, including the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.5 “Services” means Cloudistics Services and/or professional services provided by Cloudistics to Customer.
1.6 “Subprocessor” means a third party engaged by Cloudistics (including without limitation an Affiliate and/or subcontractor of Cloudistics) in connection with the processing of the Personal Data.
2. Description of processing: a description of the processing activities to be undertaken as part of the Terms and this DPA are set out in Annex 1.
3. Compliance with laws: the parties agree to comply with their respective obligations under Privacy Laws. In particular, Customer warrants and represents (on its behalf and on behalf of each of its Affiliates where applicable) that it has obtained all necessary authorizations and consents required for compliance with Privacy Laws prior to disclosing, transferring, or otherwise making available any Personal Data to Cloudistics and that it has provided appropriate notifications to data subjects describing the purpose for which their personal data will be used pursuant to this DPA and the Terms.
4. Cloudistics obligations
4.1 Instructions: Cloudistics shall process the Personal Data only in accordance with Customer’s reasonable and lawful instructions (unless otherwise required to do so by applicable law). Customer hereby instructs Cloudstics to process the Personal Data to provide the Services and comply with Cloudistics’ rights and obligations under the Terms and this DPA. The Terms and DPA comprise Customer’s complete instructions to Cloudistics regarding the processing of Personal Data. Any additional or alternate instructions must be agreed between the parties in writing, including the costs (if any) associated with complying with such instructions. Cloudistics is not responsible for determining if Customer’s instructions are compliant with applicable law, however, if Cloudistics is of the opinion that a Customer instruction infringes applicable Privacy Laws, Cloudistics shall notify Customer as soon as reasonably practicable and shall not be required to comply with such infringing instruction.
4.2 Confidentiality: To the extent the Personal Data is confidential (pursuant to applicable law), Cloudistics shall maintain the confidentiality of the Personal Data in accordance with Section 11 of the Terms (Confidentiality) and shall require persons authorized to process the Personal Data (including its Subprocessors) to have committed to materially similar obligations of confidentiality.
4.3 Disclosures: Cloudistics may only disclose the Personal Data to third parties (including without limitation its Affiliates and Subprocessors) for the purpose of:
(a) complying with Customer’s reasonable and lawful instructions
(b) as required in connection with the Services and as permitted by the Terms and/or this DPA, and/or
(c) as required to comply with Privacy Laws, or an order of any court, tribunal, regulator or government agency with competent jurisdiction to which Cloudistics, its Affiliates and/or Subprocessors is subject, PROVIDED that Cloudistics will (to the extent permitted by law) inform the Customer in advance of any disclosure of Personal Data and will reasonably co-operate with Customer to limit the scope of such disclosure to what is legally required.
4.4 Assisting with data subject rights: Cloudistics shall, as required in connection with the Services and to the extent reasonably practicable, assist Customer to respond to requests from data subjects exercising their rights under Privacy Laws (including without limitation the right of access, rectification and/or erasure) in respect of the Personal Data. Cloudistics reserves the right to charge Customer for such assistance if the cost of assisting exceeds a nominal amount. Cloudistics shall notify Customer as soon as practicable of any request Cloudistics receives from data subjects relating to the exercise of their rights under applicable Privacy Laws during the Subscription Term (to the extent such request relates to the Personal Data).
4.5 Security: Taking into account industry standards, the costs of implementation, the nature, scope, context and purposes of the processing and any other relevant circumstances relating to the processing of the Personal Data, Cloudistics shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk in respect of any Personal Data in accordance with Cloudistics policies. The parties agree that the security measures described in Annex 2 (Information Security Measures) provide an appropriate level of security for the protection of Personal Data to meet the requirements of this clause.
4.6 Subprocessors: Customer agrees that Cloudistics may appoint and use Subprocessors (including Amazon Web Services and Zendesk) to process the Personal Data in connection with the Services, PROVIDED that:
(a) Cloudistics puts in place a contract in writing with each Subprocessor that imposes obligations that are (i) relevant to the services to be provided by the Subprocessors and (ii) materially similar to the rights and/or obligations granted or imposed on Cloudistics under this DPA; and
(b) where a Subprocessor fails to fulfil its data protection obligations as specified above, Cloudistics shall be liable to the Customer for the performance of the Subprocessor’s obligations.
4.7 Deletion of Personal Data: Upon termination of the Services (for any reason) and if requested by Customer in writing, Cloudistics shall as soon as reasonably practicable delete the Personal Data, PROVIDED that Cloudistics may: (a) retain one copy of the Personal Data as necessary to comply with any legal, regulatory, judicial, audit or internal compliance requirements; and/or (b) defer the deletion of the Personal Data to the extent and for the duration that any Personal Data or copies thereof cannot reasonably and practically be expunged from Cloudistics’ systems; and for such retention or deferral periods as referred to in subparagraphs (a) or (b) of this clause, the provisions of this DPA shall continue to apply to such Personal Data. Cloudistics reserves the right to charge Customer for any reasonable costs and expenses incurred by Cloudistics in deleting the Personal Data pursuant to this clause.
