Expel, Inc Terms and Conditions

For the previous version of our Terms and Conditions, please click here. For a PDF version of these Terms and Conditions, please click here. Did you purchase Expel Services through an authorized reseller? Our Terms and Conditions for Reseller Customers in the North America are here. Our Terms and Conditions for Reseller Customers in the EMEA region are here.

Expel Managed Phishing SLA

Expel Workbench for Cloud Infrastructure SLA

Expel MDR SLA

Expel MDR for On-Prem Infrastructure SLA

Expel MDR for Cloud Infrastructure SLA

Expel Hunting SLA

Expel MDR for SaaS Apps SLA

Expel MDR for Kubernetes SLA

Expel Vulnerability Prioritization SLA

Version 4.1
Last updated: March 31, 2023

These Terms and Conditions (“Agreement”), together with the Data Processing Addendum and any Sales Order(s) is an agreement between you (“Customer”) and Expel, Inc. (“Expel”) for the use of Expel’s Services. The provisions of this Agreement are as follows:

1. DEFINITIONS. Capitalized terms shall have the meanings set forth in this section, or in the section where they are first used.

1.1 “Access Protocols” means the passwords, access codes, technical specifications, connectivity standards or protocols, or other relevant procedures, as may be necessary to allow Customer or any Authorized Users to access the Services.

1.2 Affiliates” means, with respect to any party to this Agreement, any other entity that is directly or indirectly Controlling, Controlled by, or under common Control with such party, where “Control” and derivative terms mean the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of a party, whether through the ownership of voting securities, by contract, or otherwise.

1.3 “Authorized User” means any individual who is an employee or contractor of Customer or such other person or entity as may be authorized by Expel to access the Services pursuant to Customer’s rights under this Agreement.

1.4 “Customer” means the company, organization or other type of legal entity purchaser of Expel’s Services pursuant to a valid, executed Agreement. If specified in the Agreement, the Customer may include Affiliates and subsidiaries of the purchasing entity.

1.5 Fees” means the fees for the Services ordered, as set forth on Expel’s then-current pricing list.

1.6 “Integration Partner” means any third party that produces security software that has been licensed by Customer and is used in conjunction with the Expel Services.

1.7 “Intellectual Property Rights” means any and all now known or hereafter existing (a) rights associated with works of authorship, including copyrights, mask work rights, and moral rights; (b) trademark or service mark rights; (c) trade secret rights; (d) patents, patent rights, and industrial property rights; (e) layout design rights, design rights, and other proprietary rights of every kind and nature other than trademarks, service marks, trade dress, and similar rights; and (f) all registrations, applications, renewals, extensions, or reissues of the foregoing, in each case in any jurisdiction throughout the world.

1.8 “Customer Content” means any content that is uploaded onto the Services by Customer or otherwise used on or in connection with the Software.

1.9 “Sales Order” means any order form or other writing agreed between the parties identifying the Services to be made available by Expel pursuant to this Agreement, the subscription term, and any limitations or restrictions in connection with Customer’s access to and use of such Services.

1.10Services” means Expel’s proprietary, cloud-based software platform, which can be accessed and used on a hosted basis, and related services, for security operations management, as shall be described on the relevant Sales Order. This Agreement does not contemplate any customized products, services, work-for-hire, or code developed exclusively for Customer.

1.11 “Software” means the software programs and any associated user interfaces and related technology that Expel makes available pursuant to this Agreement for access and use through the Services.

2. PROVISION OF SERVICES

2.1 Access. Expel will provide the Services via an online user portal or other approved method. On or as soon as reasonably practicable after the execution of the Sales Order and acceptance of this Agreement, Expel shall provide to Customer the necessary passwords, security protocols and policies and network links or connections and Access Protocols to allow Customer and its Authorized Users to access the Services in accordance with the Access Protocols. Customer acknowledges and agrees that use of the Services requires that Customer provide Expel with access to and permission to use the credentials for Customer’s security technology.

2.2 Responsibility for Software and Content Hosting. Expel shall use commercially reasonable efforts to host and make available the Software accessible as part of the Services, provided that nothing herein shall be construed to require Expel to provide for, or bear any responsibility with respect to any telecommunications or computer network hardware required by Customer or any Authorized User to provide access from the Internet to the Services. The Software may only be used in conjunction with the Services. Customer shall not modify or distribute the Software and/or related Services in any way without the prior express written consent of Expel.

2.3 Support Services. Expel shall use commercially reasonable efforts to provide the support services in accordance with Expel’s then-current service level agreement(s) for the applicable Services. Expel’s service level agreements may be accessed through the following URL: https://expel.com/terms-of-use/

2.4 Data Processing Addendum (“DPA”). Expel shall comply with the DPA, available at https://expel.com/dpa/.

3. INTELLECTUAL PROPERTY

3.1 License Grant. Subject to the terms and conditions of this Agreement, Expel grants to Customer a non-exclusive, non-transferable license during the term set forth on the Sales Order to access and use the Services in accordance with the terms of this Agreement and any restrictions or limitations set forth on the applicable Sales Order(s).

3.2 Ownership; Limitations. The Services (excluding the Customer Content and Integration Partners data hosted thereon), Software, and all other materials provided by Expel hereunder, including but not limited to all manuals, reports, records, programs, data and other materials, and all Intellectual Property Rights in each of the foregoing, are the exclusive property of Expel and its suppliers.  Customer agrees that it will not, and will not permit any Authorized User or other party to: (a) permit any party to access the Software or use the Services, other than the Authorized Users authorized under this Agreement; (b) modify, adapt, alter or translate the Software, except as expressly allowed herein; (c) sublicense, lease, rent, loan, distribute, or otherwise transfer the Software to any third party; (d) reverse engineer, decompile, disassemble, or otherwise derive or determine or attempt to derive or determine the source code (or the underlying ideas, algorithms, structure or organization) of the Software; (e) use or copy the Software except as expressly allowed under this subsection; (f) remove any proprietary notices from the Software or Services or (g) disclose or transmit any data contained in the Software to any individual other than an Authorized User, except as expressly allowed herein.  Subject to the Confidentiality requirements of Section 8 of this Agreement, Customer may reasonably share information and access to the Software to its information technology and security auditors for the sole purpose of conducting routine information technology and security audits.

3.3 License to Reports. As part of the Services, Expel will create and make available to Customer security incident and other related reports (“Reports”). While the Report template and related Intellectual Property Rights remain the property of Expel, the content of any Reports becomes the property of Customer upon creation. Customer hereby grants to Expel the non-exclusive, non-sublicensable, non-transferable, right to use, reproduce, modify, create derivative works of, and display the Reports solely for Expel’s internal business purposes. Expel shall not have the right to distribute or otherwise make available the Reports to any third party, except as is required by law or by the order of a court or similar judicial or administrative body.

