MXDR TERMS OF SERVICE

CyberSOC Managed Extended Detection and Response (MXDR)

TERMS OF SERVICE

Effective July 31, 2021

1. DEFINITIONS

i. “PROVINTELL” means PROVINTELL Technologies Sdn Bhd and its affiliates (collectively known as “PROVINTELL”).
ii. “Subscriber” means a Subscriber who is purchasing and utilizing the Managed Extended Detection and Response (MXDR) service provided by PROVINTELL.
iii. “Service” means the Managed Extended Detection and Response (MXDR) Service provided by PROVINTELL to Subscriber.
iv. “Subscription Term” means the Service period, quantity of the Managed Assets, and the Service Level Agreement (SLA) set forth in this Service Agreement.
v. “Service Level” means the committed service-based Service Level Agreement (SLA) offered by PROVINTELL in defining the service availability and the response or turnaround time of the service delivery of the Service to Subscriber.
vi. “Managed Asset” means the information technology infrastructure and application Service managed under the Service.
vii. “E-Support Service” means the online customer support and technical advisory Service provided via the E-Support IMS System to Subscriber via email.
viii. “E-Support IMS System” means the Online Incident Management System and User Dashboards for security intelligence, incident management and security exposure risk analysis of the Managed Asset.
ix. “Subscriber Account” means the user account used by Subscriber to login to E-Support System for incident management, security risk and issue tracking.”
x. “Agent Account” means the user account used by PROVINTELL business and technical specialists to login to E-Support System for business support and service delivery operations.”
xi. “Confidential Information” means non-public information of PROVINTELL or Subscriber disclosed by either party to the other party, either directly or indirectly, in writing , orally or by inspection of tangible objects.
xii. “Deliverable” means software, services and other goods or services specified under the Service.

2. TERMS OF SERVICE

2.1. About Our Service
The Next Generation Managed Extended Detection and Response (MXDR)
Our Managed Extended Extended Detection and Response (MXDR) service refers to the 24x7x365 Cyber Security Operation Center (CyberSOC) managed services offered to Subscriber for threat intelligence, threat hunting, detection and response services using the next generation (NG) Stellar Cyber Open XDR platform, the NG-SOC and NG-SIEM technologies by Stellar Cyber Inc.

Figure 2.1a: The Next Generation Cyber Defense Approach of PROVINTELL 24x7 MXDR

PROVINTELL is an authorized Managed Security Service Provider (MSSP) partner and reseller of Stellar Cyber Inc.
https://stellarcyber.ai/company

Our business operations are complying with the ISO/IEC 27001:2013 Information Security Management System standard requirements. The MXDR service and its system infrastructure are managed and operated by PROVINTELL in-house technical specialists with the extended remote technical support services by the authorized technical engineers of Stellar Cyber Inc.
Subscriber agrees to PROVINTELL’s Terms of Service and Privacy Notice. Subscriber may refer to PROVINTELL’s Privacy Notice here.
https://www.provintell.com/privacy-notice/

PROVINTELL does not sell, rent or monetize our Subscriber’s personal data and Service information to any third party.”

2.2. Using Our Service
PROVINTELL’s Rights of Refusal/ Termination. PROVINTELL reserves the rights to refuse or terminate the Service of the Subscriber upon detection of any fraudulent, illicit or conflicting business activities of the Subscriber that are considered harmful to PROVINTELL’s business reputation and/or its service operation. Subscriber must not (or to assist others) to access, use, modify, distribute, transfer or exploit our Service or systems. For example, Subscriber must not or attempt to (a) gain unauthorized access to our Service or systems; (b) disrupt the integrity or performance of our Service; (c) create accounts for our Service with invalid credentials or contacts information; (d) collect information about our users; or (e) license, outsource, rent, transfer, distribute, resell the Service to any third party, unless with PROVINTELL’s written consent.

Legal and Acceptable Use. Subscriber agrees to use the Service legally and for acceptable purposes. Subscriber is not allowed to use the Service (or assist others in using) our Service in ways that (a) violate or infringe the rights of the Service, our users, or others, including privacy, publicity, intellectual property, or other proprietary rights, (b) involve in any unlawful or fraudulent activities including but not limited to hacking, unauthorized data modification, leeching and/or abuse of the Service and data provided by PROVINTELL.