4.8 Demonstrating compliance: Cloudistics shall, upon reasonable prior written request from Customer (such request not to be made more frequently than once in any twelve-month period), provide to Customer such information as may be reasonably necessary to demonstrate Cloudistics’ compliance with its obligations under this DPA.
4.9 Audits and inspections: Where Customer reasonably considers the information provided under clause 4.8 above is not sufficient to demonstrate Cloudistics’ compliance with this DPA, Customer may request reasonable access to Cloudistics’ relevant processing activities in order to audit and/or inspect Cloudistics’ compliance with this DPA PROVIDED THAT:
(a) Customer gives Cloudistics reasonable prior written notice of at least thirty (30) days before any audit or inspection (unless a shorter notice period is required by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties or in the event of a Data Breach)
(b) audits or inspections may not be carried out more frequently than once in any twelve-month period (unless required more frequently by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties or in the event of a Data Breach)
(c) Customer submits to Cloudistics a detailed audit plan at least two weeks in advance of the proposed audit date describing the proposed scope, duration and start date of the audit. Cloudistics shall review the audit plan and provide Customer with any material concerns or questions without undue delay. The parties will then reasonably cooperate to agree a final audit plan
(d) Cloudistics may restrict access to information in order to avoid compromising a continuing investigation, violating law or violating confidentiality obligations to third parties. Any access to sensitive or restricted facilities by Customer is strictly prohibited due to regulatory restrictions on access to other customers’ data, although Customer and/or its auditor shall be entitled to observe the security operations center via a viewing window). Customer shall not (and must ensure that its auditor shall not) allow any sensitive documents and/or details regarding Cloudistics’ policies, controls and/or procedures to leave the Cloudistics location at which the audit or inspection is taking place (whether in electronic or physical form)
(e) Customer carries out the audit or inspection during normal business hours and without creating a business interruption to Cloudistics
(f) the audit or inspection is carried out in compliance with Cloudistics’ relevant on-site policies and procedures
(g) where the audit is carried out by a third party on behalf of the Customer, such third party is bound by similar obligations to those set out in Section 11 of the Terms (Confidentiality) and is not a direct competitor of Cloudistics. Cloudistics reserves the right to require any such third party to execute a confidentiality agreement directly with Cloudistics prior to the commencement of an audit or inspection, and
(h) except where the audit or inspection discloses a failure on the part of Cloudistics to comply with its obligations under this DPA, Customer shall pay all reasonable costs and expenses (including without limitation any charges for the time engaged by Cloudistics, its personnel and professional advisers) incurred by Cloudistics in complying with this clause.
Customer shall provide to Cloudistics a copy of any audit reports generated in connection with an audit carried out under this clause, unless prohibited by applicable law. Customer may use the audit reports only for the purposes of meeting its regulatory audit requirements and/or confirming compliance with the requirements of this DPA. The audit reports shall be Confidential Information of the parties.
5. International transfers: Cloudistics may, in connection with the provision of the Services, or in the normal course of business, make international transfers of the Personal Data to its Affiliates and/or Subprocessors. When making such transfers, Cloudistics shall ensure appropriate protection is in place to safeguard the Personal Data transferred under or in connection with the Terms and this DPA. Where the provision of Services involves the transfer of Personal Data from countries within the European Economic Area (“EEA”) to countries outside the EEA (which are not subject to an adequacy decision under Directive 95/46/EC or the GDPR once in effect) such transfer shall be subject to the following requirements:
5.1 Cloudistics has implemented appropriate security measures to adequately protect the transfer of such Personal Data
5.2 Cloudistics has in place intra-group agreements with any Affiliates which may have access to the Personal Data, which agreements shall incorporate the EU Commission approved Standard Contractual Clauses (“Standard Contractual Clauses”); and
5.3 Cloudistics has in place agreements with its Subprocessors that incorporate the Standard Contractual Clauses (as appropriate).
6. Data Breaches: Where a Data Breach is caused by Cloudistics’ failure to comply with its obligations under this DPA, Cloudistics shall:
6.1 notify Customer without undue delay after establishing the occurrence of the Data Breach and shall, to the extent such information is known or available to Cloudistics at the time, provide Customer with details of the Data Breach, a point of contact and the measures taken or to be taken to address the Data Breach
6.2 reasonably cooperate and assist Customer with any investigation into, and/or remediation of, the Data Breach (including, without limitation and where required by Privacy Laws, the provision of notices to regulators and affected individuals)
6.3 not inform any third party of any Data Breach relating to the Personal Data without first obtaining Customer’s prior written consent, except as otherwise required by applicable law, PROVIDED that nothing in this clause shall prevent Cloudistics from notifying other customers whose personal data may be affected by the Data Breach, and
In the event Customer intends to issue a notification regarding the Data Breach to a supervisory authority, other regulator or law enforcement agency, Customer shall (unless prohibited by law) allow Cloudistics to review the notification and Customer shall have due regard to any reasonable comments or amendments proposed by Cloudistics.
7. Liability and Costs: Neither Cloudistics nor any Subprocessor shall be liable for any claim brought by Customer or any third party arising from any action or omission by Cloudistics and/or Subprocessors to the extent such action or omission resulted from compliance with Customer’s instructions.