3.4 Reservation of Rights. All rights in and to the Services and Software not expressly granted to Customer in this Agreement are reserved by Expel and its suppliers.  Except as expressly set forth herein, no express or implied license or right of any kind is granted to Customer regarding the Software and Services or any part thereof, including any right to obtain possession of any source code, data or other technical material related to the Software.

3.5 Open Source Software. Certain items of software may be provided to Customer with the Software and are subject to “open source” or “free software” licenses (“Open Source Software”).  Some of the Open Source Software is owned by third parties.  A list of Expel’s Open Source Software partners can be provided upon written request.

3.6 Aggregated Anonymous Data. Expel may aggregate the metadata and usage data of Customer collected or otherwise made available through the Services so that the results are non-personally identifiable with respect to Customer (“Aggregated Anonymous Data”). The Aggregated Anonymous Data will be deemed Expel property, and Customer acknowledges that Expel may use the Aggregated Anonymous Data, both during and after the Term, (i) for its own internal, statistical analysis, (ii) to develop and improve the Services, and (iii) to create and distribute reports and other materials regarding use of the Services. For purposes of clarity, nothing in this section gives Expel the right (or ability) to publicly identify Customer as the source of any Aggregated Anonymous Data.

4. FEES. Except as otherwise set forth on a Sales Order, Fees shall be paid on an annual basis, in advance, net thirty (30) days of receipt of invoice, plus all applicable sales, use and other purchase related taxes to the extent set forth in such Sales Order. Customer shall be responsible for all applicable taxes unless Customer provides Expel with a proper tax-exemption certificate. Customer also agrees that Expel may send invoices for actual service usage quantities beyond agreed-to amounts (“Overages”), Surge (as defined in the applicable Service Level Agreement), and other ad hoc Services. For the avoidance of doubt, the Services are available for the quantities purchased. Expel will audit Customer’s actual usage of the Services on a quarterly basis, and expressly reserves the right to audit Customer’s actual usage at any time. Overages are additional use by Customer of Services that exceed the initial quantity set forth on an applicable Sales Order. If an Overage exceeds the amount reflected on a Sales Order by more than ten percent (10%), Expel will notify Customer in writing, and will issue an invoice within forty-five (45) days for the Overage at the then-current list price. If any invoiced amount is not received by Expel by the due date, then without limiting Expel’s rights or remedies, (i) those unpaid amounts shall be subject to interest at the lesser of one and one-half percent (1.5%) per month or the maximum permitted by law, plus all collection costs, and (ii) Expel may suspend Services with five (5) days’ written notice, and may terminate Services with ten (10) days’ written notice.

The Fees payable by Customer for each renewal Term will be equal to the Fees for the prior Term, plus a price increase. The Fees for each renewal Term shall not exceed the then-current list price as of the start date of such renewal Term.

5. CUSTOMER CONTENT AND RESPONSIBILITIES

5.1 Authorized Users Access to Services.  Customer may permit any Authorized Users to access and use the features and functions of the Services as contemplated by this Agreement and the restrictions in the Sales Order.   User IDs cannot be shared or used by more than one Authorized User at a time.  Customer shall use commercially reasonable efforts to prevent unauthorized access to, or use of, the Services, and notify Expel promptly of any such unauthorized use known to Customer.

5.2 Customer Customer represents and warrants that any Customer Content hosted by Expel as part of the Services shall not (a) infringe any copyright, trademark, or patent; (b) misappropriate any trade secret; (c) be deceptive, defamatory, obscene, pornographic or unlawful; (d) contain any viruses, worms or other malicious code intended to damage Expel’s system or data; or (e) otherwise violate the rights, including any applicable privacy rights, of a third party.  Expel is not obligated to back up any Customer Content; the Customer is solely responsible for creating backup copies of any Customer Content at Customer’s sole cost and expense.  Customer agrees that any use of the Services contrary to or in violation of the representations and warranties of Customer in this section constitutes unauthorized and improper use of the Services.

5.3 Customer Responsibility for Data and Security. Customer and its Authorized Users shall have access to the Customer Content and shall be responsible for all changes to and/or deletions of Customer Content and the security of all passwords and other Access Protocols required in order the access the Services.  Customer shall have the sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer

6. WARRANTIES. Expel represents and warrants that the Services will operate in material conformance with the functionality described on Expel’s website relating to the applicable Services; provided, however, Customer has complied with all instructions and other requirements necessary to access and use the Services.  To the best of Expel’s knowledge at the time of delivery, Expel represents and warrants that the Software contains no viruses or other malware. Expel shall use commercially reasonable efforts to test the Software included in the Services for the presence of viruses and/or malware and to remove and destroy any viruses and/or malware found. If the Services do not conform with the warranties provided in this Section 6, Expel will, at its expense, use commercially reasonable efforts to correct any such non-conformance within a reasonable period of time. Except for the foregoing warranty, to the maximum extent permitted by law, the Software, Services, and all other documentation and materials are provided “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  CUSTOMER ACCESS AND USES THE SERVICES AT ITS OWN RISK. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY EXPEL OR ITS AGENTS OR EMPLOYEES SHALL IN ANY WAY INCREASE THE SCOPE OF THIS WARRANTY.

7. MUTUAL LIMITATION OF LIABILITY

7.1 Types of Damages. TO THE EXTENT LEGALLY PERMITTED UNDER APPLICABLE LAW, NEITHER PARTY OR ITS RESPECTIVE SUPPLIERS  SHALL BE LIABLE TO THE OTHER PARTY FOR ANY SPECIAL, INDIRECT, EXEMPLARY, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY NATURE INCLUDING, BUT NOT LIMITED TO DAMAGES OR COSTS DUE TO LOSS OF PROFITS, DATA, REVENUE, GOODWILL, PRODUCTION OR USE, BUSINESS INTERRUPTION, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR PERSONAL OR PROPERTY DAMAGE ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT , REGARDLESS OF THE CAUSE OF ACTION OR THE THEORY OF LIABILITY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, EVEN IF THE OTHER PARTY HAS BEEN NOTIFIED OF THE LIKELIHOOD OF SUCH DAMAGES.

NOTHING IN THIS AGREEMENT SHALL LIMIT OR EXCLUDE EITHER PARTY’S LIABILITY FOR GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT OF SUCH PARTY OR ITS EMPLOYEES OR AGENTS OR FOR DEATH OR PERSONAL INJURY.  SOME STATES AND JURISDICTIONS DO NOT ALLOW FOR THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY .

7.2 Amount of Damages. THE MAXIMUM LIABILITY OF EITHER PARTY ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT SHALL NOT EXCEED THE FEES PAID OR DUE TO BE PAID BY CUSTOMER TO EXPEL DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT, ACT, OR OMISSION GIVING RISE TO THE LIABILITY.   IN NO EVENT SHALL EXPEL’S SUPPLIERS HAVE ANY LIABILITY ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT.