Managed Asset Authorization. Subscriber must not to use the Service on the assets that belong to third parties or not within the Subscriber’s authority and purview.

Subscriber Registration and Account Creation. Subscriber Account will be manually created by PROVINTELL technical specialists and the login credentials will be sent to the validated Subscriber email upon successful validation of the Subscriber’s Contact and Managed Asset information, and verification of the payment receipt.

Subscriber Account Security. The Subscriber Account login is mandatorily secured with advanced multi-factor authentication mechanisms. Subscriber is responsible to keep his/her Subscriber Account credentials safe and must not share his/her login credentials to other users.

Service and Support Duration. The Service is valid for twelve (12) months from the Subscriber Account creation date. The Subscriber Account access will be automatically deactivated or suspended upon service expiry if the service is not renewed by the Subscriber within thirty (30) days upon the service expiry date. The Subscriber Account and Managed Asset information will be permanently deleted from our systems after twelve (12) months from the service expiry date.

3. ONLINE SERVICE ACCESS AND CUSTOMER SUPPORT

3.1. Online Service Access (via E-Support IMS System). PROVINTELL is responsible to provision and manage the status of the Subscriber Account via the E-Support IMS System in accordance to PROVINTELL’s Privacy Notice.
3.2. Online Technical Support (via E-Support Service). During the Subscription Term, and subject to Subscriber’s payment of the applicable fees and the status of the Subscriber Account, Subscriber shall have active access to the E-Support IMS System for the Online Technical Support and Advisory Services (E-Support Service) provided by PROVINTELL Cyber Security Operation Center (CyberSOC) on 24x7x365 basis.
3.3. System Uptime and Availability. The system uptime and availability of Stellar Cyber Open XDR platform is managed based on Stellar Cyber Service Level Agreement – https://stellarcyber.ai/sla/ for PROVINTELL MXDR service Subscriber, provisioned under the Managed Security Service Provider (MSSP) operating license of PROVINTELL. Stellar Cyber guarantees at least 99% of system uptime and availability.
3.4. Service Level Management. PROVINTELL CyberSOC is operating on 24x7x365 basis to provide the Service to Subscriber based on the following standard response and resolution time.

3.5. Incident Ticket. An incident ticket is opened and managed by PROVINTELL CyberSOC Level 1 Threat Responder upon the detection and response to the cyber threat identified on the Managed Asset.

3.6. Issue Ticket. An issue ticket is opened and managed by PROVINTELL CyberSOC Level 2 Ethical Hacker / Threat Hunter upon the identification of security misconfiguration or system vulnerability on the Managed Asset that is generally associated with the security incident reported by Level 1 Threat Responder.

3.7. Ticket Resolution / Ticket Closure. PROVINTELL CyberSOC is responsible to monitor and update the ticket status on the threat mitigation and security remediation activities that generally would require the involvement of Subscriber’s IT support teams based on the standard Incident/Issue ticket resolution time as defined in the E-Support IMS System. PROVINTELL CyberSOC is responsible to analyse the root cause and perform security validation prior to the ticket closure.

3.8. Ticket SLA Violation Tracking and Escalation. The SLA violation tracking and notification of ticket SLA violation is automatically sent via email to the Subscriber’s Level 1 and Level 2 personnel assigned to PROVINTELL CyberSOC for status update and incident response. The escalation of the SLA overdue ticket is initiated by PROVINTELL CyberSOC Manager via phone call and/or ticket status update meeting with Subscriber’s senior IT management personnel.

4. FEES AND TAXES

4.1. Payment Term. Subscriber shall pay PROVINTELL the fees as in the accepted quotation within ten (10) working days. Subscription fees must be paid in the same currency as indicated in the quotation and are exclusive of out-of-pocket expense. PROVINTELL is not responsible for pricing, typographical or other errors in any quotation and reserves the rights to cancel any orders resulting from such errors.