8. Platform Administration Data: Cloudistics will process Platform Administration Data as part of its provision of Services. Customer acknowledges that Cloudistics may also process Platform Administration Data in order to develop, enhance and/or improve its security services and the products and services it offers and provides to customers according to Section 12.3 of the Terms (Aggregated Anonymous Statistics). Cloudistics shall be the controller in respect Aggregated Anonymous Statistics in which Personal Data shall have been anonymized, pseudonymized, or deleted.
9. Privacy Impact Assessments: Cloudistics shall provide reasonable cooperation and assistance to Customer, to the extent applicable in relation to Cloudistics’ processing of the Personal Data and within the scope of the agreed Services, in connection with any data protection impact assessment(s) which the Customer may carry out in relation to the processing of Personal Data to be undertaken by Cloudistics, including any required prior consultation(s) with supervisory authorities. Cloudistics reserves the right to charge Customer a reasonable fee for the provision of such cooperation and assistance.
Annex 1 – Processing description
Subject matter and purpose
Subject to the Terms, Cloudistics provides Cloudistics Services for the Customer and processes the Personal Data for the purpose of providing such services as set out in applicable Order Forms, SOWs, SLAs, Service descriptions or otherwise
Duration of processing
Cloudistics will retain and process the Personal Data for duration of the Subscription Term and in accordance with the provisions of this DPA regarding the return or deletion of the Personal Data
The Personal Data transferred may concern the following categories of data subjects: Users (as defined in Section 1 of the Terms).
Type of personal data
(1) Users’ credentials: Name, Business Email, Phone Number, and IP address (e.g., access credentials for platform administration) (“User Credentials“);
(2) Tickets that Users create for product support, which may contain Users’ personal data (“Tickets“);
(3) Logs that Users provide to us for debugging purposes, which may contain Users’ personal data (“Logs“).
Annex 2 – Information Security Measures
This information security overview applies to Cloudistics’ corporate controls for safeguarding Personal Data. Cloudistics’ information security program enables the workforce to understand their responsibilities.
Cloudistics has implemented corporate information security practices and standards that are designed to safeguard Cloudistics’ corporate environment and to address: (1) information security; (2) system and asset management; (3) development; and (4) governance. These practices and standards are approved by Cloudistics’ executive management and undergo a formal review on an annual basis.
It is the responsibility of the individuals across the organization to comply with these practices and standards. To facilitate the corporate adherence to these practices and standards, the function of information security provides:
- Strategy and compliance with policies/standards and regulations, awareness and education, risk assessments and management, contract security requirements management, application and infrastructure consulting, assurance testing and drives the security direction of the company.
- Security testing, design and implementation of security solutions to enable security controls adoption across the environment.
- Security operations of implemented security solutions, the environment and assets, and manage incident response.
- Forensic investigations with security operations, legal, data protection and human resources for investigations.
Asset Classification and Control
Cloudistics’ practice is to track and manage physical and logical assets. Examples of the assets that Cloudistics’ might track include:
- Information Assets, such as identified databases, disaster recovery plans, business continuity plans, data classification, archived information.
- Software Assets, such as identified applications and system software.
- Physical Assets, such as identified servers, desktops/laptops, backup/archival tapes, printers and communications equipment.
As part of the employment process, employees undergo a screening process applicable per regional law.
Physical and Environmental Security
Cloudistics uses a number of technological and operational approaches in its physical security program in regards to risk mitigation.
Communications and Operations Management
The IT organization manages changes to the corporate infrastructure, systems and applications through a change management process, which may include, testing, business impact analysis and management approval where appropriate. Incident response procedures exist for security and data protection incidents, which may include incident analysis, containment, response, remediation, reporting and the return to normal operations.
To protect against malicious use of assets and malicious software, additional controls may be implemented based on risk. Such controls may include, but are not limited to, information security policies and standards, restricted access, designated development and test environments, virus detection on servers, desktop and notebooks; logging and alerting on key events, network security, and system and application vulnerability scanning.
Access to corporate systems is restricted, based on procedures to ensure appropriate approvals. To reduce the risk of misuse, intentional or otherwise, access is provided based on segregation of duties and least privileges. Remote access and wireless computing capabilities are restricted and require that both user and system safeguards are in place.
System Development and Maintenance
Publicly released third party vulnerabilities are reviewed for applicability in the Cloudistics environment. Based on risk to Cloudistics’ business and customers, there are pre-determined timeframes for remediation. In addition, vulnerability scanning and assessments are performed on new and key applications and the infrastructure based on risk.
The information security, legal, privacy and compliance departments work to identify regional laws, regulations applicable to Cloudistics corporate. These requirements cover areas such as, intellectual property of the company and our customers, software licenses, protection of employee and customer personal information, data protection and data handling procedures, trans-border data transmission, financial and operational procedures, regulatory export controls around technology, and forensic requirements. Mechanisms such as the information security program, the executive privacy council, internal and external audits/assessments, internal and external legal counsel consultation, internal controls assessment, internal penetration testing and vulnerability assessments, contract management, security awareness, security consulting, policy exception reviews and risk management combine to drive compliance with these requirements.