7.3 Basis of the Bargain. The parties agree that the limitations of liability set forth in this section shall survive and continue in full force and effect despite any failure of consideration or of an exclusive remedy.  The parties acknowledge that the prices have been set and that this Agreement is entered into in reliance upon these limitations of liability and that all such limitations form an essential basis of the bargain between the parties. These Terms and Conditions are entered into by and between, and may be enforced only by, Expel and Customer. These Terms and Conditions shall not be deemed to create any rights or liabilities in any third parties, including Integration Partner(s), nor to create any obligations of a party to any such third parties, and any such rights and liabilities are hereby expressly disclaimed.

8. MUTUAL CONFIDENTIALITY

8.1 Confidential Information. During the term of this Agreement, each party (the “Disclosing Party”) may provide the other party (the “Receiving Party”) with certain information regarding the Disclosing Party’s business, technology, products, or services or other confidential or proprietary information that is marked as “confidential” or “proprietary” or which the Receiving Party should reasonably know is confidential and/or proprietary, given the nature of information and context of disclosure (collectively, “Confidential Information”).  For the avoidance of doubt, the Software, and all enhancements and improvements thereto will be considered Confidential Information of Expel.

8.2 Protection of Confidential Information. The Receiving Party agrees that it will not use or disclose to any third party any Confidential Information of the Disclosing Party, except as expressly permitted under this Agreement.  The Receiving Party will limit access to the Confidential Information to Authorized Users (with respect to Customer) or to those employees who have a need to know, who have confidentiality obligations no less restrictive than those set forth herein, and who have been informed of the confidential nature of such information (with respect to Expel).  In addition, the Receiving Party will protect the Disclosing Party’s Confidential Information from unauthorized use, access, or disclosure in the same manner that it protects its own proprietary information of a similar nature, but in no event with less than reasonable care.  At the Disclosing Party’s request or upon termination of this Agreement, the Receiving Party will return to the Disclosing Party or destroy (or permanently erase in the case of electronic files) within thirty (30) days after termination or expiration of this Agreement all copies of the Confidential Information that the Receiving Party does not have a continuing right to use under this Agreement, and the Receiving Party shall provide to the Disclosing Party a written affidavit certifying compliance with this sentence.

8.3 Exceptions. The confidentiality obligations set forth in this section will not apply to any information that (a) becomes generally available to the public through no fault of the Receiving Party; (b) is lawfully provided to the Receiving Party by a third party free of any confidentiality duties or obligations; (c) was already known to the Receiving Party at the time of disclosure; (d) the Receiving Party can prove, by clear and convincing evidence, was independently developed by employees and contractors of the Receiving Party who had no access to the Confidential Information; or (e) is necessary to be disclosed to Integration Partner(s) in order for Expel to perform the Services.  In addition, the Receiving Party may disclose Confidential Information to the extent that such disclosure is necessary for the Receiving Party to enforce its rights under this Agreement or is required by law or by the order of a court or similar judicial or administrative body, provided that the Receiving Party promptly notifies the Disclosing Party in writing of such required disclosure and cooperates with the Disclosing Party if the Disclosing Party seeks an appropriate protective order.

9. MUTUAL INDEMNIFICATION

9.1 Each party will defend at its expense any suit brought against the other party, and will pay any settlement the other party makes or approves, or any damages finally awarded in such suit, insofar as such suit is based on a claim by any third party alleging 1) infringement of a party’s Intellectual Property Rights or 2) a breach of warranty. Neither party shall have any obligation under this section or otherwise with respect to any infringement or breach of warranty claim if (a) the Software or Services are not used in accordance with this Agreement; (b) the Software or the Services are used with other products, equipment, software, or data not supplied or approved by Expel; or (c) the Software and Services are modified by anyone other than Expel and its authorized agents.

9.2 Procedure. The indemnifying party’s obligations as set forth above are expressly conditioned upon each of the foregoing: (a) the indemnified party shall promptly notify the indemnifying party in writing of any threatened or actual claim or suit; (b) the indemnifying party shall have sole control of the defense or settlement of any claim or suit; and (c) the indemnified party shall cooperate with the indemnifying party to facilitate the settlement or defense of any claim or suit.

10. TERM AND TERMINATION

10.1 Term. This Agreement remains in effect so long as any Sales Order is in effect.  Each Sales Order remains in effect for the period of time set forth on the Sales Order (“Initial Term”), unless earlier terminated by either party in accordance with the subsection titled Termination.  Following the Initial Term, the Sales Order shall automatically renew for additional, successive periods of one (1) year (each, a “Renewal Term”), and such Renewal Term may contain a fee increase consistent with the terms of Section 4 of this Agreement, unless and until either party gives notice to the other party of its intent not to renew the Sales Order at least ninety (90) days prior to the end of the Initial Term or then-current Renewal Term. The Initial Term and any Renewal Term(s) are collectively referred to herein as the “Term”.

10.2 Termination. Expel does not offer a right to  termination for convenience. Either party may terminate this Agreement immediately upon notice to the other party if the other party materially breaches this Agreement, and such breach remains uncured more than thirty (30) days after receipt of written notice of such breach. Notwithstanding the foregoing, in the event of Customer breach for non-payment Expel may suspend Services with five (5) days’ written notice, and may terminate Services with ten (10) days’ written notice. Upon termination by Customer solely due to Expel’s material breach, Expel will refund to Customer the pro-rata amount of the unused Fees paid for the Software and Services prior to such termination.

10.3 Effect of Termination.  Upon termination of this Agreement for any reason: (a) all rights and obligations of both parties, including all licenses granted hereunder, shall immediately terminate; and (b) within thirty  (30) days after the effective date of termination, each party shall comply with the obligations to return or destroy all Confidential Information of the other party, as set forth in the section titled Mutual Confidentiality.  The sections and subsections titled Definitions, Ownership; Limitations, Warranties, Mutual Limitation of Liability, Mutual Confidentiality, Mutual Indemnification, Effect of Termination, and Miscellaneous will survive expiration or termination of this Agreement for any reason.

11. SPECIAL TERMS FOR FREE TRIAL SERVICES. From time to time, Expel may offer a short-term usage of any or all of its Services at no cost to prospective Customers for one or both of the following purposes: (a) to setup and configure its information technology systems for future use of Expel’s paid services; or (b) to undertake an approved, time-limited free trial of Expel’s services (“Free Trial Services”). The terms and conditions within this Agreement shall generally apply to Free Trial Services, subject to modification by the special terms contained within this Section.