4.2. Overdue Payment. If any applicable fees are overdue for more than thirty (30) days, PROVINTELL reserves the right to suspend or automatically terminate the Service to the Subscriber without any notice. Late payments may incur monthly interest charges of 1.5% per month, or the maximum rate allowable by law, whichever is lower, together with any collection costs including attorneys’ fees.

4.3. Non-refundable Policy. Payment obligations are non-cancellable and the fee paid is non-refundable.

4.4. Taxes. Subscriber must pay to the relevant taxing authority for all taxes arising for this Service subscription and the taxes should not be deducted from the payments to PROVINTELL.

5. SUBSCRIPTION TERM AND TERMINATION

5.1. Subscription Term. Subscription Term commences on the date of Subscriber Account is available, and is valid for twelve (12) months.

5.2. Service Termination. Either party may terminate the Service immediately if the other party breaches its obligations under the Terms of Service and does not remedy such breach within fourteen (14) calendar days of the date on which the breaching party receives written notice of such breach from the non-breaching party. Additionally, either party may terminate the Service immediately if the other enters into compulsory or voluntary liquidation, ceases to carry on business, or takes or suffers any similar action that the other party reasonably believes will materially impair its performance under the Terms of Service. Upon termination, PROVINTELL’s obligation to provide Service will immediately terminate and Subscriber shall pay the full amount of any outstanding fees.

For avoidance of doubt, Subscriber’s failure to pay any fees under this subscription shall constitute a breach.

Upon termination, all licenses and rights shall terminate and Subscriber shall cease the use of all Deliverables.

5.3. Early Termination. Notwithstanding any early termination above, except for Subscriber’s termination for PROVINTELL’s uncured material breach, Subscriber shall continue to pay all fees payable under the Subscription Term.

6. DISPUTE AND APPLICABLE LAW

6.1. Applicable Law. The Terms of Service obligations of PROVINTELL and its Subscribers are governed by the Law of Malaysia and parties here to hereby irrevocably submit to the exclusive jurisdiction of the courts of Malaysia.”

7. COPYRIGHT

7.1. Copyright Acts. The content and information available of this Service (digital downloads, images, texts, graphics and logos) is the exclusive property of PROVINTELL and/or its content creators and protected by the international copyright and Malaysian copyright acts.

8. INDEMNITY

8.1. Subscriber agrees to indemnify and save PROVINTELL harmless against and from;
(a) any act, omission, breach, non-observance and non-performance by Subscriber or its employees, agents or vendors;
(b) any claim, damage, loss or expenses due to or resulting from any negligence, wrongful act or breach of duty on the part of Subscriber or its employees, agents or vendors;
(c) any and all claims and proceedings for or on account of infringement of any protected intellectual property rights related to or in any way connected with the Service.

8.2. Subscriber agrees that PROVINTELL shall not be liable to Subscriber and /or any third party for any loss or damage whatsoever or howsoever caused arising directly or indirectly with the Service, including liability for any special, punitive, incidental, pecuniary or consequential loss, damage, corruption to or destruction of software of data or any business information, wasted expenditures, business interruption or for loss of profit, revenue, goodwill or anticipated saving.

8.3. The expiry or earlier termination of the Service shall not affect the liability of Subscriber for any of its acts or omissions committed during the duration of the Service and PROVINTELL shall be kept indemnified and held harmless in respect of any claim arising therefrom.

9. DISCLAIMERS AND LIMITATIONS

9.1. Subscriber acknowledges that there is no assurance that all the security exposures can be identified during the Subscription Term due to the limitations and constraints implied. The findings and recommendations provided are based on the technologies and known security issues. As the technologies and risks may change over time, deviation may occur in the security issues and recommendations provided.

10. CONFIDENTIAL INFORMATION

10.1. The information concerning the business and personal data including but not limited to, accounts, finance or transactions or any communications shall be kept strictly confidential by PROVINTELL and its Subscribers.
10.2. The parties agree and undertake that it/he/she shall not use the Confidential Information for it/his/her benefits, or, in any way directly or indirectly detrimental to the other party.
10.3. The provision of Clause 10 shall survive the expiration or termination of the Service.