11.1 Free Trial Services Term and Termination; Additional Terms and Conditions. Expel will make the Free Trial Services available to Customer until the earliest of: (a) forty-five (45) days from the date you begin using the Free Trial Services; (b) the start date of any paid Sales Order for the applicable Services; or (c) termination by Expel, at any time, in its sole discretion. Additional terms and conditions may apply to Free Trial Services and Customer agrees any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.

11.2 SPECIAL LIMITATIONS OF LIABILITY FOR FREE TRIAL SERVICES. THE MUTUAL LIMITATION OF LIABILITY IN SECTION 7 OF THIS AGREEMENT SHALL NOT APPLY TO ANY AGREEMENT FOR FREE TRIAL SERVICES. EXPEL PROVIDES NO WARRANTIES FOR ANY FREE TRIAL SERVICES. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW: (a) IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATING TO ANY AGREEMENT FOR FREE TRIAL SERVICES; AND (b) IN NO EVENT SHALL EXPEL’S CUMULATIVE AND AGGREGATE LIABILITY EXCEED ONE THOUSAND U.S. DOLLARS FOR ANY AGREEMENT FOR FREE TRIAL SERVICES. THE EXCLUSIONS AND LIMITATIONS IN THIS SECTION (COLLECTIVELY, THE “EXCLUSIONS”) APPLY WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR ANY OTHER BASIS, EVEN IF THE NON-BREACHING PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE INDEMNIFICATION OBLIGATIONS UNDER SECTION 9 SHALL NOT APPLY TO EXPEL FOR ANY FREE TRIAL SERVICES AGREEMENT. THE PROVISIONS OF THIS SECTION 11 ALLOCATE THE RISKS OF A FREE TRIAL SERVICES AGREEMENT BETWEEN THE PARTIES, AND THE PARTIES HAVE RELIED ON THE EXCLUSIONS IN DETERMINING TO ENTER INTO THIS FREE TRIAL SERVICES AGREEMENT.

12. INSURANCE

12.1 Expel Insurance. Expel shall obtain, during the Initial Term and any Renewal Terms (if any), and maintain in force the following insurance coverage at its own cost and expense, including: (a) Workers’ compensation or qualified self-insurance in compliance with the requirements of each applicable state in which the Services are to be performed; (b) Employers’ liability insurance with a limit of not less than One million dollars ($1,000,000.00) aggregate limit; (c) Commercial general liability insurance of not less than One million dollars ($1,000,000.00) each occurrence, Two million dollars ($2,000,000.00)  annual general aggregate for bodily injury, property damage, personal and advertising injury, and products and completed operations; (d) Technology Errors and Omissions Insurance with a minimum limit of Four million dollars ($4,000,000.00) aggregate limit; and (e)  Cyber Liability insurance not less than Four million dollars ($4,000,000.00) aggregate limit that includes third-party claims and losses with respect to network security, including but not limited to data breaches, violation of consumer data privacy laws, unauthorized access or use, ID theft, theft of data.  The Technology Errors and Omissions insurance and Cyber Liability insurance shall be collectively subject to a minimum aggregate limit of Four million dollars ($4,000,000.00). Where applicable, Umbrella or Excess liability insurance policies may be used to provide the limits required under this Agreement.

12.2 Insurance Requirements. All insurance policies must be primary and non-contributing. The insurers selected by Expel shall have an A.M. Best rating of A- or better or, if such ratings are no longer available, with a comparable rating from a recognized insurance rating agency.  Upon request, Expel shall cause its insurers to issue, before the Effective Date of this Agreement, certificates of insurance evidencing that the required coverages and policy endorsements are maintained in force,. Expel shall ensure that its subcontractors, if any, maintain insurance coverage as specified in this Section 12.

13. MISCELLANEOUS

13.1 Publicity. Customer hereby grants a limited, worldwide, royalty-free license to Expel to display Customer’s name and logo on the Expel website and in promotional marketing materials as part of a list of other Expel customers during the Term, (including any renewal periods), and to verbally reference Customer as a user of Expel’s services. Customer may revoke this license by providing written notice to Expel at notice@expel.com.

13.2 Compliance with Laws. Each party shall comply with all laws, regulations, rules, ordinances and orders applicable to its access to and use of the Services. Without limiting the foregoing, each party shall comply with the relevant export administration and control laws and regulations, as may be amended from time to time, including, without limitation, the United States Export Administration Act, to ensure that the Services are not transferred or exported (directly or indirectly) in violation of U.S. law.

13.3 Order of Precedence. In the event of any conflict between these Terms and Conditions and a Sales Order, unless otherwise specified in a Sales Order, these Terms and Conditions shall govern. Notwithstanding the foregoing, a Sales Order may modify Sections 4 (Fees) and 10 (Term and Termination) solely as to the Services provided in connection with that Order and the subject matter referenced therein.

13.4 Assignment. Neither party may assign or delegate, directly or indirectly, by operation of law, change of control or otherwise, this Agreement or any of its rights or obligations under this Agreement to any third party, and any attempt to do so will be void and of no effect. Notwithstanding the foregoing, a merger, acquisition, or sale of substantially all of either party’s assets as a going concern shall not constitute an assignment for the purposes of this Agreement.

13.5 Governing Law and Venue. This Agreement will be subject to and governed by the laws of the state of Delaware, without regard to conflicts of laws principles. Any disputes under this Agreement may be brought in the state courts and the Federal courts located in New Castle County, DE and the parties hereby consent to the personal jurisdiction and exclusive venue of these courts.

13.6 Export. Customer agrees not to export, reexport, or transfer, directly or indirectly, any U.S. technical data acquired from Expel, or any products utilizing such data, in violation of the United States export laws or regulations.

13.7 Severability. If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. Without limiting the generality of the foregoing, Customer agrees that the section titled Mutual Limitation of Liability will remain in effect notwithstanding the unenforceability of any provision in the subsection titled Warranties.

13.8 Waiver. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.

13.9 Remedies. Except as provided in the sections titled  Warranties and Mutual Indemnification, the parties’ rights and remedies under this Agreement are cumulative.  Customer acknowledges that the Services and Software contain valuable trade secrets and proprietary information of Expel, that any actual or threatened breach of the sections titled Intellectual Property or Mutual Confidentiality or any other breach by Customer of its obligations with respect to Intellectual Property Rights of Expel will constitute immediate, irreparable harm to Expel for which monetary damages would be an inadequate remedy.  In such case, Expel will be entitled to immediate injunctive relief without the requirement of posting bond, including an order that any Software, or any portions thereof, that Customer attempts to import into any country or territory be seized, impounded and destroyed by customs officials.  If any legal action is brought to enforce this Agreement, the prevailing party will be entitled to receive its attorneys’ fees, court costs, and other collection expenses, in addition to any other relief it may receive.

13.10 Force Majeure. Any delay in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay is caused by a labor dispute, shortage of materials, fire, earthquake, flood, or any other event beyond the control of such party, provided that such party uses reasonable efforts, under the circumstances, to notify the other party of the cause of such delay and to resume performance as soon as possible.

13.11 Independent Contractors. Customer’s relationship to Expel is that of an independent contractor, and neither party is an agent or partner of the other. Customer will not have, and will not represent to any third party that it has, any authority to act on behalf of Expel.

13.12 Notices. All notices or other communications required or permitted under this Agreement will be made in writing to the other party by electronic mail as follows: If to Expel, notices@expel.io and if to Customer, at the email address provided to Expel upon registration. Notwithstanding the foregoing, all legal notices will be made in writing to the other party as follows: If to Expel, 12950 Worldgate Drive, Suite 200, Herndon, VA 20170, and if to Customer, at the address provided to Expel. Such notices will be delivered by courier, by certified or registered mail (postage prepaid and return receipt requested), or by a nationally-recognized express mail service.  Notice will be effective upon receipt or refusal of delivery.  If delivered by electronic mail, any such notice will be considered to have been given on the day such electronic mail was sent. If delivered by certified or registered mail, any such notice will be considered to have been given five (5) business days after it was mailed, as evidenced by the postmark.  If delivered by courier or express mail service, any such notice shall be considered to have been given on the delivery date reflected by the courier or express mail service receipt. Each party may change its contact information for receipt of notice by giving notice of such change to the other party.

13.13 Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be deemed an original and all of which shall be taken together and deemed to be one instrument. Each party agrees that this Agreement and any other documents delivered in connection herewith may be electronically signed and that any electronic signatures appearing on this Agreement or other such documents are the same as handwritten signatures for the purposes of validity, enforceability and admissibility.

13.14 Entire Agreement. This Agreement is the final, complete and exclusive agreement of the parties with respect to the subject matters hereof and supersedes and merges all prior discussions between the parties with respect to such subject matters. No modification of or amendment to this Agreement, or any waiver of any rights under this Agreement, will be effective unless in writing and signed by an authorized signatory of the Customer and Expel.

 

Expel Managed Phishing
Service Level Agreement

 

  1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.
    1. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product.
    2. “Email” means each email to be analyzed by Expel that is forwarded by the Customer from their phishing inbox. The same email or very similar emails that are submitted either multiple times by the same Authorized User or by multiple Authorized Users, is counted as a single Email for the purposes of this Service Level Agreement.
    3. “Covered System” means a computing device (to the extent supported by Expel) that Customer specifies as within the scope of the Expel Service whose system information or network traffic is observable to support Expel Service delivery.
    4. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
    5. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include Alert analysis, Investigations, Incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
    6. “Incident” means a report of confirmed compromise of one or more of Customer’s Covered Systems.
    7. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
    8. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Customer is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Customer with reasonable prior notice of such Scheduled Downtime.
    9. “Supported Product” means a Product owned by or leased to Customer and supported by Expel that Expel accesses to investigate Emails.
    10. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Customer subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Customer subscribed.
    11. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Customer is not able to access the features and functions of the customer portal, including email notifications of Incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a result of (i) non-compliance by Customer with any provision of this SLA; (ii) incompatibility of Customer’s equipment or software with the Service; (iii) actions or inactions of Customer or third parties; (iv) Customer’s use of the Service after Expel has advised Customer to modify its use of the Service, if Customer did not modify its use as advised; (v) acts or omissions of Customer or Customer’s employees, agents, contractors, or vendors, or anyone gaining access to the Service by means of Customer’s passwords or equipment; (vi) performance of Customer’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Customer’s bandwidth limitations; or (ix) Scheduled Downtime.
    12. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time.
  2. Scope of Service. During the Term, Expel will provide Customer with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Customer requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Customer that are not described in this Section 2 are subject to Expel’s availability.The Expel Service is available for the number of Users purchased. If the number of Users exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Users at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.
    1. Email Analysis and Investigations. If Expel determines that an Email is indicative of potentially malicious activity, Expel will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.
    2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.
    3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Customer of the new Incident within 10 minutes. At its discretion, Expel may perform an extended Investigation, and/or may aggregate and review multiple Emails to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.
    4. Non-Remediable Alerts. Expel has no obligation to notify Customer or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Customer has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause.
    5. Portal Access. Access to Alerts, Investigations and Incidents will be provided by an online user portal.
  3.  System Performance
    1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).
    2. Access to Support; Response Times: Customer may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.
    3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Customer acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s control, and in such event, Expel will make commercially reasonable efforts to notify Customer promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.
  4. Customer Networks And Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Customer, and under Customer’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Customer is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Customer is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service
  5.  Remedy For Breach Of Section 3:
    1.  Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:
      System Availability Credit as a Percentage of One Month of Service
      99.95% – 100.00% 0%
      99.00% – 99.94% 10%
      95.00% – 98.99% 25%
      Less than 95.0% 50%

       

    2. Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions. Customer’s rights under this Section 5.1 are Customer’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.
    3. Maximum Service Credits: The maximum amount of Service that Expel will issue to Customer for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.
    4. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Customer, Customer must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Customer is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Customer fails to request any Service Credits to which Customer is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Customer.
  6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the rates outlined in the contract for those services. Examples of these requests may include, but are not limited to:
    • Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
    • Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
    • Red/Blue Team exercise participation; and
    • Expel support for customer onsite/virtual events or meetings not outlined in the services contract

Expel Workbench for Cloud Infrastructure
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.

1. “Alert” means an alert to be analyzed by Expel that is generated by Expel or by a Supported Product.
2. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service whose system information or network traffic is observable to support Expel Service delivery.
3. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
4. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that
may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts,
investigations and incidents, as ordered pursuant to a Sales Order.
5. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
6. “Investigation” means the process executed by the Licensee to confirm whether possible compromises are false positives or true compromises. Investigations may be performed by Expel at an additional cost.
7. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
8. “Normal Business Hours” means 9 a.m. to 5 p.m. U.S. Eastern Time Monday through Friday excluding United States federal holidays.
9. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
10. “Supported Product” means Amazon Web Services (AWS)
11. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
12. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the features and functions of the customer portal are not accessible, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of
Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees, agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
13. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.

1. Covered Systems. Expel will ingest data from the Licensee’s Covered Systems, which are in scope as part of the Services to generate Alerts.
2. Alert Analysis. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel will create an Investigation, which will be made available for Licensee to review and take action.
3. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.
4. Ad-Hoc Investigations. The Licensee is responsible for performing Investigations that are created as a result of Expel’s alert analysis. The Licensee may request that Expel perform an Ad Hoc Investigation for an additional fee. Expel will issue an invoice for the cost of Ad Hoc Investigation at Expel’s then-current rates of the then-current Term.
5. Incident Reporting. In rare cases, Expel’s automation may confirm malicious activity and will publish an Incident to the online user portal and notify the Licensee of the new Incident within 10 minutes (in some cases, notifications will be through email). Expel analysts may append results from subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.
6. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.
7. Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.
8. Customer Support. General questions about features and navigation of the Expel Workbench™ interface, device onboarding, and incident analysis.

3. System Performance

1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).
2. Access to Support; Response and Resolution Times: Licensee may initiate support tickets through the support portal at https://support.expel.io/. Expel will establish the priority levels of corresponding support tickets in its sole discretion and will use its best efforts to adhere to the Response and Resolution times set forth below during the Normal Business Hours.

Priority Level: 1 – Major Impact

Products are inoperable, or the performance of the products are so severely reduced that licensees cannot reasonably continue to use the products because of the error, the error cannot be circumvented with a workaround, and it affects the licensee’s ability to perform its business.

Response time: 4 business hours

Priority Level: 2 – Moderate Impact:

Performance is significantly degraded such that licensee’s use of the products are materially impaired, but the error can be circumvented with a workaround.

Response time: 8 business hours

Priority Level: 3 – Minor Impact:

Licensee is experiencing a performance, operational, or functional issue in its use of the products that can be circumvented with a workaround, and the error causes only minimal impact to the licensee’s ability to use the products.

Response time: 16 business hours

Priority Level: 4 – General Questions:

No issue with performance or operation of the products. These include general questions about features and navigation of the Expel Workbench™ interface, device onboarding, and incident analysis. Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled

Downtime within 15 minutes of each such report.

4. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

5. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service.

6. Remedy for Breach of Section 3:

1. Credits Against Fees: In the event Unscheduled Downtime occurs, Licensee will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

System Availability Credit as a Percentage of One Month of Service
99.95% – 100.00% 0%
99.00% – 99.94% 10%
95.00% – 98.99% 25%
Less than 95.0% 50%

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

1. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.
2. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
7. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

  • Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
  • Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
  • Red/Blue Team exercise participation; and
  • Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Managed Detection and Response (MDR)
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.

  1. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.
  2. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
  3. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
  4. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
  5. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
  6. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
  7. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
  8. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
  9. “Supported Product” means an endpoint protection platform,endpoint and detection and response product, network security product, Security Information and Event Management (SIEM), or User and Entity Behavior Analytics (UEBA) owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time.
  10. “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order.
  11. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
  12. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees, agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
  13. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability.

  1. Alert Analysis and Investigations. Expel will conduct a monthly analysis on 30 days of data from your environment and document any potentially threatening or malicious activity found. If Expel determines that an Event is indicative of potentially malicious activity, Expel will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.
  2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications after identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.
  3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.
  4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.
  5. Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.

3. System Performance

  1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).
  2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.
  3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s control, and in such an event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service.

5. Remedy for Breach of Section 3:

1. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service.

System Availability Credit as a Percentage of One Month of Service
99.95% – 100.00% 0%
99.00% – 99.94% 10%
95.00% – 98.99% 25%
Less than 95.0% 50%

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 10 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.

3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.

6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

  • Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
  • Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
  • Red/Blue Team exercise participation; and
  • Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Managed Detection and Response (MDR) for On-Prem Infrastructure
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.

  1. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
  2. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
  3. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
  4. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
  5. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
  6. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
  7. Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
  8. “Supported Product” means an endpoint protection platform,endpoint and detection and response product, network security product, Security Information and Event Management (SIEM), or User and Entity Behavior Analytics (UEBA) owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time.
  9. “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order.
  10. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
  11. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a
    result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees,
    agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
  12. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.

1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel
will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.

2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.

3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.

4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.

5. Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.

6. Custom SIEM rules. If desired, Customer may engage with Expel to request the support of custom rules in Customer’s SIEM, provided that Customer’s SIEM is deemed suitable by Expel for custom rules. The list of suitable SIEMs presently includes Splunk ES and Azure Sentinel and is subject to change at any time. Expel will work with Customer to understand its custom requests, determine feasibility, and develop mutually agreed upon custom rules. Expel may, in its sole discretion, determine certain requests to be unfeasible or outside the scope of service delivery.

 

 

3. System Performance

1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).

2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.

3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s
control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service. 5. Remedy for Breach of Section 3:

1. Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

System Availability Credit as a Percentage of One Month of Service
99.95% – 100.00% 0%
99.00% – 99.94% 10%
95.00% – 98.99% 25%
Less than 95.0% 50%

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.

3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

  • Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
  • Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
  • Red/Blue Team exercise participation; and
  • Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Managed Detection and Response (MDR) for EDR
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.

  1. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
  2. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
  3. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
  4. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
  5. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
  6. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
  7. Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
  8. “Supported Product” means an endpoint protection platform,endpoint and detection and response product, network security product, Security Information and Event Management (SIEM), or User and Entity Behavior Analytics (UEBA) owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time.
  9. “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order.
  10. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
  11. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a
    result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees,
    agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
  12. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.

1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel
will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.

2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.

3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.

4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.

5. Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.

3. System Performance

1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).

2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.

3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s
control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service. 5. Remedy for Breach of Section 3:

1. Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

System Availability Credit as a Percentage of One Month of Service
99.95% – 100.00% 0%
99.00% – 99.94% 10%
95.00% – 98.99% 25%
Less than 95.0% 50%

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.

3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

  • Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
  • Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
  • Red/Blue Team exercise participation; and
  • Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Managed Detection and Response (MDR) for Cloud Infrastructure
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.

  1. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
  2. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
  3. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
  4. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
  5. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
  6. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
  7. Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
  8. “Supported Product” means an endpoint protection platform,endpoint and detection and response product, network security product, Security Information and Event Management (SIEM), or User and Entity Behavior Analytics (UEBA) owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time.
  9. “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order.
  10. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
  11. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a
    result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees,
    agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
  12. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.

1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel
will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.

2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.

3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.

4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.

5. Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.

3. System Performance

1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).

2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.

3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s
control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service. 5. Remedy for Breach of Section 3:

1. Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

System Availability Credit as a Percentage of One Month of Service
99.95% – 100.00% 0%
99.00% – 99.94% 10%
95.00% – 98.99% 25%
Less than 95.0% 50%

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.

3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

  • Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
  • Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
  • Red/Blue Team exercise participation; and
  • Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Hunting
Service Level Agreement

1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.

  1. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.
  2. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
  3. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
  4. “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
  5. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
  6. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
  7. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
  8. “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
  9. “Supported Product” means an endpoint protection platform,endpoint and detection and response product, network security product, Security Information and Event Management (SIEM), or User and Entity Behavior Analytics (UEBA) owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time.
  10. “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order.
  11. “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
  12. “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees, agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
  13. “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:

2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability.

1. Alert Analysis and Investigations. Expel will conduct a monthly analysis on 30 days of data from your environment and document any potentially threatening or malicious activity found. If Expel determines that an Event is indicative of potentially malicious activity, Expel will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.

2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications after identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.

3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.

4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.

5. Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.

3. System Performance

1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).).

2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.

3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s control, and in such an event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.

4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service.

5. Remedy for Breach of Section 3:

  1. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service.
    System Availability Credit as a Percentage of One Month of Service
    99.95% – 100.00% 0%
    99.00% – 99.94% 10%
    95.00% – 98.99% 25%
    Less than 95.0% 50%

    Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 10 of the Terms and Conditions.

    Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

  2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.
  3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.

6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:

  • Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
  • Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
  • Red/Blue Team exercise participation; and
  • Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Managed Detection and Response (MDR) for SaaS Apps
Service Level Agreement

    1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.
      “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product.
      “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
      “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
      “Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
      “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
      “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
      “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
      “Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
      “Supported Product” means an endpoint protection platform or endpoint and detection and response product owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, add, remove and change the Supported Products from time to time.
      “Threat Hunting” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to generate Alerts and/or Investigations, as ordered pursuant to a Sales Order.
      “Total Monthly Time” means the total minutes in the relevant calendar month less Scheduled Downtime. For any partial calendar month during which Licensee subscribes to the Service, availability will be calculated based on the entire calendar month, not just the portion for which Licensee subscribed.
      “Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees, agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; or (ix) Scheduled Downtime.
      “System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:
    2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.
      1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.
      2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.
      3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.
      4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.
        Portal Access. Alerts, Investigations and Incidents will be provided by an online user portal.
    3. System Performance
      1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).
      2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such report.
      3. System Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.
    4. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service.
    5. Remedy for Breach of Section 3:
      Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:

      System Availability Credit as a Percentage of One Month of Service
      99.95% – 100.00% 0%
      99.00% – 99.94% 10%
      95.00% – 98.99% 25%
      Less than 95.0% 50%

       

Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.

3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.

6. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:
Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
Red/Blue Team exercise participation; and
Expel support for customer onsite/virtual events or meetings not outlined in the services contract.[/vc_column_text][vc_column_text el_id=”kubernetes”]

SUPPORT EXHIBIT
Expel MDR for Kubernetes
Service Level Agreement

  1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.
    1. Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.
    2. Covered System” means a Supported Product that is included within the Expel Service furnished under this Agreement.
    3. Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
    4. Expel Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
    5. Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
    6. Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
    7. Nodes” means the number of Kubernetes Nodes within Licensee’s environment, which is reflected on the Sales Order.
    8. Scheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which Licensee is not able to access the Service due to planned system maintenance performed by Expel. Expel will provide Licensee with reasonable prior notice of such Scheduled Downtime.
    9. Supported Product” means a Kubernetes or container monitoring product to which Licensee has a subscription and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time. These tools will monitor areas that include, but are not limited to, container security, control plane, and configurations.
    10. Unscheduled Downtime” means the total amount of time during any calendar month, measured in minutes, during which the Licensee is not able to access the features and functions of the customer portal, including e-mail notifications of incidents, other than Scheduled Downtime, as defined above. Unscheduled Downtime shall not include any period during which the Service is unavailable as a result of (i) non-compliance by Licensee with any provision of this SLA; (ii) incompatibility of Licensee’s equipment or software with the Service; (iii) actions or inactions of Licensee or third parties; (iv) Licensee’s use of the Service after Expel has advised Licensee to modify its use of the Service, if Licensee did not modify its use as advised; (v) acts or omissions of Licensee or Licensee’s employees, agents, contractors, or vendors, or anyone gaining access to the Service by means of Licensee’s passwords or equipment; (vi) performance of Licensee’s systems or the Internet; (vii) any systemic Internet failures; (viii) network unavailability or Licensee’s bandwidth limitations; (ix) Scheduled Downtime; or (x) outage of Licensee’s Covered Systems or any Supported Products.
    11. System Availability” means, with respect to any particular calendar month, the difference between Total Monthly Time and Unscheduled Downtime, divided by the Total Monthly Time. Represented algebraically, System Availability for any particular calendar month is determined as follows:
  2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates pro-rated for the remaining portion of the then-current Term.
    1. Alert Analysis and Investigations. Expel will analyze Alerts on a 24x7x365 basis for signs of malicious activity. If Expel determines that an Alert is indicative of potentially malicious activity, Expel will create an Investigation. If the Investigation results in sufficient evidence of malicious activity, Expel will create an Incident.
    2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within ten (10) minutes of Expel identifying the Event. Event notifications will include information known to Expel at the time the Event is identified, but may not include impact and severity details customarily determined through an Investigation or Incident report.
    3. Incident Reporting. Upon confirmation of malicious activity by Expel, Expel will publish an Incident to the online user portal and notify (which may include e-mail notification) Licensee of the new Incident within 10 minutes. At its discretion, Expel may perform an extended investigation, and/or may aggregate and review multiple Alerts from related Covered Systems to determine the extent of activity related to the Incident. Expel analysts may append results from the extended investigation or subsequent Alert analysis to the initial Incident report if Expel determines that additional or subsequent Alerts are related, and in such cases, Expel will not be required to publish a separate Incident for each such related Alert.
    4. Non-Remediable Alerts. Expel has no obligation to notify Licensee or generate new Incidents for new Alerts that are directly related to previously published Incidents for which Expel has already provided recommended remediation steps, when Licensee has acknowledged the prior Incident but cannot, or chooses not to, remediate the cause of these Alerts.
    5. Portal Access. Alerts, Investigations andIncidents will be provided by an online user portal.
  3. System Performance
    1. System Availability: Expel will undertake commercially reasonable measures to ensure that System Availability equals or exceeds ninety-nine point nine five percent (99.95%) during each calendar month (the “Service Standard”).
    2. Access to Support; Response Times: Licensee may report Unscheduled Downtime at any time (“24x7x365”) by sending Expel an e-mail to outage@expel.io. Expel will exercise commercially reasonable efforts to respond to reports of Unscheduled Downtime within 15 minutes of each such reporSystem Monitoring and Measurement: Expel uses a third party service (“Monitoring Service”) to monitor
  4. System Availability on an ongoing basis. Measurements of System Availability will be calculated on a monthly basis for each calendar month during the Term based on the records of such Monitoring Service. Licensee acknowledges that the Monitoring Service may become unavailable for reasons outside Expel’s control, and in such event, Expel will make commercially reasonable efforts to notify Licensee promptly in the event such unavailability materially affects Expel’s ability to monitor System Availability.
  5. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service.
  6. Remedy for Breach of Section 3:
    1. Credits Against Fees: Credits Against Fees: In the event Unscheduled Downtime occurs, Customer will be entitled to credits against its subsequent payment obligations (as set forth in the Agreement) (“Service Credits”) according to the following table:
      System Availability Credit as a Percentage of One Month of Service
      99.95% – 100.00% 0%
      99.00% – 99.94% 10%
      95.00% – 98.99% 25%
      Less than 95.0% 50%

      Notwithstanding the foregoing, System Availability below 94.00% will be deemed a breach by Expel consistent with the terms of Section 11 of the Terms and Conditions.

      Licensee’s rights under this Section 5.1 are Licensee’s sole and exclusive remedy with respect to any Unscheduled Downtime or any failure by Expel to meet the Service Standard required by Section 3.1.

    2. Maximum Service Credits: The maximum amount of Service that Expel will issue to Licensee for Unscheduled Downtime in a single calendar month will not exceed fifty percent (50%) of the service fees for such month.
    3. Requesting Service Credits: As a condition to Expel’s obligation to provide Service Credits to Licensee, Licensee must request such Service Credits by sending an e-mail identifying the date and time of the Unscheduled Downtime for which Licensee is requesting Service Credits, with sufficient evidence (including description of the incident and duration of the incident) to credit@expel.io within thirty (30) days following such Unscheduled Downtime. If Licensee fails to request any Service Credits to which Licensee is entitled in accordance with this Section 6.3, Expel will have no obligation to issue such Service Credits to Licensee.
  7. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:
    • Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
    • Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
    • Red/Blue Team exercise participation; and
    • Expel support for customer onsite/virtual events or meetings not outlined in the services contract.

SUPPORT EXHIBIT
Expel Vulnerability Prioritization
Service Level Agreement

  1. Definitions. The following capitalized terms will have the definitions set forth below. All other capitalized terms that are not defined herein shall have those meanings accorded to them in Expel’s Terms of Service agreement.
    1. “Alert” means an alert to be analyzed by Expel that is generated by a Supported Product or by Expel’s own technology.
    2. “Covered System” means a computing device (to the extent supported by Expel) that Licensee specifies as within the scope of the Expel Service on which a Supported Product is installed.
    3. “Event” means an Alert cursorily reviewed by Expel and deemed to be a potential compromise of one or more of Customer’s Covered Systems that subsequently results in creation of either an Investigation or an Incident.
    4. “Vulnerability” means a potential exploitation of a Covered System which the computing device, an external information provider, or Expel identifies which may require remediation to improve security posture.
    5. “Expel Service” or “Service” means the SaaS offerings and related services made available by Expel that are designed to help customers manage their security operations, that may include alert analysis, investigations, incident reporting, non-remedial alerts, and access to a customer portal that allows the customer to review such alerts, investigations and incidents, as ordered pursuant to a Sales Order.
    6. “Incident” means a report of confirmed compromise of one or more of Licensee’s Covered Systems.
    7. “Investigation” means the process executed by Expel to confirm whether possible compromises are false positives or true compromises.
    8. “Nodes” means the number of Covered Systems within Licensee’s environment, which is reflected on the Sales Order.
    9. “Supported Product” means an endpoint protection platform, endpoint and detection and response product, network security product, Security Information and Event Management (SIEM), or User and Entity Behavior Analytics (UEBA) owned by or leased to Licensee and supported by Expel that generates Alerts to be analyzed by Expel. Expel, in its sole discretion, may add, remove and change the Supported Products from time to time.
    10. “Vulnerability Prioritization” means a combination of automated and manual tasks leveraging and limited to capabilities of Supported Products whose goal is to prioritize vulnerabilities and notify customers of actions they may wish to proactively take to defend against vulnerability exploitation, as ordered pursuant to a Sales Order.
  2. Scope of Service. During the Term, Expel will provide Licensee with the Expel Service described in this Section 2, as set forth on the Sales Order and in accordance with the terms of the Agreement. All services Licensee requests that are not described in this Section 2 will be performed at the On-Demand Services rate defined on the Sales Order. All services requested by Licensee that are not described in this Section 2 are subject to Expel’s availability. The Expel Service is available for the number of Nodes purchased. If the number of Nodes exceeds the amount reflected on the Sales Order by more than ten percent (10%), Expel will notify Licensee in writing, and will issue an invoice for the difference in number of Nodes at Expel’s then-current rates prorated for the remaining portion of the then-current Term.
    1. Vulnerability Analysis and Prioritization. Expel will analyze customer vulnerabilities and prioritize urgent and recommended levels on a weekly basis. Expel’s prioritization will be determined using customer-specific data, industry intelligence, and Expel’s MDR service. Customer is responsible for implementing fixes and remediating all vulnerabilities customer deems necessary, regardless of Expel’s prioritization. Due to the changing nature of vulnerabilities, a prioritization level may change over time (higher or lower priority) depending on information available to Expel and the customer.
    2. Event Notifications. Customer may opt-in to receiving Event Notifications from Expel, provided that Customer has the required additional technology to receive such notifications (e.g., Slack and email servers are implemented). Expel will use reasonable efforts to provide Event Notifications within three (3) business days of Expel identifying a critical or emergency vulnerability. Event notifications will include information known to Expel at the time the vulnerability is identified such as potential remediations or compensating controls, if available at that time. These may not include impact and severity details customarily determined through an Investigation or Incident report.
    3. Non-Remediable Alerts. Expel has no obligation to notify Licensee or issue new event notifications that are directly related to previously published vulnerabilities for which Expel has already provided recommended remediation steps, but may do so if more information related to the vulnerability becomes known.
    4. Portal Access. Vulnerability prioritization and communications will be provided by an online user portal.
  3. System Performance
    1. System Availability: See Expel Managed Detection and Response (MDR)
      Service Level Agreement.
    2. Customer Networks and Licensee Requirements. The Expel Service may only be provided for computer systems and networks leased to or owned by Licensee, and under Licensee’s control, up to the number of Nodes allowed, as set forth on the applicable Sales Order. Licensee is responsible for maintenance and management of its computer network(s), servers, and software, and any equipment or services related to maintenance and management of the foregoing. Licensee is responsible for correctly configuring its systems in accordance with any instructions provided by Expel, as may be necessary for provision of access to the features and functions of the Service.
  4. Surge. Expel classifies on-demand services not expressly outlined in the contract as Surge. Surge can be requested by the customer based on the hourly rate outlined in the contract for those services. Examples of these requests may include, but are not limited to:
    • Manual investigations: A manual investigation is a request for Expel to review and provide feedback on an anomaly or vulnerability identified by the customer that was NOT generated by an alert within the Expel Workbench platform;
    • Custom workflows, such as a request from the customer to design a specific automated response based on a specific use case not developed by Expel for use in the Workbench platform for universal use;
    • Red/Blue Team exercise participation; and
    • Expel support for customer onsite/virtual events or meetings not outlined in the services contract.